FY2025 NDAA targets spyware threats to U.S. diplomats, military devices

The U.S. government’s must-pass defense policy bill includes a measure that aims to shield military servicemembers and diplomats from ensnarement by commercial spyware programs.

The provision, slotted into the $895.2 billion National Defense Authorization Act for the 2025 fiscal year, seeks to secure U.S. government-issued devices used by diplomats, armed forces personnel and staffers in the U.S. Agency for International Development.

It mandates the establishment of cybersecurity standards, a review of past spyware compromises and regular reporting to Capitol Hill on incidents involving spyware, including assessments of security impacts and identification of responsible foreign entities.

The software applications, surreptitiously planted on victims’ devices to surveil their movements and capture private communications, have been deployed by governments against journalists, politicians and dissidents around the world for years. To date, at least 74 nations have likely contracted with spyware providers.

Within 120 days of the NDAA’s ...