The Defense Department would require that senior leaders have secure mobile phones, that personnel would get cybersecurity training that includes a focus on artificial intelligence and that cyber troops would have access to mental health services under a compromise annual defense policy bill released over the weekend.The deal between House and Senate negotiators on the fiscal 2026 National Defense Authorization Act (NDAA) is a massive piece of legislation that runs the gamut of the Pentagon, including a record-breaking $901 billion topline figure. It also has a grab bag of cybersecurity policy provisions. The House could take it up as soon as this week.The legislation states that the secretary of defense “shall ensure” that wireless mobile phones the department provides to its senior leaders and others working on sensitive national security missions meets a list of cybersecurity requirements, such as data encryption. A Pentagon watchdog last week published long-awaited examinations of the Signalgate incident that enveloped Defense Secretary Pete Hegseth. The bill directs the department to make sure that behavioral health specialists with proper security clearances are dispatched to United States Cyber Command and the Cyber Mission Force. It follows in the tradition of past provisions of defense policy bills to address the mental health needs of personnel there.The department is told to revise mandatory training on cybersecurity for members of the Armed Forces and civilian employees “to include content related to the unique cybersecurity challenges posed by the use of artificial intelligence.”There are plenty of other cybersecurity provisions contained in the bill.It would set up barriers to splitting the leadership of Cyber Command and the National Security Agency by prohibiting any department funding from being used to “reduce or diminish the responsibilities, authorities or organizational oversight of the Commander of the United States Cyber Command.”On behalf of defense contractors, the bill orders the department to “harmonize the cybersecurity requirements” across the department and reduce the number of cybersecurity requirements “that are unique to specific contracts.” That’s a focus of the forthcoming Trump administration cybersecurity strategy.It also includes a statement of policy on the use of commercial spyware. It says that policy is to oppose the misuse of commercial spyware to include groups like journalists and human rights activists, to coordinate with allies to prevent the export of commercial spyware to those who are likely to misuse them and to “establish robust guardrails,” as well as work with the private sector counter abuse.Such statements of policy don’t carry legal force but give a sense of lawmaker consensus and intentions.The post Defense bill addresses secure phones, AI training, cyber troop mental health appeared first on CyberScoop.