Sec. 503. International cyberspace and digital policy strategy
545 words·~2 min read·
/bill/117/s/4653/is/section-503A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 1 year after the date of the enactment of this Act, the President, acting through the Secretary, and in coordination with the heads of other relevant Federal departments and agencies, shall develop an international cyberspace and digital policy strategy. The strategy required under subsection
(a)shall include— a review of actions and activities undertaken to support the policy described in section 501(a); a plan of action to guide the diplomacy of the Department with regard to foreign countries, including— conducting bilateral and multilateral activities— to develop and support the implementation of norms of responsible country behavior in cyberspace consistent with the objectives specified in section 501(b)(5); to reduce the frequency and severity of cyberattacks on United States individuals, businesses, governmental agencies, and other organizations; to reduce cybersecurity risks to United States and allied critical infrastructure; to improve allies’ and partners’ collaboration with the United States on cybersecurity issues, including information sharing, regulatory coordination and improvement, and joint investigatory and law enforcement operations related to cybercrime; and to share best practices and advance proposals to strengthen civilian and private sector resiliency to threats and access to opportunities in cyberspace; and reviewing the status of existing efforts in relevant multilateral fora, as appropriate, to obtain commitments on international norms regarding cyberspace; a review of alternative concepts for international norms regarding cyberspace offered by foreign countries; a detailed description of new and evolving threats regarding cyberspace from foreign adversaries, state-sponsored actors, and non-state actors to— United States national security; the Federal and private sector cyberspace infrastructure of the United States; intellectual property in the United States; and the privacy and security of citizens of the United States; a review of the policy tools available to the President to deter and de-escalate tensions with foreign countries, state-sponsored actors, and private actors regarding— threats in cyberspace; the degree to which such tools have been used; and whether such tools have been effective deterrents; a review of resources required to conduct activities to build responsible norms of international cyber behavior; a review to determine whether the budgetary resources, technical expertise, legal authorities, and personnel available to the Department and other relevant Federal agencies are adequate to achieve the actions and activities undertaken to support the policy described in section 501(a); a review to determine whether the Department is properly organized and coordinated with other Federal agencies to achieve the objectives described in section 501(b); and a plan of action, developed in consultation with relevant Federal departments and agencies as the President may direct, to guide the diplomacy of the Department with respect to the inclusion of cyber issues in mutual defense agreements. The strategy required under subsection
(a)shall be available to the public in unclassified form, including through publication in the Federal Register. The strategy required under subsection
(a)may include a classified annex. Not later than 30 days after the completion of the strategy required under subsection (a), the Secretary shall brief the appropriate congressional committees regarding the strategy, including any material contained in a classified annex. The strategy required under subsection
(a)shall be updated— not later than 90 days after any material change to United States policy described in such strategy; and not later than 1 year after the inauguration of each new President.