Bill Summary
The Department of Defense Principal Cyber Advisors Act of 2019 is a bill that aims to improve the cyber governance structures within the Department of Defense and to require the designation of Principal Cyber Advisors for each military department. These advisors will act as the main advisors to the Secretary of their respective military department on matters related to military cyber forces, programs, and cybersecurity. They will also be responsible for coordinating and overseeing the implementation of policies and strategies related to cyber resourcing and training, cybersecurity management, and acquisition of cyber capabilities. The bill also requires a review of the current governance model for cybersecurity and a briefing to the congressional defense committees on the findings of this review.
Possible Impacts
1. This legislation could affect people by potentially creating new job opportunities for individuals with expertise in cyber governance structures and cybersecurity. These individuals could be hired to fill the newly designated position of Principal Cyber Advisor within each military department.
2. The implementation of this legislation could also affect members of the military, as it requires the resourcing and training of military cyber forces to meet the needs of United States Cyber Command. This could potentially lead to changes in job responsibilities and training requirements for military personnel.
3. The review of current responsibilities under subsection (e) could also affect individuals working in cybersecurity roles within the military, as it may result in changes to the current governance structure and assignment of authorities. This could potentially impact the roles and responsibilities of these individuals.
[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 1798 Introduced in Senate (IS)]
<DOC>
116th CONGRESS
1st Session
S. 1798
To improve cyber governance structures in the Department of Defense and
to require designation of principal advisors on military cyber force
matters, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
June 12, 2019
Mr. Rounds (for himself and Ms. Duckworth) introduced the following
bill; which was read twice and referred to the Committee on Armed
Services
_______________________________________________________________________
A BILL
To improve cyber governance structures in the Department of Defense and
to require designation of principal advisors on military cyber force
matters, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Department of Defense Principal
Cyber Advisors Act of 2019''.
SEC. 2. CYBER GOVERNANCE STRUCTURES AND PRINCIPAL ADVISORS ON MILITARY
CYBER FORCE MATTERS.
(a) Designation.--
(1) In general.--Not later than one year after the date of
the enactment of this Act, each Secretary of a military
department shall designate a Principal Cyber Advisor to act as
the principal advisor to the Secretary of the military
department on the cyber forces, cyber programs, and
cybersecurity matters of the military department, including
matters relating to weapons systems, enabling infrastructure,
and the defense industrial base.
(2) Nature of position.--Each Principal Cyber Advisor
position under paragraph (1) shall be a senior civilian
leadership position.
(b) Responsibilities Principal Cyber Advisors.--Each Principal
Cyber Advisor of a military department shall be responsible for
advising the Secretary of the military department and coordinating and
overseeing the implementation of policy, strategies, sustainment, and
plans on the following:
(1) The resourcing and training of the military cyber
forces of the military department and ensuring that such
resourcing and training meets the needs of United States Cyber
Command.
(2) Acquisition of offensive and defensive cyber
capabilities for the military cyber forces of the military
department.
(3) Cybersecurity management and operations of the military
department.
(4) Acquisition of cybersecurity tools and capabilities for
the cybersecurity service providers of the military department.
(5) Improving and enforcing a culture of cybersecurity
warfighting and responsibility throughout the military
department.
(c) Administrative Matters.--
(1) Designation of individuals.--In designating a Principal
Cyber Adviser under subsection (a), the Secretary of a military
department may designate an individual in an existing position
in the military department.
(2) Coordination.--The Principal Cyber Advisor of a
military department shall work in close coordination with the
Principal Cyber Advisor of the Department of Defense, the Chief
Information Officer of the Department, relevant military
service chief information officers, and other relevant military
service officers to ensure service compliance with the
Department of Defense Cyber Strategy.
(d) Responsibility to the Senior Acquisition Executives.--In
addition to the responsibilities set forth in subsection (b), the
Principal Cyber Advisor of a military department shall be responsible
for advising the senior acquisition executive of the military
department and, as determined by the Secretary of the military
department, for advising and coordinating and overseeing the
implementation of policy, strategies, sustainment, and plans for--
(1) cybersecurity of the industrial base; and
(2) cybersecurity of Department of Defense information
systems and information technology services, including how
cybersecurity threat information is incorporated and the
development of cyber practices, cyber testing, and mitigation
of cybersecurity risks.
(e) Review of Current Responsibilities.--
(1) In general.--Not later than January 1, 2021, each
Secretary of a military department shall review the military
department's current governance model for cybersecurity with
respect to current authorities and responsibilities.
(2) Elements.--Each review under paragraph (1) shall
include the following:
(A) An assessment of whether additional changes
beyond the designation of a Principal Cyber Advisor
pursuant to subsection (a) are required.
(B) Consideration of whether the current governance
structure and assignment of authorities--
(i) enable effective top-down governance;
(ii) enable effective Chief Information
Officer and Chief Information Security Officer
action;
(iii) are adequately consolidated so that
the authority and responsibility for
cybersecurity risk management is clear and at
an appropriate level of seniority;
(iv) provides authority to a single
individual to certify compliance of Department
information systems and information technology
services with all current cybersecurity
standards; and
(v) support efficient coordination across
the military departments and services, the
Office of the Secretary of Defense, the Defense
Information Systems Agency, and United States
Cyber Command.
(f) Briefing.--Not later than February 1, 2021, each Secretary of a
military department shall brief the congressional defense committees on
the findings of the Secretary with respect to the review conducted by
the Secretary under subsection (e).
(g) Definition of Congressional Defense Committees.--In this
section, the term ``congressional defense committees'' has the meaning
given such term in section 101(a) of title 10, United States Code.
<all>