House-passed defense spending bill includes provision establishing White House cyber czar

The House version of the annual National Defense Authorization Act (NDAA) passed Tuesday included a provision establishing a national cyber director at the White House, a role that would help coordinate federal cybersecurity efforts.

Bipartisan legislation establishing this position was originally introduced last month, and was added to the NDAA as part of a larger cybersecurity package on Monday. The national cyber director would serve as the president’s principal advisor on cybersecurity and emerging technology issues, and serve as a coordinating force for federal cyber action. 

The national cyber director would replace the previous White House cybersecurity coordinator role, which was eliminated by former national security advisor John Bolton in 2018 in an effort to decrease bureaucracy. 

Bipartisan support for reestablishing the position with further authorities has increased in recent months as cyberattacks targeted as hospitals, COVID-19 research, and other sectors have skyrocketed.

The House passed the overall 2021 NDAA by a vote of 295-125 Tuesday afternoon.

The Senate has not yet voted on its version of the NDAA, but the version that cleared the Senate Armed Services Committee included a clause requiring an “assessment” of the “feasibility” of establishing the position, throwing into question whether the position will be established. 

The measure creating the provision was included in the NDAA as part of a slate of legislation designed to boost federal cybersecurity. Many of the measures included were based on recommendations from the Cyberspace Solarium Commission (CSC), a group established by Congress to recommend ways to defend the United States in cyberspace. 

Another measure added to the NDAA gives the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) the ability to issue subpoenas to internet service providers compelling them to release information on cyber vulnerabilities detected on the networks of critical infrastructure groups.

Other clauses included were those to establish a five-year term for the directors of CISA, to establish a biennial tabletop exercise led by DHS to evaluate the ability of the federal government to respond to a cyberattack on critical infrastructure, and the establishment of a federally-funded center to develop cybersecurity insurance certificates. 

Rep. Mike Rogers (R-Ala.), the ranking member of the House Homeland Security Committee where many of these policies originated, said in a statement Tuesday that “these amendments all play a critical part in mitigating our nation’s cyber risk and working to stay ahead of evolving cybersecurity threats.”

CSC co-chair Mike Gallagher (R-Wis.) and CSC member Rep. Jim Langevin (D-R.I.) were among the sponsors of the cybersecurity amendments in the House.  

“Cyberspace has emerged as a decisive battlefield that puts all Americans — knowingly or unknowingly — on the frontline of conflict. Defending our interests in this domain requires not only substantial investment, but reform that allows us to adapt to these ever-present and ever-changing threats,” Gallagher said in a statement on Monday. 

Langevin added in a separate statement that “this important work to forge forward learning cybersecurity defenses requires a full court press, and I’m thankful for having the support of my colleagues in advancing policy that will help better shield the U.S. from cyber incidents that could spark massive disruption and adversely impact our economic and democratic standing.”