Traditional Military Activities in Cyberspace: Clarifying DOD’s Authority and the Line Between T10 and T50 Activities?
Section 962 of the FY12 National Defense Authorization bill has a very interesting cyberspace “military activities” provision. It opens, at § 962(a), by “affirm[ing] that the Secretary of Defense is authorized to conduct military activities in cyberspace.” Section 962(b) then explains that this “includes the authority to carry out a clandestine operation in cyberspace” in at least two circumstances.
First: when the operation is “in support of a military operation pursuant to” the 9/18/01 AUMF,” so long as that operations is “against a target located outside of the United States.
Second: when the operation is “to defend against a cyberattack against an asset of the Department of Defense.”
Lest one assume these are the only two scenarios in which Title 10 authorities may be exercised in cyberspace, however, § 962(d) provides a “Rule of Construction” to the effect that “[n]othing in this section shall be construed to limit the authority of [SecDef] to conduct military activities in cyberspace.” So what is going on here?
It seems to be driven at least in part by concern over the fuzzy line separating Title 50 “cover action” authorities and Title 10 military authorities. The language above quite purposefully refers to “clandestine operations” only, a phrase which is typically defined as:
An operation sponsored or conducted by governmental departments or agencies in such a way as to assure secrecy or concealment. A clandestine operation differs from a covert operation in that emphasis is placed on concealment of the operation rather than on concealment of the identity of the sponsor. In special operations, an activity may be both covert and clandestine and may focus equally on operational considerations and intelligence-related activities.
That is to say, the language in § 962 refers to DOD authority to engage in cyber operations which are mean to go undiscovered but not meant to be denied. That alone would presumably keep them from being categorized as a “covert action” subject to presidential finding and SSCI/HPSCI notification requirements. Yet one can imagine that this does not quite suffice to solve the boundary dispute, insofar as it might not be clear on the front end that one would be willing to acknowledge sponsorship of an operation publicly if it becomes known…and indeed it might well be that the activity is very much meant to be both concealed and denied, making it hard at first blush to show that the activity is not a Title 50 covert action after all. But in at least some instances there is a separate reason it should not be deemed a covert action: i.e., when the action is best understood as a high-tech equivalent to a traditional military activity (the “TMA” category being an explicit exception to the T50 covert action definition). And that appears to be the case with the two categories explicitly described above, or at least arguably so.
The explanatory statement accompanying § 962 supports this reading. It opens by stating that
[t]he committee recognizes that because of the evolving nature of cyber warfare, there is a lack of historical precedent for what constitutes traditional military activities in cyberspace.
One might then ask: won’t this result in inadequate legislative oversight? Section 962(c) responds by requiring DOD to make quarterly “briefings” to SASC and HASC reporting on any cyber operations conducted under this clarified authority.
Further interesting background from the explanatory statement:
The committee notes that al Qaeda, the Taliban, and associated forces are increasingly using the internet to exercise command and control as well as to spread technical information enabling attacks on U.S. and coalition forces in areas of ongoing hostilities.
While these terrorist actions often lead to increased danger for U.S. and coalition forces in areas of ongoing hostilities, terrorists often rely on the global reach of the internet to communicate and plan from distributed sanctuaries throughout the world. As a result, military activities may not be confined to a physical battlefield, and the use of military cyber activities has become a critical part of the effort to protect U.S. and coalition forces and combat terrorism globally.
In certain instances, the most effective way to neutralize threats and protect U.S. and coalition forces is to undertake military cyber activities in a clandestine manner. While this section is not meant to identify all or in any way limit other possible military activities in cyberspace, the Secretary of Defense’s authority includes the authority to conduct clandestine military activities in cyberspace in support of military operations pursuant to an armed conflict for which Congress has authorized the use of all necessary and appropriate force or to defend against a cyber attack on a Department of Defense asset.
Because of the sensitivities associated with such military activities and the need for more rigorous oversight, this section would require quarterly briefings to the congressional defense committees on covered military activities in cyberspace.