Sec. 1621. Policy of the United States on cyberspace, cybersecurity, and cyber warfare
728 words·~3 min read·
/bill/115/hr/2810/eas/section-1621A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
It shall be the policy of the United States, with respect to matters pertaining to cyberspace, cybersecurity, and cyber warfare, that the United States should employ all instruments of national power, including the use of offensive cyber capabilities, to deter if possible, and respond when necessary, to any and all cyber attacks or other malicious cyber activities that target United States interests with the intent to— cause casualties among United States persons or persons of our allies; significantly disrupt the normal functioning of United States democratic society or government (including attacks against critical infrastructure that could damage systems used to provide key services to the public or government); threaten the command and control of the United States Armed Forces, the freedom of maneuver of the United States Armed Forces, or the industrial base or other infrastructure on which the United States Armed Forces rely to defend United States interests and commitments; or achieve an effect, whether individually or in aggregate, comparable to an armed attack or imperil a vital interest of the United States.
In carrying out the policy set forth in subsection (a), the United States shall plan, develop, and demonstrate response options to address the full range of potential cyber attacks on United States interests that could be conducted by potential adversaries of the United States. In carrying out the policy set forth in subsection
(a)through response options developed pursuant to subsection (b), the United States shall, to the greatest extent practicable, prioritize the defensibility and resiliency against cyber attacks and malicious cyber activities described in subsection
(a)of infrastructure critical to the political integrity, economic security, and national security of the United States. In carrying out the policy set forth in subsection
(a)through response options developed pursuant to subsection (b), the United States shall develop and demonstrate, or otherwise make known to adversaries of the existence of, cyber capabilities to impose costs on any foreign power targeting the United States or United States persons with a cyber attack or malicious cyber activity described in subsection (a). In carrying out the policy set forth in subsection
(a)through response options developed pursuant to subsection (b), the United States shall— devote immediate and sustained attention to boosting the cyber resilience of critical United States strike systems (including cyber, nuclear, and non-nuclear systems) in order to ensure the United States can credibly threaten to impose unacceptable costs in response to even the most sophisticated large-scale cyber attack; develop offensive cyber capabilities and specific plans and strategies to put at risk targets most valued by adversaries of the United States and their key decision makers; enhance attribution capabilities to reduce the time required to positively attribute an attack with high confidence; and develop intelligence and offensive cyber capabilities to detect, disrupt, and potentially expose malicious cyber activities. It is the policy of the United States that, when a cyber attack or malicious cyber activity transits or otherwise relies upon the networks or infrastructure of a third country— the United States shall, to the greatest extent practicable, notify and encourage the government of that country to take action to eliminate the threat; and if the government is unable or unwilling to take action, the United States reserves the right to act unilaterally (with the consent of that government if possible, but without such consent if necessary). The Secretary of Defense has the authority to develop, prepare, coordinate, and, when appropriately authorized to do so, conduct military cyber operations in response to cyber attacks and malicious cyber activities described in subsection
(a)that are carried out against the United States or United States persons by a foreign power. The Secretary may delegate to the Commander of the United States Cyber Command such authorities of the Secretaries of the military departments, including authorities relating to manning, training, and equipping, that the Secretary considers appropriate. The use by the Commander of the United States Cyber Command of any authority delegated to the Commander pursuant to this subsection shall be subject to the authority, direction, and control of the Secretary. Nothing in this subsection shall be construed to limit the authority of the President or Congress to authorize the use of military force. In this section, the term foreign power has the meaning given that term in section 101 of the Foreign Intelligence Surveillance Act of 1978 ( 50 U.S.C. 1801 ).
Connectionstraces to 1
Traces to 1 document
U.S. Code
Citation graph
cites case law
Sec. 1621
Policy of the United States on cyberspace, cybersecurity, and cyber warfare
Cites 1Cited by 0 across 0 sources