Breaking down the cyber amendments to the House defense policy bill
Martin Matishak July 6, 2022

Breaking down the cyber amendments to the House defense policy bill

Breaking down the cyber amendments to the House defense policy bill

House lawmakers have filed an eye-popping 1,223 amendments to the chamber’s annual defense policy bill, including nearly two dozen cyber-related proposals.

More amendments could still trickle into the House Rules Committee ahead of next week’s floor debate on the fiscal 2023 National Defense Authorization Act. The policy roadmap okays $840 billion in national security spending, including $11.2 billion for the Pentagon’s cyberspace activities.

Hundreds of the proposed amendments are likely to receive floor action.

Here are the highlights:

SOLARIUM: Rep. Jim Langevin (D-R.I.) filed a pair of amendments that would enact policy recommendations made by the Cyberspace Solarium Commission. One would create an “Office of Cybersecurity Statistics” within the Cybersecurity and Infrastructure Security Agency (CISA) to collect, study and share “essential statistical data on cybersecurity, cyber incidents, and the cyber ecosystem” to the public, Congress, federal, state and local governments and private industry.

Another amendment from Langevin, a congressional pioneer on cybersecurity issues who served on the commission and is retiring at the end of the year, would codify “systemically important entities.” The new label would apply to the most vital U.S. critical infrastructure and require operators to enact strong digital security standards in exchange for federal support. If adopted, it would also create an interagency council for critical infrastructure cybersecurity coordination to “facilitate harmonization of future cybersecurity policy and requirements developed by federal agencies.”

CISA: A bipartisan group of House Homeland Security Committee leadership, including Langevin, submitted an amendment to incorporate existing legislation that would extend the CISA director’s tenure to five years. The measure is an effort to avoid the post getting caught up in political gamesmanship, as it was last year when Sen. Rick Scott (R-Fla.) placed a hold on CISA Director Jen Easterly’s nomination because of unrelated border security concerns.

SOLARWINDS: Rep. Ritchie Torres (D-N.Y.) offered an amendment that would require CISA to conduct a postmortem of the SolarWinds breach and report any findings and policy suggestions back to Congress. The Cyber Safety Review Board was originally supposed to investigate the massive breach that was carried out by Russian hackers, but dropped it to study the impact of the far-reaching Log4j flaw. 

The amendment by Torres, the vice chair of the House Homeland Security Committee, also calls on the Government Accountability Office to examine the safety review board, which was created by presidential executive order last year.

TALENT: A bipartisan amendment authored by more than a dozen members would establish a “National Digital Reserve Corps,” through which private-sector tech workers could work in short-term federal assignments.

REWARDS: Rep. Stephanie Murphy (D-Fla.) filed a measure that would create a reward program for cybersecurity operations, allowing the Defense secretary and leaders of the service branches to give “honorary recognitions and monetary awards” up to $2,500 for “innovation” in digital operations to military personnel.

SPACE: Murphy, who is not seeking re-election, also proposed an amendment that requires the Secretary of the Air Force, in coordination with the Chief of Space Operations, to examine the staffing levels and planned cyber squadrons for the Space Force, the country’s newest military branch. Specifically, the review would study if any of the service’s existing billets are “optimal for transfer to cyber squadrons.”

Martin is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.