1. Establishment of the Office of the National Cyber Director
Establishes an office for the principal advisor on cybersecurity policy and strategy to the President.
2. Creation of a Joint Cyber Planning Office
This provision was included in the FY21 National Defense Authorization Act and establishes an office in the Cybersecurity and Infrastructure Security Agency (CISA) to coordinate public and private sector entities to plan for cyber defense operations, including identifying and detecting threats, as well as mitigating and recovering from attacks.
3. Yearly Reports by the Department of Defense on the Implementation of the National Security Commission on Artificial Intelligence’s Recommendations
This provision was included in the FY22 National Defense Authorization Act and requires that the Department of Defense (DOD) submit yearly reports on the status of recommendations from the National Security Commission on Artificial Intelligence (NSCAI). It also requires that the DOD develop a plan to implement all NSCAI recommendations specific to the DOD, or to brief Congress on their justifications for not implementing specific recommendations.
4. Development of a Digital Infrastructure Plan
This provision was included in the FY22 National Defense Authorization Act and establishes a Department of Defense working group and tasks them with developing a plan to establish a modern information technology infrastructure capable of incorporating state-of-the-art tools including artificial intelligence tools.
5. Establishment of Digital Recruiting Offices
This provision was included in the FY22 National Defense Authorization Act and establishes a Chief Digital Recruiting Officer within the office of the Under Secretary of Defense for Personnel and Readiness, and it charges the officer with identifying digital talent needs and skills gaps within the Department of Defense, and with recruiting individuals to address those gaps.
6. Updating Federal Occupation Series Fields
This provision was included in the FY22 National Defense Authorization Act and directs the Director of the Office of Personnel Management to establish or update the occupational series covering federal government positions in the fields of software development, software engineering, data science, and data management. The incorporation of new occupational career fields will help focus the development of personnel in these fields.
7. Integrating Emerging Technology into Professional Education
This provision was included in the FY22 National Defense Authorization Act and establishes an executive education course within the Department of Defense on emerging technologies. The course is designed to prepare new general officers and senior executive-level civilian leaders on relevant technologies and how these technologies may be applied to military and business activities.
8. Assess the Feasibility of a National Cyber Academy
This provision was included in the FY22 National Defense Authorization Act and requires the Department of Defense (DOD) to determine the overall workforce requirements for cyberspace and information warfare personnel across the active and reserve components of the Armed Forces. Additionally, it requires the DOD to determine and report whether the cyber mission requires a graduate level professional military education college similar to the war colleges for the Army, Navy, and Air Force.
9. National Defense Science and Technology Strategy
This provision was included in the FY22 National Defense Authorization Act and tasks the Department of Defense (DOD) to develop a strategy articulating the science and technology priorities, goals, and investments of the DOD. Additionally, it requires the DOD to submit recommendations for future defense research, and to establish an integrated approach to the identification, prioritization, development, and fielding of emerging capabilities and technologies.
10. Department of Defense Cyber & Digital Service Academy
Establishing a Cyber and Digital Service Academy within the Department of Defense was included in the FY23 National Defense Authorization Act to strengthen technical talent, modernize our military, and prepare for the sweeping technological advancements we face in artificial intelligence and other areas. This provision comes from a National Security Commission on Artificial Intelligence (AI) recommendation, and includes a scholarship-for-service program for students pursuing tech-related programs with a mandatory service requirement in the Department of Defense.
11. DHS Roles & Responsibilities in Cyberspace Act (H.R.5658)
Tasks the Secretary of the Department of Homeland Security with conducting a review of its incident response plans, and sets the conditions for improvements to our cyber incident response framework.
12. Cyber Diplomacy Act (H.R.1251)
In April 2022, the Secretary of State announced the creation of a Bureau of Cyberspace and Digital Policy to address “the national security challenges, economic opportunities, and implications for U.S. values associated with cyberspace, digital technologies, and digital policy.” This legislation codifies the Secretary’s announcement and specifies that the bureau will be led by the first-ever U.S. Ambassador-at-Large for Cyberspace and Digital Policy.
13. Short Course on Emerging Technologies for Senior Officials
This provision, a priority of both the Cyberspace Solarium Commission and a recommendation of the National Security Commission on Artificial Intelligence, was included in the FY23 National Defense Authorization Act and directs the Secretary of Defense to develop a short course addressing how recent technological advances affect the activities of the Defense Department.
14. Improvements to Principal Cyber Advisors
Included in the FY23 National Defense Authorization Act, this provision codifies the offices and roles of the Principal Cyber Advisors (PCA) and authorizes the PCA to the Secretary of Defense to certify portions of the Department’s Cyberspace Activities Budget. It simultaneously integrates and streamlines a budgetary process for defense-related cyber capability development and security.
