Cybersecurity leaders in Washington are rejoicing as the proposed 2021 National Defense Authorization Act (NDAA) includes the creation of a Senate-confirmed National Cyber Director for the executive branch, among a host of other security provisions. However, while both Senate and House leadership have signed off on the bill, its future remains uncertain as President Trump has threatened via Twitter to veto the legislation.
In a press release, Cyberspace Solarium Co-Chairs Sen. Angus S. King, Jr., I-Maine, and Rep. Mike Gallagher, R-Wis., broke down the key measures included in the legislation. They said that 26 of the commission’s recommendations from earlier this year have been incorporated into the NDAA, making the must-pass defense bill “the most comprehensive and forward-looking piece of national cybersecurity in the nation’s history.”
The NDAA conference report includes more than 50 cyber provisions to strengthen the nation’s cyber defenses. Key measures include:
- Establishing the National Cyber Director and the Office of the National Cyber Director within the Executive Office of the President to serve in a Senate-confirmed capacity as the President’s principal cyber advisor and “provide a nexus for cybersecurity leadership in the White House.”
- Establishing a Joint Cyber Planning Office under the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) to facilitate comprehensive planning of defensive cybersecurity campaigns across Federal departments and agencies and the private sector.
- Directing the executive branch to submit a report to Congress evaluating Federal cybersecurity centers and the potential for better coordination of Federal cybersecurity efforts at an integrated cybersecurity center within CISA.
- Tasking DHS with conducting a comprehensive review of the ability of the CISA to fulfill its current missions and implement the recommendations detailed by the Cyberspace Solarium Commission.
- Facilitating administrative changes to strengthen the Director position at CISA.
- Establishing a Cybersecurity Advisory Committee to advise DHS and CISA.
- Requiring an assessment from DoD on the need for, and requirements of, a cyber reserve force.
- Enhancing the Federal government’s ability to recruit, develop, and retain its cyber workforce.
- Reauthorizing the U.S. Cyberspace Solarium Commission through late December 2021.
Cyberspace Solarium Commission member Rep. Jim Langevin, D-R.I., specifically highlighted the importance of establishing the position of the National Cyber Director – a cause he has helped spearhead.
“The inclusion of the National Cyber Director Act in this year’s National Defense Authorization Act brings us closer to establishing an overarching and more effective cyber strategy to protect the nation,” he said. “With increased reliance on information technology infrastructure for communication, commerce and personal use, as well as national security purposes, it is more critical than ever that there is an expert bringing all the elements of government together and ensuring that we are pulling oars in the same direction to protect Americans.”
On the other side of the aisle, Sen. Ben Sasse, R-Neb., also praised the measure. “Modern wars are fought not just with bombs but also with bytes. The creation of the National Cyber Director and the inclusion of two dozen of our Solarium recommendations in this year’s defense bill is great news. We’ve got a lot more work to do, but this is real progress today,” he said in a statement.
The next step in the legislative process will be votes by the full House and Senate on the NDAA bill.
Despite bipartisan support, President Trump is threatening on Twitter to veto the must-pass legislation because it doesn’t get rid of Section 230 of the Communications Decency Act. Because of Section 230, online platforms that host third-party content – such as social media platforms – are not treated as “publishers” of information and are thus protected against a range of laws that might otherwise be used to hold them legally responsible for what others say and do. The President and his supporters want to remove the provision due to complaints of alleged censorship on social media.
Should Trump veto the bill, Congress could either try to override the veto, or hold off and reintroduce the bill once President-Elect Biden is sworn in on Jan. 20.
In light of the COVID-19 pandemic making vacations a bit tricky, Congress included a measure sure to buoy the spirits of Federal employees. Under the legislation, Federal employees will be allowed to carry over an additional 25 percent of their annual leave into 2021. Currently, most Federal employees are allowed to carry over 30 days of annual leave. Under the NDAA, most employees could carry over a maximum of 7.5 additional days.
