Not less frequently than annually, the Commander of the United States Strategic Command and the Commander of the United States Cyber Command (in this section referred to collectively as the “Commanders”) shall jointly conduct an assessment of the cyber resiliency of the nuclear command and control system.
In conducting the assessment required by subsection (a), the Commanders shall—
(1) conduct an assessment of the sufficiency and resiliency of the nuclear command and control system to operate through a cyber attack from the Russian Federation, the People’s Republic of China, or any other country or entity the Commanders identify as a potential threat; and
(2) develop recommendations for mitigating any concerns of the Commanders resulting from the assessment.
The Commanders shall jointly submit to the Chairman of the Joint Chiefs of Staff, for submission to the Council on Oversight of the National Leadership Command, Control, and Communications System established under section 171a of this title, a report on the assessment required by subsection (a) that includes the following:
The Commanders shall jointly submit to the Chairman of the Joint Chiefs of Staff, for submission to the Council on Oversight of the National Leadership Command, Control, and Communications System established under section 171a of this title, a report on the assessment required by subsection (a) that includes the following:
(A) The recommendations developed under subsection (b)(2).
(B) A statement of the degree of confidence of each of the Commanders in the mission assurance of the nuclear deterrent against a top tier cyber threat.
(C) A detailed description of the approach used to conduct the assessment required by subsection (a) and the technical basis of conclusions reached in conducting that assessment.
(D) Any other comments of the Commanders.
(2) The Council shall submit to the Secretary of Defense the report required by paragraph (1) and any comments of the Council on the report.
(3) The Secretary of Defense shall submit to the congressional defense committees the report required by paragraph (1), any comments of the Council on the report under paragraph (2), and any comments of the Secretary on the report.
Not less than once every quarter, the Deputy Secretary of Defense and the Vice Chairman of the Joint Chiefs of Staff shall jointly provide to the Committees on Armed Services of the House of Representatives and the Senate a briefing on any known or suspected critical intelligence parameter breaches that were identified during the previous quarter, including an assessment of any known or suspected impacts of such breaches to the mission effectiveness of military capabilities as of the date of the briefing or thereafter.
The requirements of this section shall terminate on December 31, 2027.
(Added Pub. L. 115–91, div. A, title XVI, § 1651(a), Dec. 12, 2017, 131 Stat. 1756.)