The US defense bill dilutes the creation of the US Cyber Force and allocates billions to it
- President Biden signs the National Defense Authorization Act into law
- The law makes the creation of a US ‘cyber force’ less likely and no longer limits FISA’s surveillance powers
- Billions of dollars allocated to help replace Chinese technology after surveillance concerns
The National Defense Authorization Act (NDAA) of 2025 has been signed into law by President Biden, outlining the military’s and Pentagon’s policies, budgets and priorities for the coming year.
The bill weakened the requirement to consult a third party to assess the feasibility of creating a US Cyber Force, as well as to evaluate an “alternative organizational model for the cyber forces” of the military branches.
It is also allocating billions to remove and replace Chinese hardware from US networks following concerns about recent security issues and potential surveillance concerns.
No FISA solution
In total, the bill includes $895 billion in defense spending, of which $3 billion is earmarked for replacing Chinese hardware, following recent hacking campaigns by the Chinese group Salt Typhoon that targeted American telecom giants.
These exposed vulnerabilities allowed the Chinese state-sponsored threat actor to lurk in the ISP’s networks for months, and may still be present.
The final bill also removed every deadline and almost all of the language included in previous drafts, which previously introduced the idea of creating a new, separate, unified digital service – although the Pentagon lobbied against this.
The defense bill instead focuses on a Joint Force Headquarters-Department of Defense Information Networks (JFHQ-DODIN), which would be responsible for defending Pentagon networks worldwide.
The Foreign Intelligence Surveillance Act (FISA) was expected to be curtailed after provisions were introduced in the Senate to curb the law’s power, but these provisions were dropped from the final House draft of the NDAA and are reportedly left unresolved closed doors.
Republicans in the House of Representatives blocked the proposal, which would have limited provisions to the surveillance law known as Section 702 of FISA. The provision in its current form includes a broader definition of the type of company that can be forced to assist in the surveillance and eavesdropping of foreign and U.S. citizens.
Section 702 has been criticized by privacy and civil liberties advocates for forcing U.S. tech devices to become “spy machines” for the U.S. government — requiring companies like Google or AT&T to hand over the communications of U.S. or foreign targets even without a warrant.
Via The record