§394. Authorities concerning military cyber operations
(a)
(b)
(c)
(d)
(e)
(f)
(1) The term "clandestine military activity or operation in cyberspace" means a military activity or military operation carried out in cyberspace, or associated preparatory actions, authorized by the President or the Secretary that-
(A) is marked by, held in, or conducted with secrecy, where the intent is that the activity or operation will not be apparent or acknowledged publicly; and
(B) is to be carried out-
(i) as part of a military operation plan approved by the President or the Secretary in anticipation of hostilities or as directed by the President or the Secretary;
(ii) to deter, safeguard, or defend against attacks or malicious cyber activities against the United States or Department of Defense information, networks, systems, installations, facilities, or other assets; or
(iii) in support of information related capabilities.
(2) The term "foreign power" has the meaning given such term in section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801).
(3) The term "United States person" has the meaning given such term in such section.
(Added
Editorial Notes
References in Text
The War Powers Resolution, referred to in subsecs. (b) and (e), is
The Authorization for Use of Military Force, referred to in subsec. (e), is
Amendments
2018-
Statutory Notes and Related Subsidiaries
Authority for Countering Illegal Trafficking by Mexican Transnational Criminal Organizations in Cyberspace
"(a)
"(1) Smuggling of illegal drugs, controlled substances, or precursors thereof.
"(2) Human trafficking.
"(3) Weapons trafficking.
"(4) Other illegal activities.
"(b)
Management of Data Assets by Chief Digital and Artificial Intelligence Officer
"(a)
"(b)
"(1) develop a baseline of data assets exclusive to foreign key terrain and relational frameworks in cyberspace maintained by the intelligence agencies of the Department of Defense, the military departments, the combatant commands, and any other components of the Department of Defense;
"(2) develop and oversee the implementation of plans to enhance such data assets that the Chief Digital and Artificial Intelligence Officer determines are essential to support the purposes set forth in subsection (a); and
"(3) ensure that such activities and plans are undertaken in cooperation and in coordination with the Assistant to the Secretary of Defense for Privacy, Civil Liberties, and Transparency, to ensure that any data collection, procurement, acquisition, use, or retention measure conducted pursuant to this section is in compliance with applicable laws and regulations, including standards pertaining to data related to United States persons or any persons in the United States.
"(c)
"(1) designate or establish one or more Department of Defense executive agents for enhancing data assets and the acquisition of data analytic tools for users;
"(2) ensure that data assets referred to in subsection (b) that are in the possession of a component of the Department of Defense are accessible for the purposes described in subsection (a); and
"(3) ensure that advanced analytics, including artificial intelligence technology, are developed and applied to the analysis of the data assets referred to in subsection (b) in support of the purposes described in subsection (a).
"(d)
"(e)
"(f)
"(1) the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives];
"(2) the Permanent Select Committee on Intelligence of the House of Representatives; and
"(3) the Select Committee on Intelligence of the Senate."
Protection of Critical Infrastructure
"(a)
"(b)
"(c)
Operational Technology and Mission-Relevant Terrain in Cyberspace
"(a)
"(1) decomposition of missions reliant on such Assets;
"(2) identification of access vectors;
"(3) internal and external dependencies;
"(4) topology of networks and network segments;
"(5) cybersecurity defenses across information and operational technology on such Assets; and
"(6) identification of associated or reliant weapon systems.
"(b)
"(1) internal combatant command processes, responsibilities, and functions;
"(2) coordination with service components under their operational control, United States Cyber Command, Joint Forces Headquarters-Department of Defense Information Network, and the service cyber components;
"(3) combatant command headquarters' situational awareness posture to ensure an appropriate level of cyber situational awareness of the forces, facilities, installations, bases, critical infrastructure, and weapon systems under their control or in their areas of responsibility, including, in particular, Defense Critical Assets and Task Critical Assets; and
"(4) documentation of their mission-relevant terrain in cyberspace.
"(c)
"(1)
"(2)
"(3)
"(A) are implementable by components of the Department;
"(B) limit adversaries' ability to reach or manipulate control systems through cyberspace;
"(C) appropriately balance non-connectivity and monitoring requirements;
"(D) include data collection and flow requirements;
"(E) interoperate with and are informed by the operational community's workflows for defense of information and operational technology in the forces, facilities, installations, bases, critical infrastructure, and weapon systems across the Department;
"(F) integrate and interoperate with Department mission assurance construct; and
"(G) are implemented with respect to Defense Critical Assets and Task Critical Assets.
