Congress To Amend NDAA To Give DoD & NSA Greater 'Cyberwar' Powers
from the say-what-now dept
Here's the existing text:
SEC. 954. MILITARY ACTIVITIES IN CYBERSPACE.However, the House Armed Services Committee is getting ready to do a markup on the NDAA that includes a change to that section (section 954), which expands the powers of the Defense Department, and basically gives it broad powers to conduct any military actions online -- with it specifically calling out clandestine operations online. Here's the text they want to substitute:
Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, Allies and interests, subject to—(1) the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflict; and
(2) the War Powers Resolution (50 U.S.C. 1541 et seq.).
SEC. 954. MILITARY ACTIVITIES IN CYBERSPACE.Note a bunch of slightly sneaky things going on here. First, it gives blanket powers to the DoD, rather than saying it can only take actions on the President's direction. While we may not have much faith that the President wouldn't let the DoD do such things, giving such blanket approval upfront, rather than requiring specific direction is a pretty big change.
‘‘(a) AFFIRMATION.—Congress affirms that the Secretary of Defense is authorized to conduct military activities in cyberspace.
‘‘(b) AUTHORITY DESCRIBED.—The authority referred to in subsection (a) includes the authority to carry out a clandestine operation in cyberspace—‘‘(1) in support of a military operation pursuant to the Authorization for Use of Military Force (50 U.S.C. 1541 note; Public Law 107-40) against a target located outside of the United States; or‘‘(c) RULE OF CONSTRUCTION.—Nothing in this section shall be construed to limit the authority of the Secretary of Defense to conduct military activities in cyberspace.’"
‘‘(2) to defend against a cyber attack against an asset of the Department of Defense.
Second, and perhaps more important, the new language specifically grants the DOD (and the NSA, which is a part of DOD) the power to conduct "clandestine operations." This is (on purpose) left basically undefined. Combine this with the fact that the "Authorization of Use of Military Force" is so broadly defined in the current government, this then grants the DOD/NSA extremely broad powers to conduct "clandestine" operations with little oversight. Related to this is that it removes the restriction that the DOD must take actions that are "subject to the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflicts." Instead it lets them use such powers, without these restrictions, against anyone declared an enemy under the AUMF (lots and lots of people) or in any effort to stop a cyberattack against the DOD -- which again you can bet would be defined broadly. This is a pretty big expansion of online "war" powers for the Defense Department, with what appears to be less oversight. And all done while people are looking the other way...