Senate-passed defense spending bill includes clause giving DHS cyber agency subpoena power

Senate-passed defense spending bill includes clause giving DHS cyber agency subpoena power
© Greg Nash

The Senate version of the annual National Defense Authorization Act (NDAA) approved Thursday included a raft of measures designed to shore up federal cybersecurity, including a clause giving the Department of Homeland Security’s (DHS) cybersecurity agency subpoena power.

The provision, originally introduced by Senate Homeland Security and Governmental Affairs Committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonOvernight Defense: Joint Chiefs warn against sweeping reform to military justice system | Senate panel plans July briefing on war authorization repeal | National Guard may have 'training issues' if not reimbursed Senate panel plans July briefing on war authorization repeal Overnight Defense: Senate panel delays Iraq war powers repeal | Study IDs Fort Hood as least-safe base for female soldiers | Pentagon loosens some COVID-19 restrictions MORE (R-Wis.) and Sen. Maggie HassanMargaret (Maggie) HassanDemocrats facing tough reelections back bipartisan infrastructure deal Centrists gain foothold in infrastructure talks; cyber attacks at center of Biden-Putin meeting Centrists gain leverage over progressives in Senate infrastructure battle MORE (D-N.H.) in December, would allow DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to issue subpoenas to internet service providers compelling them to release information on cyber vulnerabilities detected on the networks of critical infrastructure organizations.

“Every day our adversaries target our critical infrastructure, including our electric grids, dams, and airports, and every day, CISA is made aware of vulnerabilities to these systems — some easily fixable — but is powerless to warn the potential victims,” Johnson said in a statement following the NDAA’s passage. 


“This legislation gives CISA the authority necessary to reach out and warn owners of critical infrastructure that they are open and vulnerable to cyberattacks before they become a victim,” he added. “We ask Americans: if you see something, say something. With this legislation we are empowering CISA to do the same.”

Hassan described the subpoena power proposal as “common-sense,” adding in a separate statement that she would “keep working” with Johnson to get the provision signed into law as part of the final version of the fiscal 2021 NDAA that will be conferenced between the House and Senate in coming weeks. 

The legislation was also included in the House version of the NDAA, approved earlier this week, making it likely the provision will stay in the final version eventually sent to President TrumpDonald TrumpGuardian Angels founder Curtis Sliwa wins GOP primary in NYC mayor's race Garland dismisses broad review of politicization of DOJ under Trump Schumer vows next steps after 'ridiculous,' 'awful' GOP election bill filibuster MORE for signature. 

Another key cybersecurity provision included in the Senate version of the annual defense spending bill was one establishing a federally funded cybersecurity coordinator in every state to prepare for and respond to cyberattacks. 

The legislation was introduced in January by Hassan and Sens. John CornynJohn CornynProgressive groups launch .5M ad buy to pressure Sinema on filibuster Black lawmakers warn against complacency after Juneteenth victory The Senate is where dreams go to die MORE (R-Texas), Gary PetersGary PetersHarris casts tiebreaking vote to confirm OPM nominee This week: Senate set for voting rights fight Lawmakers rally around cyber legislation following string of attacks MORE (D-Mich.), and Rob PortmanRobert (Rob) Jones PortmanWhite House advisers huddle with Senate moderates on infrastructure The Hill's Morning Report - Presented by Facebook - Biden support, gas tax questions remain on infrastructure This week: Senate set for voting rights fight MORE (R-Ohio) after a year of increasing cyberattacks across the nation crippled city governments in New Orleans and Baltimore, among many others. 


“We live in an increasingly interconnected society, and state and local governments need clear lines of communication and an understanding of what federal resources are available to protect them from ever-evolving cyber threats,” Peters, the ranking member of the Senate Homeland Security and Governmental Affairs Committee, said Thursday. “Bad actors will always target the path of least resistance — which is why we must boost cyber-security at all levels of government.

A clause meant to address the threat of “deepfakes,” or media altered by artificial intelligence to show distorted events, was also included in the Senate version of the NDAA. 

The bipartisan measure would require DHS to conduct an annual study on how deepfakes are used by foreign and domestic groups, and ways to fight back against the creation of the videos. 

“Fake content can damage our national security and undermine our democracy,” Sen. Brain Schatz (D-Hawaii), one of the original sponsors of the deepfakes legislation, said in a statement Thursday. “Our amendment directs the federal government to learn more about the scope and impact of deepfake technology. It’s an important step in fighting disinformation.”

One major cybersecurity provision not included was the establishment of a national cyber director at the White House to serve as a coordinating force between federal agencies on cybersecurity issues. The House-passed version of the NDAA established the position, but the Senate version only included language requiring an “assessment” of the “feasibility” of doing so.

It is unclear whether the position will eventually be included in the final version of the NDAA sent to Trump for approval. The bipartisan effort to create a national cyber director comes two years after the White House cybersecurity coordinator position was eliminated by former national security advisor John BoltonJohn BoltonUS drops lawsuit, closes probe over Bolton book John Bolton: Biden-Putin meeting 'premature' Republicans request documents on Kerry's security clearance process MORE in an effort to reduce bureaucracy.