Dozens of cybersecurity-related provisions hailed by both sides of the aisle are contained in the $740 billion 2021 National Defense Authorization Act (NDAA) vetoed by President Trump--snapping a 59-year streak of presidential approval--but subsequently codified into law in a Congressional override.
Of the 77 cybersecurity articles in the NDAA, 27 are directly drawn from 25 recommendations presented by the Cyberspace Solarium Commission (CSC) last year to improve the nation’s cybersecurity posture. The NDAA's additional 50 cybersecurity measures were developed by Congressional committees.
An important clause to restore the position of national cyber director within the White House responsible for coordinating federal cybersecurity policies maps to the standalone National Cyber Director Act introduced last July by Reps. Jim Langevin (D-RI) and Mike Gallagher (R-WI). That bipartisan legislation called for a lead to function as the president’s principal advisor on cybersecurity and associated emerging technology issues. The person filling the job would be nominated by the president and subject to Senate confirmation.
CSC co-chairs Sen. Angus King (I-ME) and Rep. Mike Gallagher (R-WI) called the NDAA the “most comprehensive and forward-looking piece of national cybersecurity legislation in the nation's history,” additionally describing the national cyber director post as a “real game changer.”
Here are 10 key CSC recommendations included in the NDAA:
Support for the cybersecurity measures included in the NDAA came from other legislative corners. “Developing and advancing the numerous legislative proposals to make America safer in cyberspace was a massive undertaking, but we are better off today because of it,” said Jim Langevin (D-RI) who co-founded and co-chairs the Congressional Cybersecurity Caucus. “With these policies enacted, we are establishing the forward-leaning, layered cyber deterrence strategy that we need to face emerging and evolving cyber threats and adversaries.”