"(d)
"(1) has appropriate visibility of operational technology in the forces, facilities, installations, bases, critical infrastructure, and weapon systems across the Department of Defense Information Network, including, in particular, Defense Critical Assets and Task Critical Assets;
"(2) can effectively command and control forces to defend such operational technology; and
"(3) has established processes for-
"(A) incident and compliance reporting;
"(B) ensuring compliance with Department of Defense cybersecurity policy; and
"(C) ensuring that cyber vulnerabilities, attack vectors, and security violations, including, in particular, those specific to Defense Critical Assets and Task Critical Assets, are appropriately managed.
"(e)
"(1) ensure in its role of Joint Forces Trainer for the Cyberspace Operations Forces that operational technology cyber defense is appropriately incorporated into training for the Cyberspace Operations Forces;
"(2) delineate the specific force composition requirements within the Cyberspace Operations Forces for specialized cyber defense of operational technology, including the number, size, scale, and responsibilities of defined Cyber Operations Forces elements;
"(3) develop and maintain, or support the development and maintenance of, a joint training curriculum for operational technology-focused Cyberspace Operations Forces;
"(4) support the Chief Information Officer of the Department of Defense as the Department's senior official for the cybersecurity of operational technology under this section;
"(5) develop and institutionalize, or support the development and institutionalization of, tradecraft for defense of operational technology across local defenders, cybersecurity service providers, cyber protection teams, and service-controlled forces;
"(6) develop and institutionalize integrated concepts of operation, operational workflows, and cybersecurity architectures for defense of information and operational technology in the forces, facilities, installations, bases, critical infrastructure, and weapon systems across the Department of Defense Information Network, including, in particular, Defense Critical Assets and Task Critical Assets, including-
"(A) deliberate and strategic sensoring of such Network and Assets;
"(B) instituting policies governing connections across and between such Network and Assets;
"(C) modelling of normal behavior across and between such Network and Assets;
"(D) engineering data flows across and between such Network and Assets;
"(E) developing local defenders, cybersecurity service providers, cyber protection teams, and service-controlled forces' operational workflows and tactics, techniques, and procedures optimized for the designs, data flows, and policies of such Network and Assets;
"(F) instituting of model defensive cyber operations and Department of Defense Information Network operations tradecraft; and
"(G) integrating of such operations to ensure interoperability across echelons; and
"(7) advance the integration of the Department of Defense's mission assurance, cybersecurity compliance, cybersecurity operations, risk management framework, and authority to operate programs and policies.
"(f)
"(1) ensure that relevant local network and cybersecurity forces are responsible for defending operational technology across the forces, facilities, installations, bases, critical infrastructure, and weapon systems, including, in particular, Defense Critical Assets and Task Critical Assets;
"(2) ensure that relevant local operational technology-focused system operators, network and cybersecurity forces, mission defense teams and other service-retained forces, and cyber protection teams are appropriately trained, including through common training and use of cyber ranges, as appropriate, to execute the specific requirements of cybersecurity operations in operational technology;
"(3) ensure that all Defense Critical Assets and Task Critical Assets are monitored and defended by Cybersecurity Service Providers;
"(4) ensure that operational technology is appropriately sensored and appropriate cybersecurity defenses, including technologies associated with the More Situational Awareness for Industrial Control Systems Joint Capability Technology Demonstration, are employed to enable defense of Defense Critical Assets and Task Critical Assets;
"(5) implement Department of Defense Chief Information Officer policy germane to operational technology, including, in particular, with respect to Defense Critical Assets and Task Critical Assets;
"(6) plan for, designate, and train dedicated forces to be utilized in operational technology-centric roles across the military services and United States Cyber Command; and
"(7) ensure that operational technology, as appropriate, is not easily accessible via the internet and that cybersecurity investments accord with mission risk to and relevant access vectors for Defense Critical Assets and Task Critical Assets.
