Two senators want a firm definition of what constitutes an act of war in cyberspace.
A bill introduced by Sens. Angus King (I-Maine) and Mike Rounds (R-S.D.) would require the administration to develop a policy to determine when a cyberattack rises to the level of warfare.
{mosads}“By requiring the administration to define what constitutes an act of war in the cyber domain, this legislation would help our government be better able to respond to cyberattacks and deter malicious actors from launching them in the first place,” King said in a Tuesday statement.
The bill would require policymakers to consider the ways in which the damage from a cyberattack might mirror a conventional attack — such as casualties or physical destruction — and “the intangible effects of significant scope, intensity or duration.”
It would also require the Department of Defense to include the new definition in its Law of War Manual.
Lawmakers — including King — have repeatedly pressed for a firmer policy on cyberattacks.
Some believe that a lack of policy governing cyber warfare has failed to adequately deter attacks and created muted government responses to incidents such as the massive hack of the Office of Personnel Management — believed to be the work of Chinese hackers.
The major cybersecurity bill that President Obama signed into law last year included a clause requiring the State Department to publicly produce an international cyberspace policy.
A White House policy on cyber deterrence released in December took heat from some lawmakers for “a troubling lack of seriousness and focus.”
“That kind of indecisiveness is antithetical to deterrence, and our nation simply cannot afford it,” Sen. John McCain (R-Arz.) said during a Senate Armed Services hearing in April.
“If we don’t have a policy, how are we going to develop plans?” Sen. Deb Fischer (R-Neb.) asked National Security Agency Director Adm. Michael Rogers, who also heads the U.S. Cyber Command.
Lawmakers have questioned who would best spearhead that effort.
Rogers and Director of National Intelligence James Clapper have cautioned against placing too much responsibility on the intelligence community to draw up international norms, characterizing such rulemaking as high-level policy decisions more appropriate to Congress.
King and Rounds appear to be pushing that responsibility — at least where it concerns the definition of an act of war — to the administration.
“If there’s a catastrophic attack tonight on the financial infrastructure of this country, I do not want to go on cable news in the morning and say the administration told us that ‘the policy is still in development,’” King said last fall.