Washington, D.C. – The House today passed the Cyber Deterrence and Response Act of 2018 (H.R. 5576) to addresses state-sponsored cyber activities against the United States. Specifically, the bipartisan legislation protects our economy, elections, and critical infrastructure from state-sponsored malicious cyber activity by establishing a framework to deter and respond to future cyber attacks against the United States.

On the House floor prior to the vote, Chairman Royce delivered the following remarks (as prepared for delivery):

“In recent years, foreign adversaries have developed sophisticated cyber capabilities that can disrupt our networks, threaten our critical infrastructure, harm our economy and undermine our elections.

Malicious cyber activity topped the Director of National Intelligence’s list of worldwide threats in 2018 – ahead of terrorism and weapons of mass destruction. In testimony before Congress, Director Coats stated, ‘Frankly, the United States is under attack.’

A report by the White House Council of Economic Advisors estimates that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016 alone.

But it’s not just the economic cost of cyber incidents that we should worry about. There are real, physical costs to these online attacks as well. Last year’s ‘Wannacry’ cyberattack by the North Korean regime compromised the U.K.’s health care sector.

And in 2016, Russian cyber actors attempted to interfere in our election – an assault on our very democracy. These attacks continue today.

Despite the gravity of this threat, the U.S. continues to lack a unified framework to deter and respond to state-sponsored cyber activities.

I applaud Representative Yoho and Ranking Member Engel for introducing the Cyber Deterrence and Response Act, which establishes a framework for deterring and responding to state-sponsored malicious cyber activity against the United States.

Consistent with the State Department’s recommendation to the president on deterrence in cyberspace, this bill will ensure swift, powerful and transparent consequences against bad actors online.

Specifically, this bill requires the president to designate as a ‘critical cyber threat actor’ each foreign person or agency of a foreign state that the president determines is responsible for state-sponsored cyber activities that pose a significant threat to the national security, foreign policy, economic health or financial stability of the United States.

In effect, this would codify America’s longstanding unofficial policy of naming and shaming bad actors in cyberspace.

Further, this bill would require the president to impose sanctions from a menu of options against any critical cyber threat actor.

Finally, the bill calls on the president to coordinate designations and sanctions with our allies and partners to maximize their effectiveness. The secretary of state is to lead an international diplomatic initiative to deter state-sponsored cyber activities and provide mutual support to our allies and partners to respond to malicious cyber incidents.

This legislation will put countries like Iran, North Korea and Russia on notice that the United States is prepared to impose tough consequences for cyber attacks.”

###