"(g)
"(1) assess and finalize Office of the Secretary of Defense components' roles and responsibilities for the cybersecurity of operational technology in the forces, facilities, installations, bases, critical infrastructure, and weapon systems across the Department of Defense Information Network;
"(2) assess the need to establish centralized or dedicated funding for remediation of cybersecurity gaps in operational technology across the Department of Defense Information Network;
"(3) make relevant modifications to the Department of Defense's mission assurance construct, Mission Assurance Coordination Board, and other relevant bodies to drive-
"(A) prioritization of kinetic and non-kinetic threats to the Department's missions and minimization of mission risk in the Department's war plans;
"(B) prioritization of relevant mitigations and investments to harden and assure the Department's missions and minimize mission risk in the Department's war plans; and
"(C) completion of mission relevant terrain mapping of Defense Critical Assets and Task Critical Assets and population of associated assessment and mitigation data in authorized repositories;
"(4) make relevant modifications to the Strategic Cybersecurity Program; and
"(5) drive and provide oversight of the implementation of this section.
"(h)
"(1)
"(2)
"(i)
"(1)
"(2)
Framework for Cyber Hunt Forward Operations
"(a)
"(b)
"(1) Identification of the selection criteria for proposed cyber hunt forward operations, including specification of necessary thresholds for the justification of operations and thresholds for partner cooperation.
"(2) The roles and responsibilities of the following organizations in the support of the planning and execution of cyber hunt forward operations:
"(A) United States Cyber Command.
"(B) Service cyber components.
"(C) The Office of the Under Secretary of Defense for Policy.
"(D) Geographic combatant commands.
"(E) Cyber Operations-Integrated Planning Elements and Joint Cyber Centers.
"(F) Embassies and consulates of the United States.
"(3) Pre-deployment planning guidelines to maximize the operational success of each unique operation, including guidance that takes into account the highly variable nature of the following aspects at the tactical level:
"(A) Team composition, including necessary skillsets [sic], recommended training, and guidelines on team size and structure.
"(B) Relevant factors to determine mission duration in a country of interest.
"(C) Agreements with partner countries required pre-deployment.
"(D) Criteria for potential follow-on operations.
"(E) Equipment and infrastructure required to support the missions.
"(4) Metrics to measure the effectiveness of each operation, including means to evaluate the value of discovered malware and infrastructure, the effect on the adversary, and the potential for future engagements with the partner country.
"(5) Roles and responsibilities for United States Cyber Command and the National Security Agency in the analysis of relevant mission data.
"(6) A detailed description of counterintelligence support for cyber hunt forward operations.
"(7) A standardized force presentation model across service components and combatant commands.
"(8) Review of active and reserve component personnel policies to account for deployment and redeployment operations, including the following:
"(A) Global Force Management.
"(B) Contingency, Exercise, and Deployment orders to be considered for and applied towards deployment credit and benefits.
"(9) Such other matters as the Secretary determines relevant.
"(c)
"(1)
"(2)
"(A) An overview of the framework developed pursuant to subsection (a).
"(B) An explanation of the tradeoffs associated with the use of Department of Defense resources for cyber hunt forward missions in the context of competing priorities.
"(C) Such recommendations as the Secretary may have for legislative action to improve the effectiveness of cyber hunt forward missions."
Tailored Cyberspace Operations Organizations
"(a)
"(1)
"(2)
"(A) An examination of NCWDG's structure, manning, authorities, funding, and operations.
"(B) A review of organizational relationships-
"(i) within the Navy; and
"(ii) to other Department of Defense organizations, as well as non-Department of Defense organizations.
"(C) Recommendations for how the NCWDG can be strengthened and improved, without growth in size.
"(D) Such other information as determined necessary or appropriate by the Secretary of the Navy.
"(3)
"(A)
"(B)
"(b)
"(c)
"(d)
"(1) the utilization of the authority provided pursuant to subsection (c); and
"(2) if appropriate based on such utilization, details on how the military service, respectively, of each such secretary intends to establish tailored cyberspace operations organizations.
"(e)
"(1) the value of the study to the Navy Cyber Warfare Development Group and to the Navy;
"(2) any recommendations not considered or included as part of the study;
"(3) the implementation of subsection (b); and
"(4) other matters as determined by the Commanding Officer.
"(f)
"(g)
"(1) An assessment of whether such authorities shall be conferred on the 90th Cyberspace Operations Squadron of the Air Force.
