The National Defense Authorization Act (NDAA) for FY2019 will head into conference next week when legislators return from the Fourth of July recess. The $700+ billion must-pass defense spending bill has been approved in both the House and Senate, and now the two chambers must come together to reconcile differences in the legislation and re-vote the unified bill before it can land on President Trump’s desk for signing.
While some parts of the legislation are likely to sail through without much debate, many amendments are sure to generate controversy either within the conference committee or once the final legislation heads to the White House. On tap for discussion next week include amendments about cybersecurity and cloud.
The ABCs of ZTE
Before last week the so-called ZTE amendment was a point of disagreement between the House and Senate bills. However, on Thursday the House closed the gap by accepting an amendment from Rep. Ruben Gallego, D-Ariz., that would bar government funding to procure goods or services from the Chinese telecommunications companies ZTE and Huawei, or to extend or renew a contract with them. There was already a similar amendment in the Senate version. However, the amendments are not identical, with the Senate version considered the “tougher” version, so there is still some negotiating left to do. The amendment continues to be a sticking point between Congress and the White House, as President Trump’s key allies in the White House and on the Hill continue to lobby against the amendment.
Cyber Solarium Lives On… For Now
While Nebraska Sen. Ben Sasse’s Cyber Solarium amendment made it into the final Senate bill, it doesn’t appear in the House version. The Republican senator introduced the legislation that would establish a 13-member panel designed to develop clear consensus on a strategic approach to protecting and defending the United States in cyberspace. The commission would be staffed by representatives from the executive branch, legislative branch, and private sector who have demonstrated knowledge, expertise, and experience in both the cyberspace and national security fields.
Threats to JEDI
The Pentagon’s Joint Enterprise Defense Infrastructure (JEDI) cloud contract also scored some real estate in both the House and Senate bills. The Defense Department (DoD) has faced significant opposition from both Congress and industry vendors for its decision to award the $10 billion contract to a single vendor. Matters certainly weren’t helped when the Pentagon confirmed in late May it would delay releasing the requirement of its final request for proposal.
As a result, industry vendors have urged the Pentagon to change its approach to ensure that a wider variety of vendors participate in the contract process. The latest drafts of both the House and Senate bills address JEDI; however, the handling of the matter varies. The House bill backs the vendors and warns DoD that Congress could withhold 50 percent of JEDI funding unless DoD Secretary James Mattis submits the Pentagon’s plan for the cloud program. Mattis would have to include how the DoD’s new strategy “provides for a full and open competition” in the cloud acquisition and contracting process. The Senate bill stops short of the funding threat and instead asks for the Pentagon’s plan to acquire “advanced commercial network capabilities” to improve cloud and cybersecurity capabilities.
Legislating Cyber Warfare
Also up for negotiating is an amendment that would require the Trump administration to develop–and follow–a cyberwar doctrine on how the Federal government would respond to digital attacks. The Senate bill, which includes the amendment, call for the administration to demonstrate a variety of response options, as well as saying that the doctrine should “demonstrate, or otherwise make known to adversaries the existence of, cyber capabilities to impose costs on any foreign power targeting the United States.” The White House has voiced opposition to Congress’ attempts to legislate how Trump commands the troops in the event of a cyberwar.
Cyber Homework for Trump
The House bill gives the Trump administration a bit of cybersecurity homework. The legislation, as it currently reads, gives the President 180 days to submit a report to the Committees on Armed Services and Foreign Affairs in the House and the Committees on Armed Services and Foreign Relations in the Senate on the effects of cyber-enabled information operations on the national security of the United States. The report has to include a summary of actions taken by the Federal government to protect U.S. national security against cyber-enabled information operations and a description of the resources necessary to protect the national security against cyber-enabled information operations by foreign adversaries.