As negotiations wrapped up on the final version of the defense authorization bill for fiscal year 2018, the chairman of the Senate Subcommittee on Cyber cited the importance of including language urging the White House to adopt a formal cyber warfare strategy as final votes are set to take place.  

Subcommittee Chairman Sen. Mike Rounds (R-S.D.) cited the importance of plans to establish a definition for cyber acts of war and identify clear directives for the Department of Defense’s offensive and defensive capabilities.as critical elements of the upcoming $700 billion National Defense Authorization Act (NDAA).

Sen. Mike Rounds (R-S.D.) Photo: U.S. Senate.
Sen. Mike Rounds (R-S.D.) Photo: U.S. Senate.

The Senate Armed Services Committee confirmed the inclusion of a national cyber warfare and national deterrence strategy in its summary of the bill following the conclusion of conference negotiations.

“What we’ve said is let’s starting talking in advance to recognize that you could have an act of war in cyberspace, and if you think that can occur you can also begin that planning process to how you would respond,” said Rounds, addressing the International Conference on Cyber Conflict on Wednesday. “Unless you have a plan in place, you can’t simply go and ask the president of the United States every time something like this occurs.”

Rounds pushed for a strategy that clearly defined an act of war in the cyber domain, and what would necessitate a thorough military response.

Cyber warfare policy must be pushed by the administration and should address how responses to attacks within the cyber domain would differ from physical acts of war and establish specific stipulations related to the scope, intensity and duration of digital threats, according to Rounds.

“Our current policies allow the Department of Defense to respond to a cyber attack against military forces and infrastructure, but the U.S. does not have a clear policy governing the Pentagon’s response to a cyber attack against critical civilian infrastructure,” said Rounds.

DoD’s Defense Science Board released a report in February detailing an expectation that adversaries’ offensive cyber capabilities will remain ahead of U.S. defensive capabilities over the next 10 years.

Rounds said the NDAA would include commitments to building cyber tools in the same manner as nuclear capabilities, where potential adversaries are deterred due to the high cost of engaging in potential cyber warfare.

“During the next 10 years we better make sure we start forming strong enough, proactive offensive capabilities such as to deter [adversaries] and to make it too expensive for them should they actually step in and try to do broad damage to our systems,” said Rounds. “We have to make it such that no one out there who does have cyber capabilities today feels as though they can actually get away with a cyber attack on the United States without significant damage being done to themselves as well.”

A national cyber warfare strategy must also include considerations for intellectual property theft, according to Rounds. The subcommittee chairman would’ve liked to see the NDAA identify stealing IP as a potential cyber act of war, especially as nation-state adversaries grow their capacity to build more sophisticated hacking tools.

“This is going to be a never ending process. It’s not one we can ever let up on. And, certainly, it’s one that deserves the extra scrutiny that you would find with land, sea, air or space, because all of them will be dependent on our capabilities to retain dominance within the cyber domain,” said Rounds. “We’ve said the administration needs to lay out a policy. Where we go with that policy and how we make the policy better will be the next step.”