In the United States, the breadth of the president’s warmaking authority has been governed by the Constitution, the Supreme Court’s jurisprudence, and, over time, historical practice; in short, the president’s powers are constrained by a welldeveloped body of US foreign relations law. But the prospect of a new kind of conflict—cyberwar—potentially challenges the existing regulatory regime, which rests on assumptions that are common to traditional, conventional war. For some, the complexities of cyberwar generate new foreign relations–law questions about the president’s authority to engage in offensive cyberoperations, and they thus necessitate a new regulatory framework. For others, cyberwar is not meaningfully different from traditional war for purposes of foreign relations law, and the extant regime regulating the president is sufficient. As it currently stands, the debate about the scope of the president’s cyberwar authority turns on arguments about cyberwar’s similarity or dissimilarity to conventional war.
This Essay argues that any claim about regulating the president’s authority to engage in cyberwar requires consideration of the United States’ cyberstrategy and the capacity and national interests of the United States’ cybercompetitors. For the United States to achieve its foreign policy goals in cyberspace, the presidentmust navigate both the internal constraints from domestic law and the external constraints from international politics. Building on previous work, the Essay provides two models with which to understand internal and external constraints and their consequences on any potential cyberwar regulation. It contends that a framework that does not consider the complex relationship between the two types of constraints might result in a regulatory regime that leaves the president overconstrained and unable to achieve US cyberpolicy goals.