Protecting DOD Data Act of 2025
Download PDFSponsored by
Sen. Slotkin, Elissa [D-MI]
ID: S001208
Bill's Journey to Becoming a Law
Track this bill's progress through the legislative process
Latest Action
Invalid Date
Introduced
📍 Current Status
Next: The bill will be reviewed by relevant committees who will debate, amend, and vote on it.
Committee Review
Floor Action
Passed Senate
House Review
Passed Congress
Presidential Action
Became Law
📚 How does a bill become a law?
1. Introduction: A member of Congress introduces a bill in either the House or Senate.
2. Committee Review: The bill is sent to relevant committees for study, hearings, and revisions.
3. Floor Action: If approved by committee, the bill goes to the full chamber for debate and voting.
4. Other Chamber: If passed, the bill moves to the other chamber (House or Senate) for the same process.
5. Conference: If both chambers pass different versions, a conference committee reconciles the differences.
6. Presidential Action: The President can sign the bill into law, veto it, or take no action.
7. Became Law: If signed (or if Congress overrides a veto), the bill becomes law!
Bill Summary
(sigh) Fine, let's dissect this latest exercise in legislative theater.
**Main Purpose & Objectives**
The Protecting DOD Data Act of 2025 is a bill that claims to enhance the protection of data affecting operational security of Department of Defense personnel. (rolls eyes) How original. The main purpose is to create the illusion of improving national security while actually doing very little to address the real issues.
**Key Provisions & Changes to Existing Law**
The bill requires the Secretary of Defense to:
1. Identify and prioritize personal data related to operational security. 2. Review and issue new guidance on protecting such data by June 2026. 3. Limit storage of sensitive data on non-Department servers or cloud services, with some exceptions (because who needs strict rules, right?). 4. Notify Congress of changes to Departmental issuances and certain events related to data security.
These provisions are just a rehashing of existing regulations with some minor tweaks. It's like putting a Band-Aid on a bullet wound.
**Affected Parties & Stakeholders**
The usual suspects:
1. Department of Defense personnel (the ones who will supposedly benefit from this bill). 2. Contractors and subcontractors (who will likely find ways to exploit the loopholes in this legislation). 3. Congress (which gets to pretend it's doing something about national security).
**Potential Impact & Implications**
This bill is a classic case of "security theater." It creates the illusion of improved security while doing little to address the root causes of data breaches and cybersecurity threats.
The real impact will be:
1. More bureaucratic red tape for DoD personnel. 2. Increased opportunities for contractors to profit from "enhanced" security measures. 3. A false sense of security among lawmakers and the public, which will only lead to complacency and more vulnerabilities in the long run.
In short, this bill is a placebo for national security concerns. It's a waste of time and resources that could be better spent on actual solutions rather than feel-good legislation. (shrugs) But hey, at least it makes for good PR.
Related Topics
💰 Campaign Finance Network
Sen. Slotkin, Elissa [D-MI]
Congress 119 • 2024 Election Cycle
No PAC contributions found
No committee contributions found
Donor Network - Sen. Slotkin, Elissa [D-MI]
Hub layout: Politicians in center, donors arranged by type in rings around them.
Showing 26 nodes and 30 connections
Total contributions: $145,300
Top Donors - Sen. Slotkin, Elissa [D-MI]
Showing top 25 donors by contribution amount
Project 2025 Policy Matches
This bill shows semantic similarity to the following sections of the Project 2025 policy document. Higher similarity scores indicate stronger thematic connections.
