After much high-stakes political drama last week, the GOP-controlled US House of Representatives finally passed its version of the National Defense Authorization Act (NDAA), which details the Pentagon's $874.2 billion budget for FY 2024. As has been the case for the past ten years, the NDAA is filled with many military-related cybersecurity provisions.\n\nThe Department of Defense said the NDAA budget features \u201c$13.5 billion for cyberspace activities to defend and disrupt the efforts of advanced and persistent cyber adversaries, accelerate the transition to zero trust cybersecurity architecture, and increase defense of US critical infrastructure and defense industrial base partners against malicious cyberattacks."\n\nCybersecurity is embedded in dozens of the NDAA sections, and cybersecurity-specific or US Cyber Command funding line items appear 75 times in the budget presented in the bill. But several of the following provisions are worth highlighting.\n\nCyber Command program on the dark web and deep web analysis tools\n\nSection 1504 gives the Commander of Cyber Command the authority to integrate into the packages of tools distributed to the combatant commands tools to analyze information from locations on the dark web. Under the program established or augmented under this section, CyberCom's chief may "develop a comprehensive and tailored approach to the use of open-source intelligence tools for the analysis and distribution of information collected from the locations on the Internet" and "develop and validate technical requirements relating to such collection, analysis, and distribution including with respect to data fidelity and data provenance."\n\nJust why this authority is needed is unclear. CSO contacted CyberCom and the Department of Defense for more background on this provision but received no response.\n\nMilitary cybersecurity cooperation with Taiwan\n\nSec. 1505 of the NDAA directs the Secretary of Defense to seek to cooperate with the Ministry of Defense of Taiwan on defensive military cybersecurity activities. Acting through the Under Secretary of Defense for Policy, in concurrence with the Secretary of State and in coordination with the Commander of the United States Cyber Command and the Commander of the United States Indo-Pacific Command, the Secretary of Defense may carry out efforts to identify cooperative activities to defend military networks, infrastructure, and systems, counter malicious cyber activity that has compromised such networks, infrastructure, and systems, leverage United States commercial and military cybersecurity technology and services to harden and defend such networks, infrastructure, and systems; and conduct combined cybersecurity training activities and exercises.\n\nThe inclusion of this provision, championed by Rep. Mike Gallagher (R-WI), Chairman of the House Armed Services Committee's Subcommittee on Cyber, Information Technologies, and Innovation, comes at a time when US-China tensions are escalating as China increasingly positions Taiwan as a renegade province that, if need be, should be retaken by force. The US government doesn't recognize Taiwan as a country but has made clear it would defend Taiwan if China invades.\n\n"We are in the window of maximum danger when it comes to a potential conflict with China over Taiwan," Gallagher said. "If we are to deter Xi Jinping and prevent the devastating consequences of war, Congress must come together in bipartisan fashion to combat the Chinese Communist Party's aggression and ensure that the US military has what it needs to deter, and if necessary, fight and win in the 21st century."\n\nGAO review of cyberspace operations management\n\nSec. 1533 of the NDAA directs the Comptroller General of the United States to conduct a comprehensive review of the management by the Secretary of Defense of matters relating to the conduct of, and preparation for, cyberspace operations. The Comptroller is assigned the task of evaluating and assessing the number of commands, organizations, units, and personnel (including an identification of the rank and grade) responsible for conducting cyberspace operations across the Department of Defense to assess the ratio of qualified personnel, assessing potential duplication and costs across the operations and the extent to which senior officials accountable to the Secretary of Defense are overseeing operations.\n\nStudy on the Occupational Resiliency of Cyber Mission Force\n\nIn a bid to address burnout in the military's Cyber Mission Force, Sec. 1534 of the NDAA directs the Principal Cyber Advisor of the Department of Defense and the Undersecretary of Defense for Personnel and Readiness to conduct a study on the personnel and resources required to enhance and support the occupational resiliency of the Cyber Mission Force.\n\nTo be conducted in coordination with the principal cyber advisors of the military departments and the Commander of Cybercom, the study will take an inventory of how many personnel are in the Mission Force and assess the risk to the occupational resiliency of such personnel relative to their respective operational work roles.\n\nThe study will also evaluate the extent to which personnel assigned to the Cyber Mission Force have been made aware of the resources and programs and outline measures required to improve awareness. The Principal Cyber Advisor of the Department of Defense and the Undersecretary of Defense for Personnel and Readiness will submit a report to Congress on the study when it's completed.\n\nOther cybersecurity provisions in the 2024 NDAA\n\nWhat\u2019s ahead for the NDAA budget process\n\nThe final vote on the National Defense Authorization Act was a very narrow 219-210, with all but four Democrats voting against it due to social issues, including funding for abortions by military members, inserted into the bill by the GOP House majority. Legislative observers believe that the bill won't pass in its current form.\n\nHowever, the bill now heads to the Democrat-controlled Senate, which will likely strike the controversial social issues. Whatever happens in the Senate, it's unlikely that the NDAA won't pass by yearend, given that military funding has historically been considered a must-pass for both sides of the aisle. Given their bipartisan nature, it's also unlikely that the major cybersecurity provisions will be stripped from the bill.