On December 14, 2023, Congress passed an $874.2-billion defense authorization bill, sending it to the White House for President Biden's signature. This alert provides a summary of key provisions of the National Defense Authorization Act (NDAA) for fiscal year 2024 that may be of interest to our technology, media and telecommunications (TMT) clients, including: cyber and data security, supply chain resilience and security, the use of artificial intelligence (AI), space and satellites, and potential threats from foreign entities, particularly in the unmanned / uncrewed aircraft systems (UAS) space.

Title III – Operation and Maintenance

Sec. 346: Pilot Program on Optimization of Aerial Refueling and Fuel Management in Contested Logistics Environments Through Use of Artificial Intelligence

  • Directs the Department of Defense (DOD) to establish a pilot program to optimize the logistics of aerial refueling and fuel management through the use of advanced digital technologies and AI.

Sec. 350: Strategy and Assessment on Use of Automation and Artificial Intelligence for Shipyard Optimization

  • Directs the Navy to demonstrate a digital platform using AI to analyze data on the maintenance and condition of shipboard assets.

Title XV - CyberSpace Related Matters

Sec. 1512: Cybersecurity Enhancements for Nuclear Command, Control and Communications Network

  • Directs DOD to establish a cross-functional team to develop and direct a threat-driven cyber defense construct for the systems and networks that support the nuclear command, control and communications.

Sec. 1513: Pilot Program Relating to Semiconductor Supply Chain and Cybersecurity Collaboration Center

  • Directs the NSA Cybersecurity Collaboration Center to begin a pilot program seeking to improve the cybersecurity of the supply chain for the design, manufacture, assembly, packaging and testing of semiconductors. NSA is directed to collaborate with eligible entities, which 1) directly support the design, manufacture, packaging or testing of semiconductors, and 2) provide semiconductor components to DOD or any national security system.

Sec. 1514: Transfer of Data and Technology Developed Under MOSAICS Program

  • Grants DOD authority to transfer to private entities data and technology developed under the MOSAICS program to enhance cyber threat detection and protect critical control system assets related to the distribution of electricity.

Sec. 1521: Control and Management of Department of Defense Data; Establishment of Chief Digital and Artificial Intelligence Officer Governing Council

  • Directs DOD to establish a Chief Digital and AI Officer Governing Council to provide policy oversight to ensure the responsible and ethical employment of data and AI capabilities across DOD missions and operations.

Sec. 1523: Management of Data Assets by Chief Digital and Artificial Intelligence Officer

  • Directs DOD's Chief Digital and AI Officer to develop a baseline of data assets on foreign key terrain and relational frameworks in cyberspace, maintained by its intelligence agencies, military departments, combatant commands and any other components of the DOD.

Sec. 1526: Requirements for Deployment of Fifth Generation Information and Communications Capabilities to Military Installations and Other Department Facilities

  • Requires DOD to develop and implement a strategy for deploying 5G networks to military installations and other DOD facilities. This will involve the development of a process through which public 5G wireless network service providers may gain access to necessary facilities. The Secretary of Defense will determine whether to enter into contracts for neutral hosting or separate private wireless networks.

Sec. 1541: Modification to Acquisition Authority of Senior Official with Principal Responsibility for Artificial Intelligence and Machine Learning

  • Directs DOD's Under Secretary of Defense for Acquisition and Sustainment to, within 30 days of enactment, submit a plan to Congress on DOD's delegation and exercise of the Director of the Joint AI Center's (JAIC) acquisition authority. DOD's Chief Digital and AI Officer must also, within 90 days of enactment, provide a demonstration of operational capability delivered under such authority.

Sec. 1542: Artificial Intelligence Bug Bounty Programs

  • Requires DOD's Chief Digital and AI Officer to, within 180 days of enactment (and subject to the availability of appropriations), develop a bug bounty program for foundational AI models being integrated into DOD's missions and operations.

Sec. 1543: Prize Competition for Technology That Detects and Watermarks Use of Generative AI

  • Requires DOD to, within 270 days of enactment, establish a prize competition to evaluate technology for generative AI detection and watermarking. The participants in the prize competition may include "federally funded research and development centers, entities within the private sector, entities within the defense industrial base, institutions of higher education, Federal departments and agencies, and such other categories of participants as the Secretary of Defense considers appropriate."

Sec. 1544: Plans, Strategies and Other Matters Relating to AI

  • Directs DOD to, among other things, and within 120 days of enactment, issue department-wide guidance defining outcomes of near-term and long-term plans relating to adoption of AI and efforts to monitor accountability; develop a strategic plan for the development, use and cybersecurity of generative AI; and assess technical workforce needs.

Sec. 1545: Study to Analyze Vulnerability for AI-Enabled Military Application

  • Directs DOD to, within one year of enactment, complete a study to assess the functionality of AI-enabled military applications, related R&D needs, and vulnerabilities to the privacy, security and accuracy of such applications.

