The final version of an annual defense policy bill would set new authorities for the Department of Defense to deter and respond to attacks in cyberspace, including establishing the first U.S. policy on cyber warfare.
Following House and Senate negotiations, a conference report on the National Defense Authorization Act (NDAA) released Monday says the United States should be able to use every option on the table, including offensive cyber capabilities.
“[The NDAA] establishes a policy that the United States should employ all instruments of national power, including the use of offensive cyber capabilities, to deter if possible, and respond when necessary, to cyber attacks that target U.S. interests,” the conference report reads.
{mosads}It notes that the policy could be applied if the attack was to intentionally “cause casualties, significantly disrupt the normal functioning of our democratic society or government, threaten the Armed Forces or the critical infrastructure they rely upon, achieve an effect comparable to an armed attack, or imperil a U.S. vital interest.”
Congress said if it is faced with a cyberattack or malicious cyber activity, it will first encourage the White House to take action before acting unilaterally.
“It is the policy of the United States that, when a cyber attack or malicious cyber activity transits or otherwise relies upon the networks or infrastructure of a third country— the United States shall, to the greatest extent practicable, notify and encourage the government of that country to take action to eliminate the threat; and if the government is unable or unwilling to take action, the United States reserves the right to act unilaterally (with the consent of that government if possible, but without such consent if necessary),” the blueprint of the bill reads.
If passed into law, this legislative text from the Senate would establish the nation’s first cyber warfare policy — but it has to pass the president’s desk first.
President Trump has previously objected to the language in the Senate-passed bill, charging that this would infringe on his presidential authorities.
“The Administration strongly objects, however, to section 1621(f), which would damage the national security interests of the United States by endorsing certain foreign policy and military determinations that are traditionally within the President’s discretion, informed by the facts and circumstances prevailing at the time,” the Trump administration said in a statement last month about the provision.
Trump, on the other hand, applauded a provision that would affirm the ability of the secretary of Defense to carry out military activities and operations in cyberspace, designating these cyber military activities to be traditional military activities.
“The Administration strongly supports the Committee’s recognition in section 1622 that military operations in cyberspace constitute traditional military activities. This affirmation is critical to ensuring that all elements of national power may be brought to bear in support of national security objectives,” the White House statement continues.
The NDAA also gives the National Command Authority — a term that collectively describes the U.S. president and the secretary of Defense — the authority to direct the Defense Department’s U.S. Cyber Command to respond and deter to “ongoing” cyberattacks carried out by Russia, China, North Korea and Iran by taking “take appropriate and proportional action.”
This particular provision comes at a time of heightened concern about Russian aggression.
Recently, Director of National Intelligence Dan Coats warned that the “warning lights are blinking red again” on Russians carrying out cyberattacks.
Special counsel Robert Mueller, who is investigating Russian interference in the 2016 election, indicted 12 Russian intelligence officers earlier this month for their involvement in hacking into the Democratic National Committee and releasing that information.
The defense bill, which is meant to advance the goals of the administration’s National Defense Strategy, also would approve of more than $100 million in funding for “test infrastructure and workforce,” which includes cybersecurity.
Sens. John McCain (Ariz.) and Jack Reed (R.I.), the top Republican and Democrat on the Senate Armed Services Committee, respectively, as well as Sen. James Inhofe (R-Okla), and House Armed Services Committee Chairman Mac Thornberry (R-Texas) announced the details of the NDAA after months of negotiations.
“The [fiscal 2019] NDAA will help provide our men and women in uniform the resources and tools they need to face today’s increasingly complex and dangerous world,” they said in a statement.
“This legislation will strengthen our military’s readiness, provide our troops a pay raise, support effective implementation of the National Defense Strategy, drive further innovation in emerging technologies to secure our military advantage, and continue to reform the Department of Defense,” they continued.