In a significant move aimed at bolstering cybersecurity efforts, the United States military is set to receive approximately $30 billion in funding specifically earmarked for cybersecurity in fiscal year 2025. This funding is part of the $895.2 billion budget allocated for US military activities under the National Defense Authorization Act (NDAA), which was recently signed into law by President Joe Biden.
While the exact breakdown of how the total funding is allocated to cybersecurity activities is not easily discernible from the nearly 1,000-page bill, estimates suggest that around $30 billion has been allocated to bolster military cyber efforts. The NDAA for fiscal year 2025 includes a wide range of cybersecurity-related provisions, addressing key issues such as replacing potentially problematic Chinese technology in telecom networks, safeguarding Department of Defense (DoD) employees from foreign spyware, and establishing an artificial intelligence security center, among others.
One of the prominent provisions in the NDAA allocates $3 billion to cover the shortfall in replacing Chinese gear in local telecommunications networks. This funding is crucial to mitigate potential security risks associated with Chinese tech providers such as Huawei and ZTE. Additionally, the bill focuses on protecting DoD mobile devices from foreign commercial spyware and creating a risk framework for evaluating foreign mobile applications used by DoD personnel.
Another noteworthy provision establishes an artificial intelligence security center within the National Security Agency, aimed at developing guidelines to prevent or mitigate threats to artificial intelligence systems. The bill also calls for an independent assessment of the need for a dedicated cyber force within the US armed forces, emphasizing the growing importance of cybersecurity in national defense strategies.
Furthermore, the NDAA designates the Joint Force Headquarters-Department of Defense Information Networks as a subordinate unified command under US Cyber Command, underscoring the importance of defending Pentagon networks worldwide. The legislation also recognizes ransomware threats to critical infrastructure as a national intelligence priority and requires a study on the vulnerability of the national airspace system to potential disruptive operations by adversaries.
Despite the comprehensive cybersecurity provisions included in the NDAA, two key omissions in the legislation have raised concerns. The bill did not include continued funding for the State Department’s Global Engagement Center, which was forced to shut down due to lack of funding. Additionally, Congress failed to address a significant expansion of the controversial US surveillance program, Section 702 of the Foreign Intelligence Surveillance Act, which has implications for privacy and civil liberties.
Overall, the 2025 NDAA reflects the US government’s commitment to strengthening cybersecurity measures and enhancing national security in the face of evolving threats in cyberspace. The significant funding allocated to cybersecurity initiatives underscores the growing importance of safeguarding critical infrastructure and defending against cyber threats in an increasingly digital world.