The House and Senate Armed Services Committees released the text of the compromise fiscal 2025 National Defense Authorization Act on Dec. 7, which included a provision calling for an independent assessment by the National Academies of Sciences, Engineering, and Medicine to “conduct an evaluation of alternative organizational models for the cyber forces of the Armed Forces.”

Each chamber passed nearly identical provisions earlier this year directing the Defense Department to enter into an agreement with the Academies to conduct an evaluation regarding the advisability of establishing a separate military service focused on cyber or refining and further evolving the current organizational approach for Cybercom based on the Special Operations Command model.

However, the final compromise version stripped some of the original language, and some sources referred to the final version as being watered down.

There is no longer due date for such an assessment, meaning it will likely fall down on the prioritization list unless funds are allocated to the Academies to conduct the assessment.

Moreover, the final version placed a larger focus on alternative models for cyber forces rather than solely focusing on an independent armed service, likely a nod to efforts currently underway by DOD and Cybercom to examine other readiness models and force generation, dubbed Cybercom 2.0.

These measures likely have been put in place to weaken the overall provision and effort to examine a potential sixth armed service.

In a statement, Rep. Morgan Luttrell, R-Texas, who co-sponsored the measure in the House Armed Services Committee, said he was “disappointed that my amendment to evaluate the need for a Cyber Force was scaled back.”

Members believe that while some progress has been made to advance America’s cyber forces, much more work is left to do and all options are on the table.

“Since arriving in Congress, I have used my role on the House Armed Services Committee to advance several initiatives to strengthen and expand the cyber capabilities of our armed forces,” Rep. Chrissy Houlahan, D-Pa., said in a statement. “Although significant progress has already been made to ensure our military’s cyber capabilities are the most advanced in the world, there is still more work to be done to ensure that we remain ahead of our adversaries in this important domain. It is important that we remain open to all options to move forward, including the creation of a distinct uniformed Cyber Force, and I am glad that the Fiscal Year 2025 National Defense Authorization Act mandated a new independent study on this important question.”

Others in Congress are positive they can use their oversight powers to push the DOD.

“This study is a step in the right direction and Congress, through its power of oversight can work to ensure the sense of the language is executed,” Rep. Pat Fallon, R-Texas, said in a statement. “All options are on the table except the status quo regarding the DOD’s manning, training, and operations in the cyber domain because the scope, scale, and level of sophistication of the threat has changed. We all agree that we need to adapt fast to show our adversaries power through strength. … I am sure that the incoming administration will take a hard look at everything within the cyber realm to ensure maximum protection, efficiency, and lethality. We in Congress will do the same and I am confident we’ll see changes based on the level of threats we are faced with.”

Some close observers were also optimistic and excited that the assessment made it into the compromised version, despite the changes, especially given a similar proposal that passed the Senate last year was axed from the final bill.

The Cyber Force provision “was diluted — but I am glad it made it — and it remained independent,” Mark Montgomery, senior director of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation and former executive director of the congressionally mandated Cyberspace Solarium Commission, said. “I think DOD may come to regret this effort to weaken the study if the incoming Administration has any plans if its own with regard to an independent cyber service.”

The Record previously reported that DOD formally objected to the assessment proposal that came out of the Armed Services Committees earlier this year.

Some observers are also under the impression that the incoming Trump administration might be more inclined to back — or even direct — the creation of a Cyber Force, much like it did for the Space Force.

Others indicated that the legislation is overall a positive development.

“This legislation is a major step in the right direction,” said Dan Van Wagenen, co-founder and vice president of the Association of the United States Cyber Forces (AUSCF), a nonprofit dedicated to supporting the cyber warfighter. “After five years of debate and analysis, there is a growing consensus that the U.S. needs a dedicated Cyber Force to defend America in Cyberspace. While AUSCF would have liked to have seen the provision go further with the National Academies having a due date to report to the Congress, we are excited to see this critical first action necessary for the establishment of an independent US Cyber Force. It is our hope the incoming Congress and Administration continue to prioritize Cyber in 2025 and beyond.”

There is widespread agreement, however, that the current model needs to be refined, especially in light of advances in adversary capabilities and number of cyber forces.

“If there’s one thing history teachers us, it’s that the enemy gets a vote. Since U.S. Cyber Command was established about a decade and a half ago, our forces have adapted to the evolving operational environment,” Chris Cleary, national president of the Military Cyber Professionals Association (MCPA), a nonprofit dedicated to advocating for military cyber issues, said. “What the MCPA stands firm on is calling for the continued refinement to organizational constructs to better enable success in combat, conflict, and competition. We, as a nation, must continue investing in serious sober analysis of how to increase effectiveness in cyberspace … just like we do for other domains such as the land and sea. This is why we at the MCPA host critical dialogue on such topics. Our national strategic leadership may want incremental change, or something more bold. I’m excited to see what comes of a new study.”

The House passed the NDAA on Wednesday. It must also be passed by the Senate and signed by the president to become law.

The post Despite softened bill language, observers still optimistic about independent cyber force assessment appeared first on DefenseScoop.

The language in the conference version of the fiscal 2025 National Defense Authorization Act marks a change from a provision that passed out of the Senate that specifically called for a dedicated cyber intelligence “center” rather than a “capability.”

Senate lawmakers introduced the provision in last year’s defense policy bill, but it was axed during the reconciliation process. The exact same provision, word for word, had been reintroduced this year and again passed out of committee and the full chamber.

The conference version, released over the weekend, requires the secretary of defense along with the director of national intelligence by October 1, 2026 to ensure DOD has a dedicated cyber intelligence capability in support of the military cyber operations requirements for the warfighting missions of U.S. Cyber Command, other combatant commands, defense agencies, the Joint Staff, and the Office of the Secretary of Defense.

