NDAA 2025: Enhancing Cybersecurity, Supporting Allies, and Bolstering Defense

December 19, 2024

The National Defense Authorization Act (NDAA) for the fiscal year 2025 has successfully passed Congress and is now awaiting President Joe Biden’s signature. This substantial defense bill, with an $895.2 billion topline, aims to enhance both national security and cyber capabilities, focusing on aiding foreign allies and reinforcing cyber defenses domestically. Through a blend of strategic foreign assistance and robust domestic initiatives, the NDAA aims to address a broad spectrum of cybersecurity challenges while fortifying the nation’s defenses against evolving threats.

Strengthening Cybersecurity Measures

Domestic Cyber Defense Initiatives

To address the critical vulnerabilities in domestic cyber infrastructure, the NDAA tackles a significant $3 billion funding gap identified by the Federal Communications Commission (FCC). This funding is necessary for the removal and replacement of Chinese networking equipment deemed a threat to national security. The move comes amid persistent cyber incursions by the Chinese government targeting major telecommunications providers and their surveillance systems. Dave Stehlin, CEO of the Telecommunications Industry Association, has praised Congress’s ongoing commitment to supporting carriers nationwide. The legislation seeks to enhance the security of critical communications infrastructure, especially in light of recent high-profile intrusions that have underscored the need for more stringent cybersecurity measures.

In addition to addressing the physical infrastructure, the NDAA also aims to protect servicemembers and diplomats from the risks posed by commercial spyware programs. The bill mandates a comprehensive review of past incidents involving spyware compromises and requires regular reporting to Congress on these issues. This includes identifying foreign powers responsible for deploying these surveillance tools. The Department of Defense (DOD) is further tasked with evaluating the cybersecurity of internal mobile devices used by servicemembers. Anonymizing technologies, such as dynamic selector rotation, which periodically changes digital location identifiers like IP addresses, are under consideration to enhance security. These measures underscore the bill’s proactive stance in safeguarding sensitive information and minimizing cyber risks.

Cyber Force and AI Security

An important yet diluted provision in the NDAA involves the potential creation of a formal Cyber Force branch within the Pentagon. Initially, there were calls for a comprehensive study on the necessity of such a cyber-armed service, but the legislation has since been scaled back. The National Academies of Sciences, Engineering, and Medicine are now directed to investigate the “feasibility” of establishing this branch. This investigation will help determine the practicality and benefits of forming a dedicated Cyber Force to tackle the growing cybersecurity challenges faced by the military and national security apparatus.

Additionally, the NDAA requires the National Security Agency (NSA) to establish an artificial intelligence security center within 90 days of the bill’s signing. The center’s mission will be to develop countermeasures against adversarial AI attacks and to promote the secure adoption of AI technologies within national security systems. This proactive approach is crucial as AI continues to evolve and become more integrated into defense strategies. The center, however, is subject to disbandment after three years if deemed unnecessary by the NSA director. A detailed report outlining the justification for its termination would be submitted to Congress six months before any decision to terminate the center, ensuring accountability and transparency in the process.

Supporting Foreign Allies

Taiwan Security Cooperation Initiative

The NDAA for 2025 designates up to $300 million in defense and security assistance for Taiwan, emphasizing the U.S.’s strategic commitment to countering potential threats from China. The House-led Taiwan Security Cooperation Initiative includes critical provisions such as intelligence and surveillance support, cyber defense capabilities, electronic warfare assets, secure communication systems, and other digital protection tools. These resources are intended to enhance Taiwan’s self-defense capabilities, particularly amidst increasing tensions and potential aggression from China. By reinforcing Taiwan’s security infrastructure, the U.S. sends a clear message of solidarity and support for its allies in the Asia-Pacific region.

Key to this initiative is the focus on enhancing Taiwan’s cyber defense capabilities. The provision of sophisticated tools and technologies will help Taiwan defend against cyber threats and maintain resilience in the face of potential cyberattacks. Electronic warfare assets and secure communication systems will ensure that Taiwan can maintain operational capabilities even during conflicts. The emphasis on intelligence and surveillance support will also enable Taiwan to better monitor and respond to any aggressive actions from neighboring adversaries. This strategic support aligns with broader U.S. objectives of maintaining stability and security in the region.

Promoting Internet Freedom in Iran

Another significant aspect of the NDAA is its focus on promoting internet freedom in Iran. The act authorizes $15 million annually for the nonprofit Open Technology Fund (OTF) for the fiscal years 2025 and 2026. This funding supports a range of tools, research, and programs aimed at facilitating unrestricted internet access and enhancing digital safety in Iran. The initiative includes crucial actions like improving internet access for Iranian civil society, utilizing virtual private networks (VPNs), countering government-mandated internet blackouts, and exploring alternative methods to bypass online censorship.

