NDAA Markup Finishes In House

The House’s NDAA was moved out of committee and it would alter a range of technology programs and initiatives at the Pentagon. The bill may be considered by the full House later this month.

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

The House Armed Services Committee marked up and reported out the “National Defense Authorization Act for Fiscal Year 2021” (NDAA) (H.R.6395), three weeks after the Senate Armed Services Committee did the same with its NDAA. The two packages authorize very similar top-line funding for the Department of Defense (DOD) and non-DOD defense programs (most of which are the Department of Energy’s nuclear weapons programs) that largely meets the Trump Administration’s overall funding request of roughly $731 billion, including $69 billion for Overseas Contingency Operations (OCO). And, the annual authorization package is full of technology provisions that affect the DOD, related agencies, private sector contractors, and other nations. The House may take up H.R.6395 this month, which will likely result in more changes being made to the package.

Chair Adam Smith (D-WA) released his Mark (i.e. the full text of his proposed FY 2021 NDAA that served as the base text for the markup). This bill also added sections that were not included in the subcommittee marks, and with respect to cyber-policy, the Chair’s Mark added two provisions:

  • Section 1622—Cyberspace Solarium Commission
    • This section would modify section 1652 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232) to update the Cyberspace Solarium Commission’s membership. Additionally, this section would permit the organization to extend further for the purposes of providing regular updates to the legislative and executive branches on the implementation of the Commission’s findings. 
  • Section 1624—Responsibility for the Sector Risk Management Agency Function of the Department of Defense
    • This section would assign full responsibility for certification, coordination, harmonization, and deconfliction of the various efforts, initiatives, and programs that the Department of Defense manages in the furtherance of its responsibilities as the Sector-Specific Agency (SSA) for the Defense Industrial Base to the Principal Cyber Advisor. Presently, the Department is the only SSA that has not unified its various physical and cybersecurity efforts under one organization. For the purposes of carrying out its SSA mission, the Principal Cyber Advisor will be tasked with the management of all functions associated with SSAs under Presidential Policy Directive-21.

The Chair’s Mark has a number of cybersecurity provisions in the Committee Report:

  • [T]he committee directs the Under Secretary of Defense for Acquisition and Sustainment to submit a report to the congressional defense committees by January 15, 2021, regarding the Cybersecurity Maturity Model Certification (CMMC) program.
  • Consistent with draft regulation issued in November 2019, and the anticipated August 2020 regulation related to this statute, the committee directs the Secretary of Defense, in coordination with the Secretary of Commerce, to provide a briefing to the House Committee on Armed Services not later than December 1, 2020, on the implementation status of the full requirements in section 889 of the FY 2019 NDAA that effectively bans Huawei, ZTE, Hytera, Hikvision, or Dahua systems or equipment from DOD and federal government systems and networks.

Intelligence and Emerging Threats and Capabilities Subcommittee’s Mark contains the following Committee Report language:

  • [T]he committee directs the Secretary of Defense, in coordination with the Department of Defense Chief Information Officer, to provide a report to the House Committee on Armed Services not later than March 31, 2021, on the status of the Department’s implementation of the [21st Century Integrated Digital Experience Act (IDEA) (P.L. 115-336)] across the defense enterprise.
  • The committee directs the Chief Information Officer of the Department of Defense, in coordination with chief information officers of the military services, to provide a briefing to the House Committee on Armed Services, not later than September 1, 2021, on the processes in place for asset discovery and management of hardware and software products.
  • [T]he committee directs the Comptroller General of the United States to provide a report to the House Committee on Armed Services by September 1, 2021, to examine the issue of internet architecture security.