Additionally, the defense secretary must ensure the Pentagon budget materials submitted for each fiscal year beginning with fiscal 2027 should include a request for funds necessary for the capability, noting the funds under the Military Intelligence Program must be made available for Cybercom. It further directs that the National Security Agency cannot provide any information technology services for the cyber intelligence capability, laying it squarely on Cybercom.

In its conference report accompanying the final bill last year where the center was eliminated, lawmakers said while they agree intelligence support to the planning and execution of cyber operations conducted below the level of armed conflict for preparation of the operational environment, must be improved, the causes of, and solutions to, this requirement are complex. They noted that while they’re concerned DOD will fail to address the shortfall without a legislative mandate, they weren’t prepared to dictate a specific organizational solution, but expect the secretary of defense to generate and implement one.

A Senate Armed Services Committee spokesperson previously stated following the panel’s markup of the bill earlier this year, that the committee hadn’t seen enough progress from DOD and there is still a demand signal within the department for the legislation. Introducing it again places pressure on the Pentagon to make progress, they added.

The report accompanying the final conference version between both chambers this year noted members foster continued support for the creation of a cyber intelligence capability within DOD, adding they recognize that there are pockets of people with useful analytical expertise across existing service intelligence centers that will have valuable contributions to the cyber intelligence mission — and the notion that those contributions may go beyond any single center is understandable.

“We believe that as the Department formulates a plan for addressing this provision, it is important to carefully consider what constitutes a ‘cyber intelligence capability.’ We believe that capability should include existing centers where relevant expertise exists, but should also focus fundamentally on how to build and maintain the new and emerging types of technical knowledge and expertise that is needed by the cyber operations community, but that does not currently exist anywhere in the Department in the scale or depth that is required,” the members wrote in the explanatory statement. “Based on recent experience and the emerging results from current cyber pilots, we do not believe that existing all-source intelligence centers alone will be sufficient for the intelligence needs of cyber operators in the future.”

Cyber intelligence and intelligence support to cyber has often seemed elusive, with officials explaining the inherent differences and challenges associated with it relative to traditional military intelligence, especially since it is also so new.

When it comes to foundational intelligence, much is known about the physical world and the platforms like tanks and airplanes that forces have been using for decades. But that is still lacking in the cyber or network realm where detailed intelligence on foreign computer systems, configurations and architectures are paramount for successful operations. This also extends into the open-source world of social media as well.

For years, dating back to when Cybercom was created, there have been talks about building the capability and capacity for developing organic cyber intelligence within the U.S. military. Relatedly, as cyber has grown in importance, there have been increasing discussions at the Defense Intelligence Agency regarding what constitutes foundational cyber intelligence.

Additional challenges include the relationship between Cybercom and NSA. Despite the close linkage — the two organizations share a boss and are co-located — NSA has a fundamentally different mission focused on foreign intelligence targets. Having a dedicated military cyber intel capability under Title 10 — the part of U.S. law that governs the armed forces — is considered increasingly important. In fact, Cybercom sought to create such a capability and center as a pilot effort a couple of years ago.

Conferees from last year’s NDAA, as well as other sources, indicated that as a still maturing combatant command — created in 2010 and only reaching full-blown command status in 2018 — Cybercom must improve its ability to define and articulate requirements for intelligence support. Members of Congress noted that it’s likely Cybercom will continue to need assistance in maturing requirements, with the secretary of defense ensuring that aid is provided by DIA, NSA and intelligence components of the military departments.

At issue are funds and resources required to help establish the necessary capabilities to assist Cybercom and cyber intelligence support, with one former defense official noting that while it will cost money, NSA believes they have it covered and DIA’s budget is much smaller than NSA’s and can’t afford it.

Congressional conferees previously explained they couldn’t burden the national intelligence mission and budget of NSA for the level of tailed support for military cyber operations needed, adding the secretary of defense should provide funding separate from the national intelligence budget for Cybercom to acquire and sustain required technical analytical capability and capacity.

The 2023 DOD cyber strategy sought to make intelligence support for cyber operations a priority, expanding on the 2018 version that simply asserted the department “will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis or conflict.”

“The 2023 DoD Cyber Strategy places renewed emphasis on the role intelligence plays in the planning and execution of cyberspace operations,” Ashley Manning, acting assistant secretary of defense for cyber policy, stated in written congressional testimony earlier this year. “The Office of the Under Secretary of Defense for Policy is working closely with the Office of the Under Secretary of Defense for Intelligence and Security, and through them, the Defense Intelligence Enterprise, to ensure that the intelligence requirements of the cyber warfighter are prioritized. The Department will improve business practices and human capital management processes to expand cyber intelligence production and reduce barriers to information sharing consistent with applicable law, policies, and procedures.”

The strategy notes the DOD will prioritize necessary reforms to meet the intelligence needs of the cyberspace operations community.

There is wide belief that such an organization is needed, on par with how intelligence centers are set up for the other domains of warfare such as the National Ground Intelligence Center or National Air and Space Intelligence Center.

The agreed-to language for the provision might make it tricky to implement, Mark Montgomery, senior director of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation and former executive director of the congressionally mandated Cyberspace Solarium Commission, said.

Cybercom chief Gen. Timothy Haugh noted that there is a gap in how DOD thinks about cyberspace as a warfighting domain.

“Our targeting process is so built around the physical location. This does bring complexity that looks very different when we start to think about applying all the tradecraft that we’ve done for decades on how we target. Building that foundation is an area that we will continue to work with the department,” he said at a dinner hosted by the Intelligence and National Security Alliance in July.

