[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 6309 Introduced in House (IH)]
<DOC>
119th CONGRESS
1st Session
H. R. 6309
To impose sanctions with respect to designated critical cyber threat
actors, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
November 25, 2025
Mr. Pfluger introduced the following bill; which was referred to the
Committee on Foreign Affairs, and in addition to the Committees on
Financial Services, Oversight and Government Reform, and the Judiciary,
for a period to be subsequently determined by the Speaker, in each case
for consideration of such provisions as fall within the jurisdiction of
the committee concerned
_______________________________________________________________________
A BILL
To impose sanctions with respect to designated critical cyber threat
actors, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Cyber Deterrence and Response Act of
2025''.
SEC. 2. ACTIONS TO ADDRESS STATE-SPONSORED CYBER ACTIVITIES AGAINST THE
UNITED STATES.
(a) Designation as a Critical Cyber Threat Actor.--
(1) In general.--The President, acting through the National
Cyber Director, and in coordination with the heads of other
relevant Federal departments and agencies, shall designate
pursuant to the National Attribution Framework under paragraph
(2) as a critical cyber threat actor--
(A) each foreign person and each agency or
instrumentality of a foreign state that the President
determines to be knowingly responsible for or complicit
in, or have engaged in, directly or indirectly, state-
sponsored cyber activities originating from, or
directed by persons located, in whole or in substantial
part, outside the United States that are reasonably
likely to result in, or have contributed to, a
significant threat to the national security, foreign
policy, or economic health or financial stability of
the United States and that have the purpose or effect
of--
(i) causing a significant disruption to the
availability of a computer or network of
computers;
(ii) harming, or otherwise significantly
compromising the provision of service by, a
computer or network of computers that support
one or more entities in a critical
infrastructure sector;
(iii) significantly compromising the
provision of services by one or more entities
in a critical infrastructure sector;
(iv) causing a significant misappropriation
of funds or economic resources, trade secrets,
personal identifiers, health or financial
information for commercial or competitive
advantage or private financial gain;
(v) destabilizing the financial sector of
the United States by tampering with, altering,
or causing a misappropriation of data;
(vi) causing a significant disruption to
the energy sector of the United States by
tampering with or altering data or equipment
necessary for the operation of the energy
sector in the United States; or
(vii) interfering with or undermining
election processes or government institutions
by tampering with, altering, or causing
misappropriation of data;
(B) each foreign person that the President has
determined to have knowingly, significantly, and
materially assisted, sponsored, or provided financial,
material, or technological support for, or goods or
services to or in support of, any activities described
in subparagraph (A) by a foreign person or agency or
instrumentality of a foreign state designated as a
critical cyber threat actor under subparagraph (A);
(C) each agency or instrumentality of a foreign
state that the President has determined to have
significantly and materially assisted, sponsored, or
provided financial, material, or technological support
for, or goods or services to or in support of, any
activities described in subparagraph (A) by a foreign
person or agency or instrumentality of a foreign state
designated as a critical cyber threat actor under
subparagraph (A); and
(D) any person determined by the President to be
responsible for or complicit in, or to have engaged in,
the receipt or use for commercial or competitive
advantage or private financial gain, or by a commercial
entity, outside the United States of data or
information, including trade secrets, misappropriated
through cyber-enabled means, knowing they have been
misappropriated, where the misappropriation of such
trade secrets is reasonably likely to result in, or has
materially contributed to, a significant threat to the
national security, foreign policy, or economic health
or financial stability of the United States or personal
safety of American citizens.
(2) National attribution framework.--Not later than 180
days after the date of the enactment of this Act, the Director,
in consultation with the Secretary of Homeland Security, the
Secretary of Defense, the Director of National Intelligence,
the Secretary of State, the Attorney General, and the head of
any other Federal agency the Director determines appropriate,
shall submit to the appropriate congressional committees a
framework, to be known as the ``National Attribution
Framework'' to carry out the following:
(A) Establish a uniform, criteria-based process for
evaluating and determining attribution of state-
sponsored cyber activities.
(B) Define technical, operational, and strategic
evidentiary standards, including thresholds for
reliability, corroboration, and technical verification,
that must be satisfied for such an attribution
determination.
(C) Require assessments based on the quality of
available evidence to assign a confidence level with
respect to such an attribution determination.
(D) Provide for the consideration of private sector
threat intelligence if such intelligence satisfies such
evidentiary standards.
(E) Establish procedures for coordination with
allied and partner countries, including regarding
processes for information sharing, validation of
evidence, and efforts to develop consistent public
attribution statements to enhance international
consensus relating to determining attribution of state-
sponsored cyber activities.
(F) Establish timelines and reporting thresholds to
ensure that attribution determinations are conducted
promptly after the detection of any state-sponsored
cyber activity.
(G) Ensure the National Attribution Framework is
consistent with the National Cyber Incident Response
Plan under section 2210 of the Homeland Security Act of
2002 (6 U.S.C. 660) and other relevant policies
governing cyber attribution and response processes of
the following:
(i) The Department of Homeland Security.
(ii) The Office of the National Cyber
Director.
(iii) The Department of Defense.
(iv) The Department of State.
(v) Any other appropriate Federal
department or agency.
(H) Ensure attribution determinations account for
exemptions, waivers, and removals described in
subsection (g), including mandatory exemptions for
United States intelligence activities and case-by-case
waivers granted in the national interest of the United
States, for law enforcement purposes, or for
humanitarian reasons.