The Committee adopted hundreds of amendments during its hours long markup, some of which pertained to defense technology issues. The Committee wrote this summary of selected provisions adopted in this package in the jurisdiction of the Intelligence & Emerging Threats and Capabilities Subcommittee offered by a range of Members:

  • Amends Sec. 1286 of the FY 2019 NDAA by adding to the requirements a publication deadline and public release of a list of Chinese and Russian academic institutions with a history of improper technology transfer and other malign behavior.
  • Directs the Secretary of Defense to provide a briefing to the House Committee on Armed Services, not later than 1 December 2020, on the information environment segmentation methodology framework.
  • Requires a GAO study of DOD’s Cyber vulnerability assessment efforts.
  • Requires DOD to submit a report to Congress on DOD components cyber hygiene practices and directs the GAO to review that report and brief the Committees on its findings.
  • To provide a briefing to HASC on improving the cybersecurity of disadvantaged small businesses in the defense industrial base.
  • National Security Commission on Artificial Intelligence (NSCAI) recommendations including
    • “a  steering  committee  on  emerging  technology  and  national  security  threats;”
    • “the  Secretary  of  Defense  shall  develop  and  implement  a  program  to  provide  covered  human  resources  personnel  with  training  in  the  fields  of  software  development,  data  science,  and  artificial  intelligence,  as  such  fields  related  to  the  duties  of  such  personnel;”
    • “a  pilot  program  under which applicants for technical positions within the Department  of  Defense  will  be  evaluated,  in  part,  based  on  electronic  portfolios  of  the  applicant’s  work;”
  • Briefing on use of Artificial Intelligence to analyze beneficial ownership of defense contractors
  • Establishes a National Artificial Intelligence Initiative
  • GAO Study and Report on Electronic Continuity of Operations on the Department of Defense
  • Package of recommendations on artificial intelligence (AI) and emerging technologies from the National Security Commission on Artificial Intelligence (NSCAI), including:
    • a program under which qualified professors and students may be employed on a part-time or term basis in an organization of the Defense science and technology enterprise for the purpose of conducting a research project
    • an advisory panel on microelectronics leadership and competitiveness
    • the Joint Artificial Intelligence Center…shall conduct an assessment to determine whether the Department of Defense has the ability to ensure that any artificial intelligence technology acquired by the Department is ethically and responsibly developed.
  • Amending report language on “Ties between Russia and China” to include assessment on defense cooperation and coordination between Russia and China
  • Requires a report on the applicability of using automated technologies related to computer aided manufacturing software and similar manufacturing technologies to address repair part obsolesce issues and part obsolesce issues and parts shortages across the organic industrial base.
  • To require a plan on spectrum information technology modernization and a program to identify and mitigate vulnerabilities in the military’s telecommunications infrastructure
  • The DOD lacks a similar comprehensive understanding of the Internet-connected assets and attack surface across the DOD enterprise. Amends existing DRL to require a briefing on the current and planned capabilities and concept of operations for Internet operations management.

The Committee also offered summaries of the following provisions adopted across three amendments:

  • Chair’s Mark En Bloc #1
    • Report on Supply Chain Security Cooperation with Taiwan
    • Directs the United States-China Economic and Security Review Commission to brief the committee on any plans, opportunities, and/or challenges the Commission has for sharing its expertise and cooperation with similar organizations among U.S. partners and allies
    • Encourages the Secretary of Defense to take into account the security risks, including threats to operational and information security, of 5G and 6G telecommunications networks in all future overseas stationing decisions
  • Chair’s Mark En Bloc #2
    • Cyber Threat Information Collaboration Environment (JCE)
    • Establishment of the Integrated Cyber Center
    • Cybersecurity Threat Hunting and Sensing, Discovery, and Mitigation
    • The  DOD “shall  establish  a  threat  intelligence  program  to  share  with  and  obtain  from  the  defense  industrial  base  information  and  intelligence  on  threats  to  national  security” that would include cybersecurity incident reporting for defense contractors
    • Requires a study and recommendations from NIST on China’s influence in international standards setting bodies for emerging tech.
    • Requirement to Buy Certain Satellite Component from National Technology and Industrial Base
    • Sense of Congress on the intent and implementation of the Section 889 of the FY19 National Defense Authorization Act pertaining to the prohibition on certain telecommunications and video surveillance services or equipment
    • Extends and modernizes required reporting by the Department of Defense on Chinese Communist Party military companies operating in the United States
  • Chair’s Mark En Bloc #3
    • DRL requiring a briefing from USD(A&S) on how DOD and the CMMC-AB plan to mitigate potential organizational conflicts of interest [between] contractors and third-party assessment organizations performing CMMC certifications
    • To provide assistance to small manufacturers in the defense industrial supply chain with improving cybersecurity
    • GAO Report on GSA e-commerce Portal Data Usage and Competition