By promoting internet freedom, the NDAA aims to empower Iranian citizens with the ability to communicate and access information freely, circumventing government-imposed restrictions. This initiative is part of a broader effort to support human rights and democratic values in Iran, where the government has previously used internet blackouts and censorship to suppress dissent. Enabling unrestricted access to the internet not only enhances digital safety but also helps foster a more open and informed society. The OTF’s work in this area is vital for supporting Iranian civil society’s resilience against government oppression and promoting global internet freedom.

Enhancing Government Cybersecurity

Addressing National Airspace Vulnerabilities

In the civilian realm, the NDAA places a strong emphasis on identifying and mitigating vulnerabilities within the national airspace system. The Government Accountability Office (GAO) is mandated to conduct a thorough study and report on potential adversarial sabotage that could compromise the safety and security of the national airspace. This initiative is crucial as it aims to strengthen defenses against cyber threats that could have catastrophic impacts on the national airspace infrastructure. The focus is on ensuring robust measures are in place to protect this critical component of national security from potential cyberattacks.

The GAO’s study will encompass various aspects of airspace security, from potential cyber threats to the resilience of current systems. By identifying weaknesses and gaps, the GAO can provide informed recommendations that will help mitigate risks and bolster the security of the national airspace. This proactive approach is necessary to address the evolving nature of cyber threats, particularly those that could target essential infrastructure. Ensuring the integrity and security of the national airspace is a priority, as any compromise could have far-reaching consequences for public safety and national security.

Securing Multi-Cloud Environments

The NDAA also addresses critical government-vendor relations by instructing the DOD to develop a strategy for managing and securing its multi-cloud environments within 180 days. This directive is essential in addressing endpoint security, resolving cloud-specific issues, and securely integrating artificial intelligence (AI) to safeguard sensitive government data. A cohesive and secure cloud infrastructure is vital for protecting critical information and ensuring the government’s operational efficiency in the digital age. The goal is to create a robust and flexible cloud environment capable of withstanding various cyber threats.

Securing multi-cloud environments involves a comprehensive approach to managing different cloud service providers and ensuring seamless integration and communication between them. The strategy will need to address challenges like data synchronization, access controls, and security compliance across diverse cloud platforms. Incorporating AI securely into these environments will further enhance capabilities in detecting and responding to cyber threats. The NDAA’s focus on this area highlights the importance of adopting advanced technologies while maintaining stringent security standards to protect the nation’s critical data.

Exclusions and Controversies

State Department’s Global Engagement Center

One notable exclusion from the NDAA was the renewal of the State Department’s Global Engagement Center (GEC), which is tasked with countering foreign disinformation and propaganda. The renewal faced resistance from some Republican members who believed that the GEC contributed to censoring conservative viewpoints online. Despite this, the renewal effort resurfaced in a separate continuing resolution that proposed extending the GEC by an additional year. Mark Montgomery, Senior Director for the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, emphasized the importance of the GEC in combating misinformation efforts by foreign adversaries such as China and Russia.

The controversy surrounding the GEC renewal highlights the challenges in balancing national security interests with concerns over free speech and information control. Critics argue that the GEC’s efforts to counter foreign disinformation could inadvertently lead to domestic censorship. However, proponents maintain that the GEC’s work is essential for addressing the sophisticated information warfare tactics employed by foreign adversaries. The debate underscores the complexities of navigating cyber and information security in an era where misinformation poses significant risks to national security and public trust.

Section 702 of the Foreign Intelligence Surveillance Act

The National Defense Authorization Act (NDAA) for fiscal year 2025 has successfully navigated Congress and now awaits the signature of President Joe Biden. This comprehensive defense bill, with an impressive $895.2 billion budget, is designed to bolster national security as well as cyber capabilities. It places a strong emphasis on supporting foreign allies while also reinforcing cybersecurity measures within the United States. The NDAA outlines a combination of strategic foreign aid and robust domestic actions to address a wide array of cybersecurity threats. By doing so, it aims to strengthen the nation’s defenses against evolving cyber threats and other security challenges. This extensive approach ensures that America remains prepared to counteract both traditional and modern threats, reflecting the nation’s commitment to maintaining a secure and resilient defense infrastructure. When signed into law, this act will play a pivotal role in shaping the future of American defense strategies, reinforcing both international alliances and domestic security measures.

Subscribe to our weekly news digest.

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for Subscribing!
We'll be sending you our best soon!
Something went wrong, please try again later