(I) Establish procedures for the designation of a
foreign person and each agency or instrumentality of a
foreign state as a critical cyber threat actor under
paragraph (1) to provide for a reassignment of such
designation if the original designee is subject to an
exception described in subsection (g)(4) to the next
operationally responsible foreign person and each
agency or instrumentality of a foreign state materially
involved in the state-sponsored cyber activity at
issue.
(3) Transmission to congress.--Not later than seven
calendar days after designating a foreign person or agency or
instrumentality of a foreign state as a critical cyber threat
actor under paragraph (1), the President shall transmit to the
appropriate congressional committees in classified or
unclassified form a report identifying the designee.
(b) Non-Travel-Related Sanctions.--
(1) In general.--The President shall impose one or more of
the applicable sanctions described in paragraph (2) with
respect to each foreign person and each agency or
instrumentality of a foreign state designated as a critical
cyber threat actor under subsection (a).
(2) Sanctions described.--The sanctions described in this
paragraph are the following:
(A) The President may provide for the withdrawal,
limitation, or suspension of non-humanitarian United
States development assistance under chapter 1 of part I
of the Foreign Assistance Act of 1961 (22 U.S.C. 2151
et seq.).
(B) The President may provide for the withdrawal,
limitation, or suspension of United States security
assistance under part II of the Foreign Assistance Act
of 1961 (22 U.S.C. 2301 et seq.).
(C) The President may direct the United States
executive director to each international financial
institution to use the voice and vote of the United
States to oppose any loan from the international
financial institution that would benefit the designated
foreign person or the designated agency or
instrumentality of a foreign state.
(D) The President may direct the United States
International Development Finance Corporation, or any
other United States Government agency not to approve
the issuance of any (or a specified number of)
guarantees, insurance, extensions of credit, or
participation in the extension of credit.
(E) The President may, pursuant to such regulations
or guidelines as the President may prescribe, prohibit
any United States person from purchasing or selling any
publicly traded securities, or any publicly traded
securities that are derivative of such securities or
are designed to provide investment exposure to such
securities or investing in or purchasing significant
amounts of equity or debt instruments of the designated
foreign person.
(F) The President may, pursuant to procedures the
President shall prescribe, which shall include the
opportunity to appeal actions under this subparagraph,
prohibit any United States agency or instrumentality
from procuring, or entering into any contract for the
procurement of, any goods, technology, or services, or
classes of goods, technology, or services, from the
designated foreign person or the designated agency or
instrumentality of a foreign state.
(G) The President may terminate--
(i) sales to that country under the Arms
Export Control Act (22 U.S.C. 2751 et seq.) of
any defense articles, defense services, or
design and construction services; and
(ii) sales to that country of any item on
the United States Munitions List maintained
pursuant to part 121 of title 22, Code of
Federal Regulations.
(H) The President may prohibit the entity and, when
acting for or on the entity's behalf, its successors,
assigns, directors, officers, employees,
representatives, or agents, from directly or indirectly
participating in transactions involving any commodity,
software, or technology subject to United States
jurisdiction under the Export Administration
Regulations (``EAR'') or any other activity subject to
the EAR, including--
(i) applying for, obtaining, or using any
license, license exception, or export control
document;
(ii) carrying out negotiations concerning,
ordering, buying, receiving, using, selling,
delivering, storing, disposing of, forwarding,
transporting, financing, or servicing in any
way any item exported or to be exported from
the United States that is subject to the EAR;
and
(iii) benefitting in any way from any
transaction involving any item exported or to
be exported from the United States that is
subject to the EAR.
(I) The President may prohibit any person, whether
a United States or non-United States person, from
engaging in the following activities, either directly
or indirectly, with the entity:
(i) Exporting or reexporting to or on
behalf of the entity any item subject to the
EAR.
(ii) Facilitating the acquisition or
attempted acquisition by the entity of the
ownership, possession, or control of any item
subject to the EAR that has been or will be
exported from the United States, including
financing or other support activities related
to a transaction whereby the entity acquires or
attempts to acquire such ownership, possession
or control.
(iii) Acquiring from or facilitating the
acquisition or attempted acquisition from the
entity or any item subject to the EAR that has
been exported from the United States.
(iv) Obtaining from the entity in the
United States any item subject to the EAR with
knowledge or reason to know that the item will
be, or is intended to be, exported from the
United States.
(v) Engaging in any transaction to service
any item subject to the EAR that has been or
will be exported from the United States and
which is owned, possessed, or controlled by the
entity if such service involves the use of any
item subject to the EAR that has been or will
be exported from the United States (for
purposes of this paragraph ``service'' means
installation, maintenance, repair,
modification, or testing).
(J)(i) The President may exercise all of the powers
granted to the President under the International
Emergency Economic Powers Act (50 U.S.C. 1701 et seq.)
(except that the requirements of section 202 of such
Act (50 U.S.C. 1701) shall not apply) to the extent
necessary to block and prohibit all transactions in
property and interests in property of the designated
foreign person if such property and interests in
property are in the United States, come within the
United States, or are or come within the possession or
control of a United States person.
(ii) The penalties provided for in subsections (b)
and (c) of section 206 of the International Emergency
Economic Powers Act (50 U.S.C. 1705) shall apply to a
person that violates, attempts to violate, conspires to
violate, or causes a violation of regulations
prescribed under clause (i) to the same extent that
such penalties apply to a person that commits an
unlawful act described in subsection (a) of such
section 206.
(K) The President may, pursuant to such regulations
as the President may prescribe, prohibit any transfers
of credit or payments between one or more financial
institutions or by, through, or to any financial