Last month Sen. Gardner (R,CO) introduced S 602,
the Cyber Deterrence and Response Act of 2019. The bill would require the
President to identify foreign persons or agencies of a foreign state that are
‘critical cyber threats’ and impose sanctions on such persons or agencies. The
bill is very similar to S
3378 that was introduced by Gardner during the 115th Congress;
no action was taken on that bill.
Differences
This new version of the bill makes a large number of
relatively minor wording and phrasing changes that would be of interest only to
an English teacher. There are, however, two sanction additions found in S 602:
• Allows for the withdrawal,
limitation, or suspension of non-humanitarian development assistance from the
United States to the foreign state under chapter 1 of part I of the Foreign
Assistance Act of 1961 {§3(b)(2)(B)};
and
• Allows the President to direct Overseas Private
Investment Corporation, the United States International Development Finance Corporation,
or any other Federal agency not to provide assistance to a designated critical
cyber threat {§3(b)(2)(D)};
Additionally, there are two procedural measures added in the
latest version of the proposed bill:
• Instead of publishing a notice in
the Federal Register listing the designation of a critical cyber threat, S 602
requires a report to Congress {§3(a)(2)}; and
• Spells out actions that President
should take to coordinate sanctions with allies and partners of the United
States {§3(g)(2)}.
Moving Forward
Both Gardner and his cosponsor {Sen. Coons (D,DE)} are
influential members of the Senate Foreign Affairs Committee, the Committee to
which this bill was assigned for consideration. One would normally expect that
this would mean that the bill could be expected to be considered in Committee.
Last session, S 3378 did not see the light of day after introduction. This may mean
that the bill will face a similar fate in this session.
Commentary
The most critical definition in this bill is for the term ‘state-sponsored
cyber-activities’ since this is the key to determining whether a person or agency
should be designated ‘a critical cyber threat’. Unfortunately, that term ‘state-sponsored
cyber-activities’ is essentially defined as a cyber-activity that is state-sponsored.
No attempt was made to establish a definition of ‘cyber-activity’.
Posts
No comments:
Post a Comment