- President Biden signs National Defense Authorization Act into law
- The law makes the creation of a US “cyber force” less likely and no longer limits FISA's surveillance powers.
- Billions of dollars allocated to help replace Chinese technology following surveillance concerns
President Biden signed into law the National Defense Authorization Act (NDAA) of 2025, which outlines military and Pentagon policies, budgets, and priorities for the coming year.
The bill has weakened the requirement to consult a third party to evaluate the feasibility of creating a US Cyber Force, as well as evaluate an “alternative organizational model for cyber forces” of military branches.
It also allocates billions to remove and replace Chinese hardware from US networks following concerns about recent security issues and potential surveillance concerns.
No FISA fix
Overall, the bill includes $895 billion in defense spending, of which $3 billion was allocated for the replacement of Chinese hardware, following Chinese group Salt Typhoon's recent hacking campaigns targeting American telecommunications giants.
These exposed vulnerabilities allowed the Chinese state-sponsored threat actor to lurk in Internet service provider networks for months, and potentially still be present.
The final draft of the legislation also removed any deadlines and almost all language included in previous drafts, which previously introduced the idea of creating a new separate uniformed digital service, although the Pentagon lobbied against this.
Instead, the defense bill focuses on a Joint Force Headquarters-Department of Defense Information Networks (JFHQ-DODIN), which would be responsible for defending Pentagon networks around the world.
The Foreign Intelligence Surveillance Act (FISA) was expected to be reined in after provisions were introduced in the Senate to limit the law's power, but these provisions were removed from the final draft of the NDAA and reportedly will not have been resolved behind closed doors.
House Republicans blocked the proposal, which would have narrowed provisions in the surveillance law, known as Section 702 of FISA. The provision as it stands has an expanded definition of the type of company that can be required to assist with surveillance and wiretapping of foreign and U.S. citizens.
Section 702 has been criticized by privacy and civil liberties advocates for forcing US technology devices to become “spy machines” for the US government, requiring companies like Google or AT&T to hand over the communications of US or foreign targets, even without judicial authorization.
Through registration