Sec. 1644. CYBER POSTURE REVIEW
814 words·~4 min read·
/statute-compilations/comps-13932/sec-1644A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 1644 CYBER POSTURE REVIEW ###
(a)Requirement for Comprehensive Review In order to clarify the near-term policy and strategy of the United States with respect to cyber deterrence, the Secretary of Defense shall, not later than December 31, 2022, and quadrennially thereafter, conduct a comprehensive review of the cyber posture of the United States over the posture review period. ###
(b)Consultation The Secretary of Defense shall conduct each review under subsection
(a)in consultation with the Director of National Intelligence, the Attorney General, the Secretary of Homeland Security, and the Secretary of State, as appropriate. ###
(c)Elements of Review Each review conducted under subsection
(a)shall include, for the posture review period, the following elements: ####
(1)The assessment and definition of the role of cyber forces in the national defense and military strategies of the United States. ####
(2)Review of the following: #####
(A)The role of cyber operations in combatant commander warfighting plans. #####
(B)The ability of combatant commanders to respond to adversary cyber attacks. #####
(C)The international partner cyber capacity-building programs of the Department. ####
(3)A review of the law, policies, and authorities relating to, and necessary for, the United States to maintain a safe, reliable, and credible cyber posture for defending against and responding to cyber attacks and for deterrence in cyberspace, including the following: #####
(A)An assessment of the need for further delegation of cyber-related authorities, including those germane to information warfare, to the Commander of United States Cyber Command. #####
(B)An evaluation of the adequacy of mission authorities for all cyber-related military components, defense agencies, directorates, centers, and commands. ####
(4)A review of the need for or for updates to a declaratory policy relating to the responses of the United States to cyber attacks of significant consequence. ####
(5)A review of norms for the conduct of offensive cyber operations for deterrence and in crisis and conflict. ####
(6)A review of a strategy to deter, degrade, or defeat malicious cyber activity targeting the United States (which may include activities, capability development, and operations other than cyber activities, cyber capability development, and cyber operations), including— #####
(A)a review and assessment of various approaches to competition and deterrence in cyberspace, determined in consultation with experts from Government, academia, and industry; #####
(B)a comparison of the strengths and weaknesses of the approaches identified pursuant to subparagraph
(A)relative to the threat of each other; and #####
(C)an assessment as to how the cyber strategy will inform country-specific campaign plans focused on key leadership of Russia, China, Iran, North Korea, and any other country the Secretary considers appropriate. ####
(7)Identification of the steps that should be taken to bolster stability in cyberspace and, more broadly, stability between major powers, taking into account— #####
(A)the analysis and gaming of escalation dynamics in various scenarios; and #####
(B)consideration of the spiral escalatory effects of countries developing increasingly potent offensive cyber capabilities. ####
(8)A comprehensive force structure assessment of the Cyber Operations Forces of the Department for the posture review period, including the following: #####
(A)A determination of the appropriate size and composition of the Cyber Mission Forces to accomplish the mission requirements of the Department. #####
(B)An assessment of the Cyber Mission Forces’ personnel, capabilities, equipment, funding, operational concepts, and ability to execute cyber operations in a timely fashion. #####
(C)An assessment of the personnel, capabilities, equipment, funding, and operational concepts of Cybersecurity Service Providers and other elements of the Cyber Operations Forces. ####
(9)An assessment of whether the Cyber Mission Force has the appropriate level of interoperability, integration, and interdependence with special operations and conventional forces. ####
(10)An evaluation of the adequacy of mission authorities for the Joint Force Provider and Joint Force Trainer responsibilities of United States Cyber Command, including the adequacy of the units designated as Cyber Operations Forces to support such responsibilities. ####
(11)An assessment of the missions and resourcing of the combat support agencies in support of cyber missions of the Department. ####
(12)An assessment of the potential costs, benefits, and value, if any, of establishing a cyber force as a separate uniformed service. ####
(13)Any recurrent problems or capability gaps that remain unaddressed since the previous posture review. ####
(14)Such other matters as the Secretary considers appropriate. ###
(d)Report ####
(1)In general The Secretary of Defense shall submit to the congressional defense committees a report on the results of each cyber posture review conducted under subsection (a). ####
(2)Form of report Each report under paragraph
(1)may be submitted in unclassified form or classified form, as necessary. ###
(e)Posture Review Period Defined In this section, the term “posture review period” means the eight-year period that begins on the date of each review conducted under subsection (a).