In my opinion, there are two primary ways to view this step.
First, this is an important first step in stopping Russia from interfering in our election, messing with our infrastructure, stealing Intellectual Property, breaking into emails, and obtaining sensitive information.
Second, cyber is but one minor (but important) piece of the much greater information war Russia is waging against the United States and the West in order to disrupt our Democratic process and fracture our societies and cultures along existing fault lines, and, ultimately, to promote Russian national interests. While select individuals have introduced and even passed bills to this effect, the political animus to follow through is lacking. Partisan and political infighting are acting to the detriment of our great nation.
There is a third and less obvious repercussion to this action of a call to arms involving cyber. This opens the barn doors to cyber activity heretofore unseen by the world. If the White House proposes such a bill and Congress passes it, the other state and non-state actors have de facto carte blanch to act as they want in cyberspace. If the US can do it, so can we.
I do not believe this has been thought through.
Postscript. The article is straightforward reporting and lacks an apparent spin. This is good solid reporting.
Posted on Jul.26, 2018 in Congress, Cyberwar, Military Doctrine by Steven Aftergood
Rebuking the Trump Administration for its “passivity,” Congress is pressing the Department of Defense to engage in “active defense” in cyberspace against Russia, China, North Korea and Iran.
A new provision in the conference report on the FY2019 national defense authorization act (sect. 1642) would “authorize the National Command Authority to direct the Commander, U.S. Cyber Command, to take appropriate and proportional action through cyberspace to disrupt, defeat, and deter systematic and ongoing attacks by the Russian Federation in cyberspace.” It would further “add authorizations for action against the People’s Republic of China, the Democratic People’s Republic of Korea, and the Islamic Republic of Iran.”
“The conferees have been disappointed with the past responses of the executive branch to adversary cyberattacks and urge the President to respond to the continuous aggression that we see, for example, in Russia’s information operations against the United States and European allies in an attempt to undermine democracy.”
“The administration’s passivity in combating this campaign. . . will encourage rather than dissuade additional aggression.”
“The conferees strongly encourage the President to defend the American people and institutions of government from foreign intervention,” the report language said.
The congressional report does not propose an actual cyber strategy, nor does it specify desired outcomes, or address unintended consequences.
Another provision in the new conference report says that the Department of Defense ought to be just as assertive and “aggressive” in cyberspace as it is elsewhere (sect. 1632).
“The conferees see no logical, legal, or practical reason for allowing extensive clandestine traditional military activities in all other operational domains (air, sea, ground, and space) but not in cyberspace,” the report said.
“It is unfortunate that the executive branch has squandered years in interagency deliberations that failed to recognize this basic fact and that this legislative action has proven necessary.”
“The conferees agree that the Department should conduct aggressive information operations to deter adversaries.”
Curiously, the report found it necessary to add that “the conferees do not intend this affirmation as an authorization of clandestine activities against the American people.”
In general, another provision (sect. 1636) states, the U.S. needs to be ready for war in cyberspace:
“It shall be the policy of the United States, with respect to matters pertaining to cyberspace, cybersecurity, and cyber warfare, the United States should employ all instruments of national power, including the use of offensive cyber capabilities, to deter if possible, and respond to when necessary, all cyber attacks or other malicious cyber activities of foreign powers that target United States interests with the intent to… cause casualties among United States persons or persons of United States allies; significantly disrupt the normal functioning of United States democratic society or government (including attacks against critical infrastructure that could damage systems used to provide key services to the public or government); threaten the command and control of the Armed Forces, the freedom of maneuver of the Armed Forces, or the industrial base or other infrastructure on which the United States Armed Forces rely to defend United States interests and commitments; or achieve an effect, whether individually or in aggregate, comparable to an armed attack or imperil a vital interest of the United States.”