He noted that DIA Director Lt. Gen. Jeffrey Kruse has agreed on a series of pilots to look at problem sets on how the broader intelligence enterprise can help enable Cyber Command from a foundational intelligence perspective.

Kruse told Congress earlier this year his organization was running a series of pilots and “sprints” to evaluate and improve how it provides what it calls foundational cyber intelligence.

“We’re going to take those pilots, we’re going to bring them back into the department to say this is what we think are the lessons that we’ve learned and how we can close that gap from a foundational intelligence perspective,” Haugh said.

The post Defense policy bill directs creation of ‘cyber intelligence capability’ appeared first on DefenseScoop.

UAP is the modern term for UFOs and mysterious transmedium objects.

The bill, released Saturday by the House and Senate Armed Services Committees, includes provisions aimed at beefing up the Defense Department’s capabilities for detecting and defeating unmanned aerial systems — which are a growing threat in the United States and abroad.

Just last month, U.S. and U.K. military personnel were actively monitoring installations around and airspace over Royal Air Force Lakenheath, RAF Mildenhall, RAF Feltwell and RAF Fairford for mysterious small drones that have been repeatedly spotted near those bases. Law enforcement agencies have also been responding to public reports about strange drone sightings in New Jersey, according to news outlets.

Section 925 of the NDAA would task the secretary of defense, no later than 30 days after the enactment of the legislation, to establish or designate from existing organizations and personnel of the department a “C-UAS Task Force.’’

“Not later than 90 days after the date of the enactment of this Act, the Secretary of Defense and the Chairman of the Joint Chiefs of Staff, acting through the C-UAS Task Force, shall review and, if necessary, consolidate and update all Department of Defense memoranda and directives related to the countering of unmanned aircraft systems in United States airspace to provide clarity to and an expedited decision-making process for commanders with respect to effectively countering unmanned aircraft systems or unmanned aircraft incursions at military installations in the United States,” the bill states.

In addition to issuing new guidance related to authorities to counter drones, the head of the DOD would be responsible for ensuring that such guidance is included in pre-briefings for any officers that assume command of a military installation in the United States on or after July 1, 2025.

“Not later than 60 days after the issuance of the memoranda, directives, and guidance required by [this legislation] … each commander of a military installation shall issue operating procedures specific to their military installation for countering unmanned aircraft systems at the installation,” the bill states.

The Pentagon chief would also have to provide a report to the congressional defense committees, within 120 days after the date of the enactment of the NDAA on the U.S. military’s counter-drone training efforts.

After the task force is stood up, lawmakers want it to partner with the Pentagon’s All-Domain Anomaly Resolution Office (AARO), which investigates reports of UAP. That organization recently reached “full operational capability,” officials told DefenseScoop.

Section 1089 of the NDAA would mandate cooperation between the UAP office and the task force.

“The Director of the All-Domain Anomaly Resolution Office of the Department of Defense shall designate one or more employees of the Office to act as a liaison with the Counter Unmanned Aerial Systems Task Force … to improve coordination of efforts and support enabling capabilities of mutual benefit,” the bill states.

The liaisons would be responsible for conducting information-sharing between AARO and the task force on identified or suspected drones, including incident reporting, incident responses, and data on the technical characterization of the known or suspected threats; coordinating the development of technical capabilities for sensing and response to threats; and developing coordinated tactics, techniques and procedures for incident response.

The NDAA must be passed by the full House and Senate and signed by the president to become law.

The bill is moving forward amid concerns among lawmakers and others that some UAP cases could be advanced drones developed by foreign adversaries.

Officials are hoping that sensor technologies built to aid AARO’s work can be used to detect unmanned aerial systems. That office has a prototype system called Gremlin that is being deployed. The Georgia Tech Research Institute developed the Gremlin architecture, which has “several sensing modalities to detect, track, characterize and identify UAP in areas of interest,” officials wrote in a recent AARO report.

At a Senate Armed Services Subcommittee on Emerging Threats and Capabilities hearing last month, Sen. Kirsten Gillibrand, D-N.Y., chair of the subcommittee, noted her concerns about drone incidents near sensitive national security facilities, such as Langley Air Force Base.

“UAS continue to pose significant threats to our national security. In addition to safety of flight issues, these UAS create for our own pilots and air crew, the UAS present clear and undeniable counterintelligence concerns around some of the most sensitive airspace. While standard UAS are not part of AARO’s mission, your work on sensors at military installations across the country will be critical to making sure that we have the domain awareness necessary to accurately identify and track these objects,” she told AARO’s new director, Jon Kosloski. “I expect your office to also pay close attention to any anomalous characteristics that these systems could present in the future.”

Kosloski was asked how his organization might assist the U.S. military and intelligence community with analyzing and identifying drones.

“We are generally going to be supporting them through an advisory capacity as an organization that naturally needs to conduct baseline experiments of the environment to see what normal looks like, whether it’s balloons, birds, anomalous activity, or drones flying through an environment. We’re going to gather a lot of data that will allow us to characterize an environment very well, and then detect and follow those tracks, hopefully rather efficiently. There’s also a lot of overlap in the type of sensors that are going to be used for the counter-UAS mission and the UAP mission, whether that’s active detection, like radars or passive like cameras. And so as AARO is trying to push the bounds on detectability for UAP, we’re hopefully going to have best practices that we can also provide to the counter-UAS [community], and potentially we might have additional technologies that we can offer them to support,” he said.

Last week, Secretary of Defense Lloyd Austin issued a new classified strategy for countering uncrewed systems. An unclassified fact sheet about the strategy did not explicitly mention AARO.

The post NDAA directs Pentagon’s UAP office to team with new counter-drone task force appeared first on DefenseScoop.

