Congress has taken a decisive step to protect national security by passing the 2025 National Defense Authorization Act (NDAA), which includes a groundbreaking provision (Sec. 1515) mandating a comprehensive evaluation of cybersecurity technologies for mobile devices used by the Department of Defense.

The new legislation requires the Secretary of Defense to conduct an extensive assessment of cutting-edge cybersecurity solutions to protect mobile devices used by servicemembers and national security personnel. This comes at a critical time when mobile devices have become potential vulnerability points for sophisticated cyber threats.

Key Technologies Under Evaluation

The DoD will be examining a range of innovative cybersecurity technologies, including:

• Anonymizing technologies with dynamic selector rotation

• Network-enabled full content inspection

• Mobile device hardware solutions

• On-device virtual private networks

• Protected Domain Name Server infrastructure

• Extended mobile device endpoint detection

Why Now?

The urgency of this legislation is underscored by recent events that have exposed the vulnerability of our mobile infrastructure. The Chinese intrusion into U.S. telecommunications networks, Ronan Farrow's eye-opening documentary on the prevalence of spyware, and our team’s research on Pegasus infections have all highlighted critical gaps in mobile security. A 2023 oversight report revealed that the DoD lacks a comprehensive mobile device and application policy, with security programs varying widely in their effectiveness.

The stakes are high. Malicious actors can track the locations of servicemembers and national security officials through vulnerabilities in mobile devices. This isn't just a hypothetical threat – it's a real and present danger.

The Path Forward

With this new provision, the DoD will have approximately nine months to submit its findings to Congress, including a detailed implementation timeline for the identified cybersecurity technologies. This represents a significant step forward in protecting our nation's most critical mobile communications infrastructure.

iVerify's Role in Strengthening Mobile Security

As the DoD evaluates solutions to meet these new requirements, iVerify stands ready to support this crucial initiative. Our technology already addresses several key areas outlined in the NDAA, including advanced endpoint detection and device security monitoring. Our recent research scanning 2,500 devices uncovered previously undetected Pegasus infections, demonstrating the kind of scaled threat detection capabilities that the DoD should have access to. 

What sets our solution apart is its ability to provide comprehensive device security visibility while maintaining user privacy. As the DoD moves forward with implementing these new security measures, iVerify's proven track record in detecting sophisticated threats positions us as a valuable partner in securing our nation's mobile infrastructure.

In addition to using iVerify to protect your mobile device fleet, CISA has recently issued guidance to help organizations and individuals strengthen their mobile security.