There is a program to be known as the “Strategic Cybersecurity Program” (in this section referred to as the “Program”) to ensure the ability of the Department of Defense to conduct the most critical military missions of the Department.

The Secretary of Defense shall designate a principal staff assistant from within the Office of the Secretary of Defense whose office shall serve as the office of primary responsibility for the Program, and provide policy, direction, and oversight regarding the execution of the responsibilities of the program manager selected pursuant to subsection (c)(1).

The Vice Chairman of the Joint Chiefs of Staff.

The Commanders of the United States Cyber Command, United States European Command, United States Indo-Pacific Command, United States Northern Command, United States Strategic Command, United States Space Command, United States Transportation Command.

The Under Secretary of Defense for Acquisition and Sustainment.

The Under Secretary of Defense for Policy.

The Chief Information Officer of the Department of Defense.

The Chief Digital and Artificial Intelligence Officer of the Department of Defense.

The chief information officers of the military departments.

The Principal Cyber Advisor of the Department of Defense.

The Principal Cyber Advisors of the military departments.

Each senior official identified pursuant to subsection (i) of section 1647 of the National Defense Authorization Act for Fiscal Year 2016 (Public Law 114–92; 129 Stat. 1118).

Such other officials as may be determined necessary by the Secretary of Defense.

There is in the Cybersecurity Directorate of the National Security Agency a program office to support the Program by identifying threats to, vulnerabilities in, and remediations for, the missions and mission elements specified in subsection (d)(1). Such program office shall be headed by a program manager selected by the Director of the National Security Agency.

The Chief Information Officer of the Department of Defense, in exercising authority, direction, and control over the Cybersecurity Directorate of the National Security Agency, shall ensure that the program office under paragraph (1) is responsive to the requirements and direction of the program manager selected pursuant to such paragraph.

The Secretary may augment the personnel assigned to the program office under paragraph (1) by assigning personnel as appropriate from among members of any covered armed force (including the reserve components thereof), civilian employees of the Department of Defense (including the Defense Intelligence Agency), and personnel of the research laboratories of the Department of Defense, who have particular expertise in the areas of responsibility referred to in subsection (d).

The Vice Chairman of the Joint Chiefs of Staff shall coordinate the identification and prioritization of the missions and mission components, and the development and approval of requirements relating to the cybersecurity of the missions and mission components, of the Program.

recording and monitoring the remediation of identified vulnerabilities in constituent systems, infrastructure, kill chains, and processes of the missions specified in subsection (d)(1).

Conducting end-to-end vulnerability assessments of the constituent systems, infrastructure, kill chains, and processes of the missions specified in subsection (d)(1).

Prioritizing and facilitating the remediation of identified vulnerabilities in such constituent systems, infrastructure, kill chains, and processes.

Conducting, prior to the Milestone B approval for any proposed such system or infrastructure germane to the missions of the Program, appropriate reviews of the acquisition and system engineering plans for that proposed system or infrastructure, in accordance with the policy and guidance of the Under Secretary of Defense for Acquisition and Sustainment regarding the components of such reviews and the range of systems and infrastructure to be reviewed.

Advising the Secretaries of the military departments, the commanders of the combatant commands, and the Joint Staff on the vulnerabilities and cyberattack vectors that pose substantial risk to the missions of the Program and their constituent systems, critical infrastructure, kill chains, or processes.

the roles and responsibilities of the acquisition and sustainment organizations of the military departments in supporting and implementing remedial actions;

the alignment of Cyber Protection Teams with the prioritized missions of the Program;

the role of the Director of Operational Test and Evaluation in conducting periodic assessments, including through cyber red teams, of the cybersecurity of missions in the Program; and

the role of the Principal Cyber Adviser in coordinating and monitoring the execution of the Program.

the evaluation of cyber vulnerabilities of each major weapon system of the Department of Defense and related mitigation activities under section 1647 of the National Defense Authorization Act for Fiscal Year 2016 (Public Law 114–92; 129 Stat. 1118);

the evaluation of cyber vulnerabilities of the critical infrastructure of the Department of Defense under section 1650 of the National Defense Authorization Act for Fiscal Year 2017 (Public Law 114–328; 10 U.S.C. 2224 note);

operational technology and the mapping of mission-relevant terrain in cyberspace under section 1505 of the National Defense Authorization Act for Fiscal Year 2022 (Public Law 117–81; 10 U.S.C. 394 note);

the assessments of the vulnerabilities to and mission risks presented by radio-frequency enabled cyber attacks with respect to the operational technology embedded in weapons systems, aircraft, ships, ground vehicles, space systems, sensors, and datalink networks of the Department of Defense under section 1559 of the National Defense Authorization Act for Fiscal Year 2023; and

the work of the Program in general, including information relating to staffing and accomplishments.

On an annual basis for each fiscal year, concurrently with the submission of the budget of the President for that fiscal year under section 1105(a) of title 31, United States Code, the head of the office of primary responsibility for the Program, in coordination with the appropriate members of the Program under subsection (b), shall submit to the congressional defense committees a consolidated budget justification display that covers all programs and activities associated with this section and any covered provision of law, including with respect to the matters listed in subsection (h).

Each display under paragraph (1) shall be submitted in unclassified form, but may include a classified annex.

For the purpose of facilitating the annual budget display requirement under paragraph (1), the Chief Information Officer of the Department of Defense shall provide to the head of the office of primary responsibility for the Program and the appropriate members of the Program under subsection (b) fiscal guidance on the programming of funds in support of the Program.

The term “covered armed force” means the Army, Navy, Air Force, Marine Corps, or Space Force.

The term “covered statutory requirement” means a requirement under any covered provision of law.