SPONSORED:

Senate approves defense bill establishing cyber czar position, subpoena power for cyber agency

Senate approves defense bill establishing cyber czar position, subpoena power for cyber agency
© Greg Nash

The Senate on Friday approved the annual National Defense Authorization Act (NDAA) with clauses that would establish a federal cyber czar, and that would give the nation’s top federal cybersecurity agency subpoena power.

The conferenced version of the 2021 NDAA was approved by the Senate by a vote of 84-13 days after the House approved the same version of the annual defense funding bill. 

The clause establishing the position of a Senate-confirmed national cyber director within the Executive Office of the President was not included in the original 2021 NDAA approved by the Senate earlier this year, but was added during negotiations with the House. 

ADVERTISEMENT

The position would reestablish and elevate the previous White House cybersecurity coordinator position that was eliminated by former national security advisor John BoltonJohn BoltonTrump said he hoped COVID-19 'takes out' Bolton: book US drops lawsuit, closes probe over Bolton book John Bolton: Biden-Putin meeting 'premature' MORE in 2018. 

A coalition of bipartisan lawmakers in the House and Senate worked together to ensure the clause creating the position was included in the NDAA, with the new position responsible for coordinating cybersecurity policy across the federal government. 

“This position gives the person who holds this spot, this position, more gravitas than just a staff person,” Rep. Jim LangevinJames (Jim) R. LangevinHillicon Valley: Senate unanimously confirms Chris Inglis as first White House cyber czar | Scrutiny mounts on Microsoft's surveillance technology | Senators unveil bill to crack down on cyber criminals Senate confirms Chris Inglis as first White House cyber czar House lawmakers roll out legislation to protect schools against hackers MORE (D-R.I.), who spearheaded introducing legislation creating this position, told The Hill last week. “He or she would have sufficient staff. They get their hands around the challenges they face, a whole of government approach to protect the country in cyberspace. This is a major step forward.”

However, a memo put out by the White House Office of Management and Budget (OMB) earlier this week, obtained by Reuters, listed the establishment of the position among the reasons President TrumpDonald Trump Pence said he's 'proud' Congress certified Biden's win on Jan. 6 Americans put the most trust in their doctor for COVID-19 information: poll OVERNIGHT DEFENSE: Biden administration to evacuate Afghans who helped US l Serious differences remain between US and Iran on nuclear talks l US, Turkish officials meet to discuss security plans for Afghan airport MORE may choose to veto the bill. 

OMB wrote that NDAA “increases bureaucracy and confuses cybersecurity policymaking by mandating the appointment of a National Cyber Director within the Executive Office of the President, ignoring the mechanisms by which the Government already performs the functions assigned to this new policy position.”

ADVERTISEMENT

Trump has also threatened to veto the defense funding bill due to a repeal of Section 230 of the Communications Decency Act being left out, and due to the legislation requiring that military installations named after Confederate generals be renamed. 

The legislation was approved with veto-proof majorities, but it's unclear if enough GOP lawmakers in both chambers would vote to override Trump. A two-thirds vote is required to overturn a veto.

The cyber czar clause was included as part of a raft of other cybersecurity measures, including a clause giving the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) limited subpoena power.

The clause, based on bipartisan legislation introduced last year, would allow CISA to issue subpoenas to internet service providers, compelling them to release information on cyber vulnerabilities detected on the networks of critical infrastructure organizations.

This power, which had had support from leadership on both the House and Senate Homeland Security committees, would give CISA the ability to further secure critical systems. 

Both measures were part of 26 recommendations from the Cyberspace Solarium Commission that were included in the conferenced version of the NDAA.

The group — made up of members of Congress, the federal government and industry — was established in 2018 to provide recommendations to defend the U.S. in cyberspace, with a report rolled out earlier this year.