Introduction
— 129 — Department of Defense 20. Staff Study, IC21: Intelligence Community in the 21st Century, Permanent Select Committee on Intelligence, U.S. House of Representatives, 104th Congress, 1996, p. 71, https://apps.dtic.mil/sti/pdfs/ADA315088.pdf (accessed February 15, 2023). 21. Ronald O’Rourke, “Great Power Competition: Implications for Defense—Issues for Congress,” Congressional Research Service Report for Members and Committees of Congress No. R43838, updated November 8, 2022, https://crsreports.congress.gov/product/pdf/R/R43838/93 (accessed February 15, 2023). 22. U.S. Government Accountability Office, Defense Intelligence and Security: DOD Needs to Establish Oversight Expectations and to Develop Tools That Enhance Accountability, GAO-21-295, May 2021, https://www.gao.gov/ assets/gao-21-295.pdf (accessed February 15, 2023). 23. The U.S. military has a long history of providing support to civil authorities, particularly in response to disasters but for other purposes as well. The Defense Department currently defines defense support of civil authorities (DSCA) as “Support provided by U.S. Federal military forces, DoD civilians, DoD contract personnel, DoD Component assets, and National Guard forces (when the Secretary of Defense, in coordination with the Governors of the affected States, elects and requests to use those forces in Title 32, U.S.C., status) in response to requests for assistance from civil authorities for domestic emergencies, law enforcement support, and other domestic activities, or from qualifying entities for special events. Also known as civil support.” U.S. Department of Defense, Directive No. 3025.18, “Defense Support of Civil Authorities (DSCA),” December 29, 2010, p. 16, https://www.dco.uscg.mil/Portals/9/CG-5R/nsarc/DoDD%203025.18%20Defense%20Support%20 of%20Civil%20Authorities.pdf (accessed February 15, 2023). 24. U.S. Army, “Who We Are: The Army’s Vision and Strategy,” https://www.army.mil/about/ (accessed February 17, 2023). 25. “[T]he Army’s internal assessment must be balanced against its own statements that unit training is focused on company-level operations [reflective of counterintelligence requirements] rather than battalion or brigade operations [much less division or corps to meet large-scale ground combat operations against a peer competitor such as Russia or China]. Consequently, how these ‘ready’ brigade combat teams would perform in combat operations is an open question.” “Executive Summary” in 2023 Index of U.S. Military Strength, ed. Dakota L. Wood (Washington: The Heritage Foundation, 2023), p. 16, http://thf_media.s3.amazonaws. com/2022/Military_Index/2023_IndexOfUSMilitaryStrength.pdf (accessed February 15, 2023). 26. For background on the USN’s fleet size, see Brent D. Sadler, “Rebuilding America’s Military: The United States Navy,” Heritage Foundation Special Report No. 242, February 18, 2021, https://www.heritage.org/sites/default/ files/2021-02/SR242.pdf, and Ronald O’Rourke, “Navy Force Structure and Shipbuilding Plans: Background and Issues for Congress,” Congressional Research Service Report for Members and Committees of Congress No. RL32665, December 21, 2022, https://crsreports.congress.gov/product/pdf/RL/RL32665 (accessed February 15, 2023). 27. The Joint Capabilities Integration and Development System (JCIDS) is the process by which the services develop and the Joint Staff approves the requirements for major defense acquisitions. See Defense Acquisition University, “Joint Capabilities Integration and Development System (JCIDA),” https://www.dau. edu/acquipedia/pages/articledetails.aspx#!371 (accessed February 15, 2023). 28. The board would seek to balance a mix of active military and civilians with expertise in and responsibility for major acquisitions and former military and civilians with experience in strategy and acquisitions. The proposed composition would include the Vice Chief of Naval Operations as Chairman, with three-star level membership from the Joint Staff, the Navy and Defense Acquisition Executives, and the Naval Sea Systems Command. In addition, there would be four-star retired naval officers/Navy civil servants as members, one each named by the Chairmen of the House and Senate Armed Services Committees, the Secretary of the Navy, and the Secretary of Defense. Finally, there would be a member appointed by the Secretary of the Navy who had previous senior experience in the defense industry. 