The final proposed defense authorization bill would establish a National Cyber Director (NCD) within the Executive Office of the President, a key recommendation of a cyberspace commission.
The fiscal year 2021 National Defense Authorization Act (NDAA) is expected to be voted on early this week by Congress.
The Senate-confirmed cyber director position was the top priority of the co-chair of the Cyberspace Solarium Commission, Sen. Angus King (I-Maine), and Rep. Mike Gallagher (R-Wis.).
The NCD will be staffed with its own office and "serve as the "President's principal advisor for cybersecurity and associated emerging technology issues; the lead for national-level coordination for cyber strategy, policy, and defensive cyber operations; and the chief U.S. representative and spokesperson on cybersecurity issues," says the March 2020 report by the commission, which was directed in the FY '19 NDAA.
The White House under Presidents Bush and Obama, and for a little more than the first year in the Trump administration, had presidentially-appointed cyber security advisers within the National Security Council that weren't confirmed by the Senate. The NCD, similar to previous White House cyber security advisors, is expected to help ensure interagency cooperation and coordination on cyber security matters.
In addition to the NCD recommendation, more than 20 additional commission recommendations are included in the FY '21 NDAA, including a reauthorization of the commission through December 2021.
Some of the additional recommendations in the bill include the establishing a Joint Cyber Planning Office within the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) that would "facilitate comprehensive planning of defensive cybersecurity campaigns" across the federal government and private sector.
The bill also contains a number of recommendations for CISA, including administrative changes to strengthen the position of the agency's director, giving the agency its sought after administrative subpoena authority to identify vulnerable systems and notify the owners of these systems, authorizes the agency to do threat hunting identification on federal networks, create an Cybersecurity Advisory Committee to advise the agency and DHS, and directs DHS to review the ability of the agency to do its missions and implement the recommendations of the Cyberspace Solarium Commission.
The defense bill also directs the Defense Department to develop a plan to annually assess cyber vulnerabilities of major weapon systems.
Some of the other Cyberspace Solarium Commission recommendations adopted in the bill that relate to DoD include a force structure assessment of the Cyber Mission Force "to ensure that the United States has the appropriate force structure and capabilities in light of growing mission requirements and expectations, in both scope and scale," evaluate existing laws and rules on the use of the National Guard to respond to and recover from cyber incidents, and assess the need and requirements for a cyber reserve force.