Sec. 1552: Management by DOD of Mobile Applications

  • Directs DOD to implement the recommendations of the inspector general with respect to managing covered mobile applications (TikTok and anything developed or provided by ByteDance).

Title XVI - Space

Sec. 1611: Plan for an Integrated and Resilient Satellite Communications Architecture for the Space Force

  • Directs the Secretary of the Air Force, in coordination with the Assistant Secretary of the Air Force for Space Acquisition and Integration and the Chief of Space Operations, to (1) consider options for the integration of resilient military tactical satellite communications capabilities; (2) develop a plan for the integration of such capabilities into the Space Force; and (3) ensure that a geostationary small satellite communications constellation is evaluated for inclusion as a component of the space data transport force design for the Space Force through, at a minimum, 2027.

Sec. 1681: Extension of Authorization for Protection of Certain Facilities and Assets from Unmanned Aircraft

  • References 10 USC § 130(i), which authorizes the DOD to take certain actions necessary to "mitigate threats" posed by UAS to the safety or security of a certain military assets. This provision was originally scheduled to expire in 2023; the NDAA extends it through 2026.

Sec. 1682: Electromagnetic Warfare

  • Adds a new chapter to Title 10 of the USC regarding electromagnetic warfare. This chapter establishes an Electromagnetic Spectrum Operations Executive Committee within DOD, which will be tasked with coordinating and advising DOD leadership on matters related to electromagnetic warfare and DOD spectrum operations. The Committee will also be responsible for coordinating with the greater intelligence community on matters related to spectrum operations. The Committee is required to submit to the congressional defense committees an annual report summarizing its activities for the preceding fiscal year, starting on February 28, 2024.

Sec. 1686: Actions to Address Serious Deficiencies in Electronic Protection of Systems that Operate in the Radio Frequency

  • Directs DOD to establish requirements for and assign sufficient priority to ensuring the electronic protection of military sensor, navigation and communications systems and subsystems against jamming, spoofing and other unintended interference.

Title XVIII - Other Defense Matters (including UAS)

Sec. 1823: Prohibition on Procurement of Covered Unmanned Aircraft Systems from Covered Foreign Entities

  • Prohibits the head of any executive agency from procuring any covered UAS that is manufactured or assembled by a covered foreign entity, including associated elements related to the collection and transmission of sensitive information that enable the operator to operate the aircraft in the NAS (such as communication links and the components that control the UA). The Federal Acquisition Security Council is directed to coordinate with the Secretary of Transportation to develop and update a list of such elements.
  • There are limited exceptions for certain agencies in cases where the procurement is required in the national interest of the United States for certain enumerated purposes (e.g., for R&D related to defense/security, conducting counterterrorism or counterintelligence activities, or for UAS that have been modified to remove the capability to transfer to or download data from a covered foreign entity).

Sec. 1824: Prohibition on Operation of Covered Unmanned Aircraft Systems from Covered Foreign Entities

  • Prohibits Federal agencies from operating covered UAS manufactured or assembled by a foreign entity beginning two years after the date of enactment. This prohibition extends to contractors hired by such agencies. There are limited exemptions for certain agencies and certain types of activities. The Department of Homeland Security (DHS) is directed to issue regulations and guidance on this provision within 180 days of enactment.

Sec. 1825: Prohibition on Use of Federal Funds for Procurement and Operation of Covered Unmanned Aircraft Systems from Covered Foreign Entities

  • Federal funds awarded through contract, grant or cooperative agreement may not be used to procure or operate covered UAS that are manufactured or assembled by a covered foreign entity. There are limited exemptions for certain agencies and certain activities. The Federal Acquisition Regulatory Council is directed to issue regulations and guidance within 180 days on implementing these requirements with regard to Federal contracts.

Sec. 1826: Prohibition on Use of Government-Issued Purchase Cards to Purchase Covered Unmanned Aircraft Systems from Covered Foreign Entities

  • Effective immediately, government-issued purchase cards may not be used to procure any covered UAS from a covered foreign entity.

Sec. 1827: Management of Existing Inventories of Covered Unmanned Aircraft Systems from Covered Foreign Entities

  • Requires all executive agencies to track and account for their existing inventories of covered UAS manufactured or assembled by a covered foreign entity in their personal property accounting systems within one year of enactment.

Sec. 1829: Government-Wide Policy for Procurement of Unmanned Aircraft Systems

  • Directs the OMB to work with DHS, the Department of Transportation (DOT), the Department of Justice (DOJ), the National Telecommunications and Information Administration (NTIA) and others to establish a government-wide policy for the procurement of UAS (1) for non-DOD and non-intelligence community operations; and (2) through grants and cooperative agreements entered into with non-Federal entities. This policy must be issued no later than 180 days from enactment.
  • This policy must include certain specifications based on industry standards and technical guidance from NTIA to address the risks associated with processing, storing and transmitting Federal information in a UAS (e.g., protections to ensure controlled access to the UAS, etc.).

