At a glance.
- NDAA will create a US national cyber director.
- Section 230 revision in tension with the United States-Mexico-Canada Agreement.
- Prospects for continuity in US cybersecurity policy.
The 2021 National Defense Authorization Act will create a White House cyber boss.
CyberScoop reports that the 2021 National Defense Authorization Act (NDAA) will establish a new White House cybersecurity advisor and coordinator at the recommendation of the Cyberspace Solarium Commission. In contrast to the position President Trump axed, the National Cyber Director will be independent of the National Security Council and Senate-confirmed, thus representing the force of both the legislative and executive branches.
The Senate Cybersecurity Subcommittee Chairman commented that the position has bipartisan and bicameral backing, and “will strengthen our nation’s cybersecurity planning and coordination at all levels of government as well as between the public and private sectors,” according to South Dakota War College.
In keeping with additional Cyberspace Solarium recommendations, the bill will set up a new office at CISA, and commission a Cyber Mission Force force structure assessment. It will also tell the President to plan for economic continuity in the face of a catastrophic cyberattack, and allow DHS to subpoena internet service providers when CISA needs to disclose vulnerabilities to hard-to-reach clients. Congress should have enough votes to overrule a possible presidential veto.
A Section 230 revision vs. USMCA.
Wired says President Trump’s threatened NDAA veto over Section 230 conflicts with the United States-Mexico-Canada Agreement (USMCA), which bound the countries to 230-like protections despite objections from Democrats. Amending 230 could “put the US in violation of the USMCA” and other trade agreements, but Mexico and Canada are unlikely to care, since the protections were a US request. USMCA provides Big Tech with something like a “right without a remedy”: in most cases firms can’t sue for enforcement. In any case, the threatened veto is not expected to matter, given Congressional opposition and the prospect of a new Administration taking a different direction.
Continuity in cyber policy.
The Biden Administration is likely to “build on” the Trump Administration’s cyber successes, deviating only in military strategy, according to The Record. CISA, Cyber Command, election security, and cross-sector cooperation will continue to be key players. Former DHS official Tom Warrick hopes the incoming Administration doubles CISA’s budget, while a Third Way VP wants the Administration to take a close look at Cybercom’s (classified) expanded powers. Cyberspace Solarium Commission executive director Mark Montgomery commented, “We have a much more agile and speedy process for the execution of offensive cyber operations. And I hope that the Biden administration takes advantage of the effort and the risk taken by the Trump administration establishing that.”