Senate's defense authorization would set cyber doctrine

Senate's defense authorization would set cyber doctrine
© Twitter

The National Defense Authorization Act (NDAA) passed Monday by the Senate mandates a thorough, distinct doctrine for cyber warfare, filling a void long bemoaned by lawmakers. 

Legislators, particularly Senate Armed Services Committee Chairman John McCainJohn Sidney McCainRand Paul ‘concerned’ about Kavanaugh Senate Dems tell Trump: Don't meet with Putin one-on-one McConnell: Senate to confirm Kavanaugh by Oct. 1 MORE (R-Ariz.), have complained about the ad hoc approach to responding to, conducting and deterring cyberattacks since the Obama administration. 

“The threat is growing, yet we remain stuck in a defensive crouch, forced to handle every event on a case-by-case basis, and woefully unprepared to address these threats,” McCain said in May.

“We keep talking about a policy and a doctrine, and it never seems to happen,” Sen. Angus KingAngus Stanley KingHillicon Valley: Hacker tried to sell military docs on dark web | Facebook fined over Cambridge Analytica | US closer to lifting ZTE ban | Trump, Obama lose followers in Twitter purge | DOJ weighs appeal on AT&T merger Senators press federal election officials on state cybersecurity 'Paws for Celebration' event brings rescue animals to the Capitol MORE (I-Maine) said.

The NDAA calls for the Department of Defense to plan responses to potential attacks against the United States and plans to increase the resiliency of cybersecurity of American defense systems.

It also establishes a policy to notify countries when it becomes aware that a third country has instigated an attack on its systems and establishes that the United States may act unilaterally if a victim country is unable or unwilling to respond. 

The Trump administration is opposed to Defense establishing the doctrine outlined in the NDAA, noting in the Office of Management and Budget (OMB) evaluation of the bill that legislators establishing a policy comes at the expense of the president, who usually sets such policy.

The OMB also derided the policy of notifying countries that were subject to cyberattacks. 

"This would severely constrain the President’s decision space and undermine the ability of the Armed Forces to act rapidly and decisively, in accordance with applicable law, to neutralize threats and to defend United States national interests in cyberspace," it said.