The Cyber Act of War Act: A Proposal for a Problem the Law Can’t Fix In a Wall Street Journal op-ed this week, Senator Mike Rounds argued the United States urgently needs “a clear and concise definition of when an attack in cyberspace constitutes an act of war.” To produce this definition, Rounds introduced the “Cyber Act of War Act” to remove “dangerous ambiguity” in U.S. policy and better prepare the United States “to respond to cyberattacks and better deter bad actors from attempting an attack on the U.S. in the first place.” Unfortunately for Rounds, his proposal would neither produce the definition he believes is critical nor advance policy from where it presently stands. Although Senator Rounds stresses the need for a clear and concise definition of a cyber act of war, the bill does not mandate the government produce such a definition. The proposed legislation would require the president to “develop a policy for determining when an action carried out in cyberspace constitutes an act of war against the United States.” This obligation is procedural—establish a process for deciding when a cyber incident crosses into warfare. Developing this process would not necessarily produce a clear and concise definition of a cyber act of war. In developing a policy process, the bill instructs the president to consider how “a cyberattack may be equivalent to the effects of an attack using conventional weapons, including with respect to physical destruction or casualties” and “intangible effects of significant scope, intensity, or duration.” Application of these criteria would not produce a clear and concise definition. What the bill proposes is a process that evaluates cyber incidents on a case-by-case basis using relevant considerations. [..] <http://blogs.cfr.org/cyber/2016/05/12/the-cyber-act-of-war-act-a-proposal-fo...>