Langevin, Gallagher Lead Adoption of 11 NDAA Amendments Implementing Cyberspace Solarium Report

Jul 20, 2020 Issues: Cybersecurity

WASHINGTON – Cyberspace Solarium Commissioners Congressmen Jim Langevin (D-RI) and Mike Gallagher (R-WI) today applauded a slate of amendments that implement recommendations from the Solarium Commission’s report. A bipartisan coalition of members offered the amendments to the Fiscal Year 2021 National Defense Authorization Act (NDAA) that is expected to pass the House tomorrow.

“The House’s National Defense Authorization Act will do more for our nation’s cybersecurity than any bill in a long time,” said Langevin, who chairs the House Armed Services Committee’s Subcommittee on Intelligence and Emerging Threats and Capabilities. “Thanks to the many bipartisan cybersecurity leaders we have in the House, the defense bill includes eleven additional legislative provisions to implement the Cyberspace Solarium Commission report. Most important, we create a Senate-confirmed National Cyber Director in the White House to coordinate strategy and national incident response. We also take significant steps to strengthen the Cybersecurity and Infrastructure Security Agency and improve collaboration with private sector owners and operators of critical infrastructure. Congressman Gallagher and I look forward to continuing to work with our colleagues to advance the Solarium Commission’s vision in the face of the rising cyber threats that confront us each day.”

“Cyberspace has emerged as a decisive battlefield that puts all Americans -- knowingly or unknowingly -- on the frontline of conflict. Defending our interests in this domain requires not only substantial investment, but reform that allows us to adapt to these ever-present and ever-changing threats,” said Solarium Co-Chair Congressman Gallagher. “By including some of the Cyberspace Solarium Commission’s critical recommendations, this bill takes these challenges head on and implements policies that will no doubt help better secure our nation in cyberspace. There’s more work to be done, but this is an important step forward.”

Created by Congress as part of the Fiscal Year 2019 NDAA, the Cyberspace Solarium Commission comprises 14 cybersecurity experts: four are from the Executive Branch, four are from Congress, and six are from the private sector. After a year of fact-finding and deliberation, the Commission released its report on March 11. In it, the Commissioners call for a strategic approach of layered cyber deterrence and offer 82 recommendations that the government can take to implement the strategy. Langevin and Gallagher worked together to incorporate several recommendations during House Armed Services Committee consideration of H.R. 6395, and they collaborated with cybersecurity leaders on both sides of the aisle to develop floor amendments to further the Commission’s work. 

“As Ranking Member of the House Homeland Security Subcommittee on Cybersecurity, I’m pleased to introduce several bipartisan amendments to the NDAA that will advance recommendations by the Cyberspace Solarium Commission,” said Congressman John Katko. “The measures I introduced, alongside Democratic and Republican leaders on cybersecurity, will strengthen and stabilize CISA and empower the agency to defend our nation’s critical infrastructure systems against cyberattacks. Further, these measures will facilitate a more comprehensive national cyber strategy by creating a National Cyber Director role within the White House and a Joint Planning Office that will promote preparedness and readiness across the Federal Government."

“The Commission has put together a thoughtful, meaningful strategy with concrete recommendations for cyberspace, such as creating a National Cyber Director and properly planning for the growth of our most critical governmental cybersecurity organizations like CISA and CYBERCOM,” said Congressman C.A. Dutch Ruppersberger. “Cyber threats are persisting and Congress needs to do its part to ensure as many of these recommendations become law as quickly as possible.”

“The sudden move to remote work for so much of the nation’s workforce during this pandemic has underscored the urgent need to better secure our networks,” said Congresswoman Kathleen Rice. “I am pleased my amendment to improve cybersecurity for smaller government agencies has been included in this year’s NDAA, and I thank Representatives Langevin and Gallagher for all of their efforts to strengthen our nation’s cyber defenses at this critical moment.”