Last year, the Pentagon updated DOD Directive 3000.09, “Autonomy in Weapon Systems,” which provides guidance for officials who will be responsible for overseeing the design, development, acquisition, testing, fielding and employment of these types of capabilities — and created a new working group to facilitate senior-level reviews of the technology.

The department defines an autonomous weapon system as “a weapon system that, once activated, can select and engage targets without further intervention by an operator. This includes, but is not limited to, operator-supervised autonomous weapon systems that are designed to allow operators to override operation of the weapon system, but can select and engage targets without further operator input after activation.”

A semi-autonomous weapon system is defined as “a weapon system that, once activated, is intended to only engage individual targets or specific target groups that have been selected by an operator.” So-called “fire and forget” or lock-on-after-launch homing munitions are some examples.

According to the guidance, with some exceptions, before autonomous weapons can enter formal development they must be approved by the undersecretary of defense for policy, undersecretary of defense for research and engineering, and the vice chairman of the Joint Chiefs of Staff. Additionally, the officials in those roles must sign off again before they can be fielded.

However, since the directive was updated, Pentagon officials have been tight-lipped publicly about where things stand about specific platforms that have gone through these types of reviews and signoffs, and the outcomes of those reviews.

The conferenced version of the fiscal 2025 National Defense Authorization Act would require the secretary of defense, no later than Dec. 31, 2025, and annually after that, to provide the congressional defense committees a “comprehensive report” on the approval and deployment of lethal autonomous weapon systems by Uncle Sam.

The documents must include “a comprehensive list of any lethal autonomous weapon systems that have been approved by senior defense officials for use by the United States military under Department of Defense Directive 3000.09, or any successor document, and the dates of such approvals”; any systems that have received a waiver of the requirement for review by senior DOD officials, and the dates such waivers were issued; and systems that are undergoing review.

Additionally, it would require the Pentagon to provide a comprehensive list of any lethal autonomous weapon systems that were not approved after review.

Notably for public transparency, each report would have to be submitted in unclassified form. However, they could also include a classified annex, according to the bill.

The reporting requirements would terminate on Dec. 31, 2029, unless lawmakers extend them.

The annual NDAA, which is often described as “must-pass” legislation, has to be approved by both chambers of Congress and signed by the president before it’s enacted.

The post Congress to require rundown from DOD on approvals and deployments of autonomous weapons appeared first on DefenseScoop.

An amendment to a Senate version of the annual defense authorization bill put forth a few months ago would have required the DOD to establish such an organization, but the version of the NDAA hammered out by members of the House and Senate Armed Services Committees and released Saturday night does not.

Instead, the conferenced bill includes a provision for an evaluation of a “federated artificial intelligence-enabled weapon systems center of excellence.”

“The Secretary of Defense shall determine the advisability and feasibility of establishing a center or centers of excellence to carry out the functions … to support the development and maturation of artificial intelligence-enabled weapon systems by organizations within the Department of Defense that … were in effect on the day before the date of the enactment of this Act” and “have appropriate core competencies” relating to the functions outlined in the conferenced bill, according to the text of the legislation.

Those proposed functions include capturing, analyzing, assessing and sharing lessons learned across the DOD regarding the latest advancements in AI-enabled weapon systems, countermeasures, tactics, techniques and procedures, and training methodologies.

They also include facilitating collaboration among the department and foreign partners, such as Ukraine, to identify and promulgate best practices, safety guidelines, standards and benchmarks.

Additionally, the center could be tasked with facilitating collaboration among the Pentagon, industry, academia and nonprofits in the U.S., “including industry with expertise in autonomous weapon systems and other nontraditional weapon systems that utilize artificial intelligence as determined by the Secretary of Defense”; serving as “a focal point for digital talent training and upskilling for the Department” and “providing enterprise-level tools and solutions based on these best practices, standards, and benchmarks”; and “carrying out such other responsibilities as the Secretary of Defense determines appropriate,” according to the bill.

Not later than 180 days after the date of the enactment of the NDAA, the leader of the Pentagon would be required to give the congressional defense committees a report laying out the secretary’s determination regarding whether establishing a center or centers of excellence for AI-enabled weapon systems is advisable and feasible.

If the DOD chief recommends standing up such a center, that person would be required to submit a plan for establishing it and brief lawmakers on that plan.

The negotiated NDAA may be voted on soon by the full House and Senate. Given the timeline for the presidential transition next month, it’s likely that a determination about the center of excellence will be made by the incoming Trump administration.

The release of the bill comes as the DOD is eyeing a variety of AI-boosted platforms and other tools to enhance the U.S. military’s warfighting capabilities.

Last year, the Pentagon updated its guidance for development, fielding and employment of autonomous weapon systems, and it launched a high-profile initiative known as Replicator to accelerate fielding of thousands of “all-domain attritable autonomous” systems to counter China’s military buildup in the Indo-Pacific.

The post Lawmakers set to punt AI weapon systems center decision to Pentagon appeared first on DefenseScoop.

Both houses of Congress passed nearly identical provisions in their respective versions of the fiscal 2025 National Defense Authorization Act earlier this year, and they were incorporated into the final conferenced bill that was reconciled between both chambers and released Saturday evening.

The House passed a similar provision last year that was axed during this conference process for the annual defense policy bill, effectively killing it until it was revived this year.

Despite some in the Biden administration and the Defense Department voicing opposition to a cyber service, there has been growing support in Congress and among interest groups. The provision calls for an independent assessment by the National Academies of Sciences, Engineering, and Medicine to “conduct an evaluation regarding the advisability of either establishing a separate Armed Force in the Department of Defense dedicated to operations in the cyber domain or refining and further evolving the current organizational approach for United States Cyber Command.”

