The Senate’s annual defense bill puts the Secretary of Defense on the hook for a plan on the U.S.’ “cyber hunt forward operations,” a strategy ostensibly outlined by National Security Presidential Memorandum 13, which governs offensive cyber operations and had not been seen by members of congressional defense committees for months after its 2018 adoption.
Section 1612 of the Senate Armed Services Committee draft of the National Defense Authorization Act (NDAA) requires the Secretary of Defense to “develop a standard, comprehensive framework to enhance the consistency, execution, and effectiveness of cyber hunt forward operations.” The framework is due by February 1 and the bill requires the Secretary to brief the congressional defense committees on the framework by March 1, 2021.
The General Counsel of the Department of Defense Paul Ney Jr. articulated the department’s “defend forward” strategy in a speech last March. “We will defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict,” Ney said.
The framework is required to include the “identification of the selection criteria for proposed hunt forward operations, including specification of necessary thresholds for the justification.”
The roles and responsibilities for supporting “the planning and execution of hunt forward operations” are also required for several organizations, including U.S. Cyber Command, the services’ cyber components, the Office of the Under Secretary of Defense for Policy, and U.S. embassies and consulates.
The bill requires the framework to have “metrics to measure the effectiveness of each operation.” Rep. Jim Langevin, D-R.I., said in March he would “continue to press the Administration for meaningful metrics for success that go beyond simply the number of operations conducted.” The framework requires metrics to “evaluate the value of discovered malware and infrastructure” as well as metrics to measure “the effect on the adversary.”
The Secretary of Defense is required to provide an overview of the framework in the congressional briefings and provide recommendations for legislative action to improve “the effectiveness of hunt forward missions.”
The House Armed Services Committee’s Subcommittee on Intelligence and Emerging Threats, which Langevin chairs, did not include a similar provision in its markup, which advanced on June 22. The full committee’s markup is scheduled for July 1. The bills passed by the two chambers will then enter a reconciliation process. Last year’s NDAA was not signed into law until December 20.
