Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 119th Congress · S. 2296 (Reported in Senate) — To authorize appropriations for fiscal year 2026 for military activities of the Department of Defense, for military c... · Sec. 1603

Sec. 1603. Strategy for deterrence against cyberattacks against defense critical infrastructure of the United States

606 words·~3 min read·/bill/119/s/2296/rs/section-1603·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

The Secretary of Defense shall, in coordination with the Assistant Secretary of Defense for Cyber Policy, the Chairman of the Joint Chiefs of Staff, the Commander of United States Cyber Command, and the Deputy Assistant Secretary of Defense for Defense Continuity and Mission Assurance, develop a strategy and a list of various courses of action across the spectrum of military capabilities to create a credible deterrence against cyberspace attacks and posturing for future such attacks against United States defense critical infrastructure.
The Secretary shall ensure that the strategy required by subsection (a)— includes an evaluation of how to deter actions of adversaries in cyberspace across the full spectrum of offensive planning and action; and outlines a range of options available for the Department to demonstrate a credible deterrence through cost imposing courses of action. The strategy required by subsection
(a)shall incorporate the following elements: A comprehensive assessment of adversary cyber capabilities and intent regarding defense critical infrastructure attacks. Identification of what specific adversary cyber capabilities and actor’s actions under this strategy seeks to deter. Methodology and classification of types of targets to hold at risk and what actions would be necessary to impose costs at different levels of escalation. An assessment of the capabilities and any related requirement gaps to create the needed effects against these categories of targets and their relative impact to deterrence and escalation. An evaluation of the role of offensive cyber operations in combination with, as well as independent of, other means of military capabilities in creating an effective deterrent, and an assessment of the current capability and gaps in capability needed to successfully conduct these offensive cyber operations. An assessment of policy and authorities in effect with respect to holding adversary targets at risk and recommendations for modifications to enable effective deterrence and managed escalation. Evaluation of reveal and conceal criteria and methodology to demonstrate the United States capability of imposing costs while preserving operational security. Framework for integration of interagency partners, as well as allies and partners, industry, and academia, to enhance deterrence. The Secretary shall complete the development of the strategy required by subsection
(a)on or before December 1, 2026. The list of various courses of action required under subsection
(a)shall include a list of military alternatives, guided by the strategy developed under such subsection, using the full range of military capabilities, including offensive cyber operations that actively impose or threaten to impose costs on an adversary to create a credible deterrence. The courses of action shall be organized for competition, crisis, and conflict. Not later than June 1, 2026, the Secretary shall complete the development of the list of various courses of action required by subsection (a). Not later than March 1, 2026, the Secretary shall provide to the congressional defense committees an interim briefing on the strategy required under subsection (a). Not later than June 1, 2026, the Secretary shall— provide to the congressional defense committees a briefing on the strategy developed under subsection
(a)and the list of various courses of action developed under such subsection; and submit to the congressional defense committees a report on such strategy and such list of various courses of action. In this section: The term defense critical infrastructure has the meaning given that term critical infrastructure of the Department of Defense in section 1650(e) of the National Defense Authorization Act for Fiscal Year 2017 ( Public Law 114–328 ; 10 U.S.C. 2224 note). The term imposing costs means actions taken against adversaries that result in economic, diplomatic, informational, or military consequences significant enough to change the adversary’s behavior or calculations regarding cyberspace operations against the United States.
Connectionstraces to 2
Citation graph
cites case law
Sec. 1603
Strategy for deterrence against cyberattacks against defense critical infrastructure of the United States
Pub. L.Public Law 114-328
U.S.C.§ 2224
Cites 2Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.