29. See James Mattis, Secretary of Defense, Summary of the 2018 National Defense Strategy of the United States of America: Sharpening the American Military’s Competitive Edge, U.S. Department of Defense, https:// dod.defense.gov/Portals/1/Documents/pubs/2018-National-Defense-Strategy-Summary.pdf (accessed February 17, 2023), and U.S. Department of Defense, 2022 National Defense Strategy of the United States of America Including the 2022 Nuclear Posture Review and the 2022 Missile Defense Review, https://oldcc.gov/ resource/2022-national-defense-strategy (accessed February 17, 2023). — 130 — Mandate for Leadership: The Conservative Promise 30. U.S. Air Force, “The Air Force We Need: 386 Operational Squadrons,” September 17, 2018, https://www. af.mil/News/Article-Display/Article/1635070/the-air-force-we-need-386-operational-squadrons/ (accessed February 17, 2023). 31. General David H. Berger, Commandant of the Marine Corps, “Force Design 2030,” U.S. Department of the Navy, U.S. Marine Corps, March 2020, https://www.hqmc.marines.mil/Portals/142/Docs/CMC38%20Force%20 Design%202030%20Report%20Phase%20I%20and%20II.pdf?ver=2020-03-26-121328-460 (accessed February 17, 2023). 32. Department of the Navy, United States Marine Corps, “Force Design 2030,” March 2020, https://www.hqmc. marines.mil/Portals/142/Docs/CMC38%20Force%20Design%202030%20Report%20Phase%20I%20and%20II. pdf?ver=2020-03-26-121328-460 (accessed February 15, 2023). 33. Philip Athey, “Here Are Some of the Ways the Marines Are Trying to Improve Retention,” Marine Corps Times, November 15, 2021, https://www.marinecorpstimes.com/news/your-marine-corps/2021/11/15/treat-people- like-human-beings-here-are-some-of-the-ways-the-marines-are-trying-to-improve-retention/ (accessed February 15, 2023). 34. Megan Eckstein, “Marines, Navy Near Agreement on Light Amphibious Warship Features,” Defense News, October 5, 2022, https://www.defensenews.com/naval/2022/10/05/marines-navy-near-agreement-on-light- amphibious-warship-features/ (accessed February 16, 2023). 35. Megan Eckstein, “Marines Explain Vision for Fewer Traditional Amphibious Warships,” Defense News, June 21, 2021, https://www.defensenews.com/naval/2021/06/21/marines-explain-vision-for-fewer-traditional- amphibious-warships-supplemented-by-new-light-amphib/ (accessed February 16, 2023). 36. See Sidney J. Freedberg Jr., “Trump Eases Cyber Ops, but Safeguards Remain: Joint Staff,” Breaking Defense, September 17, 2018, https://breakingdefense.com/2018/09/trump-eases-cyber-ops-but-safeguards-remain- joint-staff/ (accessed March 7, 2023); Dustin Volz, “White House Confirms It Has Relaxed Rules on U.S. Use of Cyberweapons,” The Wall Street Journal, September 20, 2018, https://www.wsj.com/articles/white-house- confirms-it-has-relaxed-rules-on-u-s-use-of-cyber-weapons-1537476729 (accessed March 7, 2023); and Federation of American Scientists, Intelligence Resource Program, “National Security Presidential Memoranda [NSPMs]: Donald J. Trump Administration,” updated March 7, 2022, https://irp.fas.org/offdocs/nspm/index. html (accessed March 7, 2023). 37. U.S. Government Accountability Office, DOD Cybersecurity: Enhanced Attention Needed to Ensure Cyber Incidents Are Appropriately Reported and Shared, GAO-23-105084, November 2022, p. 36, https://www.gao. gov/assets/gao-23-105084.pdf (accessed February 17, 2023). 38. See Paul Evancoe, “Special Operations and the Interagency Team,” U.S.Military.com, https://usmilitary. com/special-operations-and-the-interagency-team/#:~:text=Seldom%20considered%20are%20those%20 other%20government%20agency%20%28OGA%29,response%20and%20consequence%20management%20 to%20name%20a%20few (accessed February 17, 2023). 39. U.S. Department of Defense, Nuclear Posture Review, February 2018, pp. 54–55, https://media.defense. gov/2018/Feb/02/2001872886/-1/-1/1/2018-NUCLEAR-POSTURE-REVIEW-FINAL-REPORT.PDF (accessed February 17, 2023). 40. U.S. Department of Defense, 2022 National Defense Strategy of the United States of America Including the 2022 Nuclear Posture Review and the 2022 Missile Defense Review, pp. 3 and 20. 41. Patty-Jane Geller, “Missile Defense,” in 2023 Index of U.S. Military Strength, ed. Dakota L. Wood (Washington: The Heritage Foundation, 2023), pp. 507–508, http://thf_media.s3.amazonaws.com/2022/Military_ Index/2023_IndexOfUSMilitaryStrength.pdf. 42. Matthew R. Costlow, “The Folly of Limiting U.S. Missile Defenses for Nuclear Arms Control,” National Institute for Public Policy Information Series, Issue No. 505, October 18, 2021, https://nipp.org/wp-content/ uploads/2021/10/IS-505.pdf (accessed February 16, 2023). 43. Forum for American Leadership, “Don’t Hand North Korea a Win in the Missile Defense Review,” January 4, 2022, https://forumforamericanleadership.org/dprk-missile-threat (accessed February 16, 2023). 44. Patty-Jane Geller, “It’s Time to Get Homeland Missile Defense Right,” Defense News, January 4, 2021, https:// www.defensenews.com/opinion/commentary/2021/01/04/its-time-to-get-homeland-missile-defense- right/#:~:text=Restoring%20our%20eroding%20edge%20when,advanced%20technology%20and%20 new%20capabilities.%E2%80%9D (accessed February 16, 2023).
