FY2025 NDAA, Section 1515 ("Protective measures for mobile devices within the Department of Defense")

Proposed 2024-12-11 | Enacted 2024-12-23 | Official source

Summary

Orders an evaluation of potential protective measures for mobile devices within the Department of Defense, including defenses against AI-driven smishing and phishing.

Key facts

🏛️ This document has been enacted by the United States Congress. For authoritative text and metadata, visit the official source.

🎯 This document primarily applies to the government, rather than the private sector.

📜 This document's name is Servicemember Quality of Life Improvement and National Defense Authorization Act for Fiscal Year 2025, Section 1515 ("Protective measures for mobile devices within the Department of Defense"). AGORA also tracks this document under the name FY2025 NDAA, Section 1515 ("Protective measures for mobile devices within the Department of Defense"). It is part of FY2025 NDAA.

↳ This document is part of a longer one: FY2025 NDAA. Some AGORA documents are "split off" from longer documents that mix AI and non-AI content, such as omnibus authorization or appropriations laws in the United States Congress. Read more >>

Themes AI risks, applications, governance strategies, and other themes addressed in AGORA documents.

Risk factors (2)

Governance strategies (4)

Full text

This is an unofficial copy. The document has been archived and reformatted in plaintext for AGORA. Footnotes, tables, and similar material may be omitted. For the official text, visit the original source.

SEC. 1515. Protective measures for mobile devices within the Department of Defense. (a) In general.--The Secretary of Defense shall carry out a detailed evaluation of the cybersecurity products and services for mobile devices to identify products and services that may improve the cybersecurity of mobile devices used by the Department of Defense, including mitigating the risk to the Department of Defense from cyber attacks against mobile devices. (b) Cybersecurity technologies.--In carrying out the evaluation required under subsection (a), the Secretary of Defense shall evaluate each of the following technologies: (1) Anonymizing-enabling technologies, including dynamic selector rotation, un-linkable payment structures, and anonymous onboarding. (2) Network-enabled full content inspection. (3) Mobile-device case hardware solutions. (4) On-device virtual private networks. (5) Protected Domain Name Server infrastructure. (6) Extended coverage for mobile device endpoint detection. (7) Smishing, phishing, and business text or email compromise protection leveraging generative artificial intelligence. (8) Any other emerging or established technologies determined appropriate by the Secretary.

(c) Elements.--In carrying out the evaluation required under subsection (a), for each technology described in subsection (b), the Secretary of Defense shall-- (1) assess the efficacy and value of the cybersecurity provided by the technology for mobile devices; (2) assess the feasibility of scaling the technology across the entirety or components of the Department of Defense, including the timeline for deploying the technology across the entirety or components of the Department of Defense; and (3) evaluate the ability of the Department of Defense to integrate the technology with the existing cybersecurity architecture of the Department of Defense. (d) Report.--Not later than 270 days after the date of the enactment of this Act, the Secretary of Defense shall submit to the congressional defense committees a report of the findings of the evaluation carried out under subsection (a), including a determination whether the Department of Defense or any component thereof should procure or incorporate any of the technologies evaluated pursuant to subsection (b).