“I’m proud to lead an amendment to the NDAA that strengthens our Cybersecurity and Infrastructure Security Agency (CISA) by empowering our agents to hunt for cyber threats on the .gov domain,” said Congressman Mark Green. “America’s cyber infrastructure is under constant attack from foreign adversaries and malicious actors, and our Federal government experiences countless cyber assaults each day. This amendment gives CISA the authority it needs to search for threats on our federal systems and protect our federal networks. Congress should include it in the NDAA and act now to ensure the security of our national cyber infrastructure.”

Solarium-related amendments to the FY21 NDAA:

  • Solarium Recommendation 1.3 - Establish a National Cyber Director. NDAA Amendment #15 – Creates an Office of the National Cyber Director within the Executive Office of the President to develop and oversee implementation of the National Cyber Strategy, coordinate national incident response activities, and provide cybersecurity policy advice to the President. Based on H.R. 7331 introduced by Langevin. (Langevin, Gallagher, Carolyn Maloney, Katko, Ruppersberger, Hurd, Lynch, King, Eshoo, Stefanik, Heck, Timmons, Cartwright, Houlahan, Panetta, Lawrence, Norton, Lieu)
  • Solarium Recommendation 1.4 – Strengthen the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security
  • NDAA Amendment #320 - Establishes a fixed 5-year term for the Director of CISA and makes Assistant Directors career (as opposed to political) appointees. (Richmond, Katko, Langevin, Gallagher)
  • NDAA Amendment #329 - Requires the Secretary of Homeland Security to conduct a review of CISA’s force structure and facilities in light of increased operational requirements (Ruppersberger, Katko, Langevin, Gallagher)
  • NDAA Amendment #162 - Enhances CISA’s ability to protect federal civilian networks by authorizing continuous threat hunting on the civilian networks. (Mark Green, Langevin, Gallagher, Katko)
  • NDAA Amendment #318 – Authorizes CISA to provide shared cybersecurity services to smaller agencies to assist in meeting Federal Information Security Modernization Act requirements. (Kathleen Rice, Gallagher, Langevin)
  • Solarium Recommendation 3.1 - Codify Sector-specific Agencies into Law as “Sector Risk Management Agencies.” NDAA Amendment #220 - Requires the Secretary of Homeland Security to recommend designation of agencies to be responsible for coordinating risk management in critical infrastructure sectors and outlines their responsibilities. (Langevin, Gallagher)
  • Solarium Recommendation 3.3.5 – Establish a Biennial National Cyber Tabletop Exercise. NDAA Amendment #351 - Requires the Secretary of Homeland Security to administer a senior-level tabletop exercise to test the U.S’ ability to respond to a cyber aggression against critical infrastructure. (Slotkin, Gallagher, Langevin)
  • Solarium Recommendation 4.4 – Resource a Federally Funded Research and Development Center to Develop Cybersecurity Insurance Certifications. NDAA Amendment #161 – Requires the Government Accountability Office to assess and analyze the state and availability of insurance coverage for cybersecurity risks and provide recommendations to Congress., (Al Green, Katko, Langevin, Gallagher)
  • Solarium Recommendation 4.5.2 – Develop a Strategy to Secure Foundational Internet Protocols and Email. NDAA Amendment #179 - Requires the Secretary of Homeland Security to develop a strategy to implement Domain-based Message Authentication, Reporting, and Conformance (DMARC) standard across U.S.-based email providers. (Jackson Lee, Katko, Langevin, Gallagher, Sanford Bishop, Joyce, Carson)
  • Solarium Recommendation 5.1.3 – Empower Departments and Agencies to Serve Administrative Subpoenas in Support of Threat and Asset Response Activities. NDAA Amendment #219 - Allows CISA to issue administrative subpoenas to ISPs to identify and warn entities of cyber security vulnerabilities. Based on H.R. 5680 introduced by Langevin. (Langevin, Katko, Bennie Thompson, Gallagher, Richmond, Lynch)
  • Solarium Recommendation 5.4 – Establish a Joint Cyber Planning Cell under CISA. NDAA Amendment #319 - Creates a Joint Cyber Planning Office at CISA to coordinate cybersecurity planning and readiness across government and critical infrastructure owners and operators., (Richmond, Katko, Langevin, Gallagher)