National Defense Authorization Act Critical Vehicle for Cyber Security Legislation

As talks regarding the contents of the upcoming National Defense Authorization Act (NDAA) ramp up, Senate Homeland Security and Governmental Affairs Committee Chairperson Ron Johnson is pushing for inclusion of cybersecurity recommendations made by the Cybersecurity Solarium Commission. Sen. Johnson (R-WI) said during a virtual committee hearing on cyber threats that it is his goal to include a provision in the NDAA that creates a federal national cybersecurity leadership position. Additionally, he supported an NDAA provision that would give the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) the ability to subpoena internet service providers for information on vulnerabilities detected in critical infrastructure networks.

The Cybersecurity Solarium Commission in its report first introduced these recommendations this past March, which recommended a strategy of “layered cyber deterrence” to reduce the likelihood of major cyberattacks at the state and federal level. Sen. Angus King (I-ME), a co-chair of the commission, testified during the virtual committee hearing that cyber threats were only “magnified” by COVID-19, as thousands of workers now work remote on unsecured networks. He added that the private sector is “being pinged millions of times a day by malicious actors.”

The NDAA is an important opportunity for the Cybersecurity Solarium Commission’s critical recommendations to come to fruition. China Tech Threat commends these senators for taking their recommendations seriously, as a coordinated cybersecurity strategy at all levels of government will be necessary to defend against the increasing onslaught of attacks by foreign actors.

For more information on the Cyberspace Solarium Commission, read ChinaTechThreat’s assessment of the Cyberspace Solarium Commission Report. Also, see our discussion with Solarium Commission Co-Chair Rep. Mike Gallagher (R-WI) in Forbes, where he answered questions on restoring the US lead in technology across the world and the future of cybersecurity and cyber policy in the United States.