The Senate Armed Services Committee this week added a cybersecurity "act of war" provision to its fiscal year 2017 defense authorization bill, requiring the president to "develop a policy for determining when an action carried out in cyberspace constitutes an act of war against the United States."
As our colleagues at Inside Cybersecurity report:
The committee completed its closed-door markup of the National Defense Authorization Act on Thursday and will soon release the contents of the bill.
But sources close to Sens. Mike Rounds (R-SD) and Angus King (I-ME) – sponsors of the "act of war" proposal – confirmed the provision was added to the defense bill.
"The bill includes language similar to legislation authored by Senators King and Mike Rounds that would require the Administration to develop a policy to determine when a cyber-attack constitutes an act of war," King's office said in a statement.
The proposal has stirred up some criticism – James Lewis of the Center for Strategic and International Studies this week said defining a cyber incident as an act of war "is not a very helpful line to draw."
Rounds said the proposal would not require a rigid definition of acts in cyberspace that constitute an act of war, but would help the government formulate a forward-looking policy that could "go from administration to administration."
"Do it now before we have an emergency situation," he said. "Let the bad actors know that if they cross certain red lines . . . there will be repercussions."