Content area
Full Text
ABSTRACT
When it comes to warfare, cyberspace is the final frontier. To increase military operations in cyberspace, the federal government looks to private contractors to help modernize its capabilities. In 2016, U.S. Cyber Command awarded a five-year contract to several private contractors to aid in that modernization effort, which included development, delivery, and preparation of targeted offensive operations. However, the contractors' level of participation exposes them to lawful counterattacks because contractors may be designated as combatants under international law. These counterattacks may expand beyond cyber actions so long as they meet the principles of necessity and proportionality. To ensure that contractors are not classified as designated combatants, this Note proposes to (1) amend the Special Maritime and Territorial Jurisdiction Statute to include cyberspace, (2) define "inherently governmental function" to include tasks involved in the preparation or execution of combat operations, and (3) extend reporting requirements to include each cyber contractor's involvement in executed cyber operations. Together, these solutions will insulate contractors from crossing the threshold into being labeled as combatants in the context of adversary states' self-defense.
I. INTRODUCTION
Over the past several years, the U.S. military's cybersecurity strategy has shifted from focusing primarily on defense to including offensive cyber operations.1 The 2018 summary of the Department of Defense's (DoD) Cyber Strategy outlines U.S. policy on engaging in offensive cyber operations to "defend forward" in collaboration with private sector partners, which includes outsourcing the development and operation of offensive tools.2 The use of offensive cyber tools raises questions about what should be outsourced in compliance with our legal framework of an "inherently governmental function"3 and international law.
In 2016, U.S. Cyber Command (CYBERCOM) awarded six companies a potential $460 million multiple-award contract to support defensive and offensive cyber operations such as "scuttling an adversary's air traffic control, nuclear operations and other critical infrastructure systems."4 The $460 million project would "outsource to industry all command mission support activities, including 'cyber fires' planning, as well as 'cyberspace joint munitions' assessments."5 The government defines cyber fires as the active use of cyber weapons against opponents.6
While contracts for these types of services are usually classified, the contractor companies' websites provide hints on what the work entails.7 Tim Maurer, Co-Director and Fellow of the Cyber Policy Initiative at...