Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · U.S. Code · Title 10 - ARMED FORCES · CHAPTER 19— CYBER AND INFORMATION OPERATIONS MATTERS · § 395

§ 395. Notification requirements for sensitive military cyber operations

943 words·~4 min read·/usc/title-10/section-395

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

(a)In General.— Except as provided in subsection (d), the Secretary of Defense shall promptly submit to the congressional defense committees notice in writing of any sensitive military cyber operation conducted under this title no later than 48 hours following such operation.
(b)Procedures.—
(1)The Secretary of Defense shall establish and submit to the congressional defense committees procedures for complying with the requirements of subsection
(a)consistent with the national security of the United States and the protection of operational integrity. The Secretary shall promptly notify the congressional defense committees in writing of any changes to such procedures at least 14 days prior to the adoption of any such changes.
(2)The congressional defense committees shall ensure that committee procedures designed to protect from unauthorized disclosure classified information relating to national security of the United States are sufficient to protect the information that is submitted to the committees pursuant to this section.
(3)In the event of an unauthorized disclosure of a sensitive military cyber operation covered by this section, the Secretary shall ensure, to the maximum extent practicable, that the congressional defense committees are notified immediately of the sensitive military cyber operation concerned. The notification under this paragraph may be verbal or written, but in the event of a verbal notification a written notification, signed by the Secretary, or the Secretary’s designee, shall be provided by not later than 48 hours after the provision of the verbal notification.
(c)Sensitive Military Cyber Operation Defined.—
(1)In this section, the term “sensitive military cyber operation” means an action described in paragraph
(2)that—
(A)is carried out by the armed forces of the United States;
(B)is intended to achieve a cyber effect against a foreign terrorist organization or a country, including its armed forces and the proxy forces of that country located elsewhere—
(i)with which the armed forces of the United States are not involved in hostilities (as that term is used in section 4 of the War Powers Resolution (50 U.S.C. 1543)); or
(ii)with respect to which the involvement of the armed forces of the United States in hostilities has not been acknowledged publicly by the United States; and
(i)is determined to—
(I)have a medium or high collateral effects estimate;
(II)have a medium or high intelligence gain or loss;
(III)have a medium or high probability of political retaliation, as determined by the political military assessment contained within the associated concept of operations;
(IV)have a medium or high probability of detection when detection is not intended; or
(V)result in medium or high collateral effects; or
(ii)is a matter the Secretary determines to be appropriate.
(2)The actions described in this paragraph are the following:
(A)An offensive cyber operation.
(B)A defensive cyber operation.
(d)Exceptions.— The notification requirement under subsection
(a)does not apply—
(1)to a training exercise conducted with the consent of all nations where the intended effects of the exercise will occur; or
(2)to a covert action (as that term is defined in section 503 of the National Security Act of 1947 (50 U.S.C. 3093)).
(e)Rule of Construction.— Nothing in this section shall be construed to provide any new authority or to alter or otherwise affect the War Powers Resolution (50 U.S.C. 1541 et seq.), the Authorization for Use of Military Force (Public Law 107–40; 50 U.S.C. 1541 note), or any requirement under the National Security Act of 1947 (50 U.S.C. 3001 et seq.).
(Added Pub. L. 115–91, div. A, title XVI, § 1631(a), Dec. 12, 2017, 131 Stat. 1736, § 130j; renumbered § 395 and amended Pub. L. 115–232, div. A, title X, § 1081(a)(1), title XVI, § 1631(a), Aug. 13, 2018, 132 Stat. 1983, 2123; Pub. L. 116–92, div. A, title XVI, § 1632, Dec. 20, 2019, 133 Stat. 1745; Pub. L. 116–283, div. A, title XVII, § 1702, Jan. 1, 2021, 134 Stat. 4080.)
Connections2 cite this · traces to 8
Cited by 2 sections · top 1
12 references not yet in our index
  • Public Law 107–40
  • 131 Stat. 1736
  • 132 Stat. 1983
  • 133 Stat. 1745
  • 134 Stat. 4080
  • Pub. L. 93–148
  • 87 Stat. 555
  • Pub. L. 107–40
  • 115 Stat. 224
  • act July 26, 1947, ch. 343
  • 61 Stat. 495
  • section 130j of this title
Citation graph
cites case law
§ 395
Notification requirements for sensitive military cyber operations
U.S.C.×2
U.S.C.§ 1543
U.S.C.§ 3093
U.S.C.§ 1541
U.S.C.§ 3001
Pub. L.Public Law 115-91
Pub. L.Public Law 115-232
Pub. L.Public Law 116-92
Pub. L.Public Law 116-283
Pub. L.Public Law 107–40
Stat.131 Stat. 1736
Stat.132 Stat. 1983
Stat.133 Stat. 1745
Cites 20 · showing 12Cited by 2 across 1 source
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.