WASHINGTON, D.C. – Representatives Adam Smith (D-Wash.), Chairman of the House Armed Services Committee, and Jim Langevin (D-R.I.), Chairman of the House Armed Services Committee’s Subcommittee on Intelligence and Emerging Threats and Capabilities, today issued the following statement on the importance of sound cyber policy to national security in the wake of the SolarWinds breach that has impacted several federal agencies.
 
“The pervasive access enabled by the SolarWinds supply chain compromise is deeply disturbing. The SolarWinds cyber operation bears every hallmark of sophisticated nation-state activity that can undermine our national security, and it is imperative that Congress move forward with oversight to understand the impacts and root causes of this campaign. Thankfully, the House Armed Services Committee is well-equipped to conduct such oversight. In fact, many of the provisions in this year’s defense authorization bill, currently awaiting the President’s signature and widely regarded as one of the most significant cybersecurity bills Congress has ever considered, are immediately responsive to SolarWinds-like incidents.
 
“The House Armed Services Committee places an enormous emphasis on the technology and networks that enable the Department of Defense and the military services to be the finest in the world. Maintaining our superiority requires secure supply chains and the highest quality technology, as well as protection of the Department’s massive network architecture from intrusion. To that end, the committee regularly holds oversight hearings and briefings on all facets of cyber- and technology-related matters and engages with the Department daily. The importance of this dedicated focus on making the nation’s information and communications technology infrastructure more resilient has been underscored by the SolarWinds incident and the grave risk its poses to the nation.
 
“In the 116^th congress alone, the Subcommittee on Intelligence and Emerging Threats and Capabilities has held hearings on topics ranging from “Department of Defense Information Technology, Cybersecurity, and Information Assurance;” “Cyber Mission Force and Military Operations in Cyberspace: A Framework for Oversight;” “Review of the Recommendations of the Cyberspace Solarium Commission;” “Interim Review of the National Security Commission on Artificial Intelligence Effort and Recommendations;” and “Securing the Nation’s Internet Architecture.” The subcommittee also holds quarterly classified briefings on the Department’s cyber operations. 
 
“Each year, the National Defense Authorization Act addresses an increasing number of cyber- and technology-related issues. As capabilities powered by sophisticated artificial intelligence and machine learning become central to the warfighter, oversight of the cyber domain will become increasingly important. In the FY21 NDAA alone, Congress addressed so many cyber-related issues that an entirely new Title was added to accommodate them. The subcommittee played a leading role in advancing several significant legislative proposals based on actionable recommendations from the Cyberspace Solarium Commission for a cybersecurity posture based on the strategic vision of layered cyber deterrence. Among these critical provisions is the National Cyber Director Act, which would establish a Senate-confirmed position within the Executive Office of the President with budgetary and policy authority to break down silos. The National Cyber Director would also play a key role in coordinating national incident response efforts, like those happening right now.
 
“As the largest agency in the federal government, the Department of Defense faces unique challenges regarding the security of its data and networks. These challenges range in terms of scope and scale. The demands on the Department’s infrastructure, which must connect and remain accessible to 1.3 million active-duty service members, 750,000 civilian personnel, and more than 811,000 National Guard and Reserve service members, are uniquely complex. The most recent incident involving software from SolarWinds underscores this very challenge. DOD components, field activities, agencies, and offices are responsible for building, sustaining, and protecting their own networks, and keeping DOD personnel connected while simultaneously keeping DOD data secure – a monumental challenge.
 
“As leaders on the Armed Services Committee, we will continue to push cyber- and technology-related issues to the forefront of national security. While we are proud of the cyber provisions that have become law in recent years, there is clearly much work to do.”
 

BACKGROUND
 
What has Congress done on cyber/technology issues?

• In the FY 2020 National Defense Authorization Act, there were 87 separate provisions squarely focused on cyber- and technology-related matters. 
• This included provisions on topics as wide-ranging as diversity in the STEM workforce, to the establishment of an AI Education Strategy, to strengthening the Chief Information Officer’s authority over DOD networks.
• In the FY 2021 National Defense Authorization Act, there were 113 separate provisions squarely focused on cyber- and technology-related matters.
• This included the establishment of a National Cyber Director, direction to establish specialized cyber teams with blended authorities, and the centralization of cybersecurity efforts for the industrial base under one Senate-confirmed official.
• The FY 2021 NDAA incorporated 17 recommendations from the National Security Commission on Artificial Intelligence and 20 recommendations from the Cyberspace Solarium Commission.

• There is tremendous opportunity to shift more attention from a platform-centric focus to a network-centric focus. This will necessitate greater oversight of inter-departmental efforts such as Joint All-Domain Command & Control (JADC2), where all services participate but the oversight and management remain nascent.
• The committee will work to ensure the Department’s military and civilian leaders continue to adapt to a changing warfighting domain. This will necessitate senior executives, flag officers, and general officers be well-versed in all the recognized warfighting domains. The Department and military services will require leaders that have deep experience with emerging technologies, network architectures, cyber operations, and space transformation.

• We will push the Department of Defense, not only to account for utilizing the tools Congress has afforded, but toward the novel application of these authorities to different problem sets. Too often in our oversight, we have found the Department unaware of the tools, such as unique hiring and acquisition authorities, already available through the annual defense authorization bill.