The House Armed Services subcommittee wants to study the possibility of establishing cyber reserve components for each state that could also provide cyber support to civilian agencies.
In a draft version of the annual defense policy bill released April 25 by the HASC subcommittee on emerging threats and capabilities, lawmakers requested a study on the feasibility, advisability, and necessity of a reserve cyber team for each state.
As part of the study, the committee directs DoD to consider a series of tasks, including responding to major network attacks, and gauging the U.S. cyber workforce capacity for both homeland defense and national power.
More specifically, the bill language seeks to identify the potential role such teams would have with respect to processes set forth in Presidential Policy Directive 20, which is the process that governs global offensive and defensive cyber employment, Presidential Policy Directive 21, which lays out how to strengthen critical infrastructure and Presidential Policy Directive 41, which sets a whole of government framework for responding to domestic cyber incidents.
Given the structural and organizational implications this could create, the bill language directs an explanation of how the establishment of such teams may affect the ability of the Department of Defense “to organize, train, equip, and employ the Cyber Mission Force, and other organic cyber forces [and] to perform national defense missions and defense support to civil authorities for cyber incident response,” and how such teams will affect how the Department of Homeland Security will “organize, train, equip, and employ cyber incident response teams [and] perform civilian cyber response missions.”
The subcommittee also directs the U.S. comptroller general to assess DoD’s current military cyberspace operations.
“The committee notes that in the last several years, the Department of Defense has employed cyber capabilities to achieve objectives in or through cyberspace,” the bill says. “Unlike military operations that occur in the air and land domains, cyberspace operations and the effects of those operations are not always visible to Congress and the American people. The committee believes that as the Department continues to conduct cyberspace operations, it will be critical that operations are fully aligned with the appropriate authorities, policies and doctrine, rules of engagement, plans, oversight mechanisms, and lessons learned processes.”
Additionally, a draft of the bill from the HASC’s readiness subcommittee also emphasizes the cyber and space domains. It requires the defense secretary and each military service to report personnel and unit readiness metrics for cyber and space operations as part of its quarterly readiness reports to Congress.
The Pentagon’s comptroller would be required to assess the readiness of the armed forces in ground, sea, air, space, and cyber annually through 2022. The reports may be classified, but unclassified versions are also mandated.
Combatant commanders would also be required to assess their readiness to conduct operations in a “multidomain” battle, integrating ground, air, sea, space and cyber forces.
The bill also mentions “information operations,” mandating the defense secretary report to the committee whether he needs to assess the joint force’s ability to conduct them.
“The committee believes that information operations are similarly becoming a major factor in military planning and that operational skill in conducting information operations will be critical to future military success,” the bill reads.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.
Joe Gould is senior Pentagon reporter for Defense News, covering the intersection of national security policy, politics and the defense industry.