"(2) A consideration of whether the 90th Cyberspace Operations Squadron should be designated a controlled tour, as defined by the Secretary."
Notification of Delegation of Authorities to the Secretary of Defense for Military Operations in Cyberspace
"(a)
"(1) Authorities delegated to the Secretary by the President for military operations in cyberspace that are otherwise held by the National Command Authority, not later than 15 days after any such delegation. A notification under this paragraph shall include a description of the authorities delegated to the Secretary.
"(2) Concepts of operations approved by the Secretary pursuant to delegated authorities described in paragraph (1), not later than 15 days after any such approval. A notification under this paragraph shall include the following:
"(A) A description of authorized activities to be conducted or planned to be conducted pursuant to such authorities.
"(B) The defined military objectives relating to such authorities.
"(C) A list of countries in which such authorities may be exercised.
"(D) A description of relevant orders issued by the Secretary in accordance with such authorities.
"(b)
"(1)
"(2)
"(3)
Annual Military Cyberspace Operations Report
"(a)
"(1) An identification of the objective and purpose.
"(2) Descriptions of the impacted countries, organizations, or forces, and nature of the impact.
"(3) A description of methodologies used for the cyber effects operation or cyber effects enabling operation.
"(4) An identification of the Cyber Mission Force teams, or other Department of Defense entity or units, that conducted such operation, and supporting teams, entities, or units.
"(5) An identification of the infrastructures on which such operations occurred.
"(6) A description of relevant legal, operational, and funding authorities.
"(7) Additional costs beyond baseline operations and maintenance and personnel costs directly associated with the conduct of the cyber effects operation or cyber effects enabling operation.
"(8) Any other matters the Secretary determines relevant.
"(b)
"(c)
Policy of the United States on Cyberspace, Cybersecurity, Cyber Warfare, and Cyber Deterrence
"(a)
"(1) cause casualties among United States persons or persons of United States allies;
"(2) significantly disrupt the normal functioning of United States democratic society or government (including attacks against critical infrastructure that could damage systems used to provide key services to the public or government);
"(3) threaten the command and control of the Armed Forces, the freedom of maneuver of the Armed Forces, or the industrial base or other infrastructure on which the United States Armed Forces rely to defend United States interests and commitments; or
"(4) achieve an effect, whether individually or in aggregate, comparable to an armed attack or imperil a vital interest of the United States.
"(b)
"(c)
"(d)
"(e)
"(f)
"(1)
"(2)
"(A) An assessment of the current posture in cyberspace, including assessments of-
"(i) whether past responses to major cyber attacks have had the desired deterrent effect; and
"(ii) how adversaries have responded to past United States responses.
"(B) Updates on the Administration's efforts in the development of-
"(i) cost imposition strategies;
"(ii) varying levels of cyber incursion and steps taken to date to prepare for the imposition of the consequences referred to in clause (i); and
"(iii) the Cyber Deterrence Initiative.
"(C) Information relating to the Administration's plans, including specific planned actions, regulations, and legislative action required, for-
"(i) advancing technologies in attribution, inherently secure technology, and artificial intelligence society-wide;
"(ii) improving cybersecurity in and cooperation with the private sector;
"(iii) improving international cybersecurity cooperation; and
"(iv) implementing the policy referred to in paragraph (1), including any realignment of government or government responsibilities required, writ large.
"(f) [probably should be "(g)"]
"(g) [probably should be "(h)"]
"(1)
"(A) the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives];
"(B) the Permanent Select Committee on Intelligence of the House of Representatives;
"(C) the Select Committee on Intelligence of the Senate;
"(D) the Committee on Foreign Affairs, the Committee on Homeland Security, and the Committee on the Judiciary of the House of Representatives; and
"(E) the Committee on Foreign Relations, the Committee on Homeland Security and Governmental Affairs, and the Committee on the Judiciary of the Senate.
"(2)
"(a)
"(1) develop a national policy for the United States relating to cyberspace, cybersecurity, and cyber warfare; and
"(2) submit to the appropriate congressional committees a report on the policy.
"(b)
"(1) Delineation of the instruments of national power available to deter or respond to cyber attacks or other malicious cyber activities by a foreign power or actor that targets United States interests.
"(2) Available or planned response options to address the full range of potential cyber attacks on United States interests that could be conducted by potential adversaries of the United States.
