The Secretary of Defense, in consultation with the Principal Cyber Advisor, shall—
(1) designate a senior official from among the personnel of the Department of Defense to act as the executive agent for cyber and information technology test ranges; and
(2) designate a senior official from among the personnel of the Department of Defense to act as the executive agent for cyber and information technology training ranges.
The biennial integrated plan required under paragraph (1) shall include plans for the following:
(1) Establishment.— The Secretary of Defense shall prescribe the roles, responsibilities, and authorities of the executive agents designated under subsection (a). Such roles, responsibilities, and authorities shall include the development of a biennial integrated plan for cyber and information technology test and training resources.
The biennial integrated plan required under paragraph (1) shall include plans for the following:
(A) Developing and maintaining a comprehensive list of cyber and information technology ranges, test facilities, test beds, and other means of testing, training, and developing software, personnel, and tools for accommodating the mission of the Department. Such list shall include resources from both governmental and nongovernmental entities.
(B) Organizing and managing designated cyber and information technology test ranges, including— (i) establishing the priorities for cyber and information technology ranges to meet Department objectives; (ii) enforcing standards to meet requirements specified by the United States Cyber Command, the training community, and the research, development, testing, and evaluation community; (iii) identifying and offering guidance on the opportunities for integration amongst the designated cyber and information technology ranges regarding test, training, and development functions; (iv) finding opportunities for cost reduction, integration, and coordination improvements for the appropriate cyber and information technology ranges; (v) adding or consolidating cyber and information technology ranges in the future to better meet the evolving needs of the cyber strategy and resource requirements of the Department; (vi) finding opportunities to continuously enhance the quality and technical expertise of the cyber and information technology test workforce through training and personnel policies; and (vii) coordinating with interagency and industry partners on cyber and information technology range issues.
(C) Defining a cyber range architecture that— (i) may add or consolidate cyber and information technology ranges in the future to better meet the evolving needs of the cyber strategy and resource requirements of the Department; (ii) coordinates with interagency and industry partners on cyber and information technology range issues; (iii) allows for integrated closed loop testing in a secure environment of cyber and electronic warfare capabilities; (iv) supports science and technology development, experimentation, testing and training; and (v) provides for interconnection with other existing cyber ranges and other kinetic range facilities in a distributed manner.
(D) Certifying all cyber range investments of the Department of Defense.
(E) Performing such other assessments or analyses as the Secretary considers appropriate.
(3) Standard for cyber event data.— The executive agents designated under subsection (a), in consultation with the Chief Information Officer of the Department of Defense, shall jointly select a standard language from open-source candidates for representing and communicating cyber event and threat data. Such language shall be machine-readable for the Joint Information Environment and associated test and training ranges.
The Secretary of Defense shall ensure that the military departments, Defense Agencies, and other components of the Department of Defense provide the executive agents designated under subsection (a) with the appropriate support and resources needed to perform the roles, responsibilities, and authorities of the executive agents.
The Secretary shall carry out this section in compliance with Directive 5101.1.
In this section:
(1) The term “designated cyber and information technology range” includes the National Cyber Range, the Joint Information Operations Range, the Defense Information Assurance Range, and the C4 Assessments Division of J6 of the Joint Staff.
(2) The term “Directive 5101.1” means Department of Defense Directive 5101.1, or any successor directive relating to the responsibilities of an executive agent of the Department of Defense.
(3) The term “executive agent” has the meaning given the term “DoD Executive Agent” in Directive 5101.1.
(Added Pub. L. 113–291, div. A, title XVI, § 1633(a), Dec. 19, 2014, 128 Stat. 3641.)