From the Document: "If the military is supposed to protect the United States and its citizens from security threats, what is its role in defending America's public and private IT [information technology] systems and data? While not all aspects of this question are fully resolved, Congress has been actively involved [hyperlink] in clarifying the U.S. Department of Defense's (DOD) authorities, processes, and mechanisms for ensuring adequate oversight and transparency and in defining substantive limitations on military cyber operations. Much of the legislation has specified how the existing legal framework that has governed the conduct of traditional military activities applies to cyberspace. While this is a rich and complex topic, there are two basic points useful to understand. First, the military is not in the lead. While DOD (primarily, though not exclusively, through U.S. Cyber Command) has a significant role in defending U.S. interests against cyberattacks, the U.S. Department of Homeland Security (DHS) is the lead responsible agency. Second, the military's plan is to play cyber defense with a strong offense. In 2018, with congressional encouragement, DOD issued a cyber strategy [hyperlink] pledging to 'defend forward to disrupt or halt malicious cyber activity at its source."
Stennis Center for Public Service: https://stennis.gov/