"(3) Available or planned denial options that prioritize the defensibility and resiliency against cyber attacks and malicious cyber activities that are carried out against infrastructure critical to the political integrity, economic security, and national security of the United States.
"(4) Available or planned cyber capabilities that may be used to impose costs on any foreign power targeting the United States or United States persons with a cyber attack or malicious cyber activity.
"(5) Development of multi-prong response options, such as-
"(A) boosting the cyber resilience of critical United States strike systems (including cyber, nuclear, and non-nuclear systems) in order to ensure the United States can credibly threaten to impose unacceptable costs in response to even the most sophisticated large-scale cyber attack;
"(B) developing offensive cyber capabilities and specific plans and strategies to put at risk targets most valued by adversaries of the United States and their key decision makers; and
"(C) enhancing attribution capabilities and developing intelligence and offensive cyber capabilities to detect, disrupt, and potentially expose malicious cyber activities.
"(c)
"(1)
"(2)
"(A) the White House Communication Agency; and
"(B) the White House Situation Support Staff.
"(d)
"(1) The term 'foreign power' has the meaning given that term in section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801).
"(2) The term 'appropriate congressional committees' means-
"(A) the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives];
"(B) the Committee on Foreign Affairs, the Committee on Homeland Security, and the Committee on the Judiciary of the House of Representatives; and
"(C) the Committee on Foreign Relations, the Committee on Homeland Security and Governmental Affairs, and the Committee on the Judiciary of the Senate."
Active Defense Against the Russian Federation, People's Republic of China, Democratic People's Republic of Korea, and Islamic Republic of Iran Attacks in Cyberspace
"(a)
"(1)
"(2)
"(A)
"(B)
"(i)
"(ii)
"(b)
"(c)
"(1) the scope and intensity of the information operations and attacks through cyberspace by the countries specified in subsection (a)(1) against the government or people of the United States observed by the cyber mission forces of the United States Cyber Command and the National Security Agency; and
"(2) adjustments of the Department of Defense in the response directed or recommended by the Secretary with respect to such operations and attacks.
"(d)
"(1) limit the authority of the Secretary to conduct military activities or operations in cyberspace, including clandestine activities or operations in cyberspace; or
"(2) affect the War Powers Resolution (
Pilot Program To Model Cyber Attacks on Critical Infrastructure
"(a)
"(1)
"(2)
"(b)
"(1) The development and demonstration of risk analysis methodologies, and the application of commercial simulation and modeling capabilities, based on artificial intelligence and hyperscale cloud computing technologies, as applicable-
"(A) to assess defense critical infrastructure vulnerabilities and interdependencies to improve military resiliency;
"(B) to determine the likely effectiveness of attacks described in subsection (a)(1), and countermeasures, tactics, and tools supporting responsive military homeland defense operations;
"(C) to train personnel in incident response;
"(D) to conduct exercises and test scenarios;
"(E) to foster collaboration and learning between and among departments and agencies of the Federal Government, State and local governments, and private entities responsible for critical infrastructure; and
"(F) improve intra-agency and inter-agency coordination for consideration and approval of requests for defense support to civil authorities.
"(2) The development and demonstration of the foundations for establishing and maintaining a program of record for a shared high-fidelity, interactive, affordable, cloud-based modeling and simulation of critical infrastructure systems and incident response capabilities that can simulate complex cyber and physical attacks and disruptions on individual and multiple sectors on national, regional, State, and local scales.
"(c)
"(1)
"(2)
"(A) A description of the results of the pilot program as of the date of the report.
"(B) A description of the risk analysis methodologies and modeling and simulation capabilities developed and demonstrated pursuant to the pilot program, and an assessment of the potential for future growth of commercial technology in support of the homeland defense mission of the Department of Defense.
"(C) Such recommendations as the Secretary considers appropriate regarding the establishment of a program of record for the Department on further development and sustainment of risk analysis methodologies and advanced, large-scale modeling and simulation on critical infrastructure and cyber warfare.
"(D) Lessons learned from the use of novel risk analysis methodologies and large-scale modeling and simulation carried out under the pilot program regarding vulnerabilities, required capabilities, and reconfigured force structure, coordination practices, and policy.
"(E) Planned steps for implementing the lessons described in subparagraph (D).
