[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[S. Res. 736 Introduced in Senate (IS)]
<DOC>
115th CONGRESS
2d Session
S. RES. 736
Urging the establishment of a Cyber League of Indo-Pacific States to
address cyber threats.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
December 19, 2018
Mr. Gardner (for himself and Mr. Coons) submitted the following
resolution; which was referred to the Committee on Foreign Relations
_______________________________________________________________________
RESOLUTION
Urging the establishment of a Cyber League of Indo-Pacific States to
address cyber threats.
Whereas the world has benefitted greatly from technological innovations under
the leadership of the United States in the post-World War era, including
the creation of the World Wide Web which has provided an entirely new
platform for wealth creation and human flourishing through cyber-
commerce and connectivity;
Whereas cybercrime affects companies large and small, as well as infrastructure
that is vital to the economy as a whole;
Whereas a 2018 study from the Center for Strategic and International Studies, in
partnership with McAfee, estimates that the global economic losses from
cybercrime are approximately $600,000,000,000 annually and rising;
Whereas, according to the Pew Charitable Trust, 64 percent of people in the
United States had fallen victim to cybercriminals as of 2017;
Whereas, on July 9, 2012, General Keith Alexander, then-Director of the National
Security Agency, termed theft of United States intellectual property
``the greatest transfer of wealth in history'';
Whereas, on September 25, 2015, the United States and the People's Republic of
China announced a commitment that ``neither country's government will
conduct or knowingly support cyber-enabled theft of intellectual
property, including trade secrets or other confidential business
information, with the intent of providing competitive advantages to
companies or commercial sectors'';
Whereas the People's Republic of China nonetheless continues to contribute to
the rise of cybercrime, exploiting weaknesses in the international
system to undermine fair competition in technology and cyberspace,
including through theft of intellectual property and state-sponsored
malicious actions to undermine and weaken competition;
Whereas, according to the 2018 Worldwide Threat Assessment by the Director of
the National Intelligence: ``China will continue to use cyber espionage
and bolster cyber attack capabilities to support national security
priorities. . . . China since 2015 has been advancing its cyber attack
capabilities by integrating its military cyber attack and espionage
resources in the Strategic Support Force, which it established in
2015'';
Whereas, from 2011 to 2018, more than 90 percent of cases handled by the
Department of Justice alleging economic espionage by or to benefit a
foreign country involved the People's Republic of China;
Whereas more than \2/3\ of the cases handled by the Department of Justice
involving theft of trade secrets have a nexus to the People's Republic
of China;
Whereas experts have asserted that the Made in China 2025 strategy of the
Government of the People's Republic of China will incentivize Chinese
entities to engage in unfair competitive behavior, including additional
theft of technologies and intellectual property;
Whereas the Democratic People's Republic of Korea has also contributed to the
rise of cybercrime and according to the 2018 Worldwide Threat Assessment
by the Director of the National Intelligence: ``We expect the heavily
sanctioned North Korea to use cyber operations to raise funds and to
gather intelligence or launch attacks on South Korea and the United
States. . . . North Korean actors developed and launched the WannaCry
ransomware in May 2017, judging from technical links to previously
identified North Korean cyber tools, tradecraft, and operational
infrastructure. We also assess that these actors conducted the cyber
theft of $81 million from the Bank of Bangladesh in 2016'';
Whereas section 2(a)(8) of the North Korea Sanctions and Policy Enhancement Act
of 2016 (22 U.S.C. 9201(a)(8)) states, ``The Government of North Korea
has provided technical support and conducted destructive and coercive
cyberattacks, including against Sony Pictures Entertainment and other
United States persons.'';
Whereas the United States has taken action on its own against international
cybercrime, including through--
(1) the North Korea Sanctions and Policy Enhancement Act of 2016
(Public Law 114-122), which imposed mandatory sanctions against persons
engaging in significant activities undermining cybersecurity on behalf of
the Democratic People's Republic of Korea; and
(2) criminal charges filed by the Department of Justice on October 25,
2018, in which the Department alleged that the Chinese intelligence
services conducted cyber intrusions against at least a dozen companies in
order to obtain information on a commercial jet engine;
Whereas the March 2016 Department of State International Cyberspace Policy
Strategy noted that ``the Department of State anticipates a continued
increase and expansion of our cyber-focused diplomatic efforts for the
foreseeable future''; and
Whereas concerted action by countries that share concerns about state-sponsored
cyber theft is necessary to prevent the growth of cybercrime and other
destabilizing national security and economic outcomes: Now, therefore,
be it
Resolved, That the Senate--
(1) urges the President to propose and champion the
negotiation of a treaty with like-minded partners in the Indo-
Pacific to ensure a free and open Internet free from
economically crippling cyberattacks;
(2) calls for the treaty, which can be referred to as the
Cyber League of Indo-Pacific States (in this resolution
referred to as ``CLIPS''), to include the creation of an
Information Sharing Analysis Center to provide around-the-clock
cyber threat monitoring and mitigation for governments that are
parties to the treaty; and
(3) calls for members of CLIPS--
(A) to consult on emerging cyber threats;
(B) to pledge not to engage in cyber theft;
(C) to introduce and enforce minimum criminal
punishment for cyber theft;
(D) to extradite alleged cyber thieves;
(E) to enforce laws protecting software license
holders;
(F) to ensure that government agencies use licensed
software;
(G) to minimize data localization requirements
(consistent with the Agreement between the United
States of America, the United Mexican States, and
Canada, signed at Buenos Aires November 30, 2018
(commonly known as the ``United States-Mexico-Canada
Agreement''));
(H) to accept international certifications as the
basis for commercial information and communications
technology reviews;
(I) to provide for public input when devising
legislation on cybersecurity; and
(J) to cooperate on the attribution of cyberattacks
and retribution to deter future attacks.
<all>