Senate's defense authorization would set cyber doctrine

Senate's defense authorization would set cyber doctrine
© Twitter

The National Defense Authorization Act (NDAA) passed Monday by the Senate mandates a thorough, distinct doctrine for cyber warfare, filling a void long bemoaned by lawmakers. 

Legislators, particularly Senate Armed Services Committee Chairman John McCainJohn Sidney McCainTrump's dangerous Guantánamo fixation will fuel fire for terrorists Tech beefs up lobbying amid Russia scrutiny Ad encourages GOP senator to vote 'no' on tax bill MORE (R-Ariz.), have complained about the ad hoc approach to responding to, conducting and deterring cyberattacks since the Obama administration. 

“The threat is growing, yet we remain stuck in a defensive crouch, forced to handle every event on a case-by-case basis, and woefully unprepared to address these threats,” McCain said in May.

“We keep talking about a policy and a doctrine, and it never seems to happen,” Sen. Angus KingAngus Stanley KingFeinstein seeks contact with FBI informant in Russia nuclear bribery case Overnight Finance: Trump calls for ObamaCare mandate repeal, cuts to top tax rate | Trump to visit Capitol Hill in tax reform push | CBO can't do full score before vote | Bipartisan Senate bill would ease Dodd-Frank rules Overnight Regulation: Bipartisan Senate bill would curb Dodd-Frank rules | Opioid testing rule for transport workers finalized | Google faces state antitrust probe | Dems want investigation into FCC chief MORE (I-Maine) said.

The NDAA calls for the Department of Defense to plan responses to potential attacks against the United States and plans to increase the resiliency of cybersecurity of American defense systems.

It also establishes a policy to notify countries when it becomes aware that a third country has instigated an attack on its systems and establishes that the United States may act unilaterally if a victim country is unable or unwilling to respond. 

The Trump administration is opposed to Defense establishing the doctrine outlined in the NDAA, noting in the Office of Management and Budget (OMB) evaluation of the bill that legislators establishing a policy comes at the expense of the president, who usually sets such policy.

The OMB also derided the policy of notifying countries that were subject to cyberattacks. 

"This would severely constrain the President’s decision space and undermine the ability of the Armed Forces to act rapidly and decisively, in accordance with applicable law, to neutralize threats and to defend United States national interests in cyberspace," it said.