Nearing passage, the NDAA is full of AI and cyber policy changes
The passage of the 2021 National Defense Authorization Act would enact several military policy changes regarding military cybersecurity and artificial intelligence — most notably elevating the Department of Defense’s Joint AI Center.
The annual defense policy bill passed the House with a veto-proof vote Tuesday and is likely to pass in the Senate. Despite President Donald Trump’s threats to veto the defense policy bill, it is widely expected Congress has the numbers to override his actions.
Under the bill, the JAIC would be moved from the DOD CIO’s Office to report directly to the deputy secretary of defense, elevating its place in the DOD hierarchy. The bill also would grant the JAIC acquisition authority and create an oversight board for the center.
Several pieces of AI legislation not specific to the DOD or JAIC are included in the bill as well. The AI Initiative Act and the National AI Research Resource Task Force Act would increase federal resources to AI research and coordination across government. The AI Initiative Act would create a new National Artificial Intelligence Initiative Office in the White House’s Office of Science and Technology Policy and another federal advisory committee on AI.
The National AI Research Resource Task Force Act would direct the National Science Foundation to create a task force to investigate methods for AI research funding.
Other policy changes added in the NDAA include direction on AI research the NSF and National Institutes of Science and Technology should undertake.
Cyber changes
The NDAA also contains one of the largest pieces of cybersecurity legislation to date. Many of the recommendations from the Cyberspace Solarium Commission, including creating a national cyber director position in the White House, made it into the final version of the bill. Other measures include giving more authority to the Cybersecurity and Infrastructure Security Agency (CISA) to conduct threat hunting on federal networks and request data from internet service providers.
“I believe it’s safe to say that this is the most important piece of cybersecurity legislation ever passed,” Sen. Angus King, I-Maine, said before the bill’s passage in the House. King co-chaired the Cyberspace Solarium Commission that produced many of the proposals in the legislation.
The bill also has the DOD’s new cyber standards for contractors, the Cybersecurity Maturity Model Certification (CMMC), in its sights. If the bill passes, the Government Accountability Office would study CMMC and Congress would require briefings from DOD officials on the program’s progress.
CMMC has been met with some skepticism from business groups that are concerned about new costs to small and medium-sized businesses.