By Sean Lyngaas
The Cyber Deterrence and Response Act put forth by Rep. Ted Yoho, R-Fla., calls on the president to identify individuals and organizations engaged in state-sponsored hacking that significantly threatens U.S. interests, and then to impose one or more of a slew of sanctions on them.
That “naming and shaming” approach is an effort to ward off future cyberattacks from China, Russia, Iran, and North Korea — four countries that U.S. officials routinely label as top adversaries in cyberspace.
The bill, which passed the House by voice vote, also calls for a uniform list of foreign hacking groups to be published on the Federal Register. Sen. Cory Gardner, R-Colo., last month introduced companion legislation in the Senate.
“Our foreign adversaries have developed sophisticated cyber capabilities that disrupt our networks, threaten our critical infrastructure, harm our economy, and undermine our elections,” Yoho said in a statement. “Collectively, we must do more to combat this digital menace.”
Rep. Jim Langevin, D-R.I., co-founder of the Congressional Cybersecurity Caucus, said the bill is an “important step forward in recognizing that cyberthreats are the new weapon of choice for states who seek to sow discord and engage in conflict below the threshold of war.”
Lawmakers have long urged the executive branch to delineate a cyber deterrence strategy after high-profile breaches of the Office of Personnel Management in 2015 and the Democratic National Committee in 2016.
In response to the demand for a deterrence strategy, the State Department in May recommended that the U.S. government develop a broader set of consequences that can be imposed on adversaries to deter cyberattacks.
Washington should work with allies to inflict “swift, costly, and transparent consequences” on foreign governments that use “significant” malicious cyber activity to harm U.S. interests, the unclassified version of the State Department report says.
Officials such as Vice President Mike Pence and Homeland Secretary Kirstjen Nielsen have touted the administration’s efforts to crack down on foreign hackers. “[T]his administration is replacing complacency with consequences, replacing nations’ deniability with accountability,” Nielsen said in a speech Wednesday.