This Act mandates the Department of Defense to provide senior officials and sensitive personnel with mobile phones and services featuring enhanced cybersecurity protections, including encryption and tracking mitigation.
Don Bacon
Representative
NE-2
This Act mandates that the Department of Defense procure all mobile phones and services for senior officials and personnel in sensitive national security roles with enhanced cybersecurity features. These requirements include mandatory encryption, capabilities to obscure device tracking identifiers, and continuous monitoring of the devices. The Secretary of Defense must report to Congress on the implementation, costs, and criteria used for identifying eligible personnel within 180 days of enactment.
DoD Mandates Secure Phones for Sensitive Roles: Encryption and Tracking Protection Required Within 90 Days
The Defense Secure Mobile Phones Act of 2025 is a straightforward piece of legislation aimed at locking down communications for the Department of Defense (DoD). Essentially, it tells the Secretary of Defense to upgrade the mobile devices and services used by senior officials and anyone performing “sensitive national security functions” to a much higher security standard.
The 90-Day Tech Upgrade
Starting 90 days after this bill becomes law, the DoD must ensure that all new contracts for these mobile phones and services include enhanced cybersecurity protections (Sec. 2). This isn’t a suggestion; it’s a mandate. For those of us who deal with work phones, this means the DoD is ditching the standard-issue devices for something much more robust. The goal is simple: if you’re handling sensitive information, your phone needs to be a fortress.
What “Enhanced Protection” Actually Means
The bill gets specific about what these enhanced protections must include. First, full encryption is required for all data on the phones and all communications going to and from them. Think of it like putting every text, email, and file into an impenetrable digital vault. Second, and perhaps more interesting, the phones must have the capability to mitigate or hide persistent device identifiers—for instance, by periodically rotating their network or hardware IDs. This is designed to prevent inappropriate tracking of the phone’s location or activity, which is a major vulnerability for high-profile officials.
For the rest of us, this is a reminder that even the smallest digital footprint can be a liability when national security is involved. The DoD is essentially trying to make these phones digital ghosts that are hard to follow.
Who Gets the New Gear and Who Pays
The biggest question mark in the bill is how the DoD defines who performs “sensitive national security functions.” The Secretary gets to set the criteria for this program, which means they decide the scope—is it just generals and cabinet members, or does it include the analysts and field agents who handle critical data every day? The bill requires the Secretary to report to Congress within 180 days with the criteria they used and the total number of employees included in the program.
This transition won't be cheap. Moving thousands of employees to highly customized, secure mobile services will involve significant procurement and operational costs. While the bill is a necessary step for security, taxpayers will ultimately bear the expense of these new, likely pricier, secure services. The transparency requirement helps here, as the Secretary must also report the total costs of the program to Congress, giving us a clearer picture of the investment required to secure these vital communications.