Congress wants oversight of DOD cyber ops

Legislators have introduced a bill requiring the Pentagon to provide details of sensitive military cyber weapons and cyber operations.

sphere of binary data
 

New legislation offered in the House would require the Department of Defense to provide congressional defense committees with details of DOD cyber weapons and sensitive cyber operations.

The bill from the House Armed Services Committee calls for the secretary of defense to provide notice to the armed services committees within 48 hours of conducting a "sensitive military cyber operation."

The bill defines such an operation as one that "is carried out by the armed forces or by a foreign partner in coordination with the armed forces; and is intended to cause effects outside a geographic location where United States armed forces are involved in hostilities."

Such actions can be offensive operations or "a defensive cyber operation outside the Department of Defense Information Networks to defeat an ongoing or imminent threat."

In a statement announcing the legislation, House Armed Services Committee Chairman Rep. Mac Thornberry (R-Texas) said that while programs need to remain classified, Congress still has a responsibility to conduct oversight "in order to protect our security and our essential freedoms at the same time.

"This proposal to enhance congressional oversight of sensitive military cyber operations and cyber weapons will help achieve that balance by promoting greater transparency and accountability for some of the most classified elements of our national defense," he said.

"Drawing on lessons we've learned from the oversight of more traditional DOD sensitive activities outside of areas of active hostilities, this bill will enable Congress to provide additional support and oversight for these activities as they continue to develop as an essential component of U.S. military power," said Ranking Member Rep. Adam Smith (D-Wash.).

The legislation states that congressional committees shall take steps to prevent disclosure of classified information provided to them. The bill adds that "in the event of an unauthorized disclosure of a sensitive military cyber operation … the Secretary shall ensure, to the maximum extent practicable, that the congressional defense committees are notified immediately of the sensitive military cyber operation concerned."

The bill specifically exempts from the notification requirement "a training exercise conducted with the consent of all nations where the intended effects of the exercise will occur," or covert actions under Title 50.

In addition to requiring notification of cyber operations, the bill calls for details on cyber weapons, including information on whether such cyber weapons comport with international law under DOD's internal rules.