To amend title 10, United States Code, to require congressional notification concerning sensitive military cyber operations and cyber weapons, and for other purposes.

This bill instructs the Department of Defense (DOD) to notify the congressional defense committees within 48 hours after any sensitive military cyber operation has been conducted.

A sensitive military cyber operation is an offensive cyber operation or a defensive cyber operation outside DOD's information networks to defeat an ongoing or imminent threat that: (1) is carried out by the U.S. Armed Forces or by a foreign partner in coordination with them, and (2) is intended to cause effects outside of a geographic location where the Armed Forces are involved in hostilities.

DOD must also notify such committees within 48 hours after: (1) the completion of any review of the legality under international law of a cyber capability that is intended for use as a weapon; and (2) the use as a weapon of any cyber capability that has been approved under international law.

Such notification requirements shall not apply to: (1) a training exercise conducted with the consent of all of the nations where its intended effects will occur, or (2) a covert action.