Highlights From the 2024 National Defense Authorization Act (NDAA) and What It Means for the Security Industry

On Dec. 22, 2023, President Biden signed into law the National Defense Authorization Act (NDAA) for fiscal year 2024. Approved annually, the NDAA primarily authorizes appropriations and sets policy requirements for the U.S. Department of Defense (DOD), while also addressing U.S. Department of Energy national security programs, U.S. Department of State activities, the intelligence community and other defense activities. While the NDAA is a defense bill, the contents carry ramifications for governmentwide procurement policies and are important for everyone to be aware of. In this year’s NDAA, Congress approved more than $870 billion with a strong emphasis on artificial intelligence (AI) and deterring foreign adversarial technologies to bolster our nation’s defense and security.

Here are some highlights from among hundreds of new provisions that may be of interest to the security industry.

Artificial intelligence

It’s well known that AI has been an ever-increasing priority for policymakers and the 2024 NDAA outlines the importance of understanding AI as a tool for national security and defense.

• Section 350 tasks the U.S. Navy with developing and implementing strategies regarding the utilization of AI and automation in all shipyards.
• Section 1521 directs DOD to establish a governing council to oversee the Chief Digital and Artificial Intelligence Office. This council will establish plans, strategies and procedures related to AI.
• Section 6303 directs the U.S. Department of State to create a new position titled “Chief Artificial Intelligence Officer,” whose primary role will be serving as an advisor to the secretary of state on any and all matters pertaining to AI.

While it is still unknown whether a divided federal government will be able to find consensus on broader AI legislation in the coming months, this year’s NDAA makes it clear that there is bipartisan support for the use and further development of AI in the national security and defense sectors.

China, Russia and Other Foreign Adversaries

Preventing foreign adversarial technologies from being used in defense and national security has been top of mind for policymakers in recent years, and this issue was included in the latest NDAA.

• Section 804 prohibits the DOD from signing contracts with any company that maintains fossil fuel operations with the Russian government or the broad Russian energy sector. Contractors and others involved in business with the DOD will want to track this provision and any new rulings which come from its implementation, especially regarding contract requirements and certifications.
• Section 805 includes a provision that prohibits the DOD from receiving goods, services or technologies from entities that have been listed on the annual Federal Register as “companies of concern” for their connection to the Chinese military that operate within the United States. This prohibition will take effect in June 2026.
• Section 812 requires companies that provide consulting services to the federal government and agencies to provide new certifications and meet certain requirements to continue their consulting practices. Before signing a consulting services contract, a company will have to certify that neither the company itself nor any of its subsidiaries or affiliates has consulting contracts with a “covered foreign entity,” which includes the governments of Russia, China and any country that has been designated by the secretary of state as providing support for international terrorism. The DoD is explicitly prohibited from entering a contract with any company that does not meet this requirement.

Domestic Content Requirements

For the last 40 years, globalization and worldwide supply chains have been a major priority across industries and have dominated economic trends. However, a drive for a stronger domestic industrial base coupled with the supply change challenges seen during the COVID-19 pandemic are quickly changing that economic model. Previous NDAA’s have put in place significant domestic content requirements for DOD procurement and this year’s is no different. Several provisions in the law seek to bar foreign companies and their components from DOD procurement which will have ramifications for the greater security industry.

• Section 833 seeks to strengthen the supply chain for critical minerals and metals from U.S. and U.S.-allied nations. The new provision requires specialty metals used in certain DOD end items to be produced in the U.S. This requirement applies to all DoD prime contracts and subcontracts. The restriction does not apply to components manufactured in a qualifying country, for which specialty metals from any country can be sourced without restriction. All other countries must source specialty metals from within the U.S.
  • There are currently 28 qualifying countries: Australia, Austria, Belgium, Canada, Czech Republic, Denmark, Egypt, Estonia, Finland, France, Germany, Greece, Israel, Italy, Japan, Latvia, Lithuania, Luxembourg, Netherlands, Norway, Poland, Portugal, Slovenia, Spain, Sweden, Switzerland, Turkey, United Kingdom of Great Britain and Northern Ireland.
• Section 835 increases the domestic content threshold for major defense acquisition programs (programs with a cost of over $1.8 billion) to align with Buy American Act (BAA) Regulations. This change also applies to civilian agency procurements subject to BAA, which phases in from 65% in 2024 to 75% in 2029.

PFAS

Per-and polyflouroalkyl substances, also known as PFAS or “forever chemicals,” have been the target of government policy for several years, as they are believed to be carcinogenic and generally harmful to humans. Used to varying degrees and for a wide range of purposes across industries, PFAS are commonly used in electronics manufacturing today. The 2024 NDAA has several provisions related to the treatment, testing and eradication of PFAS, following the creation of DOD’s PFAS Task Force as required under the 2022 NDAA. 

• Section 332 requires the DOD to include with the submission of its annual budget request, a separate budget justification document on activities of the department related to PFAS. 
• Section 336 directs the Government Accountability Office to submit a report on the department’s ongoing testing and remediation of current or former military installations that are contaminated with PFAS.

American Security Drone Act

Another significant inclusion in the 2024 NDAA is the American Security Drone Act of 2023 (Sections 1821-1833), which prohibits the federal government and executive agencies from buying uncrewed aircraft systems (UAS) that are manufactured and/or assembled by any country which is listed as a “covered foreign entity” as defined in the section, subject to limited exceptions. Federal agencies are also prohibited from operational use of such UAS, including via contracted services. The restriction applies to use of federal grant funds, all subject to the same exceptions. The act also requires that the Office of Management and Budget, along with the U.S. Department of Homeland Security, the U.S. Department of Justice and the National Institute of Standards and Technology, work to establish a governmentwide policy for any UAS procurements relying on the exceptions. The act’s provisions go into effect two years from the date of enactment in December 2025.

 Cybersecurity

Securing critical networks in cyberspace is a key goal of each year’s NDAA, and this year is no exception. 

• Section 1513 requires DOD to establish a pilot program allowing the National Security Agency Cybersecurity Collaboration Center to work with semiconductor manufacturers to improve the cybersecurity of the semiconductor supply chain.
•  Section 1537 mandates DOD to direct each of its components to fully implement current policies for user activity monitoring and “least privilege access control,” applicable to both government and contractor personnel who have been granted access to protected networks.