Cyber Brief: Cyberspace Solarium Commission Recommendations in the FY21 National Defense Authorization Act
Provisions establish the National Cyber Director and Office of the National Cyber Director
NDAA pushes United States closer to “layered cyber deterrence”
Washington, D.C., December 21, 2020 – With the House and Senate’s passage this month of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (hereafter referred to as the FY21 NDAA), the Cyber Vault has reviewed the enrolled bill to compare it to the recommendations of the bipartisan Cyberspace Solarium Commission. With the Senate’s veto-proof vote of 84 to 13, the bill is expected to become law even if President Trump decides to oppose it.
In its final report, the Commission proposed a national strategy of cyber deterrence, which includes three layers: 1) shaping behavior in cyberspace through partnerships and leveraging of non-military instruments; 2) denying benefits to malign actors through election security, critical infrastructure protection and a “Continuity of the Economy Plan,” and 3) imposing costs on bad actors by bolstering U.S. cyber capabilities and capacity.
Source: Final Report of the Cyberspace Solarium Commission, March 2020.
Some of the more notable provisions include the establishment of the National Cyber Director and supporting Office of the National Cyber Director (Sec.1752), the creation of a Continuity of the Economy Plan (Sec. 9603), and the formation of a Joint Cyber Planning Office under CISA (Sec.1715) to facilitate the coordination of defensive cybersecurity campaigns across federal agencies and the private sector.
In the table below, we have listed the original Cyberspace Solarium Commission recommendations in the March 2020 final report along with their supporting provisions in the FY21 NDAA, allowing researchers, students and citizens alike to comprehensively review what is arguably the most forward-looking piece of legislation on national cybersecurity in the country’s history.
This report, compiled and released by the Cyberspace Solarium Commission in March 2020, proposes a strategy of layered cyber deterrence and consists of over 80 recommendations to implement the strategy. This document was originally sourced from the Cyberspace Solarium Commission’s website, at https://www.solarium.gov/home.
The National Defense Authorization Act for FY2021 incorporates over 20 recommendations from the final report (March 2020) of the Cyberspace Solarium Commission, and reauthorizes the Commission into December 2021. This document was originally sourced from Congress.gov, at https://www.congress.gov/bill/116th-congress/house-bill/6395.
Cyberspace Solarium Recommendations in FY21 National Defense Authorization Act