By: Kate Fazzini

The National Defense Authorization Act has again become one of the busiest vehicles for cyber policy, and this year's edition continues the trend — extending supply-chain restrictions, funding military cyber forces, and pressing agencies on the security of the systems they buy.

Lawfare's running coverage of the NDAA process highlighted how much substantive cyber law now travels through the annual defense bill rather than standalone legislation. Provisions in the §889 lineage continue to expand the government's use of procurement authority to push suppliers away from adversary technology — the same mechanism JLCW authors have analyzed as a preventive, supply-chain-hardening tool.

That argument sits at the heart of "The Supreme Art of War, on Subduing the Enemy without Fighting," which contends that governments and corporations must act together, through rigorous vetting and audits, to defend the supply chains feeding critical infrastructure — rather than waiting to respond after a compromise.

Read the full piece in the Journal of Law and Cyber Warfare, Volume 9, Issue 2. – Kate Fazzini