2024 NDAA, nuclear cyber-safe and AI-smart.

December 18, 2023
1 min read

Key Points:

  • The 2024 US NDAA (National Defense Authorization Act) will focus on strengthening nuclear cybersecurity and promoting the use of artificial intelligence in military and defense operations.
  • The act includes provisions for a cybersecurity risk inventory and mitigation working group, which will focus on identifying and dealing with cybersecurity risks in the nuclear weapons IT environment.
  • The Act also incorporates artificial intelligence in its provisions, appointing a Chief Digital and Artificial Intelligence Officer to oversee implementation of data and AI across the Department of Defense’s operations.

The 2024 US National Defense Authorization Act (NDAA) has been passed in the House of Representatives by a 310-118 vote, and subsequently also passed the Senate. This $886 billion bill with numerous cybersecurity-related provisions is now awaiting President Biden’s signature. It entails spending directed towards nuclear weapons and systems security, artificial intelligence, digital diplomacy, amongst several other areas.

One key feature of the NDAA is the establishment, under the Department of Defense, of a “cybersecurity risk inventory, assessment, and mitigation working group”. This group will be responsible for developing a strategy to identify cybersecurity risks faced by nuclear weapons information technology environments and implement risk mitigation actions.

The NDAA also emphasizes on the increasing importance of artificial intelligence in defense. It establishes a Chief Digital and Artificial Intelligence Officer Governing Council, led by the Department’s Chief Digital and Artificial Intelligence Officer (CDAO). The CDAO will manage AI digital assets, develop an AI bug bounty program, and oversee implementation of an educational program on data and AI for Department personnel.

Furthermore, the Act requires the Defense Secretary to build a strategic plan for the development, use and cybersecurity of generative artificial intelligence and complete a study assessing the functionality of AI-enabled military applications.

The NDAA also outlines further cybersecurity provisions such as countering illegal trafficking by Mexican transnational criminal organizations in cyberspace, cooperation with Taiwan on military cybersecurity, and the creation of a pilot program relating to semiconductor supply chain and Cybersecurity Collaboration Center.

Finally, the NDAA recognizes the importance of strengthening cyber cooperation with foreign military partners in Southeast Asia and establishing performance metrics for a program on sharing cyber capabilities and related information with foreign operational partners.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and