720-891-1663

2025 NDAA Has Important Cyber Provisions

The National Defense Authorization Act is, every year, a must-pass bill that, for the last several years, has been a vehicle to pass important cybersecurity provisions. This year is no exception.

The price tag on this year’s bill is $895 billion.

Here are some of the cyber provisions in it.

  1. $15 million in each of 2025 and 2026 to create a strategy to enhance internet freedom in Iran. It supports tools, research and programs.
  2. $3 billion to fix the problem Congress created in 2020 when it said it would pay for small telecoms to throw away inexpensive Chinese equipment and replace it with expensive American equipment. Many carriers would have shut down if Congress didn’t fund it and that would have left many voters with no Internet access – probably not good on election day. This brings the funding up to $5 billion, but we still have to get the money in the hands of the carriers.
  3. Funding to review past spyware compromises of servicemembers and diplomats and reporting to Congress regularly about new incidents. I assume this carves out the spyware we put on people’s phones.
  4. A completely watered down requirement to see if the US should create a Cyber Force branch in the DoD. The DoD doesn’t want to do this so it won’t amount to anything.
  5. Tells the GAO to do a study and report on vulnerabilities in the national airspace system – and there are a lot of them.
  6. Gives the DoD 180 days to create a strategy (but not actually do anything) for managing and securing its multi-cloud environment.
  7. Tells the NSA to create an AI security center within 90 days to develop countermeasures against AI attacks by our adversaries.
  8. The State Department’s Global Engagement Center, the bureau to fight foreign disinformation did not make it in the NDAA, but was renewed for one year in the budget CR. I don’t think the incoming administration likes it, so it probably won’t last beyond that.
  9. Also missing was any restrictions on Section 702 of the Foreign Intelligence Surveillance Act requirement for almost anyone to allow the government into their network to set up surveillance. That probably won’t get better any time soon. This is even though clarifying legislation was promised when Section 702 was renewed in a big hurry earlier this year.

Those are just some of the things in the bill, most of which are good things. It will be interesting to see what is in the 2026 bill with different administration priorities.

Credit: Nextgov

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *