Ben Yellen (14:32)

Good to be with you again, Dave.

Dave Bittner (14:34)

So interesting story came by. This is from the folks over at Defense One and they're talking about the Senate Armed Services Committee looking to place some cybersecurity requirements on the Pentagon. Can you unpack this for us, Ben?

Ben Yellen (14:48)

Sure. So right now, Congress is considering the 2026 National Defense Authorization Act. Pretty much every year, Congress enacts a defense authorization bill, which sets policy for the Department of Defense for intelligence agencies, and pretty much anybody associated with protecting the country from foreign threats. So the Senate Armed Services Committee has put a provision in there requiring a new strategy from the Pentagon to deter cyber attacks on critical infrastructure in this country using the full range of military options. Lawmakers have pointed to recent cyber attacks, Volt, Typhoon, Salt Typhoon, as evidence that China has been aggressive against our critical infrastructure and that any previous efforts at deterrence clearly aren't working if they're still propagating these attacks. So we need a full, comprehensive response. Not just a defensive strategy to protect our infrastructure, but also potentially offensive measures. So for defensive measures, we talk about things like zero trust architecture, active defense, further information sharing, private public sector collaboration, and then the importance of potential offensive cyber operations, which it's kind of unclear exactly what form that would take. Probably by design. Right. We don't want to reveal to our enemies what our strategies are.

Dave Bittner (16:13)

Right.

Ben Yellen (16:14)

But this is something that the Senate Armed Services Committee wants the Pentagon to consider. One hiccup in all of this is we've lost a lot of talent just through natural attrition and the Department of Government efficiency. The government has lost a lot of its cyber expertise at the same time that threats against our critical infrastructure through cyber attacks are at a high point, not just from China, but from other adversaries like Iran, North Korea, other international criminal organizations. So one thing that this National Defense Authorization act would do is try to encourage, through various incentives, the hiring of additional cyber experts to work in our national government on offensive and defensive operations and to figure out a way for us to retain that type of talent once we are able to hire these people.

Dave Bittner (17:11)

And this is a bipartisan effort, right?

Ben Yellen (17:14)

Yeah. It's weird. Like, somehow partisan politics kind of flies over the National Defense Authorization Bill. It is usually one of the only truly bipartisan bills, both actually in support and opposition. Your typical pattern is like a 300 to 135 vote in favor of this, with the no vote split between dovish Democrats and America First International skeptic Republicans.

Dave Bittner (17:43)

I see.

Ben Yellen (17:44)

But, yeah, this is generally a process that is bipartisan. And I think, at least on the Armed Services Committee, this initiative is completely bipartisan.

Dave Bittner (17:51)

Right.

Ben Yellen (17:52)

I think both sides of the aisle fully understand the need to harden our approach against cyber threats and institutionalize that approach within the Department of Defense.

Dave Bittner (18:02)

And this is the way for Congress to tell the Pentagon, these are the things we think are important and we're gonna demonstrate our desires in the way that we fund it.

Ben Yellen (18:13)

Exactly, exactly. And the one stick that Congress has is the power of the purse. At least theoretically, they can say, one of the conditions of these billions of dollars to the Pentagon is that you have to develop this new strategy, and that's a weapon that Congress can use. Even if the Pentagon was reticent now, I don't think the Pentagon is reticent. I think.

Dave Bittner (18:36)

Right. It seems to me when I was reading through this, I would, at the risk of being flippant, I imagine the top brass of the Pentagon saying, well, duh, Right. We're on board. You know, we're all in agreement that China is a threat and we should, you know, go at it. Thank you for your. Thank you for your concern.

Ben Yellen (18:57)

Sometimes it's an accountability measure because then you can put in provisions like, we need an annual report from the Department of Defense on what they've done in the last fiscal year on cyber operations.

Dave Bittner (19:09)

I see.

Ben Yellen (19:10)

That can be a confidential report that's just submitted to the relevant congressional committees, but it's a way that Congress can hold the administration accountable for its promises.

