Understand the 2021 National Defense Authorization Act
When proposed legislation cannot gain enough votes to pass both houses of Congress, the National Defense Authorization Act is oftens used as a means to get the proposed legislation formalized into law.
On December 11, 2020, Congress passed and approved the National Defense Authorization Act, or NDAA, for the government's fiscal year 2021.
Throughout the Act is a repeated them that cybersecurity is vital to America's defense. In fact, there are 314 uses of cybersecurity as it relates to the security of the nation.
The Act includes provisions on the section of open systems approaches, but also requires that risk be assessed and cybersecurity play a key role in leveraging such systems.
The Act includes changes to the means by which the Department of Defense procures items and the underlying cybersecurity risks that those items may introduce.
NIST sets the bar for cybersecurity
Because of its history in standards and technology, the Act charges NIST with the identification and definition of standards and guidelines for improving cybersecurity.
This is important because multiple organizations operate cybersecurity divisions, but NIST becomes the organization to define standards for all of those organizations.
CISA on the offensive
The Act empowers CISA with more authority to conduct threat hunting on Federal Information Systems, putting them on the offensive rather than defensive.
Specifically, CISA may:
hunt for and identify, with or without advance notice to or authorization from agencies, threats and vulnerabilities within Federal information systems;
The Act also tasks CISA with developing plans to protect both public and private sector entities.
Director of National Intelligence investigates social media
The Act includes a provision requiring the Director of National Intelligence (DNI) to work with the Departments of State, Defense, and other agencies to investigate social media data for threat intelligence.
Creation of a National Cybersecurity Director
Finally, the National Defense Authorization Act for FY21 creates a National Cybersecurity Director in the White House. The role of the Director is to serve as a principal advisor to the President on cybersecurity policy and strategy, as well as to engage with industry and international stakeholders.
Importance
The NDAA for FY21 provides funding for the Department of Defense, and makes significant updates, from Congress, as to what Congress believes should be the priorities for the Department. It's not surprising that both the DoD and Congress focused the legislation on cybersecurity, and putting into place mechanisms that help to defend the nation from cyber threats.
While the legislation was vetoed by the president, both political parties came together to override the veto and ensure that the legislation was enacted into law.