Sens. Cory Gardner (R-Colo.) and Chris Coons (D-Del.) today introduced the Cyber Deterrence and Response Act. This legislation establishes a framework to deter and respond to state-sponsored malicious cyber activity against the United States. The bipartisan bill also requires the administration to impose sanctions against all entities and persons responsible or complicit in malicious cyber activities aimed against the United States.
This act is a companion to H.R. 5576, which was introduced in the House by Rep. Ted Yoho (R-Fla.).
“This bipartisan legislation is another step that Congress and the Administration can take to deter foreign actors from carrying out cyberattacks against the United States,” said Gardner. “Our legislation will help provide additional tools for the Administration to impose significant costs against malicious cyber actors, including state-sponsored actors, around the world that aim to endanger U.S national security and our economy.”
“State-sponsored cyberattacks are a clear and persistent threat to United States,” Coons said. “Rivals like Russia, China, and Iran are enhancing their cyber capabilities and targeting our electoral process, financial system, and critical infrastructure. I’m proud to introduce the Cyber Deterrence and Response Act, which will expose and impose costs on states that try to use cyberattacks to undermine American security and prosperity.”
The Cyber Deterrence and Response Act:
- Establishes a framework to deter and respond to state-sponsored malicious cyber activity against the United States;
- Requires the President to designate as a “critical cyber threat actor” each foreign person or each agency or instrumentality of a foreign state that the President determines to be responsible for or complicit in, or have engaged in, directly or indirectly, state-sponsored cyber activities that are reasonably likely to result in, or have contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States;
- Mandates the imposition of sanctions from a menu of options against any “critical cyber threat actor”; and
- Provides an opportunity for the President to waive the imposition of sanctions and the publication of “critical cyber threat actors” on a case-by-case basis.