Dave Bittner (19:20)

I see.

Ben Yellen (19:20)

And so I would expect that they put something like that, some type of reporting requirement in the Defense Authorization Bill as it's being considered.

Dave Bittner (19:28)

And what's the timeline for this to go through?

Ben Yellen (19:30)

Usually by the end of the calendar year is when next year's Defense Authorization Bill gets passed. So it's one of the year end tasks that Congress has to undertake, usually at the last minute before they adjourn until the next session, which starts in January of 2026.

Dave Bittner (19:47)

To what degree is this one a political football? We talked about both bipartisan support and opposition, but does this one tend to sail through?

Ben Yellen (19:56)

It does, unless there are some poison pills in. So somebody's gonna propose an amendment related to, like, transgender service members or think of your controversial subject of the day. And you know, whether that amendment is agreed to or not is gonna affect whether a hundred different members of Congress vote for the final package. So.

Dave Bittner (20:19)

Right.

Ben Yellen (20:19)

That's generally where it runs into trouble. Are these policy riders. But the Defense Authorization act almost always passes even despite that.

Dave Bittner (20:30)

Yeah. All right, well, Ben Yellen is my co host over on the Caveat podcast, and he is from the University of Maryland center for Cyber Health and Hazard Strategies. Ben, thanks so much for joining us.

Ben Yellen (20:40)

Thanks for having me.

Dave Bittner (20:52)

You hear from us here at the Cyberwire daily every single day now. We'd love to hear from you. Your voice can help shape the future of N2K networks. Tell us what matters most to you by completing our annual audience survey. Your insights help us grow to better meet your needs. There's a link to the survey in our show notes. We're collecting your comments through August 31st. Thanks. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring Indeed is all you need. Stop struggling to get your job post noticed. Indeed's Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first. And it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed. Plus we with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility@indeed.com cyberwire just go to indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. Krogel is AI built for the enterprise soc, fully private schema, free and capable of running in sensitive air gapped environments. Krogle autonomously investigates thousands of alerts weekly, correlating insights across your tools without data leaving your perimeter. Designed for high availability across geographies, it delivers context aware, auditable decisions aligned to your workflows. Krogle empowers analysts to act faster and focus on critical threats, replacing repetitive triage with intelligent automation to help your SOC operate at scale with precision and control. Learn more@krogle.com that's C-R-O GL.com and finally, as 20th century philosopher and musician Tom Waits so eloquently stated, the large print giveth and the small print taketh away. File transfer utility Wetransfer recently updated its terms of service and promptly sent privacy advocates into mild hysteria. Content creators understandably jumpy about their hard work being fed into some ravenous AI took to X Twitter to say they were jumping ship. The fuss centered around wording that suggested Wetransfer might use uploaded files to train machine learning models. Cue the panic. In a brisk about face, Wetransfer clarified that no, they're not selling your audition tape to Skynet. They've since scrubbed the language and now promise their only goal is to improve the service. The change takes effect August 8th. This isn't the first AI fueled freakout either. Dropbox faced similar outrage in 2023. As one privacy lawyer quipped, in the age of AI gold rushes, your data is the new pickaxe and vague terms are the minefield. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We are conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of this summer. There is a link in the show Notes. Please take a minute and check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Pelt Smith. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Foreign.

Kim Jones (26:30)

Hi Kim Jones Here on CISO Perspectives, we get candid with the thinkers, doers and trailblazers shaping cybersecurity leadership. No scripts, no sales pitches, just real stories and hard earned lessons from folks who've been there. If you're looking to grow as a leader or just want to hear how others are navigating this ever evolving field, listen to CISO Perspectives. Get your seat at the table.

Dave Bittner (27:08)

Buying more tools won't make you more secure. Continually training your people will. In this episode, Cloud Range co founder and CEO Debbie Gordon shares how real world simulations are transforming readiness in 2025. Because your last line of defense isn't software, it's your team. Tune in now. Your stack depends on it.