A provision of the fiscal 2012 national defense authorization bill says the military may conduct offensive cyberspace operations subject to the same principles the Defense Department uses for kinetic operations, including the law of armed conflict, and the War Powers Resolution.

A conference committee of House and Senate lawmakers approved Dec. 12 a compromise version of the annual authorization bill; House lawmakers approved it in a 283-136 vote the evening of Dec. 14. The Senate is expected to approve the bill shortly and the White House has indicated President Obama will sign it.

In language discussing the bill, conferees say that because there is no historical precedent for what constitutes traditional military activities in cyberspace, "it is necessary to affirm that such operations may be conducted pursuant to the same policy, principles and legal regimes that pertain to kinetic capabilities."

Conferees say they "stress that, as with any use of force, the War Powers Resolution may apply." If that was meant to ensure congressional oversight over cyber military operations, it may not be a strong inducement, since under the War Powers Resolution of 1972, the president can committee troops abroad for up to 90 days without congressional authorization--and the constitutionality of even that restriction is in doubt.

The bill would also require the Defense Department to set up an insider threat mitigation program for information systems, a provision that was inspired by Wikileaks' release of material allegedly given to it by Army PFC Bradley Manning. The bill provision would require the DoD to centrally monitor for unauthorized access to classified or controlled unclassified information.

In addition, the bill would require the Army to designate its effort to consolidate email systems as a formal acquisition program and have the secretary of the Army certify to Congress that the consolidation is "in the best technical and financial interests" of the Army.

The Army's consolidation effort has been troubled, with service officials, who cited "nasty stuff," pausing the effort in summer.

During a recent event sponsored by AFCEA NOVA, Rick Davis, director of operations, Army Network Enterprise Technology Command, said migration to a centralized solution is complete for 28.18 percent of Army email users.           

"We should be close to wrapping the NIPRnet enterprise email with a few outliers by the end of March and then we'll move on to SIPRnet," he said, referring to DoD unclassified and secret-level classification networks. The Army has 977,227 email accounts, he added.

For more:
- download the conference report of the fiscal 2012 national defense authorization bill (.pdf)

Related Articles:
Conference committee approves anti-IT counterfeiting provision in defense authorization bill 
McKeon seeks to clarify DoD cyber war authority 
WikiLeaks inspires new White House cybersecurity policy
'Nasty stuff' forces Army to pause enterprise email migration