Cyber Operations Authorities

Cyber operations present unique challenges to military operators. I will keep it simple.

How can you hurt someone or break something lawfully? Seriously. That is the fundamental question. Once you understand that, the authorities piece gets easier.

Consider. Law enforcement can intrude on one’s privacy and even use deadly force upon proper justification. The same is true for the military under Rules of Engagement or Standing Rules for the Use of Force.

Cyber presents unique challenges because it occupies a public/private battle space. Different legal schemes may apply in parallel or series.

Here are the fundamentals. Interfering with a computer system is by default a crime under US law. Military assets operating under Title 10 can do so with proper mission. These are offensive cyber operations.

Defensive cyber operations may be conducted under Title 10 by the active component or the reserve component in that status, under Title 32 by National Guard assets of the component, or under state law by National Guard assets in state active duty.

The primary mission of defensive cyber operations is to protect the DODIN. After this, the objective is to protect mission forces, and then critical infrastructure. In harmony with the primary function of the reserve component being training and readiness, training is generally the objective of defensive cyber operations by the National Guard. However, authorities exist for such training to have an operational benefit. The devil is in the details of how training and operations are balanced—always the challenge when crafting Guard operations.

See. That wasn’t so hard, was it?

Sorry. Kidding. More to follow on specific authorities on how this is done, along with gems and reading on all aspects of cyber operations.