Cyber deterrence and reserves corps strategy become law


This year's national defense authorization act, signed into law by President Obama Dec. 26, includes Senate Armed Services Committee language requiring development of a new cyber attack deterrence policy.

The act (H.R. 3304) preserves language from the Senate committee's June markup decrying the lack of an "integrated policy to deter adversaries in cyberspace" and requiring establishment of an interagency process to develop such a policy.

The concept of cyber deterrence can be controversial, with critics worried that genuine cyber attacks get conflated with data theft and that established mechanisms for deterrence such as broadcasting offensive capabilities could backfire on the United States. Strategic thinkers have also warned that development of offensive cyber weapons doesn't necessarily make domestic networks any safer.

Another provision in the new law contains SASC-developed language requiring the defense secretary to develop a strategy for using reserve forces to support Cyber Command, "including in support of civil authorities."

Some cybersecurity experts have also questioned the utility of a reserve force, fearing that it could come to be seen--whether accurately or not--as a counterpart to loosely controlled proxy forces active in China and Russia, and if so, again boomerang into a justification by other countries for their proxy forces. The. U.S. diplomatic position has been that countries are responsible for the actions of their proxy force.

It also mostly preserves SASC language requiring designation of an official within the office of the undersecretary of defense for policy to serve as a principal advisor on offensive military cyber operations. In the conference committee reporting accompanying the act, lawmakers say that official should supervise all DoD cyber activities and that an interdepartmental team operating under that principal advisor "is not intended to be merely a coordinating committee, but will provide strong leadership."

It excludes a SASC attempt to fold the position of Defense Department chief information officer into the duties of the deputy chief management officer.

For more:
- go to the THOMAS page for H.R. 3304

Related Articles:
House passes NDAA with pay raise and some sex assault provisions
Hagel announces cuts and reorganization affecting DCMO and DoD CIO
Study cyber weapons use at tactical level, urges CSIS paper