Statutory Notes and Related Subsidiaries

Implementation of Certain Recommendations Regarding Use of Unmanned Aircraft Systems by the National Guard

Pub. L. 117–81, div. A, title V, §514, Dec. 27, 2021, 135 Stat. 1683, provided that: "Not later than September 30, 2022, the Secretary of Defense shall implement recommendations of the Secretary described in section 519C(a)(2) of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (Public Law 116–283) [134 Stat. 3596]."

Pilot Program on Remote Provision by National Guard to National Guards of Other States of Cybersecurity Technical Assistance in Training, Preparation, and Response to Cyber Incidents

Pub. L. 116–283, div. A, title XVII, §1725, Jan. 1, 2021, 134 Stat. 4112, provided that:

"(a) Pilot Program Authorized.—

"(1) In general.—The Secretary of Defense may conduct a pilot program to assess the feasibility and advisability of the development of a capability in support of Department of Defense missions within the National Guard through which a National Guard of a State remotely provides National Guards of other States (whether or not in the same Armed Force as the providing National Guard) with cybersecurity technical assistance in training, preparation, and response to cyber incidents.

"(2) Termination.—The authorization under paragraph (1) to conduct the pilot program expires 24 months after the date of the enactment of this Act [Jan. 1, 2021].

"(b) Assessment Prior to Commencement.—For purposes of the pilot program described in subsection (a), the Secretary of Defense shall, prior to commencing the pilot program, for purposes of evaluating existing platforms, technologies, and capabilities under subsection (c), and for establishing eligibility and participation requirements under such subsection—

"(1) conduct an assessment of—

"(A) existing cyber response capacities of the Army National Guard or Air National Guard, as applicable, in each State; and

"(B) any existing platform, technology, or capability of a National Guard that provides the capability described in subsection (a)(1);

"(2) determine whether a platform, technology, or capability referred to in subparagraph (B) is suitable for expansion for purposes of the pilot program; and

"(3) assess potential benefits or impact on the missions, the Total Force, the Cyber Operations Forces, and the cyber infrastructure of the Department of Defense.

"(c) Elements.—The pilot program described in subsection (a) may include the following:

"(1) A technical capability that enables the National Guard of a State to remotely provide cybersecurity technical assistance to National Guards of other States, without the need to deploy outside its home State.

"(2) The development of policies, processes, procedures, and authorities for use of such a capability, including with respect to the following:

"(A) The roles and responsibilities of both requesting and deploying National Guards with respect to such technical assistance, taking into account the matters specified in subsection (g).

"(B) Necessary updates to the Defense Cyber Incident Coordinating Procedure, or any other applicable Department of Defense instruction, for purposes of implementing such a capability.

"(C) Program management and governance structures for deployment and maintenance of such a capability.

"(D) Security when performing remote support, including in matters such as authentication and remote sensing.

"(3) The conduct, in consultation with the Secretary of Homeland Security and the Director of the Federal Bureau of Investigation, the heads of other Federal agencies, and appropriate non-Federal entities, as appropriate, of at least one exercise to demonstrate such a capability, which exercise shall include the following:

"(A) Participation of not fewer than the National Guards of two different States.

"(B) Circumstances designed to test and validate the policies, processes, procedures, and authorities developed pursuant to paragraph (2).

"(d) Use of Existing Technology.—The Secretary of Defense may use an existing platform, technology, or capability to provide the technical capability described in subsection (a)(1) under the pilot program.

"(e) Eligibility and Participation Requirements.—The Secretary of Defense shall, in consultation with the Chief of the National Guard Bureau, establish requirements with respect to eligibility and participation of National Guards in the pilot program.

"(g) [sic] Construction With Certain Current Authorities.—

"(1) Command authorities.—Nothing in this section may be construed as affecting or altering the command authorities otherwise applicable to any unit of the National Guard participating in the pilot program.

"(2) Emergency management assistance compact.—Nothing in this section may be construed as affecting or altering any current agreement under the Emergency Management Assistance Compact, or any other State agreements, or as determinative of the future content of any such agreement.

"(h) Evaluation Metrics.—The Secretary of Defense shall establish metrics to evaluate the effectiveness of the pilot program.

"(i) Term.—The pilot program under subsection (b) shall terminate not later than the date that is three years after the date of the commencement of the pilot program.

"(j) Reports.—

"(1) Initial report.—Not later than 180 days after the date of the commencement of the pilot program, the Secretary of Defense shall submit to the appropriate committees of Congress and the Secretary of Homeland Security an initial report setting forth a description of the pilot program and such other matters in connection with the pilot program as the Secretary considers appropriate.

