Monday, March 18, 2019

S 602 Introduced – Cyber Sanctions

Last month Sen. Gardner (R,CO) introduced S 602, the Cyber Deterrence and Response Act of 2019. The bill would require the President to identify foreign persons or agencies of a foreign state that are ‘critical cyber threats’ and impose sanctions on such persons or agencies. The bill is very similar to S 3378 that was introduced by Gardner during the 115th Congress; no action was taken on that bill.


This new version of the bill makes a large number of relatively minor wording and phrasing changes that would be of interest only to an English teacher. There are, however, two sanction additions found in S 602:

• Allows for the withdrawal, limitation, or suspension of non-humanitarian development assistance from the United States to the foreign state under chapter 1 of part I of the Foreign Assistance Act of 1961 {§3(b)(2)(B)}; and
Allows the President to direct Overseas Private Investment Corporation, the United States International Development Finance Corporation, or any other Federal agency not to provide assistance to a designated critical cyber threat {§3(b)(2)(D)};

Additionally, there are two procedural measures added in the latest version of the proposed bill:

• Instead of publishing a notice in the Federal Register listing the designation of a critical cyber threat, S 602 requires a report to Congress {§3(a)(2)}; and
• Spells out actions that President should take to coordinate sanctions with allies and partners of the United States {§3(g)(2)}.

Moving Forward

Both Gardner and his cosponsor {Sen. Coons (D,DE)} are influential members of the Senate Foreign Affairs Committee, the Committee to which this bill was assigned for consideration. One would normally expect that this would mean that the bill could be expected to be considered in Committee. Last session, S 3378 did not see the light of day after introduction. This may mean that the bill will face a similar fate in this session.


The most critical definition in this bill is for the term ‘state-sponsored cyber-activities’ since this is the key to determining whether a person or agency should be designated ‘a critical cyber threat’. Unfortunately, that term ‘state-sponsored cyber-activities’ is essentially defined as a cyber-activity that is state-sponsored. No attempt was made to establish a definition of ‘cyber-activity’.

No comments:

/* Use this with templates/template-twocol.html */