"(F) Any other matters the Secretary determines appropriate."
Identification of Countries of Concern Regarding Cybersecurity
"(a)
"(1) A foreign government's activities that pose force protection or cybersecurity risk to the personnel, financial systems, critical infrastructure, or information systems of the United States or coalition forces.
"(2) A foreign government's willingness and record of providing financing, logistics, training or intelligence to other persons, countries or entities posing a force protection or cybersecurity risk to the personnel, financial systems, critical infrastructure, or information systems of the United States or coalition forces.
"(3) A foreign government's engagement in foreign intelligence activities against the United States for the purpose of undermining United States national security.
"(4) A foreign government's knowing participation in transnational organized crime or criminal activity.
"(5) A foreign government's cyber activities and operations to affect the supply chain of the United States Government.
"(6) A foreign government's use of cyber means to unlawfully or inappropriately obtain intellectual property from the United States Government or United States persons.
"(b)
"(c)
Quadrennial Comprehensive Cyber Posture Review
"(a)
"(b)
"(c)
"(1) The assessment and definition of the role of cyber forces in the national defense and military strategies of the United States.
"(2) Review of the following:
"(A) The role of cyber operations in combatant commander warfighting plans.
"(B) The ability of combatant commanders to respond to adversary cyber attacks.
"(C) The international partner cyber capacity-building programs of the Department.
"(3) A review of the law, policies, and authorities relating to, and necessary for, the United States to maintain a safe, reliable, and credible cyber posture for defending against and responding to cyber attacks and for deterrence in cyberspace, including the following:
"(A) An assessment of the need for further delegation of cyber-related authorities, including those germane to information warfare, to the Commander of United States Cyber Command.
"(B) An evaluation of the adequacy of mission authorities for all cyber-related military components, defense agencies, directorates, centers, and commands.
"(4) A review of the need for or for updates to a declaratory policy relating to the responses of the United States to cyber attacks of significant consequence.
"(5) A review of norms for the conduct of offensive cyber operations for deterrence and in crisis and conflict.
"(6) A review of a strategy to deter, degrade, or defeat malicious cyber activity targeting the United States (which may include activities, capability development, and operations other than cyber activities, cyber capability development, and cyber operations), including-
"(A) a review and assessment of various approaches to competition and deterrence in cyberspace, determined in consultation with experts from Government, academia, and industry;
"(B) a comparison of the strengths and weaknesses of the approaches identified pursuant to subparagraph (A) relative to the threat of each other; and
"(C) an assessment as to how the cyber strategy will inform country-specific campaign plans focused on key leadership of Russia, China, Iran, North Korea, and any other country the Secretary considers appropriate.
"(7) Identification of the steps that should be taken to bolster stability in cyberspace and, more broadly, stability between major powers, taking into account-
"(A) the analysis and gaming of escalation dynamics in various scenarios; and
"(B) consideration of the spiral escalatory effects of countries developing increasingly potent offensive cyber capabilities.
"(8) A comprehensive force structure assessment of the Cyber Operations Forces of the Department for the posture review period, including the following:
"(A) A determination of the appropriate size and composition of the Cyber Mission Forces to accomplish the mission requirements of the Department.
"(B) An assessment of the Cyber Mission Forces' personnel, capabilities, equipment, funding, operational concepts, and ability to execute cyber operations in a timely fashion.
"(C) An assessment of the personnel, capabilities, equipment, funding, and operational concepts of Cybersecurity Service Providers and other elements of the Cyber Operations Forces.
"(9) An assessment of whether the Cyber Mission Force has the appropriate level of interoperability, integration, and interdependence with special operations and conventional forces.
"(10) An evaluation of the adequacy of mission authorities for the Joint Force Provider and Joint Force Trainer responsibilities of United States Cyber Command, including the adequacy of the units designated as Cyber Operations Forces to support such responsibilities.
"(11) An assessment of the missions and resourcing of the combat support agencies in support of cyber missions of the Department.
"(12) An assessment of the potential costs, benefits, and value, if any, of establishing a cyber force as a separate uniformed service.
"(13) Any recurrent problems or capability gaps that remain unaddressed since the previous posture review.
"(14) Such other matters as the Secretary considers appropriate.
"(d)
"(1)
"(2)
"(e)