GovInfoSecurity.com: Defense Funding Measure Includes 77 Cybersecurity Provisions
January 09, 2021
Doug Olenick reports on GovInfoSecurity.com that Congress' override of President Donald Trump's veto of the 2021 National Defense Authorization Act includes 77 cybersecurity provisions, including restoration of the position of national cyber director at the White House.
Cyberspace Solarium Commission co-chairs Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wis., called the legislation, which provides $740 billion for defense spending, "the most comprehensive and forward-looking piece of national cybersecurity legislation in the nation's history."
Key Points:
- Restores the national cyber director position
- Specifies that the director of the U.S. Cybersecurity and Infrastructure Security Agency must have extensive knowledge in at least two of these three areas: cybersecurity, infrastructure security and security risk management. Plus, the CISA director must have at least five years of experience in fostering coordination and collaboration between the federal government, the private sector and other entities on issues related to cybersecurity, infrastructure security or security risk management.
- CISA has been without a director since November when the Trump administration fired Christopher Krebs from the position (see: Trump Fires Christopher Krebs, Head of CISA)
- President Trump had vetoed the the defense funding bill on Dec. 13 because it contained provisions for renaming military bases named for Confederate generals and placed restraints on how many troops could be pulled from Iraq and Afghanistan. Trump also wanted the bill to contain language that would deprive social media companies of their legal liability shields.
Cybersecurity Provisions
Among the many other cybersecurity provisions included in the defense measure are:
- Section 1705, which authorizes CISA to conduct threat hunting on federal networks without having to give advance notice or receive authorization from any other agency.
- Section 1715, which establishes the Joint Cyber Planning Office under CISA to facilitate comprehensive planning of defensive cybersecurity campaigns across federal departments, agencies and the private sector. The Cyber Planning Office's responsibilities will include developing coordinated actions to protect, detect, respond to and recover from cyber incidents that pose a potential risk to critical infrastructure or national interests.
- Section 1722, which requires the secretary of defense to complete a comprehensive assessment of the current and potential threats and risks posed by quantum computing technologies.
- Section 9006, which directs the Department of Homeland Security to develop a strategy for implementing the Domain-based Message Authentication, Reporting, and Conformance, or DMARC standard across all U.S.-based email providers.
License: Creative Commons Attribution 4.0 International (CC BY 4.0)