The issue of creating a sixth military service that is focused solely on cyber operations, while not new, has gained steam over the last year as threats have grown, the landscape is becoming more dynamic and readiness issues have plagued the military services’ forces that they present to U.S. Cyber Command.

Each of the military services is responsible for providing personnel for a set number of teams to Cybercom, which then employs those forces in operations for the other geographic combatant commands. But detractors believe the services are too siloed in their approach, leading to incongruent models for presenting forces to Cybercom and forces maintaining their unique service identities, which leads to readiness issues, according to skeptics.

Cybercom and DOD owe their own set of studies back to Congress through previous legislative asks, after requesting more time to make their assessments and implementations.

Lawmakers have grown frustrated with how long this process has taken, and thus, have begun to take matters into their own hands, requesting independent assessments.

Members of Congress recognized in language accompanying the policy bill Saturday that agreeing on the optimal structure of cyber forces and operations “continues to be a work in progress,” but noted that an evaluation is more challenging when those forces are constantly engaged in demanding training and competition with the private sector for a limited worker pool.

“We believe that an independent, outside examination of these challenge may provide valuable insights to inform decision makers on future force design concepts,” the explanatory statement accompanying the bill states.

Congress is imploring the National Academies to take into account several analyses to include lessons from the creation of the Space Force in 2019. Members also acknowledge challenges with such a study with the National Academies given some might not have deep expertise in military cyber missions.

Lawmakers listed a series of areas they hope the National Academies cover, which include, among others:

• What is the optimal force size of qualified cyber professionals to satisfy existing and projected requirements of the Defense Department, and how are these variables most likely to change?
• Is the department’s current understanding and definition of cyber operations adequate to future challenges and opportunities?
• What options exist to improve training requirements, outputs, and programs in support of cyberspace operations?
• How could the DOD improve recruiting and retention of qualified officers and enlisted members of the armed forces in cyberspace operations and related and supporting fields?
• How might the department better utilize reserve component forces in support of cyberspace operations?
• What approaches could improve force readiness?
• How should the DOD structure itself for acquisition and provision of cyber capabilities in support of cyberspace operations?
• How could the department improve professional military education content and curricula focused on the cyber domain?
• Does increased optimization for cyberspace operations incur cost, risk, efficiency, or other tradeoffs to other missions and responsibilities of the DOD, or elsewhere within the national security community?

The bill now heads to the full House and Senate to be passed before going to the president to sign into law.

The post House and Senate defense committees agree on independent cyber force assessment appeared first on DefenseScoop.

A report accompanying the panel’s version of the fiscal 2025 National Defense Authorization Act, which was released this week, highlighted members’ concerns about where things stand.

“The committee believes that the most effective counter-unmanned aerial systems (UAS) capabilities for the joint force are those using software-defined technologies of autonomy, artificial intelligence (AI), and machine learning,” they wrote, noting that U.S. Special Operations Command has been using such technologies to rapidly deploy cutting-edge counter-UAS capabilities in combat environments. That includes multi-modal sensing capabilities and vertical take-off and landing, AI-driven autonomous air vehicles that can defeat “Group 3” drones — a category of UAS that includes loitering munitions, which are also known as kamikaze drones or one-way attack drones.

Industry has been developing cutting-edge systems, like Anduril’s Roadrunner-M, that are designed to perform air defense missions.

“The committee is concerned by the obstacles to transitioning these innovative capabilities from SOCOM to conventional forces,” and “the committee is concerned that the Services have not budgeted to sustain and expand these types of critical capabilities,” lawmakers noted in the report.

The legislation would require the acquisition executives for the Army, Navy and Air Force to provide separate briefings to the armed services committees on the Hill by Jan. 31, 2025, on their plans to “resource, transition, and scale advanced, AI-enabled, combat-validated UAS defeat capabilities to conventional forces within their department.”

The wording in the provision is very similar to a House-passed version of the annual defense policy bill, which makes it more likely that this type of directive will be included in the final version of the NDAA that comes out of the House-Senate conference process.

Autonomous air vehicles and tracking capabilities aren’t the only high-tech, drone-killing tools that lawmakers want to see the Defense Department prioritize and accelerate for fielding. They’re also keen on directed energy systems, a category of weapons that includes high-energy lasers and high-power microwaves.

DE tools are seen as a more cost-effective way of defeating large numbers of inexpensive drones, on a cost-per-shot basis, than many of the missiles or “kinetic” interceptors in the U.S. military’s arsenal.

In recent years, batches of UAS have been launched against Ukrainian forces and infrastructure by Russia, against U.S. Navy ships and commercial vessels in the Red Sea by the Houthis, and against American troops in the Middle East by other Iranian-backed groups.

“The committee remains concerned about the threat posed by low-cost attritable aerial drones, especially the threat that drone swarms pose to our forces. The committee notes that conflicts in Ukraine and the Middle East clearly demonstrate the utility and proliferation of low-cost attritable aerial drone systems and believes that more must be done to protect U.S. servicemembers from that threat. The committee welcomes the resulting increase in focus of the Department of Defense (DOD) on exploring the use of directed energy systems to defeat these threats at a low cost per engagement,” lawmakers wrote in the report for the SASC version of the policy bill.

“The committee encourages DOD to prioritize rapidly developing and acquiring directed energy systems to defeat large drone swarms and believes that the Department should utilize all available rapid acquisition pathways to develop and acquire directed energy counter drone swarm systems,” they added.

The Pentagon has been experimenting with these types of weapons and deployed some of them overseas, but not on a scale that some officials and advocates would like to see.

The Army has sent a 50-kilowatt laser system to the U.S. Central Command area of responsibility in the Middle East. Doug Bush, the service’s acquisition chief, said officials are getting important feedback from the effort.

