September 2, 2018 at
Both the US House of Representatives and the US Senate have now introduced bills that would require the president to implement consequences against hackers not residing in the United States. Although the House bill (H.R. 5576) was introduced back in April 2018, the Senate has now introduced its own bill this week. The bill has been titled the Cyber Deterrence and Response Act (SS 3378) and is sponsored by Senator Cory Gardner, a Republican from Colorado and Senator Chris Coons, a Democrat from Delaware. The companion bills both appear to have bipartisan support.
Basis for the Bills
It is no secret that the United States has come under significant cyber attack within the last several years. References in the recent Senate bill include the allegation against Chinese hackers for their attacks on US companies and the allegation against Iranian hackers for cyber attacks against as many as 46 financial institutions. Both investigations resulted in charges. Most recently, much attention has been given to the alleged meddling in US election processes.
There has been some criticism that the current administration is not devoting enough attention to the issue. The National Infrastructure Advisory Council (NIAC) stepped down from its advisory role relating to cybersecurity issues over a year ago. It referenced insufficient attention to growing threats, including US election processes. In addition, John Bolton, President Trump’s national security advisor, eliminated the cybersecurity advisor position. President Trump has also issued executive orders that remove guidelines regarding cybersecurity implemented by the prior administration.
Senator Gardner had the following to say:
This bipartisan legislation is another step that Congress and the Administration can take to deter foreign actors from carrying out cyberattacks against the United States. Our legislation will help provide additional tools for the Administration to impose significant costs against malicious cyber actors, including state-sponsored actors, around the world that aim to endanger US national security and our economy.
Sanctions Under the Proposed Legislation
In May 2018 the State Department made a recommendation to President Trump that included the importance of developing a, “…menu of consequences that the United States can swiftly impose following a significant cyber incident…”
The newly introduced Senate bill also focuses on the importance of consequences, which can include financial sanctions such as blocking US loans, investments and other business related actions, and denying security assistance. The president must also publish the identity of any individual or agency that knowingly participates in an attack in the Federal Register. The Department of Justice has also recently adopted a policy that includes public disclosure of activity relating to election tampering.
The proposed legislation allows the president some discretion to implement sanctions. However, a deviation must be based upon a concern for national security or law enforcement. In addition, Congress must be informed of the identification of those posing the threat and the basis for a deviation from stated sanctions.