- President Biden signs National Defense Authorization Act into law
- The Act makes the creation of a US “Cyber Force” less likely, and no longer curbs the surveillance powers of FISA
- Billions of dollars allocated to help replace Chinese tech following surveillance concerns
The 2025 National Defense Authorization Act (NDAA) has been signed into law by President Biden, outlining the military and Pentagon policies, budgets, and priorities for the coming year.
The bill has weakened the requirement to consult a third-party to assess the feasibility of creating a US Cyber Force, as well as evaluating an ‘alternative organizational model for the cyber forces’ of the military branches.
It also allocates billions to remove and replace Chinese hardware from US networks following concerns over recent security issues and possible surveillance worries.
No FISA fix
Overall, the bill includes $895 billion in defense spending, with $3 billion of that allocated for the replacement of Chinese hardware, following recent hacking campaigns from Chinese group Salt Typhoon targeted US telecoms giants.
These exposed vulnerabilities allowed the Chinese state-sponsored threat actor to lurk in the networks of the internet service provider for months, potentially still being present.
The final draft of the legislation has also scrapped any deadline and nearly all of the language included in earlier drafts, which previously introduced the idea of creating a new, separate uniformed digital service – although the Pentagon lobbied against this.
The defense bill instead focuses on a Joint Force Headquarters-Department of Defense Information Networks (JFHQ-DODIN), which would be responsible for the defense of Pentagon networks worldwide.
The Foreign Intelligence Surveillance Act (FISA) was expected to be reined in after senate provisions were introduced to curb the act’s power, but these provisions were cut from the final house draft of the NDAA, and is reportedly unresolved behind closed doors.
House Republicans blocked the proposal, which would have narrowed the provisions to the surveillance law, known as Section 702 of the FISA. The provision as it stands has a broadened definition of the type of firm that can be forced to assist with surveillance and wire-tapping foreign and US citizens.
Section 702 has been criticized by privacy and civil liberties advocates for forcing US tech devices to become ‘spy machines’ for the US government – with firms like Google or AT&T required to turn over the communications of US or Foreign targets, even without warrants.
Via The Record
