Sens. Chris Coons, D-Delaware, and Cory Gardner, R-Colorado, recently introduced the Cyber Deterrence and Response Act.

This legislation establishes a framework to deter and respond to state-sponsored malicious cyber activity against the U.S. The bipartisan bill also requires the administration to impose sanctions against all entities and persons responsible or complicit in malicious cyber activities aimed against the U.S. S.3378 is a companion to H.R.5576, which was introduced in the House by Rep. Ted Yoho, R-Florida.

“State-sponsored cyberattacks are a clear and persistent threat to U.S.,” said Coons. “Rivals like Russia, China and Iran are enhancing their cyber capabilities and targeting our electoral process, financial system, and critical infrastructure. I’m proud to introduce the Cyber Deterrence and Response Act, which will expose and impose costs on states that try to use cyberattacks to undermine American security and prosperity.”

“This bipartisan legislation is another step that Congress and the administration can take to deter foreign actors from carrying out cyberattacks against the U.S.,” said Gardner. “Our legislation will help provide additional tools for the administration to impose significant costs against malicious cyber actors, including state-sponsored actors, around the world that aim to endanger U.S national security and our economy.”

The Cyber Deterrence and Response Act establishes a framework to deter and respond to state-sponsored malicious cyber activity against the U.S.; requires the president to designate as a “critical cyber threat actor” each foreign person or each agency or instrumentality of a foreign state that the president determines to be responsible for or complicit in, or have engaged in, directly or indirectly, state-sponsored cyber activities that are reasonably likely to result in, or have contributed to, a threat to the national security, foreign policy or economic health or financial stability of the U.S.; mandates the imposition of sanctions from a menu of options against any “critical cyber threat actor”; and provides an opportunity for the president to waive the imposition of sanctions and the publication of “critical cyber threat actors” on a case-by-case basis.