- President Biden signs National Defense Authorization Act into law
- The bill reduces the possibility of the United States establishing a “cyber force” and no longer limits FISA’s surveillance powers
- Billions allocated to help replace Chinese technology amid surveillance concerns
The 2025 National Defense Authorization Act (NDAA), signed into law by President Biden, outlines military and Pentagon policies, budgets, and priorities for the coming year.
The bill weakens the requirement to consult with a third party to assess the feasibility of creating a U.S. cyber force and to evaluate “alternative organizational models for cyber forces” within the military departments.
It has also earmarked billions of dollars to remove and replace Chinese hardware from U.S. networks amid concerns over recent security issues and possible surveillance concerns.
No FISA fix
Overall, the bill includes $895 billion in defense spending, including $3 billion of that was spent replacing Chinese hardwareThis follows a recent hacking campaign by the Chinese Salt Typhoon group targeting US telecom giants.
These exposed vulnerabilities allowed Chinese state-sponsored threat actors to lurk in ISPs’ networks for months and may still be present.
The final draft of the legislation also eliminates any deadlines and nearly all language included in earlier drafts that floated the idea of creating a new, independent uniformed digital service – despite Pentagon lobbying against this.
Instead, the defense bill focuses on the Joint Forces Headquarters-Defense Information Network (JFHQ-DODIN), the agency that will be responsible for the defense of the Pentagon’s global network.
The Foreign Intelligence Surveillance Act (FISA) was expected to be restricted after the Senate proposed provisions that would limit the bill’s powers, but those provisions were removed from the final House draft of the NDAA and the bill has reportedly not yet been resolved in secret.
House Republicans blocked the proposal, which would have narrowed the scope of the surveillance law known as FISA Section 702. The current provision provides a broader definition of the types of companies that can be forced to assist in the surveillance and eavesdropping of foreign and U.S. citizens.
Section 702 criticized as coercive by privacy and civil liberties advocates U.S. technology equipment will become the U.S. government’s “spy machine” – with companies like Google or AT&T’s request to turn over the communications of a U.S. or foreign target, even without a search warrant.
through Record