Sec. 1644. Cyber posture review
532 words·~2 min read·
/bill/115/hr/2810/enr/section-1644·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
In order to clarify the near-term policy and strategy of the United States with respect to cyber deterrence, the Secretary of Defense shall conduct a comprehensive review of the cyber posture of the United States over the posture review period. The Secretary of Defense shall conduct the review under subsection
(a)in consultation with the Director of National Intelligence, the Attorney General, the Secretary of Homeland Security, and the Secretary of State, as appropriate. The review conducted under subsection
(a)shall include, for the posture review period, the following elements: The role of cyber forces in the military strategy, planning, and programming of the United States. Review of the role of cyber operations in combatant commander operational planning, the ability of combatant commanders to respond to hostile acts by adversaries, and the ability of combatant commanders to engage and build capacity with allies. A review of the law, policies, and authorities relating to, and necessary for the United States to maintain, a safe, reliable, and credible cyber posture for responding to cyber attacks and for deterrence in cyberspace. A declaratory policy relating to the responses of the United States to cyber attacks of significant consequence. Proposed norms for the conduct of offensive cyber operations for deterrence and in crisis and conflict. Guidance for the development of a cyber deterrence strategy (which may include activities, capability efforts, and operations other than cyber activities, cyber capability efforts, and cyber operations), including— a review and assessment of various approaches to cyber deterrence, determined in consultation with experts from Government, academia, and industry; a comparison of the strengths and weaknesses of the approaches identified under subparagraph
(A)relative to the threat and to each other; and an explanation of how the cyber deterrence strategy will inform country-specific deterrence campaign plans focused on key leadership of Russia, China, Iran, North Korea, and any other country the Secretary considers appropriate. Identification of the steps that should be taken to bolster stability in cyberspace and, more broadly, stability between major powers, taking into account— the analysis and gaming of escalation dynamics in various scenarios; and consideration of the spiral escalatory effects of countries developing increasingly potent offensive cyber capabilities. A determination of whether sufficient personnel are trained and equipped to meet validated cyber requirements. Such other matters as the Secretary considers appropriate. The Secretary of Defense shall submit to the congressional defense committees a report on the results of the cyber posture review conducted under subsection (a). The report under paragraph
(1)may be submitted in unclassified form or classified form, as necessary. Of the funds authorized to be appropriated by this Act or otherwise made available for fiscal year 2018 for operations and maintenance for the Office of the Assistant Secretary of Defense for Public Affairs, not more than 85 percent may be obligated or expended until the date on which the Secretary of Defense submits to the congressional defense committees the report under paragraph (1). In this section, the term posture review period means the period beginning on the date that is five years after the date of the enactment of this Act and ending on the date that is 10 years after such date of enactment.