“I think we’re learning a lot about the challenges of integration of that powerful laser system … on a vehicle versus doing it at a fixed site or versus doing a lower-power laser on a vehicle like a Stryker. So I think the learning that’s going on, though, is absolutely informing the [program objective memorandum] decisions being made, budget decisions being made right now in terms of what is most likely to succeed first in the directed energy realm. You know, beyond that, the fact that it’s deployed and being used by real soldiers, again, that’s just the best test we can have. I can’t get into more detail on effectiveness right now because of just security concerns,” Bush told reporters in June.

Meanwhile, Epirus has delivered prototypes derived from its Leonidas system to support the Army’s Indirect Fire Protection Capability-High-Power Microwave (IFPC-HPM) initiative. The Navy is also experimenting with the technology.

Some U.S. military leaders have expressed frustration that more DE systems haven’t been fielded. Other Defense Department officials have noted that there are still challenges to overcome, including command-and-command issues.

The SASC version of the NDAA would direct the secretary of defense to provide a briefing to the House and Senate armed services committees by Feb. 1, 2025, on all the department’s initiatives to develop and procure DE weapons that could defeat large numbers of enemy drones in a single engagement.

This week, SASC Chair Jack Reed, D-R.I., and Ranking Member Roger Wicker, R-Miss., announced that the committee’s NDAA was filed for the full Senate’s consideration.

“I am glad that this year’s NDAA makes important progress in a number of areas, including … significant support for technologies like counter-drone defenses and AI,” Reed said in a statement, before noting that he had to vote against the passage of the legislation because it includes authorization for a funding increase that can’t be appropriated without busting spending caps.

“I look forward to working with my colleagues in the Senate and House to find practical ways to strengthen this year’s defense bill,” he said.

In a statement, Wicker said he was “encouraged that many of my colleagues have joined me in the conversation about the need to invest more in our national defense. I look forward to discussing the peace through strength vision I have laid out in the months to come. This year’s NDAA results are a testament to the tradition of bipartisanship, vigorous debate, and good working order on which this committee prides itself.”

The post Senators amplify concerns about pace of fielding AI-enabled counter-drone systems appeared first on DefenseScoop.

The Senate Armed Services Committee on Monday released the full text and report for its version of the fiscal 2025 National Defense Authorization Act with a number of cybersecurity provisions included in it related to zero trust — a widely recognized, cloud-based concept that assumes an adversary has already gained access to a network and therefore looks to limit further movement internally by requiring constant monitoring and authentication of users and their devices as they pass from one part of a network to another.

Key among them is a requirement that, if passed as is, would enlist the DOD chief information officer to issue new guidance tailoring the department’s zero-trust framework to “human-wearable devices, sensors, and other smart technology” included in the so-called military internet of things within 180 days of the law’s passage.

Like traditional internet-of-things hardware, the military internet of things is generally comprised of interconnected, data-rich, sensor-driven devices meant to communicate or share information on a domain in both combat and non-combat settings. While the devices are credited for inexpensively enhancing the military’s ability to sense and share information — in some cases in an automated fashion — they also have led to a proliferation of endpoints that adversaries can target for a cyberattack. A 2015 Center for Strategic and International Studies report referred to security as the “single most important challenge for IoT implementation across the military.”

The guidance from the CIO would also require details on the role that identity, credential, and access management technologies would play in that larger zero-trust strategy as it’s applied to the military internet of things.

A Defense Department strategy signed out in 2022 outlines “target levels” of zero trust, which are a minimum set of 91 capability outcomes that DOD agencies and components must meet to secure and protect networks. The Pentagon’s goal was to achieve those target levels no later than Sept. 30, 2027 — a deadline that David McKeown, the department’s chief information security officer, wants to accelerate.

Senate lawmakers have also taken note of a successful zero-trust pilot and subsequent production contract led by the Defense Information Systems Agency called Thunderdome. In the committee report accompanying the text of the chamber’s version of the 2025 policy bill, the committee urges department components to leverage the success of Thunderdome in replacing the agency’s previous security model known as the Joint Regional Security Stacks (JRSS), which aimed to consolidate the department’s attack surface by reducing thousands of network stacks globally to roughly 25. DISA decided to begin sunsetting that program in 2021.

“The committee is encouraged by the successful prototyping and production agreement for the Thunderdome program, which is expected to scale rapidly across the entire DOD enterprise,” the report reads. “To achieve stated goals within DOD’s specified timelines, the committee believes that DOD components should leverage technologies like Thunderdome, which rely on an open vendor selection process and comprehensive prototyping before production. The committee believes that such attributes are necessary to ensure upgradability and adaptability over time.”

That provision calls on the DOD CIO and director of DISA to brief congressional armed services committees on the progress made with Thunderdome and progress transitioning away from JRSS, “with a focus on how legacy JRSS will incorporate zero trust-aligned continuous trust verification and security inspection regardless of user location or device.”

The post Senate NDAA calls for guidance to apply zero trust to ‘internet of military things’ devices appeared first on DefenseScoop.

Quantum computing and information science marks a still-emerging and likely disruptive field that applies the laws of physics and complicated phenomena happening at atomic and subatomic levels to store, measure and move information. 

Backed by Congress, U.S. national security agencies have been increasingly prioritizing quantum-enabling activities and funding in recent years to prepare for associated technological transformation that might be on the horizon.

Mace, R-S.C., is introducing an amendment to the Defense Department’s appropriations bill for fiscal 2025 to increase funding by $20 million to the Army research, development, test and evaluation account to enable a new DOD Quantum Computing Center of Excellence.

That investment would be “offset by a decrease to Defense-Wide Operations and Maintenance,” an official from her office confirmed.

