29 June 1997 Source: Excerpted from House Report 105-132 on Defense Authorization for 1998, Title II -- Research, Development, Text and Evaluation: http://jya.com/hr105-132-II.txt -------------------------------------------------------------------- Information systems technology, information superiority, and information security The budget request contained approximately $10.3 billion for Department of Defense information systems and information technology, including $544.4 million for information systems and information technology research, development, test, and evaluation. Of that amount, $306.0 million was for information security research, development, test, and evaluation. The committee views with great interest the development of information systems technology and the increasing use of, and dependence on information systems in the Department of Defense and in the nation as a whole. Rapidly advancing information- based technologies and an increasingly competitive global environment have thrust information into center stage in society, government, and warfare. Increasingly, complex information systems are being integrated into traditional military operational disciplines such as mobility, logistics, command, control, communications, and intelligence, and increased emphasis is being placed on the use of the commercial information infrastructure. The committee believes that the application of information and information technology in our military forces, combined with the supporting infrastructure in the Department of Defense, and our national life will offer greatly increased capabilities, but also will require that the Administration begin to treat information technology as a strategic resource vital to our national security. Inherent in these new capabilities, information technology also creates potentially serious vulnerabilities that could be exploited by an adversary, as the military and other elements of national power become increasingly dependent upon information systems and information capabilities. The vulnerability of information infrastructures to attack and the linkage between information systems and the traditional critical infrastructures (such as the electrical power system) have increased the scope and potential of the information warfare threat. The promise of information technology as a key ``enabler'' to achieve superiority on future battlefields, the vulnerabilities that information technology brings, and how the Department of Defense plans to protect against these vulnerabilities provided the focus for a committee hearing in March 1997. The committee also heard testimony on the findings and recommendations of the 1996 Defense Science Board Task Force on Information Warfare-Defense. The task force report cited a robust information infrastructure as critical to the future effectiveness of U.S. military forces and the need for extraordinary action to deal with the present and emerging challenges of defending against possible information warfare attacks on the United States. The committee commends the efforts taken to develop and institutionalize the use of common information architectures within the Department of Defense, to improve policies and management practices, and to create a Department-wide environment that promotes interoperability and integration among the military services and defense agencies. The committee notes the efforts that are underway to protect and assure the integrity of the Defense and national information infrastructures. The committee also notes that the budget request for the information systems security program in PE 33140G includes an increase of $56.6 million above the fiscal year 1997 funding level. The committee supports the maintenance of a robust information systems security research and development program. Accordingly, the committee recommends the following increases to the budget request: (1) $2.0 million in PE 63006A for tactical internet command and control protection; (2) $6.7 million in PE 65604A for information operations/warfare survivability analysis of command, control, communications, and computers/information electronic warfare systems; (3) $1.6 million in PE 33150A for development and application of information protection measures for the Army's component of the global command and control systems for the U.S. European Command; and (4) $2.7 million in PE 33140F for the Air Force information protection program. The committee directs the Secretary of Defense to report to the Congressional defense committees with the submission of the fiscal year 1999 budget, an assessment of the progress in the Department's information systems security program that addresses the current status of the program, specific actions being taken on the recommendations of the 1996 Defense Science Board Task Force on Information Warfare-Defense, and additional actions that should be taken to assure the increased security and integrity of the Defense information infrastructure. The report shall also address measures necessary to assure the integrity of those elements of the national information infrastructure and critical national infrastructure on which the Defense information infrastructure depends, and identification of any additional resources and legislative authority which may be required. -------------------------------------------------------------