[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. Res. 140 Introduced in Senate (IS)]
<DOC>
116th CONGRESS
1st Session
S. RES. 140
Urging the establishment of a Cyber League of Indo-Pacific States to
address cyber threats.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
April 3, 2019
Mr. Gardner (for himself and Mr. Coons) submitted the following
resolution; which was referred to the Committee on Foreign Relations
_______________________________________________________________________
RESOLUTION
Urging the establishment of a Cyber League of Indo-Pacific States to
address cyber threats.
Whereas the world has benefitted greatly from technological innovations under
the leadership of the United States in the post-World War era, including
the creation of the World Wide Web which has provided an entirely new
platform for wealth creation and human flourishing through cyber-
commerce and connectivity;
Whereas cybercrime affects companies large and small, as well as infrastructure
that is vital to the economy as a whole;
Whereas a 2018 study from the Center for Strategic and International Studies, in
partnership with McAfee, estimates that the global economic losses from
cybercrime are approximately $600,000,000,000 annually and rising;
Whereas, according to the Pew Charitable Trust, 64 percent of people in the
United States had fallen victim to cybercriminals as of 2017;
Whereas, on July 9, 2012, General Keith Alexander, then-Director of the National
Security Agency, termed theft of United States intellectual property
``the greatest transfer of wealth in history'';
Whereas, on September 25, 2015, the United States and the People's Republic of
China announced a commitment that ``neither country's government will
conduct or knowingly support cyber-enabled theft of intellectual
property, including trade secrets or other confidential business
information, with the intent of providing competitive advantages to
companies or commercial sectors'';
Whereas the People's Republic of China nonetheless continues to contribute to
the rise of cybercrime, exploiting weaknesses in the international
system to undermine fair competition in technology and cyberspace,
including through theft of intellectual property and state-sponsored
malicious actions to undermine and weaken competition;
Whereas, according to the 2019 Worldwide Threat Assessment by the Director of
National Intelligence: ``China, Russia, Iran, and North Korea
increasingly use cyber operations to threaten both minds and machines in
an expanding number of ways--to steal information, to influence our
citizens, or to disrupt critical infrastructure.'';
Whereas, from 2011 to 2018, more than 90 percent of cases handled by the
Department of Justice alleging economic espionage by or to benefit a
foreign country involved the People's Republic of China;
Whereas more than \2/3\ of the cases handled by the Department of Justice
involving theft of trade secrets have a nexus to the People's Republic
of China;
Whereas experts have asserted that the Made in China 2025 strategy of the
Government of the People's Republic of China will incentivize Chinese
entities to engage in unfair competitive behavior, including additional
theft of technologies and intellectual property;
Whereas the Democratic People's Republic of Korea has also contributed to the
rise of cybercrime and according to the 2018 Worldwide Threat Assessment
by the Director of National Intelligence: ``We expect the heavily
sanctioned North Korea to use cyber operations to raise funds and to
gather intelligence or launch attacks on South Korea and the United
States. . . . North Korean actors developed and launched the WannaCry
ransomware in May 2017, judging from technical links to previously
identified North Korean cyber tools, tradecraft, and operational
infrastructure. We also assess that these actors conducted the cyber
theft of $81 million from the Bank of Bangladesh in 2016.'';
Whereas section 2(a)(8) of the North Korea Sanctions and Policy Enhancement Act
of 2016 (22 U.S.C. 9201(a)(8)) states, ``The Government of North Korea
has provided technical support and conducted destructive and coercive
cyberattacks, including against Sony Pictures Entertainment and other
United States persons.'';
Whereas the United States has taken action on its own against international
cybercrime, including through--
(1) the North Korea Sanctions and Policy Enhancement Act of 2016
(Public Law 114-122), which imposed mandatory sanctions against persons
engaging in significant activities undermining cybersecurity on behalf of
the Democratic People's Republic of Korea; and
(2) criminal charges filed by the Department of Justice on October 25,
2018, in which the Department alleged that the Chinese intelligence
services conducted cyber intrusions against at least a dozen companies in
order to obtain information on a commercial jet engine;
Whereas the March 2016 Department of State International Cyberspace Policy
Strategy noted that ``the Department of State anticipates a continued
increase and expansion of our cyber-focused diplomatic efforts for the
foreseeable future'';
Whereas concerted action by countries that share concerns about state-sponsored
cyber theft is necessary to prevent the growth of cybercrime and other
destabilizing national security and economic outcomes; and
Whereas section 215 of the Asia Reassurance Initiative Act of 2018 (Public Law
115-409) calls for ``robust cybersecurity cooperation between the United
States and nations in the Indo-Pacific region'' and ``authorized to be
appropriated $100,000,000 for each of the fiscal years 2019 through 2023
to enhance cooperation between the United States and the Indo-Pacific
nations for the purpose of combatting cybersecurity threats'': Now,
therefore, be it
Resolved, That the Senate--
(1) urges the President to propose and champion the
negotiation of a treaty with like-minded partners in the Indo-
Pacific to ensure a free and open Internet free from
economically crippling cyberattacks;
(2) calls for the treaty, which can be referred to as the
Cyber League of Indo-Pacific States (in this resolution
referred to as ``CLIPS''), to include the creation of an
Information Sharing Analysis Center to provide around-the-clock
cyber threat monitoring and mitigation for governments that are
parties to the treaty; and
(3) calls for members of CLIPS--
(A) to consult on emerging cyber threats;
(B) to pledge not to conduct or support theft of
intellectual property, including trade secrets or other
confidential business information;
(C) to introduce and enforce minimum criminal
punishment for cyber theft;
(D) to extradite alleged cyber thieves, consistent
with existing agreements and respecting national
sovereignty;
(E) to enforce laws protecting intellectual
property, including patents;
(F) to ensure that government agencies comply with
software license terms;
(G) to minimize data localization requirements
(consistent with the Agreement between the United
States of America, the United Mexican States, and
Canada, signed at Buenos Aires November 30, 2018
(commonly known as the ``United States-Mexico-Canada
Agreement''));
(H) to seek cooperation with respect to the
standards described in the Arrangement on the
Recognition of Common Criteria Certificates in the
field of Information Technology Security, dated May 14,
2014;
(I) to provide for public input when devising
legislation on cybersecurity; and
(J) to cooperate on the attribution of cyberattacks
and impose appropriate consequences.
<all>