Introduction
— 222 — Mandate for Leadership: The Conservative Promise forward-leaning in sharing cyber threat intelligence with private-sector partners and the public, emphasizing that the protective nature of such information is of value only if put into the right hands at the right time. Since critical infrastructure and services are overwhelmingly owned, managed, and defended by the private sector in the United States, there has been an increasing emphasis on declassify- ing intelligence and sharing actionable information with private-sector partners, often through industry-specific Information Sharing and Analysis Centers (ISACs); regional meetings of government and private-sector experts called InfraGard, run by the FBI; direct public notification from the Department of Homeland Security, the FBI, and (increasingly) the NSA; and more discreet one-on-one engagements led by the collecting agencies. These programs properly recognize the private sector’s role in providing cyber- security for Americans; in practice, however, the intelligence shared by the U.S. government through these venues is too often already known or no longer relevant by the time it makes its way through the downgrade process for sharing. In addition, government-shared information often needs to take advantage of the opportunity to provide contexts, such as attribution, trends, and size of the observed cyber problem. As warranted, additional context should be provided to the private sector as a matter of routine. To continue improving the U.S. government’s ability to defend the country’s most vital networks, the IC must adopt an “obligation to share” policy process, including the capacity for “write to release” intelligence products whereby newly discovered technical indicators, targeting, and other intelligence relevant to cyber defense are automatically provided either to the public or to targeted entities within 48 hours of their collection—which is how counterterrorism intel- ligence has been managed for years when it comes to a “duty to warn.” Under this policy, agency heads should still have the flexibility to withhold intelligence for operational or counterintelligence reasons but would need to report regularly to Congress on the number of and justification for exceptions. This policy would make sharing intelligence and defending networks the default, as it already is in the rest of the cybersecurity community outside the IC, to improve the quantity, relevance, and timeliness of defensive information while ensuring accountability for top leaders when they must withhold this information. One of the most significant challenges within the IC is presented by the need to share information promptly among the 18 elements of the intelligence enterprise. The only long-term solution to the understandable tension between the need to share information and the need to protect intelligence sources and methods is a robust real-time auditing capability that electronically flags unauthorized access. Under an identity management system with real-time audit, even the most sensi- tive information acquired by America’s intelligence agencies can be shared, and the access to and use of that information are appropriately monitored. Establishing — 223 — Intelligence Community a real-time auditing capability is essential to decreasing the risk for the heads of intelligence agencies in meeting their statutory requirements to ensure that they protect sources and methods associated with the classified information their agen- cies collect. Overclassification. There is broad consensus across the U.S. government and among stakeholders that the system for classifying, declassifying, and otherwise marking and handling sensitive information is at a crossroads. Exorbitant amounts of classified data are created daily, and agency personnel often mistakenly choose classification as the default selection to ensure national security. At the same time, the effectiveness of downgraded and carefully declassified information to support foreign policy efforts has been borne out in, for example, alerting the broader world of Russia’s buildup and likely plans for its invasion of Ukraine. Two executive orders principally govern how the U.S. government handles clas- sified and sensitive information. l Executive Order 13526, “Classified National Security Information,” issued in 2009,38 prescribes the classification levels and procedures for declassification. l Executive Order 13556, “Controlled Unclassified Information,” issued in 2010,39 aimed to establish a uniform program for managing all unclassified information that requires safeguarding or dissemination controls. The current system for declassifying classified national security information (CNSI) is extraordinarily analog, requiring experts’ review of individual records. Declassification policies are based on human review of paper and need to con- template and handle the proliferation and volume of digital records created by agencies. The U.S. government will soon reach the point at which manual review is impossible. The declassification of CNSI should support key U.S. national security objectives, reflect mission priorities, and not serve solely as a necessary procedural function. Reforms should include: l Tighter definitions and greater specificity for categories of information requiring protection. l More stringent policies to effect significant reductions in the number of Original Classification Authorities (OCAs). l Stricter accountability measures at the OCA level and more detailed security classification guides.