15. Cybersecurity Grants for Schools
With cyberattacks targeting vulnerable schools on the rise, this provision was included in the FY23 National Defense Authorization Act and fulfills a Cyberspace Solarium Commission recommendation to increase funding for K-12 cybersecurity education, both for educators and students.
16. Enhancing Maritime Cybersecurity
Cyber attacks on maritime ports that are integral to the supply chain increased by 400% in 2020. In response, this provision was included in the FY23 National Defense Authorization Act and tasks the Commandant of the Coast Guard and relevant cybersecurity agencies with developing a list of tools and resources open to the public. They will be designed to assist maritime operators in identifying, responding to, and recovering from cyber incidents.
17. Dr. David Satcher Cybersecurity Education Grant Program
A recommendation from the Cyberspace Solarium Commission, the Dr. David Satcher Cybersecurity Education Grant Program was included in the CHIPS and Science Act and awards funding to minority serving or historically black institutions of higher education to establish or expand cybersecurity programs, builds public-private partnerships, and improves research and development efforts.
18. Federal Cyber Scholarship-For-Service Program
The Federal Cyber Scholarship-for-Service provision was included in the CHIPS and Science Act and enhances the existing CyberCorps program which provides funding to students in return for a period of service working for the federal government.
19. International Standards Development
A recommendation from the Cyberspace Solarium Commission, the Dr. David Satcher Cybersecurity Education Grant Program will award funding to minority-serving or historically-black institutions of higher education to establish or expand cybersecurity programs, build public-private partnerships, and improve research and development efforts.
20. Standards Development Organization Grants
Emerging technologies like artificial intelligence need standardization and guidelines – the U.S. will be stronger if our small businesses and industry leaders help lead that effort. This provision, a recommendation from the National Security Commission on AI, was included in the CHIPS and Science Act and creates a 5-year pilot program to award grants to small businesses to support their participation in international standards development organizations.
21. Cyber Workforce Development Research & Development
A recommendation from the Cyberspace Solarium Commission was included in the CHIPS and Science Act that tasks the Director of the National Institute of Standards and Technology to award grants to non-profit organizations and institutions of higher education to carry out studies on the cyber workforce, its constitution, current trends, and factors influencing retention, growth, and development of that workforce.
22. Office of Research Security & Policy
A recommendation from the National Security Commission on AI, this provision was included in the CHIPS and Science Act and establishes an Office of Research Security and Policy within the National Science Foundation. The NSF will coordinate efforts to identify and address potential security risks that threaten research integrity to prevent intellectual property theft.
23. Taiwan Cybersecurity Resiliency Act (S.1241/H.R.2756)
In 2019, the Taiwanese government estimated that it faces 20 to 40 million cyber attacks monthly, with its National Security Bureau alone facing roughly 100,000 hacking attempts each month. This bill requires the Department of Defense to expand cybersecurity cooperation with Taiwan by conducting combined cybersecurity training activities and exercises and leveraging U.S. commercial and military cybersecurity technology to harden Taiwan’s critical national networks, infrastructure, and systems.
24. Department of Defense Civilian Cybersecurity Reserve Act (S.1324)
Authorizes the Department of the Army to establish a Civilian Cybersecurity Reserve to leverage non-military cybersecurity expertise in a reserve capacity to bolster America’s cyber defense capabilities and to strengthen our cyber infrastructure.
25. Artificial Intelligence in U.S. Nuclear Command, Control, and Communications
This provision was included in the FY24 National Defense Authorization Act and directs the Department of Defense to provide a briefing on how the Department currently incorporates AI into Nuclear Command, Control, and Communications (NC3) and any plans to do so over the Future Years Defense Program.
26. Cybersecurity Risk Inventory, Assessment, and Mitigation Working Group
This provision is based on recommendations by the Government Accountability Office to shore up the cybersecurity resources for the National Nuclear Security Administration. It was included in the FY24 National Defense Authorization Act and creates a working group responsible for developing a strategy to assess and identify at-risk NNSA systems in the operational technology and nuclear weapons information technology environments and implement risk mitigation actions.
27. Study on the occupational resiliency of the Cyber Mission Force
This provision was included in the FY24 National Defense Authorization Act and requires the Department of Defense to conduct a study on how well personnel in the Cyber Mission Force can address specific psychological factors that affect their mental health and job performance. The study will also evaluate the multitude of mental health programs available to these professionals and how frequently they are used.