Reps. Suhas Subramanyam, D-Va., and Richard McCormick, R-Ga., introduced bipartisan legislation that would require the Department of Defense (DOD) to ensure it can quickly restore military data in the event of a cyberattack.
The lawmakers introduced the National Defense Data Resilience Act on May 7. The legislation is aimed at setting clear deadlines, known as recovery time objectives (RTOs), for the Pentagon to restore critical systems and data after an attack.
“Cyber warfare is a growing threat, and our federal government should be prepared. Without this bill, we are leaving the safety and security of our nation vulnerable instead of maintaining necessary technological advancements,” Subramanyam said in a May 14 press release.
“Now more than ever, we need to do everything we can to prevent the threats we know are coming from our adversaries,” he added.
Under the bill, the defense secretary would be required to classify data into multiple tiers – including critical, important, and necessary data – and assign recovery timelines tailored to each category.
If enacted, the bill would require DOD to establish RTOs for critical data within 180 days of passage, and within 270 days for data deemed important or necessary.
The bill would also require the secretary to submit a data recovery strategy for the DOD, which the Trump administration has rebranded to the Department of War. The strategy must outline RTOs, the technologies needed to meet those targets, oversight mechanisms, and the funding required to implement the plan.
“This bill takes an important step toward ensuring we can quickly restore critical systems by strengthening the way we safeguard and recover essential data,” McCormick said in the press release. “By building a more resilient defense infrastructure, we keep our servicemembers prepared for whatever they face next.”
The bill was referred to the House Armed Services Committee. It does not appear to have a Senate companion yet.