In May, DefenseScoop reported that the House Armed Services Subcommittee on Cyber Innovative Technologies, and Information Systems (CITI) submitted a provision in the fiscal 2025 Servicemember Quality of Life Improvement and National Defense Authorization Act for a one-stop, military-focused quantum Center of Excellence.

Such hubs, also referred to as COEs, are typically embedded within federal agencies to foster and coordinate innovation or modernization around a specific, often technology-related, topic of interest. 

CITI’s original proposal — calling for a center to be established at a “research laboratory of a covered Armed Force with requisite experience in quantum computing integrated photonics and photon qubits, superconducting and hybrid systems, and trapped ions” — made it into the House’s recently passed version of the NDAA for fiscal 2025.

The Senate has not yet passed its version of the NDAA, which will need to be reconciled with the House version before becoming law.

While Mace’s new amendment to the separate appropriations bill for the same fiscal year could drive further momentum for the creation of a new quantum COE, it would also explicitly involve the Army in the envisioned effort.

“By increasing funding for the Army RDT&E account to create a Department of Defense Quantum Computing Center of Excellence, we are committing to a future where America leads in quantum innovation. This strategic investment will give our military a decisive technological advantage, fortifying our national security against emerging global threats and keeping us ahead in the race against adversaries like China,” the official on her team told DefenseScoop.

The post Call for new DOD-led quantum hub builds momentum on the Hill appeared first on DefenseScoop.

A measure included in the Senate version of the National Defense Authorization Act last year was ultimately nixed from the final proposal during the conference process with the House, which didn’t have a similar provision in its bill.

However, the issue of creating a sixth military service that is focused solely on cyber operations, while not new, has gained steam over the last year as threats have grown, the landscape is becoming more dynamic and readiness issues have plagued the military services’ forces that they present to U.S. Cyber Command.

Each of the military services is responsible for providing personnel for a set number of teams to Cybercom, which then employs those forces in operations for the other geographic combatant commands. But detractors believe the services are too siloed in their approach, leading to incongruent models for presenting forces to Cybercom and forces maintaining their service identities, which leads to readiness issues, according to skeptics.

An amendment to the fiscal 2025 NDAA on the House side proposed by Rep. Morgan Luttrell, R-Texas, during its marathon markup May 22 directs an independent evaluation on the establishment of a U.S. Cyber Force to be conducted by the National Academies of Sciences, Engineering, and Medicine.

“I think the study is a great step forward and it kind of lays the groundwork for something. Or it could very well tell us we’re not ready yet,” Luttrell told DefenseScoop before the committee marked up the bill.

He also noted that he’s not opposed to other solutions, adding that he’s happy to engage with the DOD on possible alternatives to creating a Cyber Force.

Luttrell and other Republican co-sponsors believe the timing for this is now because the cyber risks are increasing and the current approach is too disjointed.

“[T]oday, each service generally builds cyber capacity in isolation. The forces are also supposed to be built to a single standard, but that intent or vision has never come to fruition, with dramatic disparities across the services. In fact, they don’t even align on the names of the career fields for personnel aligned to cyber operations. While seemingly minor, the consequences are significant,” Rep. Pat Fallon, R-Texas, wrote in a recent op-ed. “It’s critical we establish an independent military service aligned to cyberspace, responsible for the Title 10 functions of ‘Organize, Train, and Equip.’”

The Senate Armed Services Committee, which marked up its version of the NDAA this week, included a provision examining the prospect of an independent cyber force or service, according to committee staff. However, a summary of the bill, which passed the committee Thursday night by a vote of 22-3, did not offer any details.

The measures from both House and Senate Armed Services Committees must be passed by their respective chambers of Congress before going into conference where the two versions will be reconciled into a single bill. The full House passed its version on Friday.

Two of the leading outside groups on military cyber issues have applauded the efforts of Congress in exploring options to improve how DOD presents and employs cyber forces, to include the prospect of a new, independent military branch.

The Association of US Cyber Forces (AUSCF) “fully supports the creation of a Cyber Force to support our national security in cyberspace. The provisions of the NDAA calling for a study into this possibility are a step in the right direction, but we have been here before,” the nonprofit, which is dedicated to advancing the capabilities and effectiveness of the United States in the cyber domain, wrote in a statement to DefenseScoop. “This is not the first congressional call for such a study, though we do applaud the move to have it conducted by an entity outside the DOD. Our hope is that this study will unequivocally find what we all already know, that such a dedicated force is not only appropriate, but a vital need for our country if we ever hope to match and surpass our adversaries in this domain … This NDAA inclusion is a step in the right direction, though the time has come for us to build momentum and move towards action quickly following the results of the study.”

The organization, which has been advocating for the creation of a cyber force, is hopeful the assessments conducted outside the DOD will determine the potential for such a force to also exist outside of the department and its currently limited authorities. AUSCF has been advocating for a more holistic national defense force with the authorities to better protect the homeland from a defensive posture and conduct operations against outside actors.

“One thing is certain in the debate on whether or not there should be a bold reorganization to establish a new military service focused on the cyber domain of warfare, and that is there is deep disagreement among relevant stakeholders. However, there is wide consensus that an unbiased independent study to examine the potential value and feasibility of such a service is not only appropriate, but sorely needed,” Chris Cleary, national president of the Military Cyber Professionals Association, a nonprofit dedicated to advocating for military cyber issues, said in a statement to DefenseScoop. “To that end, and in pursuit of our mission and vision, the MCPA wholeheartedly supports the proposed study.”

Congress wants answers

Part of the congressional concern stems from the need for more information and data.

