As Cyber Command continues to grow in capacity and capability so too does congressional oversight.
[Trump elevates Cyber Command; split with NSA still an option]
Not only is the command itself relatively young, but the notion of cyber operations and the international legal framework behind them are also nascent.
Given cyber operations will play a large role in future conflict with the military looking to integrate cyber effects into traditional military operations at all the geographic combatant commands, Congress wants to maintain oversight into global cyber operations.
[What Cyber Command learned from ISIS operations]
[Cyber is being normalized with traditional military operations]
That was partially behind one of the provisions that made it into the conference report of the FY 2018 National Defense Authorization Act to amend the current law requiring quarterly cyber operations briefings, expanding the scope of such briefings.
“When it comes to oversight, I think it’s important from the policy maker’s perspective particular for members of Congress that have been in office for quite some time, we need to understand how cyber operations are changing 21st Century warfare,” Rep. Elise Stefanik, R-NY, said during a panel discussion Nov. 28 at CyberCon hosted by Federal Times.
“Having that quarterly briefing is important form my perspective so that my fellow policy makers continue to see how critical these cyber operations are when it comes to protecting our national security.”
Stefanik said these briefings will be modeled after the quarterly counterterrorism briefings “where policy makers have an opportunity to ask questions about the specific operations or just generally about the regions that they’re covering.”
She added that this model has worked in the counterterrorism context in terms of providing transparency and information to policy makers, something she understands well as the House Armed Services Subcommittee chair that oversees cyber, counterterrorism programs special operations forces, which conducts nearly all counterterrorism operations globally.
Specifically, the NDAA amends current law mandating DoD’s quarterly cyber briefings to include:
- Separate updates for each geographic and functional command that describe; operations carried out as well as hostile cyber activity directed at the command;
- An overview of authorities and legal issues applicable to the operations to include any relevant legal limitations;
- An outline of any interagency activities and initiatives relating to operations, and;
- Any other matters the secretary of defense determines to be appropriate.
Stefanik noted that this update is part of the process in maturing Cyber Command. “As we’re seeking to mature U.S. Cyber Command, this is a way to ensure that members of Congress and senators are getting the information they need and can ask those probing questions,” she said. “It helps us on a quarterly basis have an understanding of how those operations are changing, how the threats are changing as well.”
Given both how quickly evolve in cyberspace as well as how new the command is, there will undoubtedly need to be continues updates in authorities and responsibilities.
[Authorities Complicate Use of Cyber Capabilities]
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.