The pilot program would operate within Title 10 constraints requiring military cyber activities to be conducted by armed forces, though contractors could support non-offensive operations under federal oversight. The committee's 14-13 vote reflects significant internal disagreement. The provision's fate in the full NDAA remains uncertain, as does the final scope of contractor authority once the Senate and House reconcile their respective defense bills.
Attorneys tracking defense contracting and cyber policy should monitor this closely. The provision signals a potential shift in how the U.S. structures cyber operations against peer competitors like China, where larger operator pools create strategic advantages. If enacted, the pilot could reshape contractor roles in inherently governmental functions and create new compliance obligations for firms seeking cyber access work. The narrow committee vote suggests sustained congressional resistance to expanding private sector involvement in offensive cyber capabilities, making final passage far from assured.