Cyberspace Solarium Commission Hails NDAA Cyber Provisions

Co-chairs of the Cyberspace Solarium Commission praised the annual U.S. National Defense Authorization Act for enacting recommendations from its 2020 report, saying the defense bill marks “meaningful” advancements for cybersecurity.

See Also: Freeing public security and networking talent to do more with automation

Once the $886 billion defense spending bill becomes law, nearly 70% of the commission’s recommendations will have been enacted. This year’s bill includes measures supported by the commission such as launching a pilot program to establish a Civilian Cybersecurity Reserve and enhancing the cybersecurity of the systems and networks supporting the nuclear command, control and communications mission.

“The security of our nuclear command, control and communications mission is existentially important, and the NDAA’s focus on bolstering its cyber resiliency is wise and timely,” said CSC co-chairs Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wisc. in a statement.

The House on Thursday followed the Senate by approving the authorization bill, which sets annual defense priorities and authorizes spending levels, although actual funding requires a separate law spearheaded by congressional appropriators. President Joe Biden is expected to sign the bill after lawmakers have stripped it of controversial measures such as restricting service members’ access to abortion and transgender healthcare.

The defense bill also puts into legislation additional CSC priorities, such as establishing a pilot program to test the cyber resiliency of military installations in the event of an attack targeting regional infrastructure. The bill increases military cybersecurity cooperation with Taiwan, another key priority of the CSC.

The co-chairs of the CSC said the NDAA “gets the ball rolling” on establishing a continuity of the economy plan in the event of a destructive cyberattack that causes a significant disruption to the economy. The CSC has long advocated for the establishment of a continuity of the economy plan, writing in a 2021 letter to the president: “While we all hope such a plan never has to be used, we all know that in the event it is, effort and planning now will help ensure success in the future.”

Launched under a previous annual defense bill, Congress tasked the CSC with developing “a consensus on a strategic approach to defending the United States in cyberspace against cyberattacks of significant consequences.” Its 2020 report made more than 80 recommendations while warning that the same digital connectivity that brought economic growth had created an unintended strategic dilemma for the country. “The more digital connections people make and data they exchange, the more opportunities adversaries have to destroy private lives, disrupt critical infrastructure and damage our economic and democratic institutions.”

With this year’s defense bill, 58 of the commission’s 82 recommendations will have become law.