Members of Congress are grappling with the new era of cyber warfare as the government works to define what acts in cyberspace should warrant a military response.
The Trump administration is required by law to spell out, within a year, what behaviors in cyberspace may constitute acts of war against the United States.
{mosads}That requirement was created by legislation signed last year by President Obama and mimics legislation introduced by Sens. Mike Rounds (R-S.D.) and Angus King (I-Maine) in May.
“Cyberspace is a new and evolving battlefield in the 21st century, and our provision, which is now law, is an attempt to gain some clarity in this largely unchartered field,” King told The Hill in a statement.
“I am hopeful that the resulting reports, along with continued congressional hearings, will help shape strategies and policies for cyberspace that better enable our government to determine how to respond to cyberattacks and deter malicious actors from launching them in the first place,” King said.
The debate over cyber war has been heightened by recent acts of cyber intrusion and espionage by foreign governments, including Russia’s alleged cyberattacks aimed at influencing the U.S. presidential election.
Rounds, the chairman of the new Senate Armed Services subcommittee on cybersecurity, indicated in a February interview with The Hill that he is anxious for the government to define war in cyberspace.
“[The Defense Department] basically has offensive capabilities, and how does that fit into their role? What is the civilian direction that is needed to be able to respond in the cyber domain?” Rounds said. “What is public policy? What should public policy be in terms of determining what an act of war is or something of near war?”
Even as lawmakers await action from the Trump administration, they are diving into the cyber war issue on their own.
On Wednesday, the House Armed Services Committee will hear testimony from experts on “threats, challenges and opportunities” related to cyber warfare in the modern day.
The Senate Armed Services subcommittee on cybersecurity, meanwhile, has set a hearing for Thursday on cyber strategy and policy.
Jason Healey, who will be testifying before the House committee, told The Hill that lawmakers should be less concerned about defining war in cyberspace and more focused on establishing a clear set of tools the president can use to respond to cyber aggression.
Healey, a senior fellow at the Atlantic Council’s Cyber Statecraft Initiative, suggested that the government should not be drawing “red lines” in cyberspace that automatically trigger a response.
“We’re not sure what we’re going to do in different kinds of cases. To me, this effort on lines and what is cyber warfare, it’s like talking about attribution,” Healey said. “It misses the point about what we’re going to do against specific kinds of things.”
“I am very hesitant in trying to lay out such a definition,” he continued. “What’s important is, when something happens, what are your policy responses? What are you going to do about it?”
By law, Defense Secretary James Mattis is required to report to Trump and Congress on the military and nonmilitary options the U.S. has for deterring and responding to cyber threats and malicious cyber activity carried out by foreign governments and terrorist groups.
That report is due to Trump in four months, after which the new administration has six months to deliver its own report to Congress.
Mattis has said he wants to develop a national strategy to respond to acts of cyber aggression, though it is unclear if he supports developing a definition of cyber war.
“My understanding is that currently such a determination is to be made on a case-by-case basis by the president,” Mattis wrote in response to questions about cyber warfare from lawmakers before his January confirmation hearing. “I further note that a cyberattack does not need to be deemed an ‘act of war’ to warrant a response.”
“I am committed to working with other elements of the government to develop a reinvigorated national strategy for responding to challenges in the cyber domain,” Mattis wrote.
The cyber warfare discussion has also been taking place internationally, with NATO’s development of the Tallinn Manual, a rulebook that gathers opinions from international law experts on nation-led cyber operations.
Michael Schmitt, an international law scholar who led the team that developed the latest version of the manual, told The Washington Post in early February that Russia’s meddling in the U.S. presidential election did not constitute an act of war.