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

NTIA Petitions FCC To Reconsider Ligado Decision

The Trump Administration is asking the FCC to reverse its decision to allow a company to use the L-Band for a wireless system that opponents claim will endanger GPS networks.  

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

This week, the National Telecommunications and Information Administration (NTIA), a component agency of the Department of Commerce, filed two petitions with the Federal Communications Commission (FCC), asking the latter agency to stay its decision allowing Ligado to proceed with wireless service using a satellite-terrestrial network utilizing the L-Band opposed by a number of Trump Administration agencies and a number of key Congressional stakeholders. They argue the order would allow Ligado to set up a system that would interfere with the Department of Defense’s (DOD) Global Positioning System (GPS) and civilian federal agency applications of GPS as well. If the FCC denies these petitions, it is possible NTIA could file suit in federal court to block the FCC’s order and Ligado, and it is also conceivable Congress could fold language into the FY 2021 National Defense Authorization Act, or pass standalone legislation, to block the FCC.

The NTIA stated in its press release that it “petitioned the Federal Communications Commission (FCC) to reconsider its Order and Authorization that conditionally granted license modification applications filed by Ligado Networks LLC…[that] permits Ligado to provide terrestrial wireless services that threaten to harm federal government users of the Global Positioning System (GPS) along with a variety of other public and private stakeholders.”

In the petition for a stay, NTIA asked that “Ligado Networks LLC’s (Ligado’s) mobile satellite service (MSS) license modification applications for ancillary terrestrial operations” be paused until the agency’s petition for reconsideration is decided by the FCC because of “executive branch concerns of harmful interference to federal government and other GPS devices.”

In the petition for reconsideration, the NTIA argued it “focuses on the problems in the Ligado Order that are uniquely related to the interests of Department of Defense (DOD) and other federal agencies and their mission-critical users of GPS.” The NTIA added “that the Commission failed to consider the major economic impact its decision will have on civilian GPS users and the American economy…[and] [a]s the lead civil agency for GPS, DOT explained…Ligado’s proposed operations would disrupt a wide range of civil GPS receivers owned and operated by emergency first responders, among others.”

NTIA made the following arguments in its petition:

  • The Ligado Order failed to adequately consider and give appropriate weight to important and valid executive branch concerns about harmful interference to GPS.
  • None of Ligado’s latest mitigation proposals, nor the conditions based on them, have been tested or evaluated by any independent party…[and] [a] more scientific way of resolving these technical disputes could be accomplished through further joint FCC-executive branch or independent testing based on Ligado’s actual network and base station parameters.
  • The license conditions imposed on Ligado will not adequately mitigate the risk of harmful interference to federal GPS devices, will shift the burden of fixing such interference to federal users, and are otherwise impractical for addressing actual impacts to national security systems. In light of the large number of federal GPS devices that potentially would be impacted by Ligado’s network, the FCC conditions, even if modified, will be a high-cost, time consuming effort for Ligado and federal agencies. As written, the condition requiring the repair or replacement of government receivers, is impractical, infeasible, and potentially illegal.

In late April, the FCC’s “decision authorize[d] Ligado to deploy a low-power terrestrial nationwide network in the 1526-1536 MHz, 1627.5-1637.5 MHz, and 1646.5-1656.5 MHz bands that will primarily support Internet of Things (IoT) services.” The agency argued the order “provides regulatory certainty to Ligado, ensures adjacent band operations, including Global Positioning System (GPS), are sufficiently protected from harmful interference, and promotes more efficient and effective use of [the U.S.’s] spectrum resources by making available additional spectrum for advanced wireless services, including 5G.”

