U.S. House and Senate negotiators have agreed to a defense policy bill that would forge America’s cybersecurity posture through reporting mandates, additional spending and new programs.
The 2,522-page legislation released July 23 heads back to both chambers for approval, and must be signed by President Donald Trump to become law.
The proposed bill requires the Trump administration to provide more clarification on its cyber policy, which Democrats called “insufficient.”
The legislation comes as the Trump administration has removed the top cybersecurity job in the National Security Council. Government contractors have told Fifth Domain they are not aware of who is leading cyber-policy inside the administration.
Among the other cyber provisions proposed by the Republican-led House and Senate are the following:
Foreign policy focuses on cyber big four
The legislation took aim at the four countries who have been consistently identified as America’s biggest digital adversaries — Russia, China, Iran and North Korea. The proposal said that if any of the four countries attack the U.S. in cyberspace the Trump administration can take proportional action, although it likely already had the authority.
House Republicans rapped the Defense Department in their summary, warning that other nations “are beginning to outpace U.S. capabilities” in electronic and cyberwarfare. They added the department has been struggling to implement the two capabilities "coherently” for years. The bill forced the Trump administration to report new strategies for both domains.
The bill also requires the Trump administration to develop a cyber strategy for the defense of NATO, which comes two weeks after a summit where the White House cast doubt on the alliance. In addition, it provides additional funding to combat Russian cyberwarfare and influence operations.
However, a provision to reinstate sanctions on Chinese telecommunications firm ZTE was not included in the bill. It is a victory for the Trump administration, who has fought to remove sanctions on ZTE as it negotiates a trade deal with Beijing.
Added contractor and executive oversight
On the domestic front, the proposed legislation attempted to hold the Trump administration and defense community accountable for malicious hacks.
The legislation requires congressional reports on cyberattacks that involve the military or defense contractors. It comes after a string of high-profile hacks on defense firms. In June, the Washington Post reported that Chinese hackers stole 614 gigabytes of material from a naval contractor.
It appears the largest portion of new dedicated cybersecurity funding is directed to missile defense, although the legislation added more than $100 million for test infrastructure that includes cybersecurity, directed energy and hypersonic testing.
A new cyberspace solarium commission was also included in the proposal. Modeled around the body which forged nuclear strategy during the Eisenhower administration, the solarium hopes to set the course for America’s future cyber strategy.
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.