[Congressional Bills 113th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4500 Introduced in House (IH)]
113th CONGRESS
2d Session
H. R. 4500
To improve the management of cyber and information technology ranges
and facilities of the Department of Defense, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
April 28, 2014
Mr. Kilmer (for himself, Ms. Tsongas, and Mr. Connolly) introduced the
following bill; which was referred to the Committee on Armed Services
_______________________________________________________________________
A BILL
To improve the management of cyber and information technology ranges
and facilities of the Department of Defense, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. CYBER AND INFORMATION TECHNOLOGY RANGES.
(a) Management of Cyber Ranges and Facilities.--Subsection (b) of
section 932 of the National Defense Authorization Act for Fiscal Year
2014 (Public Law 113-66) is amended--
(1) by adding at the end the following new paragraphs:
``(3) List of cyber and information technology ranges and
facilities.--
``(A) In general.--The Principal Cyber Advisor
designated under subsection (c)(1) shall establish a
comprehensive list of the cyber and information
technology ranges and facilities of the Department of
Defense.
``(B) Terminology.--In establishing the list under
subparagraph (A), the Principal Cyber Advisor shall
denote whether each cyber and information technology
range and facility is--
``(i) a `cyber range', as defined by the
Principal Cyber Advisor pursuant to subsection
(c)(2)(C); or
``(ii) an `IT range', as defined by the
Principal Cyber Advisor pursuant to such
subsection.
``(C) Submission.--Not later than one year after
the date of the enactment of the National Defense
Authorization Act for Fiscal Year 2015, the Principal
Cyber Advisor shall submit to the congressional defense
committees the list established under subparagraph (A).
``(4) Management of systems.--The Principal Cyber Advisor
shall determine, on a case by case basis, whether a cyber and
information technology range and facility listed under
paragraph (3)(A) should be centrally managed under paragraph
(5) to increase efficiency, provide capability or capacity to
more elements of the Department of Defense, or both.
``(5) Coordinating entity.--
``(A) Establishment.--Not later than 270 days after
the date of the enactment of the National Defense
Authorization Act for Fiscal Year 2015, the Secretary
of Defense shall establish an entity, or designate an
element of the Department of Defense, to coordinate
cyber and information technology ranges and facilities
that the Principal Cyber Advisor determines should be
centrally managed under paragraph (4).
``(B) Duties.--With respect to the cyber and
information technology ranges and facilities designated
under paragraph (4), the head of the entity established
or designated under subparagraph (A) shall be
responsible for the following:
``(i) Managing the cyber and information
technology ranges and facilities, including
coordinating the scheduling of ranges and
facilities.
``(ii) Identifying and providing guidance
to the Secretary with respect to opportunities
for integration among the cyber and information
technology ranges and facilities regarding
testing, training, and developing functions.
``(iii) Assisting the military departments,
the National Guard, and the elements of the
Department gain access to the cyber and
information technology ranges and facilities.
``(C) Reports.--The head of the entity established
or designated under subparagraph (A) shall submit to
the congressional defense committees--
``(i) an annual report on the opportunities
for cost reduction and improvements to the
integration and coordination of the cyber and
information technology ranges and facilities;
and
``(ii) by not later than one year after the
date of the enactment of the National Defense
Authorization Act for Fiscal Year 2015, an
initial report on the status, integration
efforts, and usage of cyber and information
technology ranges and facilities.
``(6) Cyber and information technology ranges and
facilities defined.--In this subsection, the term `cyber and
information technology ranges and facilities' means cyber
ranges, test facilities, test beds, and other means of the
Department of Defense for testing, training, and developing
software, personnel, and tools for accommodating the mission of
the Department.''; and
(2) in the heading, by inserting ``and Information
Technology'' after ``Cyber''.
(b) Common Terms.--
(1) In general.--Subsection (c)(2) of such section is
amended by adding at the end the following new subparagraph:
``(C) Establishing and maintaining a list of terms
and definitions with respect to commonly used terms
relating to cyber matters to improve the coordination
and cooperation among the military departments and
among other departments and agencies of the Federal
Government.''.
(2) Establishment.--In carrying out section 932(c)(2)(C) of
the National Defense Authorization Act for Fiscal Year 2014
(Public Law 113-66), as added by paragraph (1), the Principal
Cyber Advisor shall--
(A) establish the list of terms and definitions by
not later than 270 days after the date of the enactment
of this Act; and
(B) use as a basis for such list Joint Publication
1-02, Department of Defense Dictionary of Military and
Associated Terms (as amended through 31 January 2011).
(c) Pilot Program.--
(1) In general.--The head of the entity established or
designated under section 932(b)(5)(A) of the National Defense
Authorization Act for Fiscal Year 2014 (Public Law 113-66), as
added by subsection (a), shall carry out one or more pilot
programs to demonstrate commercially available, cloud-based
cyber training, exercise, and test environments (both
unclassified and classified) that are available to meet the
mission of the Department of Defense while providing the
defense laboratories, the National Guard, academia, and the
private sector access to such training, exercise, and test
environments.
(2) Evaluation.--The pilot programs under paragraph (1)
shall evaluate the costs and benefits with respect to the
following matters:
(A) Persistent capability.
(B) Remote access.
(C) Capability to transfer information across
classification levels.
(D) Reuse of environments.
(E) Routine integration of new technologies.
(F) Use of commercially available cloud-based
solutions that are compliant with the Federal Risk and
Authorization Management Program.
(G) Pay-per-use utility pricing model.
(H) Any other matters the head determines
appropriate.
(3) Eligible entities.--The head shall select, using
competitive procedures, defense laboratories and federally
funded research and development centers to carry out pilot
programs under paragraph (1).
(4) Follow-on activities.--Based on the information learned
under the pilot programs under paragraph (1), the Secretary of
Defense may carry out any of the following activities:
(A) Transition a pilot program to be carried out by
the Secretary for operations, maintenance, and
continued use by cyber organizations of the Department.
(B) Provide persistent year-round accessibility of
the environment for continued training during non-
exercise periods.
(C) Provide a ``certification quality'' environment
for initial and recurring training of all cyber teams.
(D) Replicate the capability of a pilot program to
provide similar high-end training and exercise
opportunities for non-Department cyber professionals,
including in coordination with the Secretary of
Homeland Security.
(E) Sustain the research and development effort
under a pilot program to continue updating network
environments, targets and defended assets, and
integration of new cyber tools.
(F) Sustain technology infusion under a pilot
program to apply and evaluate advanced concepts and
solutions to problems that affect multiple mission
spaces of the Department.
(G) Create a library of virtual cyber templates
that are ready to be used on short notice without the
capital expenditures that would otherwise be required.
<all>