Defense and other civilian government stakeholders remained unconvinced. Also, in late April, the chairs and ranking members of the Armed Services Committees penned an op-ed, in which they claimed “the [FCC] has used the [COVID-19] crisis, under the cover of darkness, to approve a long-stalled application by Ligado Networks — a proposal that threatens to undermine our GPS capabilities, and with it, our national security.” Chairs James Inhofe (R-OK) and Adam Smith (D-WA) and Ranking Members Jack Reed (D-RI) and Mac Thornberry (R-TX) asserted:

  • So, we wanted to clarify things: domestic 5G development is critical to our economic competiveness against China and for our national security. The Pentagon is committed working with government and industry to share mid-band spectrum where and when it makes sense to ensure rapid roll-out of 5G.
  • The problem here is that Ligado’s planned usage is not in the prime mid-band spectrum being considered for 5G — and it will have a significant risk of interference with GPS reception, according to the National Telecommunications and Information Administration (NTIA). The signals interference Ligado’s plan would create could cost taxpayers and consumers billions of dollars and require the replacement of current GPS equipment just as we are trying to get our economy back on its feet quickly — and the FCC has just allowed this to happen.

The Ligado application was seen as so important, the first hearing of the Senate Armed Services Committee held after the beginning of the COVID-19 pandemic was on this issue. Not surprisingly the DOD explained the risks of Ligado’s satellite-terrestrial wireless system as it sees them at some length. Under Secretary of Defense for Research and Engineering Michael Griffin asserted at the 6 May hearing:

  • The U.S. Department of Transportation (DOT) conducted a testing program developed over multiple years with stakeholder involvement, evaluating 80 consumer-grade navigation, survey, precision agriculture, timing, space-based, and aviation GPS receivers. This test program was conducted in coordination with DoD testing of military receivers. The results, as documented in the DoT “Adjacent Band Compatibility” study released in March, 2018, demonstrated that even very low power levels from a terrestrial system in the adjacent band will overload the very sensitive equipment required to collect and process GPS signals.  Also, many high precision receivers are designed to receive Global Navigation Satellite System (GNSS) signals not only in the 1559 MHz to 1610 MHz band, but also receive Mobile Satellite Service (MSS) signals in the 1525 MHz to 1559 MHz band to provide corrections to GPS/GNSS to improve accuracy. With the present and future planned ubiquity of base stations for mobile broadband use, the use of GPS in entire metropolitan areas would be effectively blocked.  That is why every government agency having any stake in GPS, as well as dozens of commercial entities that will be harmed if GPS becomes unreliable,  opposed the FCC’s decision. 
  • There are two principal reasons for the Department’s opposition to Ligado’s proposal. The first and most obvious is that we designed and built GPS for reasons of national security, reasons which are at least as valid today as when the system was conceived. The second, less well-known, is that the DoD has a statutory responsibility to sustain and protect the system. Quoting from 10 USC 2281, the Secretary of Defense “…shall provide for the sustainment and operation of the GPS Standard Positioning Service for peaceful civil, commercial, and scientific uses…” and “…may not agree to any restriction of the GPS System proposed by the head of a department or agency of the United States outside DoD that would adversely affect the military potential of GPS.”

A few weeks ago, 32 Senators wrote the FCC expressing their concern that the “Order does not adequately project adjacent band operations – including those related to GPS and satellite communications –  from harmful interference that would impact countless commercial and military activities.” They also took issue “the hurried nature of the circulation and consideration of the Order,” which they claimed occurred during “a national crisis” and “was not conducive to addressing the many technical concerns raised by affected stakeholders.” Given that nearly one-third of the Senate signed the letter, this may demonstrate the breadth of opposition in Congress to the Ligado order.

Earlier this week, the House Armed Services Committee held a conference call with “FCC officials” and Inhofe issued a press release, claiming “I was concerned when I asked the FCC officials on the call if they had convinced any other agency this was good policy or if they had made an attempt to receive a classified briefing on the effects of their decision and their answer was no.”

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.