Introduction
— 206 — Mandate for Leadership: The Conservative Promise local, and tribal elements. The order should consider stipulating what to do with DOD cyber agencies, most notably the NSA, in terms of strategic (for example, the President and the DNI) vs. tactical support (for example, support for the warfighter) in conjunction with ongoing congressionally mandated reviews of the future dual-hatted relationship. l Enhance the DNI’s role in overseeing execution of the National Intelligence Program budget under the President’s authority. This should be done in a manner that is consistent with Congress’s intent as embodied in IRTPA. Under the executive order as written today, the DNI “shall oversee and direct the implementation of the National Intelligence Program.” In practice, the DNI’s authority to oversee execution of the IC’s budget remains constrained by an inability to address changing intelligence priorities and mandate the implementation of appropriated NIP funding to higher intelligence priorities. The DNI should have the President’s direction to address emerging but catastrophic threats such as those posed by bioweapons. Clarifying how much budget authority the DNI has in conjunction (within the limits of congressional appropriations) with OMB and IC-member Cabinet officials to move around money and personnel is crucial, but positions will not always be fungible. It will probably be necessary to hold IC leadership accountable at intransigent agencies and to restructure areas through executive orders in close conjunction with OMB, as needed. l Clarify the DNI’s role as leader of the IC as an enterprise in building the IC’s capabilities around its open-source collection and analytic missions. The exponential growth in open-source information, often called OSINT, is not disputed. In the IC, the use of publicly available information, notwithstanding the authorities within IRTPA for the DNI to manage OSINT, remains disaggregated. The explosion of private-sector intelligence products and expertise should signal to IC leadership that duplicative efforts are unnecessary and that limited resources should be focused on problematic collection tasks. The IC should avoid duplication of what is already being done well in the private sector and focus instead on complex questions that cannot be answered by conventional and frequently increasing numbers of commercial tools and capabilities. If necessary, for lack of results from the National Open Source Committee, the DNI should appoint the Principal Deputy Director of National Intelligence (PDDNI) as chairman to prioritize and promote accountability for the IC’s 18 agencies toward this effort. — 207 — Intelligence Community l Prioritize security clearance reform. Security clearance reform has made significant progress under Trusted Workforce 2.0, a governmentwide background investigation reform that was implemented beginning in 2018 with the goal of creating one system with reciprocity across organizations. This included allowing movement from periodic reinvestigations toward a Continuous Vetting (CV) program with automated records checks, adjudication of flags, the “mitigat[ion of] personnel security situations before they become a larger problem,” or the suspension or revocation of clearances.15 However, human resources onboarding operations in major agencies such as the CIA, FBI, and NSA remain to be resolved. As executive agent for security clearances, the DNI must require results from agencies that resist implementation, enforce the 48-hour reciprocity guidance, and target human resources operations that fail to attract and expediently onboard qualified personnel. Additional “carrots and sticks” from executive order reform language, including moving the Security Services Directorate from NCSC to ODNI with elevated status, may be necessary. It is unacceptable for agencies to hinder opportunities for cross- agency assignments, use public–private partnerships inefficiently because of constraints on the transferability of security clearances, and lose future talent because of extraordinary delays in backend operations. Proper vetting to speed the onboarding of personnel with much-needed expertise is vital to the IC’s future. l Ensure the DNI’s authority. The DNI’s authority should be similar to an orchestra conductor’s. An incoming conservative President will appoint whomever he chooses as DNI, but there should be agreement between the incoming DNI and President with advice and counsel from the Presidential Personnel Office on selecting positions overseen by the DNI throughout subordinate agencies, as well as concurrence by relevant Cabinet officials and the CIA. This exists by executive order, but many Presidents, PPOs, and Cabinet agency heads do not follow executive order guidance and necessary norms. The importance of trust, character, and the ability to work together to achieve a joint set of intelligence goals established by the President cannot be overstated: It is a mission that can be accomplished only with the conductor and his orchestra playing in sync. l Provide additional support for such economic and supply chain– focused agencies as the Department of Commerce. Information sharing and feedback can help subagencies like the Commerce Department’s Bureau of Industry and Security to improve their understanding of the
Showing 3 of 5 policy matches
About These Correlations
Policy matches are calculated using semantic similarity between bill summaries and Project 2025 policy text. A score of 60% or higher indicates meaningful thematic overlap. This does not imply direct causation or intent, but highlights areas where legislation aligns with Project 2025 policy objectives.