This year’s National Defense Authorization Act (NDAA), the annual “must-pass” spending bill that ensures the continued funding of the nation’s military, has a wealth of information security recommendations that come from the bi-partisan, bi-cameral, public-private initiative known as the Cyberspace Solarium Commission (CSC). The CSC was itself established in 2019’s NDAA bill and was asked to come up with a new strategic approach to cybersecurity.
Last spring, the CSC issued a report that offered 82 policy and legislative recommendations to improve cybersecurity. Of those, 26 will likely become law given that both the House and Senate last week passed the bill by overwhelming margins. The veto-proof vote count is needed given that President Donald Trump has repeatedly vowed to veto this year’s NDAA unless it also contains provisions that strip internet companies of legal liability protections granted them in Section 230 of the Communications Decency Act of 1996. Over the weekend, Trump reiterated via Tweet his intention to veto the NDAA.