Gallagher Statement on FY2021 NDAA
WASHINGTON, D.C. — Rep. Mike Gallagher (R-WI) today released the following statement after voting to make the FY2021 National Defense Authorization Act law.
"The SolarWinds espionage campaign emphasized our vulnerabilities in cyberspace and underscored the pressing need for action. Congress must work to make sure this never happens again, and the FY2021 NDAA takes concrete steps to help achieve this goal.
“While we are still learning about the scale of this campaign, what we do know is that many of the Cyberspace Solarium Commission’s recommendations included in this bill would have helped the government better respond to the hack. With these provisions, CISA would have enhanced resources and improved threat hunting capabilities, allowing the government to more quickly identify intrusions. The Department of Defense would have a comprehensive plan to strengthen the cyber defense of our nuclear command and control system, preventing malign access to this critical network from even happening. And a National Cyber Director would be able to coordinate a public-private response to dealing with this espionage.
“These long-overdue reforms – in addition to provisions that provide a well-deserved pay raise to our troops, help counter threats posed by the Chinese Communist Party, and deliver full funding to the Future Frigate – make this year’s NDAA must-pass legislation."
The FY21 NDAA adopts 26 recommendations from the bipartisan Cyberspace Solarium Commission that strengthen the Cybersecurity and Infrastructure Security Agency, empower the government to better protect against a cyber-attack against adversaries, and safeguard our nuclear enterprise. This is in addition to overall nuclear modernization and NNSA cybersecurity investments in the bill.
The most notable of those measures include:
- Ensuring Cyber Resiliency of Nuclear Command and Control Systems -- The FY21 NDAA requires the Department of Defense to implement a comprehensive plan that strengthens the cyber defense of nuclear command and control systems.
- Strengthening Cyber Security at the Nation’s Nuclear Weapons Production Facilities – America’s nuclear deterrent is the bedrock of our national security and reported hacks at the Department of Energy and the National Nuclear Security Administration (NNSA) may represent an extraordinarily grave threat to the safety of every American. In recognition that cyber infrastructure modernization is an important part of the overall nuclear modernization plan, the FY21 NDAA specifically authorizes $375.5 million for information technology and cybersecurity within the NNSA’s weapons activities accounts.
- Establishing a National Cyber Director – The FY21 NDAA creates the National Cyber Director (NCD) position in the White House to serve as the president’s principal advisor on cyber issues and as a point of coordination and leadership within the federal government on these issues. The NCD would provide centralized White House leadership to coordinate federal response efforts and liaise with critical private-sector stakeholders.
- Strengthening the Cybersecurity and Infrastructure Security Agency (CISA) – The FY21 NDAA contains several provisions aimed at strengthening CISA’s capacity to carry out its mission, including a provision authorizing CISA to conduct threat hunting on U.S. government networks. In addition, the Cyberspace Solarium Commission is calling on appropriators to increase funding to CISA to build out more Hunt and Incident Response Teams (HIRTs).
- Early reporting from affected departments and agencies suggests that CISA’s incident response capacities may be overwhelmed. More HIRTs would bolster CISA capacity to assist departments and agencies in responding to the incident in a timely manner.
- Better threat hunting on the .gov domain would have identified the campaign earlier on and possibly stopped the attack in its tracks.
- CISA is and will continue to be crucial in both identifying and responding to cybersecurity incidents on federal government networks.
- Strengthening an Integrated Cyber Center – The FY21 NDAA contains a provision calling on the Secretary of Homeland Security to conduct a review of federal cybersecurity centers and propose a plan to establish an integrated cyber center at CISA to improve coordination among federal government cybersecurity centers.
- A stronger integrated cyber center would help facilitate greater information exchange between federal departments and agencies, helping to quickly paint a clearer picture of the scope and scale of incidents like this and to inform incident response and the allocation of critical incident response capabilities.
- Protecting Against Industrial Espionage and Cyber Theft – The FY21 NDAA contains a requirement for a Presidential assessment on the effectiveness of the National Cyber Strategy to deter industrial espionage and large-scale cyber theft of intellectual property and personal information conducted by China.