On January 2, 2013, President Obama signed the 2013 National Defense Authorization Act for 2013 (NDAA) into law. Each year Congress passes the NDAA to authorize funding levels for Department of Defense (DoD) programs and operations and for national security programs in the Department of Energy. In the wake of the failure to enact comprehensive cybersecurity legislation, Congress included several targeted statutory provisions setting federal defense policy on a range of cybersecurity issues.

The NDAA’s Cybersecurity Provisions -

In recent years, the security of computerized data and the ability of the public and private entities to respond to the unauthorized penetration of computer networks has been intensely debated by policymakers. While concerns over data security have become ubiquitous across industries, the risks associated with data breaches remain a critical concern in the defense industry given the national security information possessed by the Nation’s defense industrial base and cleared defense contractor community. In light of the risks to national security, Congress included a series of cybersecurity-related provisions in the NDAA’s policy sections — Sections 931 through 941—some of which may impact the defense contracting community, particularly...