Senate approves defense bill establishing cyber czar position, subpoena power for cyber agency

The Senate on Friday approved the annual National Defense Authorization Act (NDAA) with clauses that would establish a federal cyber czar, and that would give the nation’s top federal cybersecurity agency subpoena power.

The conferenced version of the 2021 NDAA was approved by the Senate by a vote of 84-13 days after the House approved the same version of the annual defense funding bill. 

The clause establishing the position of a Senate-confirmed national cyber director within the Executive Office of the President was not included in the original 2021 NDAA approved by the Senate earlier this year, but was added during negotiations with the House. 

ADVERTISEMENT

The position would reestablish and elevate the previous White House cybersecurity coordinator position that was eliminated by former national security advisor John BoltonJohn BoltonHillicon Valley: Federal agencies warn of hackers targeting online K-12 classes | California seeks to join DOJ antitrust case against Google | Senate approves defense bill establishing cyber czar position Senate approves defense bill establishing cyber czar position, subpoena power for cyber agency Defense policy bill would create new cyber czar position MORE in 2018. 

A coalition of bipartisan lawmakers in the House and Senate worked together to ensure the clause creating the position was included in the NDAA, with the new position responsible for coordinating cybersecurity policy across the federal government. 

“This position gives the person who holds this spot, this position, more gravitas than just a staff person,” Rep. Jim LangevinJames (Jim) R. LangevinSenate approves defense bill establishing cyber czar position, subpoena power for cyber agency House chairman endorses Michele Flournoy for Biden’s Pentagon chief Hillicon Valley: Senate Intelligence Committee leaders warn of Chinese threats to national security | Biden says China must play by ‘international norms’ | House Democrats use Markup app for leadership contest voting MORE (D-R.I.), who spearheaded introducing legislation creating this position, told The Hill last week. “He or she would have sufficient staff. They get their hands around the challenges they face, a whole of government approach to protect the country in cyberspace. This is a major step forward.”

However, a memo put out by the White House Office of Management and Budget (OMB) earlier this week, obtained by Reuters, listed the establishment of the position among the reasons President TrumpDonald TrumpBiden team says it’s ‘no surprise’ Supreme Court rejected Texas lawsuit Trump praises FDA approval of COVID-19 vaccine: ‘One of the greatest scientific accomplishments in history’ Giuliani says Trump team ‘not finished’ after Supreme Court defeat MORE may choose to veto the bill. 

OMB wrote that NDAA “increases bureaucracy and confuses cybersecurity policymaking by mandating the appointment of a National Cyber Director within the Executive Office of the President, ignoring the mechanisms by which the Government already performs the functions assigned to this new policy position.”

ADVERTISEMENT

Trump has also threatened to veto the defense funding bill due to a repeal of Section 230 of the Communications Decency Act being left out, and due to the legislation requiring that military installations named after Confederate generals be renamed. 

The legislation was approved with veto-proof majorities, but it’s unclear if enough GOP lawmakers in both chambers would vote to override Trump. A two-thirds vote is required to overturn a veto.

The cyber czar clause was included as part of a raft of other cybersecurity measures, including a clause giving the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) limited subpoena power.

The clause, based on bipartisan legislation introduced last year, would allow CISA to issue subpoenas to internet service providers, compelling them to release information on cyber vulnerabilities detected on the networks of critical infrastructure organizations.

This power, which had had support from leadership on both the House and Senate Homeland Security committees, would give CISA the ability to further secure critical systems. 

Both measures were part of 26 recommendations from the Cyberspace Solarium Commission that were included in the conferenced version of the NDAA.

The group — made up of members of Congress, the federal government and industry — was established in 2018 to provide recommendations to defend the U.S. in cyberspace, with a report rolled out earlier this year.