LETTER: TechNet Letter to the Senate Armed Services Committee on the 2021 NDAA
June 10, 2020
The Honorable James Inhofe (R-OK)
Senate Armed Services Committee
205 Russell Senate Office Building
Washington, D.C. 20510
The Honorable Jack Reed (D-RI)
Senate Armed Services Committee
728 Hart Senate Office Building
Washington, D.C. 20510
DearChairman Inhofe and Ranking Member Reed:
As the full Senate Armed Services Committee marks up the 2021 National Defense Authorization Act (NDAA) this week, TechNet would like to renew our commitment to advancing this critical legislation in a manner that furthers the tech industry’s longstanding partnership with the military in advancing U.S.national security objectives. Technology is increasingly vital to a strong national defense — and with cyber threats growing each day — we want to ensure our men and women in uniform have access to the most cutting-edge technologies available to defend the American people. As our nation continues to grapple with the COVID-19 pandemic, this annual bill is more critical now than ever before.
TechNet is the national, bipartisan network of innovation economy CEOs and senior executives. Our diverse membership includes dynamic American businesses ranging from startups to the most iconic companies on the planet and represents over three million employees and countless customers in the fields of information technology, e-commerce, the sharing and gig economies, advanced energy, cybersecurity, venture capital, and finance.
Justas technology powers every sector of our economy today, it is also key to ensuring our military stays ahead of the evolving global threats facing our nation and the globe. Today, and for the foreseeable future, achieving technological superiority is the key to deterring aggression from our adversaries and ensuring that any time our service members enter the battlefield, they do so with an overwhelming advantage. The fiscal year 2020 NDAA made significant investments in research and development of cutting-edge innovations such as artificial intelligence, 5G, and quantum computing, among others. Achieving superiority in these emerging technologies is essential for U.S. national and economic security — and the U.S. tech sector has a vital role to play. To that end, we urge the Senate Armed Services Committee to build on these investments in the 2021 NDAA.
Broadly speaking, sustaining US technological primacy over our global competitors like China will only come with a significant increase in federal investment in research, education and training, technology transfer and entrepreneurship. The superpower of the future will be whichever country wins the race in key technologies – such as artificial intelligence, quantum computing, advanced communications, and advanced manufacturing. The economic havoc caused by the COVID-19 pandemic has only served to further highlight the critical need for a massive federal investment designed to catalyze U.S. innovation. We support the bi-partisan Endless Frontier Act, introduced by Senate Democratic Leader Chuck Schumer (D-NY) and Senator Todd Young (R-IN) as a way to boost investments in the discovery, creation, and commercialization of new technologies that ensure American leadership in the industries of the future while bolstering our national security and spurring our economic recovery.
- Increase funding for science and technology efforts to implement the National Defense Strategy, especially in the areas of AI, 5G, quantum computing, cybersecurity, and university research.
- Strengthen the Department of Defense (DoD) efforts to develop and deploy AI systems in support of national security, including funding for Defense Innovation Unit AI research, extending the National Security Commission on AI, and expanding AI research by the Department across several areas. To this end, we encourage the Committee to maximize research and development funding on AI and believe bipartisan legislation such as S. 1158, the Artificial Intelligence Initiative Act (AI-IA) introduced by Senators Martin Heinrich (D-NM), Rob Portman (R-OH) and Brian Schatz (D-HI) could be a model for this.
- Encourage the U.S. military to continue its utilization of 5G technologies. This includes supporting the development of a robust, domestic 5G supply chain using research and development vehicles such as Other Transaction Authority to accelerate deployment of commercial 5G technologies. Additionally, given that the private sector has already invested billions of dollars in this technology, we believe oversight and management of the non-federal spectrum should remain with the Federal Communications Commission and should not be transferred to the Department of Defense. ·
- Include report language urging the Administration to modernize the Federal Risk and Authorization Management Program (FedRAMP) program. FedRAMP was designed to accelerate the adoption of security cloud solutions and improve confidence in the security of cloud solutions and security assessments, among other things. While well intended and partially successful,FedRAMP’s design is no longer optimized for modern security solutions. It is unsuited to the growth of emerging technologies like the Internet of Things (IoT) and artificial intelligence/machine learning (AI/ML) and is not dynamic enough to incorporate new innovative products. These deficiencies are a result ofFedRAMP’s limited resourcing and ability to keep pace with agency and cloud service provider (CSP) demand for review and authorization, agencies’ limited reuse of authorizations to operate (ATOs), and the compliance-focused, manually driven certification and maintenance process that underpins the interaction between agencies and CSPs. These deficiencies create an opportunity to revise FedRAMP in a manner that reflects a maturation of the government’s risk-management approach and improves IT modernization outcomes. We encourage the Administration to take administrative action to update the FedRAMP program to place continuous, incremental, and automated monitoring at the heart of the FedRAMP process, consolidate and standardize the process for risk acceptance across the federal government, and take steps to enable the federal government to leverage the full scope of emerging innovation in the cloud computing and IT markets.
