Cyber legislation proposed Tuesday in the Senate would require President Obama to once and for all determine when electronic attacks amount to acts of war.
The bill, the Cyber Act of War Act of 2016, aims to establish an official policy with respect to defining when attacks conducted in the digital realm should be regarded the same as more traditional warfare.
Introduced by Sens. Angus King, Maine independent, and Mike Rounds, South Dakota Republican, the proposal comes following months of pleas courtesy of its co-authors and colleagues amid concerns raised by the Obama administration’s reluctance to determine when cyberattacks become international incidents warranting a response from the military.
“By requiring the administration to define what constitutes an act of war in the cyber domain, this legislation would help our government be better able to respond to cyberattacks and deter malicious actors from launching them in the first place,” Mr. King said in a statement this week.
Specifically, the bill calls for having the president determine when an action carried out in cyberspace constitutes an act of war against the United States, and accordingly makes revisions the Pentagon’s Law of War Manual. The proposal acknowledges the White House may wish to consider “ways in which the effects of a cyber attack may be equivalent to the effects of an attack using conventional weapons, including with respect to physical destruction or casualties,” as well as the effects of the scope, intensity or duration of such attack when making its determination.
“Cyberspace is a new and evolving battlefield in the 21st century, where the stroke of a computer key could disrupt an electric grid or cripple the financial sector,” Mr. King said. “That’s why the United States must be prepared to confront such attacks and defend our networks.”
SEE ALSO: FBI defends iPhone hacking amid questions over government’s use of exploits
Speaking to Maine Public Broadcasting, Mr. King said the proposal “is an attempt to at least begin the process to bring some clarity to this area.”
Once the Obama administration establishes a definition, he added, ” …then we will begin to begin the process of defining what our response will be.”
“Right now it is very ambiguous,” Mr. King continued. “This bill is an attempt to at least begin the process to bring some clarity to this area, and recognizing the fact that a cyberattack can cause physical destruction [and] potential loss of life.”
During an Armed Services Committee hearing in April, Mr. King was among lawmakers who asked Admiral Mike Rogers, the head of the National Security Agency and U.S. Cyber Command, to provide Congress with the definitions sought in this week’s proposal.
“We need definition of what is an act of war, what is a proportional response, what is a mutually-assured destruction situation. It just seems to me as a matter of policy that this needs to happen,” said Mr. King.
“If we don’t have a policy, how are we going to develop plans?” Sen. Deb Fischer, Nebraska Republican, asked at the same hearing.
SEE ALSO: U.S. airstrike kills 5 al-Shabaab militants in Somalia
Mr. Rounds, the co-author of the this week’s offering, had argued similarly during a cyber conference in Arlington last November.
“Congress has not yet determined what constitutes an act of war in the cyber domain. It needs to do so before an attack occurs, to enable the Defense Department to respond in real time since cyberattacks happen literally in milliseconds,” he urged then.
“As our enemies’ tactics grow more sophisticated, we must be even more diligent in our defense,” he said. “We should be prepared to discuss [retaliatory measures] openly and be clear, just as in the case when we had with the opportunity of mutually assured destruction. We should in a position where we will be able to say, if you screw with us, there will be a penalty which will be paid.”
As the senators ask Congress to demand answers from the Obama administration, however, some experts expressed skepticism this week over the cyber proposal.
Jason Healey, a senior research scholar in cyber conflict studies at Columbia University, told the Daily Dot the effort amounted to “not a very useful bill or debate.”
“After all, there is no definition of what an ’act of war’ is for any kind of kinetic conflict either,” he said. “An ’act of war’ depends entirely on the circumstances as well as the decision of the head of government — it is not just a national security decision, but ultimately a political decision.”
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.