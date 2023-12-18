By a 310-118 vote, the US House of Representatives passed the $886 billion National Defense Authorization Act for Fiscal Year 2024 (NDAA), which passed the Senate one day later. The annual must-pass legislation for US military funding is now headed to President Biden for his signature.

Partisan fights over defense spending for Ukraine and controversies over women’s health care and gender-affirming rights generated a lot of headlines in the months leading up to the bill’s passage. Most of the hardline culture war provisions were ultimately stripped out of the final legislative package and much of the Ukraine funding is still mired in debate. The bill also contained a stop-gap four-month reauthorization of the controversial Section 702 of the Foreign Intelligence Surveillance Act, which enables the US government to spy on foreign nationals, and sometimes US citizens and residents, which was due to expire at year-end.

As is typical for all annual NDAAs, this year’s 3,000-plus page legislation is filled with many large and small cybersecurity-related provisions. The following sections summarize some of the more consequential cybersecurity provisions in the Act.

Boosting nuclear weapons and systems cybersecurity

Following a concerted push by a group of bipartisan House lawmakers, the NDAA creates within the Department of Defense a “cybersecurity risk inventory, assessment, and mitigation working group” charged with developing a comprehensive strategy for identifying nuclear weapons information technology environments facing cybersecurity risks and implementing risk mitigation actions.

The bill also directs the Secretary of Defense to establish a cross-functional team to develop and oversee the implementation of a threat-driven cyber defense construct for the systems and networks that support the nuclear command, control, and communications, commonly called the NC3 mission. This team will comprise personnel from all the military departments, the Defense Information Systems Agency, the National Security Agency, the United States Cyber Command, the United States Strategic Command, and any other organization or element of the Department of Defense determined appropriate by the Secretary.

NDAA focus on artificial intelligence

Consistent with the rapid rise of artificial intelligence (AI) technologies and the still uncertain impact these new systems will have on military operations and foreign diplomacy, the NDAA contains major sections that give the Pentagon and US State Department several new AI-related responsibilities.