The final version of an annual defense policy bill would require President Trump to develop a national policy for cyberspace and acts of cyberwarfare.
Such a strategy would need to address the use of offensive cyber capabilities to respond to attacks in cyberspace, according to the Senate Armed Services Committee’s summary of the compromise fiscal year 2018 National Defense Authorization Act (NDAA).
However, the bill does not appear to set forth a distinct doctrine for cyber warfare, as the original Senate-passed version did. The Trump administration had objected to the provision, alleging that it infringed on the president’s authorities.
{mosads}
House and Senate lawmakers met to hash out the final bill over a number of weeks, releasing their own summaries on Wednesday. They plan to release the finalized text of the bill soon.
Past iterations of the defense policy bill have directed the executive branch to take actions to create policies for cyberspace. The 2017 bill passed late last year directed the administration to report to Congress on the military and nonmilitary options for deterring and responding to incidents in cyberspace.
As of mid-October, the report had not yet been completed.
Senate Armed Services Committee Chairman John McCain (R-Ariz.) and others expressed frustration with the administration over the lack of a comprehensive cyber strategy at a hearing last month. McCain aired similar grievances during the Obama administration.
Currently, cyber responsibilities are scattered across multiple federal departments, including the Defense Department, Justice Department and the Department of Homeland Security.
“The committees have long expressed their concern with the lack of an effective strategy and policy for the information domain, include cyber, space, and electronic warfare,” reads the summary of the NDAA conference report released by McCain and Armed Services ranking member Jack Reed (D-R.I.) on Wednesday.
“The conferees believe that it is long past time that the federal government develops a comprehensive cyber deterrence strategy, and it is the role of the Congress to guide and impel the creation of that strategy,” it reads.
The compromise bill includes a number of cyber-related provisions, including one that would require Defense Secretary James Mattis to conduct a review of the Pentagon’s cyber posture “with the purpose of clarifying U.S. cyber deterrence policy and strategy.”
It would also make the Pentagon’s chief information officer a presidentially appointed and Senate-confirmed position. The individual would report directly to Mattis and would inherit new responsibilities in developing offensive and defensive cyber capabilities for the department.
The legislation would also require that Mattis develop processes to integrate strategic information operations and cyber-enabled operations across the Pentagon and task a senior official with implementing them.
According to the House summary, the bill would authorize $8 billion in funding for cyber operations, including $647 million for U.S. Cyber Command, fulfilling the Trump administration request for a 16 percent budget increase for the command.
Trump boosted Cyber Command, which conducts offensive cyber operations, back in August, spinning it out into its own war-fighting command. Eventually, the decision is expected to result in Cyber Command being separated from the National Security Agency, with which it currently shares a leader in Adm. Mike Rogers.