House-passed defense spending bill includes provision establishing White House cyber czar

House-passed defense spending bill includes provision establishing White House cyber czar
© Getty Images

The House version of the annual National Defense Authorization Act (NDAA) passed Tuesday included a provision establishing a national cyber director at the White House, a role that would help coordinate federal cybersecurity efforts.

Bipartisan legislation establishing this position was originally introduced last month, and was added to the NDAA as part of a larger cybersecurity package on Monday. The national cyber director would serve as the president’s principal advisor on cybersecurity and emerging technology issues, and serve as a coordinating force for federal cyber action. 

The national cyber director would replace the previous White House cybersecurity coordinator role, which was eliminated by former national security advisor John BoltonJohn BoltonJohn Bolton: Biden-Putin meeting 'premature' Republicans request documents on Kerry's security clearance process Trump pushes back on Bolton poll MORE in 2018 in an effort to decrease bureaucracy. 


Bipartisan support for reestablishing the position with further authorities has increased in recent months as cyberattacks targeted as hospitals, COVID-19 research, and other sectors have skyrocketed.

The House passed the overall 2021 NDAA by a vote of 295-125 Tuesday afternoon.

The Senate has not yet voted on its version of the NDAA, but the version that cleared the Senate Armed Services Committee included a clause requiring an “assessment” of the “feasibility” of establishing the position, throwing into question whether the position will be established. 

The measure creating the provision was included in the NDAA as part of a slate of legislation designed to boost federal cybersecurity. Many of the measures included were based on recommendations from the Cyberspace Solarium Commission (CSC), a group established by Congress to recommend ways to defend the United States in cyberspace. 

Another measure added to the NDAA gives the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) the ability to issue subpoenas to internet service providers compelling them to release information on cyber vulnerabilities detected on the networks of critical infrastructure groups.


Other clauses included were those to establish a five-year term for the directors of CISA, to establish a biennial tabletop exercise led by DHS to evaluate the ability of the federal government to respond to a cyberattack on critical infrastructure, and the establishment of a federally-funded center to develop cybersecurity insurance certificates. 

Rep. Mike RogersMichael (Mike) Dennis RogersUnderstanding Russia and ourselves before the summit To fight China's economic extortion, take a page from the Cold War Overnight Defense: Pentagon pitches 5B budget | Kamala Harris addresses US Naval Academy graduates MORE (R-Ala.), the ranking member of the House Homeland Security Committee where many of these policies originated, said in a statement Tuesday that “these amendments all play a critical part in mitigating our nation’s cyber risk and working to stay ahead of evolving cybersecurity threats.”

CSC co-chair Mike GallagherMichael (Mike) John GallagherBiden budget includes 0M to help agencies recover from SolarWinds hack in proposed budget GOP lawmaker calls for Wuhan probe to 'prevent the next pandemic' Lawmakers introduce bill to protect critical infrastructure against cyberattacks MORE (R-Wis.) and CSC member Rep. Jim LangevinJames (Jim) R. LangevinColonial Pipeline may use recovered ransomware attack funds to boost cybersecurity New Russian hacks spark calls for tougher Biden actions Biden budget includes 0M to help agencies recover from SolarWinds hack in proposed budget MORE (D-R.I.) were among the sponsors of the cybersecurity amendments in the House.  

Cyberspace has emerged as a decisive battlefield that puts all Americans -- knowingly or unknowingly -- on the frontline of conflict. Defending our interests in this domain requires not only substantial investment, but reform that allows us to adapt to these ever-present and ever-changing threats,” Gallagher said in a statement on Monday. 

Langevin added in a separate statement that “this important work to forge forward learning cybersecurity defenses requires a full court press, and I’m thankful for having the support of my colleagues in advancing policy that will help better shield the U.S. from cyber incidents that could spark massive disruption and adversely impact our economic and democratic standing.”