S 1478 Introduced – Defense Cyber Support

Last week Sen. Rounds (R,SD) introduced S 1478, the Departmentof Defense Cyber Support to Civil Authorities Act of 2015. The bill would require the development of a comprehensive DOD plan for the United States Cyber Command to support civil authorities in responding to cyber-attacks by foreign powers.

The overall plan would include plans for {§2(a)(2)}:

∙ Internal Department of Defense collective training activities that are integrated with exercises conducted with other agencies and State and local governments;

∙ Coordination with the heads of other Federal agencies and State and local governments pursuant to the exercises required;

It would also include description of :

∙ The roles, responsibiities, and expectations of Federal, State, and local authorities as the Secretary understands them;

∙ The roles, responsibilities, and expectations of the active components and reserve components of the Armed Forces; and

∙ Any legislative and administrative action as may be necessary to carry out the plan.

Instead of the typical report to Congress usually found in these bills, there is a requirement {§2(b)} for the Comptroller General to review the DOD plan. The report of the review of this type is typically forwarded to Congress as a matter of course.

Moving Forward

Rounds is a mid-ranking member of the Senate Armed Services Committee so it is possible that he could have the political leverage necessary to get this bill considered in Committee. There is certainly nothing in the bill that would draw any immediate opposition in the Senate so if this bill were to be considered it would likely pass. I would expect it to get considered under the unanimous consent process at the end of a daily session.

This bill is probably more appropriate to be attached to the DOD appropriations or authorization bill. In fact. Rounds has submitted the same wording as found in this bill as an amendment (S. Amend. 1520, CREC-2015-06-03-pt1-PgS3686) to HR 1735 that is being considered this week in the Senate. Again, if it makes the list of amendments to be considered it will almost certainly be approved.

Commentary

On the face of it this seems to be a ‘motherhood and apple pie’ requirement for the increasingly sophisticated cyberwarriors to provide assistance to State and local authorities involved in an unequal fight with foreign adversaries. Unfortunately, as currently constructed this bill is a rather typical simplistic Congressional response to a very complicated issue.

A single plan is certainly not going to be adequate to cover the wide range of cyber attacks that could be initiated. In fact trying to put a single plan into effect without adequate prioritization of where Federal or military resources should be employed is going to be counterproductive and would provide potential adversaries with a process for causing military resources being deployed in civil support roles as a precursor to a military attack.

A much more effective role for a bill of this sort would be to require the military to determine which types of cyber-attacks on the Homeland could be met by what types of military response. They types of response would include carefully delineated civil support activities as well as cyber defense and cyber response activities. Only after these capabilities are determined should we worry about developing plans for their implementation.