In our latest Distilling Cyber Policy podcast episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Grant Schneider, Senior Director of Cybersecurity Services at Venable LLP. Prior to joining Venable, Grant worked at the White House, serving as the Federal CISO for the U.S. Office of Management and Budget, as well as on the National Security Council as Senior Director for Cybersecurity Policy. He previously served as the U.S. Defense Intelligence Agency’s Chief Information Officer.

Grant’s discussion with Alex and Jen delves into the National Defense Authorization Act (NDAA) and its implications for cybersecurity policy. With a history of regular passage over the last six decades, U.S. policymakers view the bill as a potential legislative vehicle for a wide range of matters, especially with other appropriations efforts in Congress challenged by partisan divide and a lack of political will. As a result, the NDAA has become one of the most important vehicles for legislating cyber policy in the last few years, with numerous cyber provisions - and for not just the Department of Defense. Grant helps break down how this came to be, and which cybersecurity amendments feature in the current House 2025 draft NDAA, such as an assessment of the prospect of an independent cyber force. They also discuss what did not make the cut, such as an amendment to revamp the Federal Information Security Management Act

This week’s news segment features a breakdown of the recent Supreme Court ruling in Loper Bright Enterprises v. Raimondo. For more in depth analysis, read our blog on how the struck-down Chevron doctrine will impact cybersecurity regulation. 

Alex covers recent developments from the current Polish government’s investigation into its predecessor over allegations of commercial spyware use, which ties into one of Jen’s favorite topics: the ongoing Pall Mall Process, led by the French and UK governments to tackle the proliferation and abuse of such tools. Alex also highlights the soon-to-close European Commission consultation on the implementing regulation for the Network and Information Security Regulation (NIS 2). 

Finally for the news, Jen mentioned that with the general election completed and a new government in place, we should start to see the UK government re-engaging publicly on cyber policy and clarifying whether it will continue to commit to work in this area. Infact, the new Labour government is not wasting any time. 

Since we recorded this episode, King Charles III delivered his King’s Speech which sets out the agenda for Parliament. The Speech identified priorities covering a broad range of topics, but it seems cybersecurity didn’t make the final Top 40. It did, however, make the King’s Speech Background Briefing pack, with promise of activity to move the Cyber Security Resilience Bill forward, which is effectively the UK’s own update to the aforementioned NIS Directive.  

For our Community Corner segment, we are joined by the delightful Katie Noble, who gives a sneak-peak of what to expect from this year’s Policy @ DEF CON programming.

You can find the latest Distilling Cyber Policy episode on Spotify and Apple. As always, if you would like to submit something for the Community Corner segment, or have topic ideas for upcoming episodes, please email iaj01@venable.com

Ines Jordan-Zoob

Read Next

The International Counter Ransomware Initiative: From Forming and Norming to Performing

Next week the 68 member nations of the International Counter Ransomware Initiative (CRI) will convene in Washington DC for the group’s annual gathering to foster cooperation between nations to combat ransomware.

The Good, the Not So Good, and the Puzzling

The White House Office of National Cyber Director released its summary report on its RFI on Open source software security, checking off another box on the commitments made in the National Cybersecurity Strategy.

Brazil, U.S. Exchange Cybersecurity Best Practices with Digi Americas Alliance Support

Representatives from Brazil and the United States concluded a two-day exchange on cybersecurity best practices hosted by the Digi Americas Alliance on Aug. 8-9 in Washington D.C.