The House of Representatives has passed legislation directing the president to essentially name and shame foreign hackers accused of participating in state-sponsored cyberattacks against the United States government and the nation’s most vital computer networks.
Introduced by Rep. Ted Yoho, California Republican, the Cyber Deterrence and Response Act garnered the support of 13 co-sponsors from both sides of the aisle prior to being passed by a voice vote Wednesday on Capitol Hill.
“Today we took an important step in defending our nation from foreign cyber threats,” Mr. Yoho said in statement afterwards. “Our foreign adversaries have developed sophisticated cyber capabilities that disrupt our networks, threaten our critical infrastructure, harm our economy and undermine our elections. Collectively, we must do more to combat this digital menace.”
The Cyber Deterrence and Response Act would implement a process for identifying, impeding and reacting to malicious, state-sponsored cyberattacks, according to its sponsors, effectively formalizing an official, government-wide strategy in the face of persistent attacks blamed on adversaries including Russia and North Korea.
“This bill requires the president to designate, as a critical cyber threat actor, each foreign person or each foreign agency of a foreign state that the president determines is responsible for state-sponsored cyber activities that pose a significant threat to the national security, foreign policy, economic health or financial stability of the United States,” explained Rep. Ed Royce, California Republican and the chairman of the House Foreign Affairs Committee.
“In effect, this would codify America’s longstanding unofficial policy of naming and shaming bad actors in cyberspace, and further this bill would require the president to impose sanctions from a menu of options against any critical cyber threat actor,” Mr. Royce said Wednesday in support of the bill, adding it would “ensure swift, powerful and transparent consequences against bad actors online.”
Nonetheless, some proponents of the bill argued that its measures would do relatively little to counter a constant barrage of state-sponsored cyberattacks.
“It’s a welcome effort to enhance our advance to cyberattacks, but it’s a band-aid on a bullet wound if we don’t do anything else,” said co-sponsor Rep. Eliot Engel, New York Democrat. “We need to keep doing these kinds of things. We need to let those countries that wish us ill, we have to let them know that we’re not going to just stand idly by and be a target.”
Hackers acting on behalf of foreign governments have been blamed with some of the more significant cyberattacks suffered by U.S. victims during the last several years, including the 2014 Sony hack and 2015 Office of Personnel Management data breach linked to North Korea and China, respectively.
Addressing concerns raised in the wake of Russian state-sponsored hackers allegedly interfering the 2016 U.S. election, the head of the National Security Agency said earlier this year that foreign actors have been hardly discouraged on account of a lack of repercussions.
“Right now, they do not think that much will happen. They don’t fear us. That is not good,” Army Lt. Gen. Paul Nakasone said in March prior to being confirmed as NSA director.
“They haven’t paid a price, at least, that has significantly changed their behavior,” Adm. Mike Rogers, his predecessor at the NSA, said days earlier.
The State Department agreed in May that the government should inflict “swift, costly, and transparent consequences” on foreign government responsible for attacking U.S. systems, and a bipartisan companion bill to Mr. Yoho’s legislation is currently pending before the Senate Committee on Foreign Relations.