Compromise defense bill tells Trump to spell out cyberwarfare strategy

Compromise defense bill tells Trump to spell out cyberwarfare strategy
© Greg Nash

The final version of an annual defense policy bill would require President Trump to develop a national policy for cyberspace and acts of cyberwarfare.

Such a strategy would need to address the use of offensive cyber capabilities to respond to attacks in cyberspace, according to the Senate Armed Services Committee’s summary of the compromise fiscal year 2018 National Defense Authorization Act (NDAA). 

However, the bill does not appear to set forth a distinct doctrine for cyber warfare, as the original Senate-passed version did. The Trump administration had objected to the provision, alleging that it infringed on the president’s authorities.


House and Senate lawmakers met to hash out the final bill over a number of weeks, releasing their own summaries on Wednesday. They plan to release the finalized text of the bill soon. 

Past iterations of the defense policy bill have directed the executive branch to take actions to create policies for cyberspace. The 2017 bill passed late last year directed the administration to report to Congress on the military and nonmilitary options for deterring and responding to incidents in cyberspace.

As of mid-October, the report had not yet been completed. 

Senate Armed Services Committee Chairman John McCainJohn Sidney McCainZuckerberg: Maybe tech should face some regulations Schiff mocks Trump: Obama, Bush didn't need staff warning 'do not congratulate' Putin GOP senator tears into Trump for congratulating Putin MORE (R-Ariz.) and others expressed frustration with the administration over the lack of a comprehensive cyber strategy at a hearing last month. McCain aired similar grievances during the Obama administration.

Currently, cyber responsibilities are scattered across multiple federal departments, including the Defense Department, Justice Department and the Department of Homeland Security. 

“The committees have long expressed their concern with the lack of an effective strategy and policy for the information domain, include cyber, space, and electronic warfare,” reads the summary of the NDAA conference report released by McCain and Armed Services ranking member Jack ReedJohn (Jack) Francis ReedOvernight Defense: Senate sides with Trump on military role in Yemen | Dem vets push for new war authorization on Iraq anniversary | General says time isn't 'right' for space corps Senate sides with Trump on providing Saudi military support Overnight Defense: Trump unveils new sanctions against Russia | Key Republicans back VA chief amid controversy | Trump gives boost to military 'space force' MORE (D-R.I.) on Wednesday. 

“The conferees believe that it is long past time that the federal government develops a comprehensive cyber deterrence strategy, and it is the role of the Congress to guide and impel the creation of that strategy,” it reads. 

The compromise bill includes a number of cyber-related provisions, including one that would require Defense Secretary James MattisJames Norman MattisOvernight Cybersecurity: Zuckerberg breaks silence on Cambridge Analytica | Senators grill DHS chief on election security | Omnibus to include election cyber funds | Bill would create 'bug bounty' for State GOP rep introduces bill to address national security risks of artificial intelligence Overnight Defense: Senate sides with Trump on military role in Yemen | Dem vets push for new war authorization on Iraq anniversary | General says time isn't 'right' for space corps MORE to conduct a review of the Pentagon’s cyber posture “with the purpose of clarifying U.S. cyber deterrence policy and strategy.” 

It would also make the Pentagon’s chief information officer a presidentially appointed and Senate-confirmed position. The individual would report directly to Mattis and would inherit new responsibilities in developing offensive and defensive cyber capabilities for the department. 

The legislation would also require that Mattis develop processes to integrate strategic information operations and cyber-enabled operations across the Pentagon and task a senior official with implementing them. 

According to the House summary, the bill would authorize $8 billion in funding for cyber operations, including $647 million for U.S. Cyber Command, fulfilling the Trump administration request for a 16 percent budget increase for the command.

Trump boosted Cyber Command, which conducts offensive cyber operations, back in August, spinning it out into its own war-fighting command. Eventually, the decision is expected to result in Cyber Command being separated from the National Security Agency, with which it currently shares a leader in Adm. Mike Rogers.