A draft version of the annual defense policy bill directs the Department of Defense’s IT offices to describe how its plans to mitigate a series of IT and workforce challenges the department faces.
The House Armed Services Committee’s subcommittee on intelligence and emerging threats and capabilities released draft legislation June 21 that includes several provisions governing the DoD’s Office of the Chief Information Officer, which is responsible for the Pentagon’s enterprise IT efforts, cyber talent management and several other modernization efforts.
Here’s a roundup of what the subcommittee wants:
Cyber excepted service
Under the bill, the DoD CIO’s office would have to submit a report to the committee detailing its use of the Cyber Excepted Service personnel management system. That system is supposed to be a critical tool for Pentagon leaders to recruit and retain civilian cyber personnel.
In the fiscal year 2020 version of the National Defense Authorization Act, the committee was concern at the department’s slow implementation of the CES system. In this year’s draft bill, the subcommittee said it is “encouraged” by the progress the department has made implementing the system and “expects to be kept informed on further maturation and implementation of CES hiring authorities.”
The House subcommittee bill would direct the DoD CIO’s office to “study and expand” upon a National Security Agency program that allow employees to use up to 140 hours of paid time off to work on NSA-sponsored cyber education efforts in local communities.
“This would explicitly authorize select Department of Defense civilians who are part of the Cyber Excepted Service to utilize paid time toward wider national efforts aimed at addressing the cyber workforce shortage,” the bill summary reads.
The DoD, like most federal agencies and companies around the country, struggle to attract and retain cyber talent.
The bill also would direct the DoD’s CIO shop to produce a report about how two NSA programs to develop cyber talent, GenCyber and its its Centers for Academic Excellence program, can be better “integrated and harmonized.” The NSA and National Science Foundation sponsor cyber camps for K-12 students through GenCyber, while the Centers for Academic Excellence are colleges across the country whose cyber curriculum are NSA-accredited and provide a talent pipeline to the agency.
IT asset management and inventory
The committee calls on the DoD CIO to work with the CIOs of the military services to create standardized processes for identifying duplicative or redundant software, software licenses and hardware. The bill also directs the CIO shops to collaborate to establish a process for identifying and cataloging usage information for hardware and software.
“The committee believes the Department would benefit from an established process for auditing software and hardware inventories,” the summary states. “The lack of a single policy framework hinders the capacity of the Department to discover license duplication and the Department is at risk of wasting valuable resources on redundant or underutilized hardware and software.”
The CIOs would also have to work to create a process to identify the cost savings associated with all those efforts. The committee noted that the private sector has already solved several of the challenges through automated tools in commercial industry. The department would have to brief the committee in September 2021 on the defined processes.
Implementing of the 21st Century IDEA Act
The draft legislation would also direct the DoD CIO’s office to inform the committee of its implementation of the 21st Century IDEA Act, a law that directs federal agencies to modernize websites and increase use of digital forms and tools.
“The committee believes that embracing the requirements of 21st Century IDEA would have a significant positive impact on the Department’s mission delivery and customer experience,” the bill summary reads.
The report would have to include the department and unified commands’ plans to meet a December 2020 deadline for modernizing online forms, identify a designee to lead 21st Century IDEA Act efforts and lay out efforts to budget for and comply with deadlines the DoD missed.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.