S 2905 Introduced – Cyberwar

Earlier this week Sen. Rounds (R,SD) introduced S 2905, the Cyber Act of War Act of 2016. The bill would require the development of a policy describing when an action in cyberspace constituted an act of war.

Policy Requirement

Section 2 of the bill would require the President to {§2(a)}:

• Develop a policy for determining when an action carried out in cyberspace constitutes an act of war against the United States; and

• Revise the Department of Defense Law of War Manual accordingly.

Moving Forward

Rounds is not a member of the Senate Foreign Relations Committee, the committee to which this bill was referred for consideration, so he is unlikely to have adequate influence to get the bill considered by that Committee.

The bill is written broadly enough that there really is nothing in the bill that should drive any significant objections to the bill. It would seem that the easiest way for this bill to be considered would be to include the bill as an amendment to either an appropriations or authorization bill.

Commentary

What constitutes an ‘act of war’ is an inherently political decision. Such a decision would be based on a totality of circumstances rather than a characteristic action. This may be why the current Law of War Manual does not include a discussion of what constitutes an ‘act of war’ nor does it actually mention the term ‘act of war’.

Drawing lines in the sand, and defining what constitutes an ‘act of war’ is probably the ultimate line in the sand, sets up an administration for all sorts of potential problems. It provides an adversary with an artificial construct that says that you can push to this line without risking a military response. This could actively encourage an adversary wishing to embarrass the United States to take actions just short of the ‘act of war’ standards to prove that it can act with impunity.

Similarly, a creative adversary could press pass the limits of the definition of an ‘act of war’, but do so in a manner that would make a military response incompatible with other US foreign or domestic policy. These types of actions would be similar to the continued use of chemical weapons by Syrian forces after the President drew a line in the sand about the continued use of chemical weapons, or the North Korean’s ignoring of international sanctions in its testing of nuclear weapons and long-range delivery means.

In this case it would appear that Rounds is deliberately trying to force the President to draw a line in the sand that would either force a military reaction against your cyber opponent of choice (Iran, North Korea, ISIS, China, Russia and so on) or embarrass the current administration by failing to react to an ‘act of war’. I say this because the 2015 version of the DOD Law of Warfare Manual already includes a relatively comprehensive discussion of how cyber operations relate to the law of warfare. A careful reading of Chapter 16 provides more than enough guidance on how to determine when an offensive cyber operation is the equivalent to a more conventional military operation.