The soon-to-be-enacted NDAA includes a provision that will fine-tune the range of military cyber operations subject to the 48-notification requirement. Here’s an explainer.
Latest in USCYBERCOM
An American military unit used offensive weapons against a target inside Russia. And nobody is noticing.
Let that sink in for a second. As the country (understandably) focuses on matters like Michael Cohen's testimony; the president's self-described friendship with a murderous dictator; and the House vote to negate the president's declaration of a national emergency (all notable issues to be sure), it seems as though something exceedingly significant has happened and ... just disappeared under the radar.
The United States Cyber Command (USCYBERCOM) has released effectively a new command strategy (formally called a “Command Vision,” although it addresses ends, ways and means), anchored on the recognition that the cyberspace domain has changed in fundamental ways since the Command was established in 2009. Drawing on its experience over the past eight years, the Command offers a new approach that aligns with the strategic realities within which it must successfully operate.
The next National Defense Authorization Act (the NDAA FY’18) is nearing the finish line. A Conference Report is now available, and so the time has come for a closer look at some of the key provisions of interest to Lawfare readers. My colleague Scott Anderson is going to post a broad overview shortly. For my part, I’d like to walk you through the “Cyberspace-Related Matters” section (sections 1631-1649C).
Friday morning, the White House announced it will elevate Cyber Command to a full unified combatant command. Within 60 days, the Secretary of Defense will recommend whether Cyber Command should also be split from the National Security Agency.
Friday morning, the White House announced in a statement that the President ordered the elevation of Cyber Command to a unified combatant command. The full statement can be found below.
U.S. Cyber Command (CYBERCOM) is the U.S. armed forces command charged with offensive and defensive cyber operations. Since 2010, it has coexisted with NSA as two organizations under one director. It is simultaneously embedded within U.S. Strategic Command (STRATCOM), a functional (i.e., non-geographic) command with broader responsibility for detecting and deterring strategic attacks against the United States. Both arrangements are likely coming to an end in the near future.
On October 3-4, 2016, I was privileged to be invited to attend and speak at the annual conference organized by the Staff Judge Advocate for USCYBERCOM, Colonel Gary Corn. I attended the two unclassified days of the conference (two days of classified discussion followed). Fellow Lawfare bloggers Bobby Chesney and Carrie Cordero were also in attendance. The conference was under Chatham House rules but with the organizer’s kind permission, I wanted to blog a few of the most salient insights (from my own idiosyncratic perspective) derived from the two days of discussion I observed: