House defense policy bill would establish federal, industry collaboration program

The House version of the annual defense policy bill would create a new effort for federal agencies and private industry to share data on digital threats in order to potentially get ahead of hacks.

The proposal to create the “Cyber Threat Environment Collaboration Program” was included in the chairman’s mark of the House Armed Services Committee’s annual defense authorization bill that was publicly released on Monday.

Panel members are expected to spend all of Wednesday marking up the measure, which details $802.4 billion in defense spending next year. The full House could vote on the legislation as soon as next month.

The new program would direct the heads of the Homeland Security and Defense departments, along with the Director of National Intelligence and the director of the National Security Agency, to “develop an information collaboration environment that enables entities to identify, mitigate, and prevent malicious cyber activity.

“The collaboration environment would provide limited access to appropriate operationally relevant data about cybersecurity risks and cybersecurity threats, including malware forensics and data from network sensor programs, on a platform that enables query and analysis,” the draft legislation states.

The program was originally recommended by the congressionally-chartered Cyberspace Solarium Commission — and dubbed the “Joint Collaborative Environment” — in a bid to improve information sharing among federal agencies and private companies. 

The Senate Armed Services Committee approved its draft of the policy roadmap last week in a closed-door meeting. A summary of the massive bill doesn’t mention the creation of the new collaboration program.

The chairman’s mark also included language that would require the Defense secretary to establish a consortium of military and educational institutions to assist in cybersecurity education and information sharing. 

The network would be helmed by the president of the National Defense University and composed of groups such as professional military education schools, service schools and academies and other higher education institutions.

The bill would also grant DoD’s principal cyber adviser the authority to certify parts of the Pentagon’s cyberspace activities budget — which the Biden administration has requested $11.2 billion for in the next fiscal year — and requires the head of U.S. Cyber Command to submit an annual report on the sufficiency of support to cyberspace operations by the military services.

Earlier this month, the House Armed Services Committee’s Cyber subpanel marked up its portion of the defense policy bill. 

Panel members unanimously approved the legislation, which called for independent assessment of the office of the Pentagon’s Chief Information Officer, including its staffing levels, and a review of underperforming military software and IT systems.