Sec. 1830: State, Local and Territorial Law Enforcement and Emergency Service Exemption

  • Reserves the right of state, local and territorial law enforcement or emergency service agencies to procure or operate covered UAS purchased with non-Federal dollars.

Sec. 1831: Study

  • Directs the Under Secretary of Defense for Acquisition and Sustainment to provide a report to Congress on the supply chain for covered UAS, including a discussion of current and projected future demand for covered UAS, within one year of enactment.

Title LXIII – Information Security and Cyber Diplomacy

Sec. 6303: Establishment of the Chief Artificial Intelligence Officer of the Department of State

  • Directs the State Department to designate a Chief AI Officer, which may be dual-hatted as the Department's Chief Data Officer.

Sec. 6306: Digital Connectivity and Cybersecurity Partnership

  • Authorizes the Secretary of State to establish a Digital Connectivity and Cybersecurity Partnership to help foreign countries (1) expand and increase secure internet access and digital infrastructure in emerging markets, including demand for and availability of high-quality information and communications technology (ICT) equipment, software and services; (2) protect technological assets, including data; (3) adopt policies and regulatory positions that foster and encourage open, interoperable, reliable and secure internet, the free flow of data, multi-stakeholder models of internet governance, and pro-competitive and secure ICT policies and regulations; (4) access U.S. exports of ICT goods and services; (5) expand interoperability and promote the diversification of ICT goods and supply chain service to be less reliant on imports from the PRC; and (6) promote best practices and common standards for a national approach to cybersecurity, in addition to advancing other priorities.
  • The Secretary of State must submit to Congress within 180 days of enactment an implementation plan to advance these goals.

Sec. 6307: Establishment of a Cyberspace, Digital Connectivity and Related Technologies (CDT) Fund

  • Amends Part II of the Foreign Assistance Act of 1961 (22 U.S.C. § 2301 et seq.) to include authorization for the Secretary of State to provide assistance to foreign governments and organizations in order to (1) advance a secure and stable cyberspace, (2) protect and expand trusted digital ecosystems and connectivity, (3) build the cybersecurity capacity of partner countries and organizations, and (4) ensure that the development of standards and deployment and use of technology supports and reinforces human rights and democratic values. $150 million in appropriations are authorized to support this effort.

Sec. 6308: Cyber Protection Support for Personnel of the Department of State in Positions Highly Vulnerable to Cyber Attack

  • Directs the Secretary of State to offer cyber protection support for the personal technology devices and personal accounts of State Department personnel who are deemed to be "highly vulnerable" to cyber attacks and hostile information collection activities.

Title V - Intelligence Authorization Act

Sec. 7507: Programs for Next-Generation Microelectronics in Support of AI

  • Directs the Director of National Intelligence to oversee a program to advance microelectronics research, subject to the availability of appropriations.

Sec. 7508 (p. 2260): Program for Beyond 5G

  • Authorizes the Director of National Intelligence to carry out research programs dedicated to R&D efforts relevant to 6G technology and any successor technologies and their potential applications for the intelligence community or other national security purposes. The Director of National Intelligence must coordinate with the heads of other agencies, including NTIA, private sector entities, institutions of higher learning, and others.

Sec. 7509: Intelligence Community Commercial Remote Sensing Requirements

  • Acknowledges that the United States benefits from a "robust commercial remote sensing industry that supports a science, technology, engineering, and mathematics pipeline, enables skilled manufacturing jobs, and fosters technological information," and which complements dedicated government remote sensing capabilities.
  • Directs the Director of National Intelligence and the Under Secretary of Defense for Intelligence and Security to jointly develop within 180 days of enactment guidance requiring the Commercial Strategy Board or other entities within the intelligence community/DOD to perform certain functions related to commercial remote sensing, such as evaluating current and long-term remote sensing capability needs, developing commercial remote sensing requirements for the commercial industry, etc.

Sec. 7510: Requirement to Ensure Intelligence Community Directives Appropriately Account for Artificial Intelligence and Machine Learning Tools in Intelligence Products

  • Requires the Director of National Intelligence to provide to Congress within 120 days of enactment a briefing on whether current intelligence community directives provide sufficient guidance and direction with respect to the use of AI and machine learning tools in intelligence products produced by the intelligence community.

Sec. 7513: Policies Established by Director of National Intelligence for AI Capabilities

  • Directs the Director of National Intelligence to, within one year of enactment, establish policies for the acquisition, adoption, development and use of key AI capabilities.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.