Capitol Hill (File)
WASHINGTON: The House Armed Services Committee’s (HASC) markup of the Biden administration’s proposed fiscal 2022 defense budget establishes two new entities to bolster public-private cyber information sharing and collaboration, as well as a new Defense Information Systems Agency (DISA) program management office (PMO) to buy cyber products.
A copy of the markup — led by HASC Chair Adam Smith, D-Wash., and obtained by Breaking Defense — calls for the creation of a Cyber Threat Information Collaboration Environment. Its establishment involves several phases, including an initial evaluation of government cyber info sharing capabilities, needs, and gaps followed by the build-out of a technical environment with capabilities for monitoring, detecting, and mitigating cyber threats.
The project will be led by Homeland Security Secretary Alejandro Mayorkas, in coordination with Cybersecurity and Infrastructure Security Agency Director Jen Easterly, Defense Secretary Lloyd Austin, and Gen. Paul Nakasone, the director for the National Security Agency. Notably, the markup requires the government to engage private sector entities, including critical infrastructure stakeholders and companies, during the environment’s evaluation and implementation phases.
The markup also requires creating a Cyber Threat Data Standards and Interoperability Council, an interagency entity charged with establishing “data streams” and “data governance” for exchanging cyber threat intelligence among government agencies and between the public and private sectors. The council’s principal members will include CISA, DHS, DoD, and NSA, but the president can identify and appoint additional members, including from the private sector.
Notably, the markup requires agencies to “operate in a manner consistent with relevant privacy, civil rights, and civil liberties policies and protections.”
The markup also calls for establishing a new PMO to buy DoD “enterprise-wide” commercial cyber threat information products. The office will be led by DISA Director and Commander of the Joint Force Headquarters-DoD Information Network, Lt. Gen. Robert Skinner.
Skinner will be charged with surveying DoD entities for cyber threat information needs, conducting market research, developing requirements, crafting contract language, and procuring products.
The markup creates a prohibition against any DoD entity independently buying a commercial cyber threat intelligence product that has already been procured through the new PMO, unless it’s available at a lower price or the purchase is pre-approved by the PMO in advance. The markup provides an exception to this prohibition for NSA.
The HASC is scheduled to hold a full committee hearing on the markup on Sept. 1 prior to a finalized full committee markup moving to the House floor.