A comprehensive national defense strategy also recognizes that cyberspace is growing more contested as our adversaries’ technological capabilities have advanced. Cyberattacks by state and non-state actors threaten international and national security, democratic processes, the global economy, the free flow of ideas and information, and the safety, security, and privacy of individuals. Our approach to cybersecurity must focus on deterrence, modernization, and resilience, and we would encourage the Committee to strengthen U.S. cyber capabilities and invest more in cyber research and talent with the following recommendations:
- Increase funding for cyber basic and applied research.
- Establish a White House Office of the National Cyber Director. This role is critical to coordinating cybersecurity efforts across the entire federal government and to sharing cyberthreat information with the private sector in a timely and actionable manner, which the current process is not able to do. Specifically, the federal government should work to minimize the average amount of time that a threat actor remains undetected once they have gained their initial exploit or foothold. To this end, the federal government should track and publish its own performance metrics.
- Develop public and private initiatives that support improving the cyber defense capabilities of small businesses, especially in light of the economic harm caused by the COVID-19 pandemic and the nationwide shift to teleworking. Congress has already stepped up to supportAmerica’s small businesses as they struggle to stay solvent in the wake of the COVD-19 pandemic, and support in this area may prove even more critical to their ability to fully recover.
- Provide additional resources to critical infrastructure institutions such as hospitals and schools for IT modernization and cybersecurity. These institutions have already undergone extreme stress from treating Americans inflicted by COVID-19 to ensuring our nation’s children are receiving a seamless education while learning from home. Given that we are likely months away from returning to anything resembling normalcy, direct funding, federal guidance and expertise, and cybersecurity risk management for these institutions are all the more critical, not only for our economic recovery, but also for our national security.
- Reject federal mandates on the design of products and services. The federal government should be particularly careful to avoid requirements that would weaken the security of technology used to protect sensitive personal information and critical systems.
- Provide industry with appropriate liability protections when participating in government cybersecurity sharing programs.
- Address the public and private sector shortages in personnel with cybersecurity skills and experience by supporting the development of broad and diverse cyber workforce.
Now more than ever, our country must embrace a comprehensive strategy to induce young Americans to pursue degrees in STEM. Prior to COVID-19, employers, as demonstrated by government statistics showing computer-related industry unemployment fell to 2.8% in April, could not find enough qualified U.S.-born computer scientists and computer engineers to maintain our economic growth in the U.S. Education, workforce, and immigration policies and initiatives help the U.S. develop and retain the world’s best cyber workforce, and we encourage the Committee to invest in these areas:
- Encourage STEM Training for the Junior Reserve Officer Training Corps (JROTC). Just as it is critical within the private sector, ensuring JROTC cadets remain on the cutting edge of computer science, cybersecurity, and emerging technologies is key to maintaining the UnitedStates’ defense superiority. We support inclusion of bipartisan legislation introduced by Senator Jacky Rosen (D-NV), S. 2154, the JROTC Cyber Training Act which would direct the DOD to implement a program to prepare JROTC students for careers in computer science and cybersecurity.
- Improve employment opportunities for military spouses by making it easier for them to transport their occupational licenses when they move and extending the authority for the service branches to reimburse licensure and certification costs arising from a permanent change of station. Given online platforms facilitate work opportunities, we encourage the Committee to build upon this policy from the 2020 NDAA.
As the full committee marks up the 2021 NDAA, we encourage you to continue working with TechNet and our member companies to ensure the tech industry can remain a valuable partner in providing cutting-edge technologies to our service men and women. We also urge the committee to ensure that the 2021 NDAA includes strong intellectual property protections and furthers the DoD’s ability to leverage all existing commercial technologies and best practices in order to effectively meet mission needs and put taxpayer dollars to the most effective use.
Thank you for considering our perspective as you take up this important legislation. We welcome the opportunity to serve as a resource as work on the NDAA continues this year.
TechNet President and CEO