[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5222 Introduced in House (IH)]

<DOC>






114th CONGRESS
  2d Session
                                H. R. 5222

 To impose sanctions with respect to persons responsible for knowingly 
engaging in significant activities undermining cybersecurity on behalf 
    of or at the direction of the Government of Iran, and for other 
                               purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                              May 12, 2016

Mr. Ratcliffe introduced the following bill; which was referred to the 
 Committee on Foreign Affairs, and in addition to the Committee on the 
 Judiciary, for a period to be subsequently determined by the Speaker, 
 in each case for consideration of such provisions as fall within the 
                jurisdiction of the committee concerned

_______________________________________________________________________

                                 A BILL


 
 To impose sanctions with respect to persons responsible for knowingly 
engaging in significant activities undermining cybersecurity on behalf 
    of or at the direction of the Government of Iran, and for other 
                               purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Iran Cyber Sanctions Act of 2016''.

SEC. 2. IMPOSITION OF SANCTIONS WITH RESPECT TO PERSONS RESPONSIBLE FOR 
              KNOWINGLY ENGAGING IN SIGNIFICANT ACTIVITIES UNDERMINING 
              CYBERSECURITY ON BEHALF OF OR AT THE DIRECTION OF THE 
              GOVERNMENT OF IRAN.

    (a) Cybersecurity Report Required.--
            (1) In general.--Not later than 90 days after the date of 
        the enactment of this Act, and not less frequently than once 
        every 180 days thereafter, the President shall submit to the 
        appropriate congressional committees a report on significant 
        activities undermining cybersecurity conducted by persons on 
        behalf of or at the direction of the Government of Iran 
        (including members of paramilitary organizations such as Ansar-
        e-Hezbollah and Basij-e Mostaz'afin) against the Government of 
        the United States or any United States person.
            (2) Information.--The report required under paragraph (1) 
        shall include the following:
                    (A) The identity of persons that have knowingly 
                facilitated, participated or assisted in, engaged in, 
                directed, or provided material support for significant 
                activities undermining cybersecurity described in 
                paragraph (1).
                    (B) A description of the conduct engaged in by each 
                person identified under subparagraph (A).
                    (C) An assessment of the extent to which the 
                Government of Iran or another foreign government 
                directed, facilitated, or provided material support in 
                the conduct of significant activities undermining 
                cybersecurity described in paragraph (1).
                    (D) A strategy to counter efforts by persons to 
                conduct significant activities undermining 
                cybersecurity described in paragraph (1), including 
                efforts to engage foreign governments to halt the 
                capability of persons to conduct those activities 
                described in paragraph (1).
            (3) Form.--The report required under paragraph (1) shall be 
        submitted in unclassified form but may include a classified 
        annex.
    (b) Designation of Persons.--
            (1) In general.--Except as provided in paragraph (2), the 
        President shall include on the specially designated nationals 
        and blocked persons list maintained by the Office of Foreign 
        Assets Control of the Department of the Treasury--
                    (A) any person identified under subsection 
                (a)(2)(A); and
                    (B) any person for which the Department of Justice 
                has issued an indictment in connection with significant 
                activities undermining cybersecurity against the 
                Government of the United States or any United States 
                person.
            (2) Exception.--The President is not required to include a 
        person described in paragraph (1)(A) or (1)(B) on the specially 
        designated nationals and blocked persons list maintained by the 
        Office of Foreign Assets Control of the Department of the 
        Treasury if the President submits to the appropriate 
        congressional committees an explanation of the reasons for not 
        including that person on that list.
    (c) Sanctions Described.--The President shall use authority 
provided in Executive Order 13694 (April 1, 2015, relating to blocking 
the property of certain persons engaging in significant malicious 
cyber-enabled activities) to impose sanctions against any person 
included on the specially designated nationals and blocked persons list 
maintained by the Office of Foreign Assets Control of the Department of 
the Treasury pursuant to subsection (b).
    (d) Presidential Briefings to Congress.--Not later than 180 days 
after the date of the enactment of this Act, and periodically 
thereafter, the President shall provide a briefing to the appropriate 
congressional committees on efforts to implement this section.
    (e) Definitions.--In this section:
            (1) Appropriate congressional committees.--The term 
        ``appropriate congressional committees'' means--
                    (A) the Committee on Foreign Relations, the 
                Committee on Homeland Security and Governmental 
                Affairs, and the Committee on Banking, Housing, and 
                Urban Affairs of the Senate; and
                    (B) the Committee on Foreign Affairs, the Committee 
                on Homeland Security, the Committee on Financial 
                Services, and the Committee on Ways and Means of the 
                House of Representatives.
            (2) Significant activities undermining cybersecurity.--The 
        term ``significant activities undermining cybersecurity'' 
        includes--
                    (A) significant efforts to--
                            (i) deny access to or degrade, disrupt, or 
                        destroy an information and communications 
                        technology system or network; or
                            (ii) exfiltrate information from such a 
                        system or network without authorization;
                    (B) significant destructive malware attacks;
                    (C) significant denial of service activities; and
                    (D) such other significant activities as may be 
                described in regulations prescribed to implement this 
                section.
            (3) United states person.--The term ``United States 
        person'' means--
                    (A) an individual who is a citizen of the United 
                States or an alien lawfully admitted for permanent 
                residence to the United States;
                    (B) an entity organized under the laws of the 
                United States or any jurisdiction within the United 
                States, including a foreign branch of such an entity; 
                or
                    (C) any government (Federal, State, or local) 
                entity.
                                 <all>