Bipartisan NDAA Provision Targets Cybersecurity Gaps in US Nuclear Systems

A bipartisan initiative embedded in the fiscal year 2024 National Defense Authorization Act aims to address cybersecurity shortcomings within the nation’s nuclear weapons systems. 

Introduced by Reps. Salud Carbajal, D-Calif., Don Bacon, R-Neb., and Mike Gallagher, R-Wis., the provision establishes a “Cybersecurity, Risk Inventory, Assessment and Mitigation Working Group” within the Department of Defense, Nextgov/FCW reported.

The working group is tasked with formulating a comprehensive strategy to assess potential risks within the National Nuclear Security Administration‘s systems.

Following a Government Accountability Office report in 2022 revealing incomplete implementation of cybersecurity practices within the NNSA, the NDAA provision outlines measures for inventorying, assessing and mitigating cyber risks.

The initiative underscores the increasing importance of stringent security standards given rising cyberthreats to U.S. critical infrastructure and sensitive weapons capabilities.

The working group, set to complete its strategy by April 1, 2025, is expected to provide a collaborative framework to enhance the cybersecurity posture of U.S. nuclear weapons.