Gallagher, Langevin Lead Adoption of 11 NDAA Amendments Implementing Cyberspace Solarium Report

July 21, 2020
Press Release

WASHINGTON, D.C. — Rep. Mike Gallagher (R-WI), co-chair of the Cyberspace Solarium Commission, alongside his fellow commissioner Rep. Jim Langevin (D-RI), today applauded a slate of amendments that implement recommendations from the Cyberspace Solarium Commission’s report. A bipartisan coalition of members offered the amendments to the Fiscal Year 2021 National Defense Authorization Act (NDAA) that is expected to pass the House tomorrow.

“Cyberspace has emerged as a decisive battlefield that puts all Americans -- knowingly or unknowingly -- on the frontline of conflict. Defending our interests in this domain requires not only substantial investment, but reform that allows us to adapt to these ever-present and ever-changing threats,” said Rep. Gallagher. “By including some of the Cyberspace Solarium Commission’s critical recommendations, this bill takes these challenges head on and implements policies that will no doubt help better secure our nation in cyberspace. There’s more work to be done, but this is an important step forward.”

“Congress has to persistent in implementing strong federal cybersecurity policy to protect the American people, our interests, and allies from malicious cyber actors who have been increasingly active,” said Rep. Langevin. “This important work to forge forward learning cybersecurity defenses requires a full court press, and I’m thankful for having the support of my colleagues in advancing policy that will help better shield the U.S. from cyber incidents that could spark massive disruption and adversely impact our economic and democratic standing. Our nation has not time to waste to address to the rising cyber threats and risks we are seeing in a world that relies more on online connectivity each day.”

Created by Congress as part of the Fiscal Year 2019 NDAA, the Cyberspace Solarium Commission comprises 14 cybersecurity experts: four are from the Executive Branch, four are from Congress, and six are from the private sector. After a year of fact-finding and deliberation, the Commission released its report on March 11. In it, the Commissioners call for a strategic approach of layered cyber deterrence and offer 82 recommendations that the government can take to implement the strategy. Gallagher and Langevin worked together to incorporate several recommendations during House Armed Services Committee consideration of H.R. 6395, and they collaborated with cybersecurity leaders on both sides of the aisle to develop floor amendments to further the Commission’s work.

The amendments that implement the Commission's recommendations include:

  • Solarium Recommendation 1.3 - Establish a National Cyber Director. 
    • NDAA Amendment #15 – Creates an Office of the National Cyber Director within the Executive Office of the President to develop and oversee implementation of the National Cyber Strategy, coordinate national incident response activities, and provide cybersecurity policy advice to the President.
  • Solarium Recommendation 1.4 – Strengthen the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security.
    • NDAA Amendment #320 - Establishes a fixed 5-year term for the Director of CISA and makes Assistant Directors career (as opposed to political) appointees.
    • NDAA Amendment #329 - Requires the Secretary of Homeland Security to conduct a review of CISA’s force structure and facilities in light of increased operational requirements.
    • NDAA Amendment #162 - Enhances CISA’s ability to protect federal civilian networks by authorizing continuous threat hunting on the civilian networks.
    • NDAA Amendment #318 – Authorizes CISA to provide shared cybersecurity services to smaller agencies to assist in meeting Federal Information Security Modernization Act requirements.
  • Solarium Recommendation 3.1 - Codify Sector-specific Agencies into Law as “Sector Risk Management Agencies.”
    • NDAA Amendment #220 - Requires the Secretary of Homeland Security to recommend designation of agencies to be responsible for coordinating risk management in critical infrastructure sectors and outlines their responsibilities.
  • Solarium Recommendation 3.3.5 – Establish a Biennial National Cyber Tabletop Exercise. 
    • NDAA Amendment #351 - Requires the Secretary of Homeland Security to administer a senior-level tabletop exercise to test the U.S’ ability to respond to a cyber aggression against critical infrastructure.
  • Solarium Recommendation 4.4 – Resource a Federally Funded Research and Development Center to Develop Cybersecurity Insurance Certifications. 
    • NDAA Amendment #161 – Requires the Government Accountability Office to assess and analyze the state and availability of insurance coverage for cybersecurity risks and provide recommendations to Congress.
  • Solarium Recommendation 4.5.2 – Develop a Strategy to Secure Foundational Internet Protocols and Email. 
    • NDAA Amendment #179 - Requires the Secretary of Homeland Security to develop a strategy to implement Domain-based Message Authentication, Reporting, and Conformance (DMARC) standard across U.S.-based email providers.
  • Solarium Recommendation 5.1.3 – Empower Departments and Agencies to Serve Administrative Subpoenas in Support of Threat and Asset Response Activities.
    • NDAA Amendment #219 - Allows CISA to issue administrative subpoenas to ISPs to identify and warn entities of cyber security vulnerabilities.
  • Solarium Recommendation 5.4 – Establish a Joint Cyber Planning Cell under CISA. 
    • NDAA Amendment #319 - Creates a Joint Cyber Planning Office at CISA to coordinate cybersecurity planning and readiness across government and critical infrastructure owners and operators.

###

Office Locations