Senate-passed defense spending bill includes clause giving DHS cyber agency subpoena power

Senate-passed defense spending bill includes clause giving DHS cyber agency subpoena power
© Greg Nash

The Senate version of the annual National Defense Authorization Act (NDAA) approved Thursday included a raft of measures designed to shore up federal cybersecurity, including a clause giving the Department of Homeland Security’s (DHS) cybersecurity agency subpoena power.

The provision, originally introduced by Senate Homeland Security and Governmental Affairs Committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonMcConnell halts in-person Republican lunches amid COVID-19 surge Loeffler isolating after possible COVID-19 infection Rick Scott tests positive for coronavirus MORE (R-Wis.) and Sen. Maggie HassanMargaret (Maggie) HassanCut tariffs and open US economy to fight COVID-19 pandemic Senate passes bill to secure internet-connected devices against cyber vulnerabilities Overnight Defense: Trump campaign's use of military helicopter raises ethics concerns | Air Force jets intercept aircraft over Trump rally | Senators introduce bill to expand visa screenings MORE (D-N.H.) in December, would allow DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to issue subpoenas to internet service providers compelling them to release information on cyber vulnerabilities detected on the networks of critical infrastructure organizations.

“Every day our adversaries target our critical infrastructure, including our electric grids, dams, and airports, and every day, CISA is made aware of vulnerabilities to these systems — some easily fixable — but is powerless to warn the potential victims,” Johnson said in a statement following the NDAA’s passage. 


“This legislation gives CISA the authority necessary to reach out and warn owners of critical infrastructure that they are open and vulnerable to cyberattacks before they become a victim,” he added. “We ask Americans: if you see something, say something. With this legislation we are empowering CISA to do the same.”

Hassan described the subpoena power proposal as “common-sense,” adding in a separate statement that she would “keep working” with Johnson to get the provision signed into law as part of the final version of the fiscal 2021 NDAA that will be conferenced between the House and Senate in coming weeks. 

The legislation was also included in the House version of the NDAA, approved earlier this week, making it likely the provision will stay in the final version eventually sent to President TrumpDonald John TrumpTrump rages against '60 Minutes' for interview with Krebs Cornyn spox: Neera Tanden has 'no chance' of being confirmed as Biden's OMB pick Pa. lawmaker was informed of positive coronavirus test while meeting with Trump: report MORE for signature. 

Another key cybersecurity provision included in the Senate version of the annual defense spending bill was one establishing a federally funded cybersecurity coordinator in every state to prepare for and respond to cyberattacks. 

The legislation was introduced in January by Hassan and Sens. John CornynJohn CornynCornyn spox: Neera Tanden has 'no chance' of being confirmed as Biden's OMB pick Cornyn on Biden aides' undisclosed ties: 'The Senate is not obligated to confirm anyone who hides this information' Cornyn says election outcome 'becoming increasingly clear': report MORE (R-Texas), Gary PetersGary PetersRepublican John James concedes in Michigan Senate race Hillicon Valley: YouTube suspends OANN amid lawmaker pressure | Dems probe Facebook, Twitter over Georgia runoff | FCC reaffirms ZTE's national security risk Democrats urge YouTube to remove election misinformation, step up efforts ahead of Georgia runoff MORE (D-Mich.), and Rob PortmanRobert (Rob) Jones PortmanBiden says transition outreach from Trump administration has been 'sincere' The Hill's 12:30 Report: Trump holds his last turkey pardon ceremony The Hill's Morning Report - Presented by the UAE Embassy in Washington, DC - Trump OKs transition; Biden taps Treasury, State experience MORE (R-Ohio) after a year of increasing cyberattacks across the nation crippled city governments in New Orleans and Baltimore, among many others. 


“We live in an increasingly interconnected society, and state and local governments need clear lines of communication and an understanding of what federal resources are available to protect them from ever-evolving cyber threats,” Peters, the ranking member of the Senate Homeland Security and Governmental Affairs Committee, said Thursday. “Bad actors will always target the path of least resistance — which is why we must boost cyber-security at all levels of government.

A clause meant to address the threat of “deepfakes,” or media altered by artificial intelligence to show distorted events, was also included in the Senate version of the NDAA. 

The bipartisan measure would require DHS to conduct an annual study on how deepfakes are used by foreign and domestic groups, and ways to fight back against the creation of the videos. 

“Fake content can damage our national security and undermine our democracy,” Sen. Brain Schatz (D-Hawaii), one of the original sponsors of the deepfakes legislation, said in a statement Thursday. “Our amendment directs the federal government to learn more about the scope and impact of deepfake technology. It’s an important step in fighting disinformation.”

One major cybersecurity provision not included was the establishment of a national cyber director at the White House to serve as a coordinating force between federal agencies on cybersecurity issues. The House-passed version of the NDAA established the position, but the Senate version only included language requiring an “assessment” of the “feasibility” of doing so.

It is unclear whether the position will eventually be included in the final version of the NDAA sent to Trump for approval. The bipartisan effort to create a national cyber director comes two years after the White House cybersecurity coordinator position was eliminated by former national security advisor John BoltonJohn BoltonPressure grows from GOP for Trump to recognize Biden election win Sunday shows - Virus surge dominates ahead of fraught Thanksgiving holiday Bolton calls on GOP leadership to label Trump's behavior 'inexcusable' MORE in an effort to reduce bureaucracy.