The House Armed Services Committee passed the fiscal year 2022 (FY2022) National Defense Authorization Act (NDAA) on Sept. 1 by a bipartisan vote of 57-2. The bill will now move to the full chamber for consideration.
The House version of the FY2022 NDAA includes an additional $50 million to protect Department of Defense (DoD) information systems, as well as directs the establishment of a Cyber Threat Information Collaboration Environment in the executive branch, according to a summary of the bill.
The bill also includes funding for a 2.7 percent pay raise for service members, equaling the pay bump President Biden has included in his FY2022 budget for the Federal civilian workforce.
“This year the defense bill focuses on transforming DoD to better deter our adversaries while taking advantage of new, innovative technologies and implementing a more cost-effective approach to develop and acquire crucial platforms,” Chairman Adam Smith, D-Wash., said in a statement. “The future of our defense depends on our committee’s tough policy discussions about what DoD needs, how to fill these needs, and the necessary tradeoffs to ensure the United States maintains a competitive edge over its adversaries.”
Cyber Initiatives
The FY2022 NDAA includes a variety of cyber initiatives and satisfies more of the Cyberspace Solarium Commission’s recommendations, starting with the Cyber Threat Information Collaboration Environment.
If established, the Cyber Threat Information Collaboration Environment will be responsible for facilitating the sharing and analysis of cyber threat information and is modeled on one of the commission’s recommendations.
In addition to the new environment and additional $50 million for DoD information systems, among its cyber components, the bill would also:
- “Modernize the relationship” between the DoD CIO office and the parts of the National Security Agency that handle cybersecurity;
- Establish an office within the Joint Forces Headquarters-DoD Information Networks to share cyber threat info products across the DoD;
- “Mandate a report on compliance with existing requirements related to the notification of cyber weapons;” and
- Add new mitigations and critical mission sets to study in an update to the Strategic Cybersecurity Program.
DoD JEDI Contract Makes an Appearance at the Markup
While much of the full committee markup was focused on non-cyber issues, the committee also discussed the DoD’s now-abandoned Joint Enterprise Defense Infrastructure (JEDI) cloud.
After a lengthy legal battle, the JEDI contract was scrapped earlier this year and is being replaced by the Joint Warfighter Cloud Capability (JWCC) contract. The JWCC is currently in the market research phase of development, DoD Deputy CIO Danielle Metz said on Aug. 24.
Rep. Jim Banks, R-Ind., introduced an amendment that would give the DoD 30 days from the bill’s enactment to turn over all emails, documents, and source materials used in the DoD’s Inspector General (IG) report on the contract released in April 2020, and updated with FOIA documents on August 30.
“We are all pleased that the department is finally moving forward in a productive manner to obtain enterprise cloud capabilities in a modern and flexible way. JEDI, however, was a failure, and we shouldn’t let this moment pass without trying to understand what happened and why there have been allegations of corruption since JEDI’s inception,” Banks said while introducing the amendment.
Chairman Smith opposed the amendment, citing the fact that the administrative aspect of the amendment would ultimately slow the DoD’s work in finding a suitable replacement enterprise cloud provider with its JWCC.
“The one thing we do not need in the area of cloud computing is to further litigate past issues with the risk of further slowing down any progress and actually moving forward on the contract,” Smith said in opposition.
Rep. Jim Langevin, D-R.I., agreed that the amendment would slow progress on the contract and said a DoD Enterprise cloud is “absolutely vital.”
“This amendment, I believe, is less about fixing the issue moving forward and more about embarrassing key figures like [former Defense] Secretary [James] Mattis and his staff,” Langevin said. “We do not need to be continuing to fight over a contract that died in part due to political interference from Congress and the White House. We need to focus on delivering the enterprise cloud solution that we still lack.”
While Banks noted his disagreements with Reps. Smith and Langevin, the amendment ultimately failed by a vote of 28-30. The DoD is hoping to award a new enterprise cloud contract sometime in spring 2022.