Senator · R-SD
The bill strengthens DoD cyber defense and speeds defensive actions by broadening and clarifying what counts as critical DoD infrastructure, but it concentrates resources on newly defined critical assets, expands intrusive authorities affecting private partners, and could raise costs for taxpayers.
Military personnel and federal employees will see the Department of Defense better identify and prioritize protection of assets whose cyberattack would debilitate missions, improving national-security resilience and reducing mission disruption.
Federal employees and military personnel gain a clearer legal basis for conducting defensive cyber operations on high‑value DoD systems, enabling faster, more coordinated responses to incidents.
Military personnel, federal employees, and organizations supporting lower‑priority systems may face increased risk because DoD could concentrate protections on a broader class of 'critical' assets, leaving other systems less defended.
Contractors, private‑sector partners, and utilities tied to DoD infrastructure could be subject to increased surveillance or more intrusive defensive cyber operations due to expanded DoD authorities.
Taxpayers and other federal programs may face higher costs or reallocated funding to pay for enhanced protections for newly designated critical assets.
Based on analysis of 2 sections of legislative text.
Adds a statutory definition of "critical infrastructure of the Department of Defense" and reorganizes paragraph numbering in 10 U.S.C. § 394.
Expands the Department of Defense’s statutory language about cyber operations by adding a formal definition of “critical infrastructure of the Department of Defense.” The new definition covers any DoD asset whose cyber incapacitation or destruction would severely degrade DoD mission capability, and it reorganizes existing text to insert that definition into the statute. The change is a narrow technical amendment clarifying which DoD assets count as critical infrastructure for purposes of the statute that affirms DoD cyber authorities; it does not itself change operational details, funding, or procedural requirements beyond the definitional scope.
Official title: Amend title 10, United States Code, to expand the scope of affirmation of authority for cyber operations to include defense of critical infrastructure of the Department of Defense, and for other purposes.
Introduced July 31, 2025 by Marion Michael Rounds · Last progress July 31, 2025