“Many members of Congress, myself included, feel we need better information to understand our current and projected cyber defense capabilities. That’s why this year’s House-passed NDAA has multiple efforts to achieve our shared goal of supporting our cyber professionals and systems,” Rep. Chrissy Houlahan, D-Penn., an Armed Services Committee member, said in a statement to DefenseScoop. “The truth is that the civilian and military cyber landscapes are changing rapidly, almost daily. Because cyber is an integral part of our national defense and needs to be supported with a robust workforce, it’s a matter of congressional concern.”

Congress has previously provided bill language requiring DOD to include an assessment of the costs, benefits and values of establishing a uniformed cyber service in the 2022 cyber posture review. It has also more recently required a study, which among many aspects, called for an examination of the current cyber enterprise, requested a look at how the services should man, train and equip for cyber, and inquired if a single military service should be responsible for basic, intermediate and advanced cyber training of the cyber mission force and if the Pentagon should create a separate service. This effort is known as the Section 1533 study from the fiscal 2023 NDAA.

“The Section 1533 study was looking at all options to include the establishment of a separate service and hence a separate analysis — is it necessary — but we required the department to do the study … as part of the cyber posture review. It seems to me that DOD ignored that requirement and then pointed us to a section in the posture review that included an assessment, but if you look at that section, no such assessment existed,” Mike Gallagher, who until late April was the chairman of the House Armed Services Subcommittee on Cyber, Innovative Technologies, and Information Systems, said during an April hearing. “Why should we believe that the department will follow on with an objective analysis as part of the 1533 study, given that it was ignored previous to this?”

This so-called force structure assessment was due to the secretary of defense June 1.

The DOD has taken the approach of packaging the variety of studies Congress has required, to include 1533, and bundle them into an effort it dubs Cybercom 2.0, a holistic top-to-bottom review underway to examine how to reshape Cybercom’s organization and forces and ensure it’s best postured for the future and emerging threats.

Gen. Timothy Haugh, who became commander of Cybercom in February, said at the command’s legal conference April 9 that along with the newly established Office of the Assistant Secretary of Defense for Cyber Policy he must brief the secretary on the vision for the future of force generation this summer. Later that week, he told the House Armed Services Subcommittee on Cyber, Innovative Technologies, and Information Systems that the command and ASD-Cyber are working on Section 1533 along with other efforts and owe a briefing of 1533 to the secretary of defense in June.

“There are a couple of things that Congress has already given us that is where we’re going to owe products,” he said at the conference, later telling lawmakers: “We owe that [force generation study] to the secretary in June and we are required to brief them in June [on] the results of that study, and we’re moving at pace to ensure that we look at all the options that you directed.”

Other elements Congress has asked DOD and Cybercom to study that are being folded into Cybercom 2.0 efforts include the optimal strategy for structuring and manning various headquarters elements.

According to a DOD spokesperson, the department tapped the RAND Corp. to study the issue.

“In response to Section 1533 of the FY23 NDAA, DOD commissioned an independent research study of U.S. cyber forces through the RAND Corporation, which generated insights concerning challenges and opportunities of force presentation and design, mission essential tasks, civilian-contractor-military mix, training pipelines, talent management, career progression, and pay,” they said. “The alternative models presented in the study have informed the Department’s understanding of current and potential future constructs of the cyber forces. The Department is currently exploring tradeoffs presented by the various models and is on track [to] meet the 1533 legislated timeline to present an implementation plan by June 2025.”

The HASC version of the NDAA for fiscal 2025 that passed in May included an amendment by Houlahan requiring the secretary of defense to submit the 1533 study, along with any supporting analyses that may have been conducted by any other entities, no later than Sept. 30.

As the law currently exists, the DOD owes congressional defense committees briefings at least once every 180 days on the progress of the section 1533 effort until receipt of the plan.

While many observers, including top officials, have acknowledged that the status quo is not working, detractors of an independent cyber force within DOD maintain now is not the time to shake things up.

The current model has not had enough time to prove itself, the argument goes. The command only just received enhanced, more service-like authorities with the passage of the fiscal 2024 appropriations bill earlier this year that provides enhanced budget authority, giving full budget ownership of cyber and direction of cyber forces to Cybercom.

The command modeled itself off U.S. Special Operations Command, a combatant command with unique service-like authorities.

Some outside experts believe the DOD is working to head off congressional direction for outsiders to study an independent cyber force.

“When they were trying to kill the independent assessment DOD suggested and they didn’t think it was needed, they implied the overdue 1533 report was right around the corner. I no longer think that’s true,” Mark Montgomery, senior director of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation and former executive director of the congressionally mandated Cyberspace Solarium Commission, told DefenseScoop. “One might consider that poor form to say ‘I don’t need that because I have this other thing coming,’ and the other thing is not really there.”

Montgomery, who also previously served as policy director for the Senate Armed Services Committee, gives the measure of an independent assessment a 50/50 chance of becoming law at best, even though it was included in both the HASC and SASC versions of the NDAA.

Despite Congress’ affinity for studies and assessments, the fact that the measure didn’t make it into the final bill last year and there are questions surrounding its passage this year, indicate DOD is working to prevent it, sources suggested.

“DOD is telling the senior congressional leadership an independent assessment is ‘not needed,’ very emphatically, repeatedly. DOD leadership is lobbying hard and working hard against this,” Montgomery said.

He acknowledged that if this was an easy fix it would’ve been done already, adding that the problem with continuing to do nothing is that it’s been the approach for 12 years.

“If we don’t do this assessment, we’re doing nothing because DOD is not changing. This force generation problem is getting worse every year and the Chinese are getting better every year,” he said. “DOD has had an open door with congressional leaders to get whatever they needed over the past decade and we ended up in this position.”

The post Assessment for independent cyber force passes House, Senate defense committee appeared first on DefenseScoop.