"(2) Final report.—Not later than 180 days after the termination of the pilot program, the Secretary of Defense shall submit to the appropriate committees of Congress and the Secretary of Homeland Security a final report on the pilot program. The final report shall include the following:

"(A) A description of the pilot program, including any partnerships entered into under the pilot program.

"(B) A summary of the assessment performed prior to the commencement of the pilot program in accordance with subsection (b).

"(C) A summary of the evaluation metrics established in accordance with subsection (h), including how the pilot program contributes directly to Department of Defense missions.

"(D) An assessment of the effectiveness of the pilot program, and of the capability described in subsection (c)(1) under the pilot program.

"(E) A description of costs associated with the implementation and conduct of the pilot program.

"(F) A recommendation as to the value of the pilot program, including whether to authorize a permanent program modeled on the pilot program, including whether the pilot program duplicates the remote operating concept and capabilities of active duty cyber operations forces.

"(G) An estimate of the costs of making the pilot program permanent and expanding it nationwide in accordance with the recommendation in subparagraph (F).

"(H) Such recommendations for legislative or administrative action as the Secretary considers appropriate in light of the pilot program.

"(3) Appropriate committees of congress defined.—In this subsection, the term 'appropriate committees of Congress' means—

"(A) the Committee on Armed Services and the Committee on Homeland Security of the House of Representatives; and

"(B) the Committee on Armed Services and the Committee on Homeland Security and Governmental Affairs of the Senate.

"(k) State Defined.—In this section, the term 'State' means each of the several States, the District of Columbia, the Commonwealth of Puerto Rico, American Samoa, Guam, the United States Virgin Islands, and the Commonwealth of the Northern Mariana Islands."

Cyber Capabilities and Interoperability of the National Guard

Pub. L. 116–283, div. A, title XVII, §1729, Jan. 1, 2021, 134 Stat. 4118, provided that:

"(a) Evaluation.—

"(1) In general.—Not later than 180 days after the date of the enactment of this Act [Jan. 1, 2021], the Secretary of Defense shall submit to the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives], the Committee on Homeland Security and Governmental Affairs of the Senate, and the Committee on Homeland Security of the House of Representatives an evaluation of the statutes, rules, regulations and standards that pertain to the use of the National Guard for the response to and recovery from significant cyber incidents.

"(2) Consideration of inputs.—In conducting the evaluation under paragraph (1), the Secretary of Defense shall consult with the Secretary of Homeland Security and may solicit and consider inputs from the following:

"(A) The heads of Federal agencies determined appropriate by the Secretary of Defense.

"(B) State governors.

"(C) The heads of other non-Federal entities as determined appropriate by the Secretary of Defense.

"(b) Elements of Evaluation.—The evaluation required under subsection (a) shall include review of the following:

"(1) Regulations promulgated under section 903 of title 32, United States Code, to clarify when and under what conditions the National Guard could respond to a cyber attack as a homeland defense activity under section 902 of such title.

"(2) Guidance promulgated regarding how units of the National Guard shall collaborate with relevant civil, law enforcement, and cybersecurity agencies when conducting a homeland defense activity under section 902 of title 32, United States Code.

"(c) Update to Certain Regulations and Guidance.—If the Secretary of Defense determines such is appropriate based on the evaluation required under subsection (a) and the review described in subsection (b), the Secretary shall update—

"(1) the regulations referred to in subsection (b)(1); and

"(2) the guidance referred to in subsection (b)(2).

"(d) Update to the National Cyber Incident Response Plan.—Not later than 270 days after the date of the enactment of this Act, the Secretary of Homeland Security, in coordination with the Secretary of Defense, may update the National Cyber Incident Response Plan to address any changes made by the Secretary of Defense to the roles and responsibilities of the National Guard for the response to and recovery from significant cyber incidents.

"(e) Joint Briefings.—Not later than 300 days after the date of the enactment of this Act, the Secretary of Defense and the Secretary of Homeland Security shall jointly brief the congressional defense committees, the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives on the following:

"(1) The results of the evaluation required under subsection (a)(1), including the utilization of any input provided to the Secretary of Defense pursuant to subsection (a)(2).

"(2) Any updated regulations or guidance in accordance with subsection (c).

"(3) Any update by the Secretary of Homeland Security to the National Cyber Incident Response Plan pursuant to subsection (d).

"(4) How the Department of Defense, including the National Guard, and the Department of Homeland Security, including the Cybersecurity and Infrastructure Security Agency and the Federal Emergency Management Agency, will collaborate with each other and with relevant law enforcement, State governments, and other non-Federal entities when responding to and recovering from significant cyber incidents.

"(f) Definition.—The term 'significant cyber incident' means a cyber incident that results, or several related cyber incidents that result, in demonstrable harm to—

"(1) the national security interests, foreign relations, or economy of the United States; or

"(2) the public confidence, civil liberties, or public health and safety of the American people."