NDAA Contains Cybersecurity Provision
Sneaks in a watered-down version of the president's information-sharing scheme
Buried in the Senate-approved NDAA is Section 936, which would require the Pentagon to "establish a process" for defense contractors that have classified information on their networks to report any successful cyber penetration of their systems to the Defense Department. "The report by a contractor on a successful penetration of a designated network or information system under the process shall include the following: (A) A description of the technique or method used in the penetration; [and] (B) A sample of the malicious software, if discovered and isolated by the contractor." In addition, upon request, contractors would be required to give DoD access to "equipment or information" to determine if any classified "information created by or for" the DoD had been "successfully exfiltrated." DoD would not be allowed to distribute this information outside of DoD without the contractor's approval.
Hide Comments (0)
Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.
Please
to post commentsMute this user?
Ban this user?
Un-ban this user?
Nuke this user?
Un-nuke this user?
Flag this comment?
Un-flag this comment?