Sponsors
The bill strengthens DoD cyber defenses and gives federal cyber personnel clearer authority to protect military missions, but it raises civil liberties/accountability risks and may create coordination and cost burdens for civilian infrastructure owners.
Military personnel and DoD operations will have clearer statutory authority to detect and defend critical Department of Defense cyber assets, reducing the risk of mission-disrupting cyberattacks.
Federal cybersecurity employees and agencies will have clearer legal clarity on mission scope, enabling more decisive defensive cyber actions and faster operational decision-making.
Taxpayers and the general public could face increased risk of mission creep or use-of-force in cyberspace because broader DoD cyber authorities may operate with limited external oversight, raising civil liberties and accountability concerns.
Utilities and other civilian critical infrastructure owners (e.g., energy companies) may face coordination frictions and additional costs because defining broad classes of 'critical infrastructure' could complicate joint incident response and impose compliance burdens.
Based on analysis of 2 sections of legislative text.
Expands DoD cyber authority to include defense of DoD 'critical infrastructure'—assets whose cyber incapacitation would debilitate DoD missions.
Amends 10 U.S.C. § 394 to expand the Department of Defense’s affirmed authority for cyber operations so it explicitly covers defense of Department of Defense critical infrastructure. It adds a statutory definition of “critical infrastructure of the Department of Defense” to mean any DoD asset so important that its cyber incapacitation or destruction would debilitate the Department’s ability to carry out its missions. The change also adjusts internal definition numbering.
Introduced July 31, 2025 by Marion Michael Rounds · Last progress July 31, 2025