New NDAA pushes more cyber amendments, national director

By Derek B. Johnson

By Derek B. Johnson

|

Much of the Cyberspace Solarium Commission's agenda is being pushed into this year's defense authorization process, including its crown jewel idea of a national cyber director.

NOTE: This article first appeared on FCW.com.

Following the release of the Cyberspace Solarium Commission report earlier this year, members of the group almost immediately identified the annual National Defense Authorization Act as a prime vehicle to implement much of their agenda. As the defense authorization process enters its final stages, they’re doing all they can to deliver on that prediction.

Markups of the House and Senate versions already have a number of Solarium provisions baked in, and members have introduced dozens of proposed amendments that draw from recommendations in the report. Solarium co-chair Sen. Angus King (I-Maine) has sponsored or co-sponsored 18 additional amendments, while on the House side Rep. Jim Langevin (D-R.I.) has been involved in submitting at least 16 Solarium-related amendments to the Rules Committee.

King expressed cautious optimism about the prospects for the raft of later amendments, saying “we’re making progress” and noting that a number of proposals enjoy broad or bipartisan support. In some cases, legislators have drawn inspiration from multiple recommendations in the report to place cyber initiatives in appropriations language.

Following the report’s release, the commission has worked to make it as easy as possible for this Congress or future ones to do just that. This week staff released an annex with over 50 ready-made legislative proposals drawn from the report -- complete with draft bill language – and distributed them to relevant congressional committees and subcommittees.

“While some of recommendations set forth in the March 2020 report require action by the executive branch; private-sector corporations; State, local, tribal and territorial governments; and ordinary American citizens, we hope these legislative proposals will expedite the implementation process and better prepare the nation to protect itself in cyberspace,” wrote executive director Mark Montgomery.

Still, much depends on how this year’s defense authorization plays out. The commission could have many of its critical recommendations adopted into law or see them stripped out or voted down, forcing commission members back to the drawing board in a year where presidential politics and a still-raging pandemic is expected to limit the remaining congressional calendar. Some proponents expect the results to be a mixed bag, with provisions strengthening the Cybersecurity and Infrastructure Security Agency and promoting continuity of the economy expected to receive the strongest support.

“Whatever we can’t do in this defense bill we’ll continue to try to move in individual pieces of legislation or in the defense bill next year, but I think we’re already well on the way,” King told reporters in a June 30 briefing.

Cyber leadership starts at the top

The most notable idea Solarium backers are still hoping to see included is establishing a Senate-confirmed National Cyber Director in the White House. Langevin has submitted an NDAA amendment to the House Rules Committee that would create the position, and Rep. Carolyn Maloney (D-N.Y.), who chairs the House Oversight Committee, will hold a hearing on a standalone version of the legislation this week.

“A challenge as complex and pervasive as cybersecurity requires that our government be strategic, organized, and ready,” Maloney plans to say in her opening statement at the hearing, according to an excerpt shared with FCW. “Democrats and Republicans agree we need a National Cyber Director to ensure we are fully prepared for, and coordinated in, our response to cyberattacks as our nation fights this silent war.” 

On the Senate side, Homeland Security and Governmental Affairs Committee Chair Ron Johnson (R-Wis.) has also come out in favor the legislation, and King told reporters in June that the Senate Armed Services Subcommittee on Cybersecurity chaired by Sen. Mike Rounds (R-S.D.) is planning its own hearing on the topic in July.

King and Langevin said their understanding is that the White House opposes the idea, though both told FCW they’re still in the dark regarding what specifically the administration objects to in the bill outside of general concerns about maintaining executive branch prerogatives. A bipartisan group of legislators are planning to reach out to the administration soon to further flesh out potential areas of compromise.

One argument Langevin intends to make in that meeting is that it would give the Trump administration an opportunity to go bold in an area where his predecessor took a more cautious approach.

“[President] Obama couldn’t get this done -- [his team] didn’t really want it or think they needed it,” said Langevin in an interview. “I’m hoping President Trump sees it differently, just like with Space Force, he’ll see the importance of creating the first-ever national cyber director.”

Two areas where Langevin believes the lack of a cyber director has hurt the United States: coordinating the federal government’s collective efforts to help states secure election infrastructure, and shaping international discourse on cyber issues at the United Nations.

Last year, the U.N. passed a resolution sponsored by Russia to establish an open-ended intergovernmental council and convention on cybercrime. While the proposal would ostensibly be focused on developing a global response to the problem, more than 30 digital and human rights groups warned that the language in the resolution is so broad it could allow Russia and other repressive governments to criminalize “ordinary online behavior” such as political organizing and encryption -- all with the blessing of the international community.

“We really got our lunch eaten at the U.N. by the Russians on their cybercrime treaty proposal. We didn’t have someone with the right policy authority there debating, arguing and working with our allies to point out the pitfalls…the ramifications,” Langevin said.

Langevin drew a direct line to that outcome from the elimination of the White House and State Department cyber coordinator positions under the Trump administration, saying “no one really noticed what was going on” because the U.S. did not have a robust structure in place to oversee digital security policies.

 “This is the problem with not doing a deep dive and not having the cyber expertise present at these international bodies,” he said. “Enemies and adversaries are going to look to take advantage of policy forums like this where they can argue a point of view…that maybe sounds good on the surface but when you look at the other side what their real intent it, it could really limit or infringe upon privacy, civil liberties, even the safety of individuals.”

NEXT STORY: Could this GAO decision signal broader use of LPTA?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.