Skip to primary navigation Skip to content
December 07, 2021

Chairs Thompson, Clarke Statement on Cyber Incident Report Language Excluded from NDAA

(WASHINGTON) – Today, Rep. Bennie G. Thompson (D-MS), Chairman of the Committee on Homeland Security, and Rep. Yvette D. Clarke (D-NY), Chairwoman of the Subcommittee on Cybersecurity, Infrastructure Protection, & Innovation, released the following statement after the National Defense Authorization Act (NDAA) for Fiscal Year 2022 Conference Report was finalized without cybersecurity incident response language. Cybersecurity incident response legislation was included in the House NDAA which passed in September.

"There were intensive efforts to get cyber incident reporting done but ultimately the clock ran out on getting it in the NDAA. There was dysfunction and disagreement stemming from Senate Republican leadership that was not resolved until mid-morning today – well past the NDAA deadline. This result is beyond disappointing and undermines national security.

“We had hoped to mark the one-year anniversary of the discovery the SolarWinds supply chain attack by sending cyber incident reporting legislation to the President’s desk. Instead, Senate Republican leaders delayed things so significantly that the window closed on getting cyber incident reporting included in the NDAA.

“We are profoundly disappointed that the momentum we had coming into the NDAA did not yield success but are fully committed to working across the aisle and with the Senate to find another path forward. We thank Ranking Member Katko, Chairman Peters, and Ranking Member Portman for their continued support on this matter. Also, Speaker Pelosi has been a steadfast partner throughout this effort and has already communicated her continued interest in working with us to get cyber incident reporting legislation to the President's desk.”

#  #  #

Media contact: Adam Comis at (202) 225-9978