[Congressional Record Volume 164, Number 10 (Wednesday, January 17, 2018)]
[House]
[Pages H435-H439]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                      CYBER DIPLOMACY ACT OF 2017

  Mr. ROYCE of California. Mr. Speaker, I move to suspend the rules and 
pass the bill (H.R. 3776) to support United States international cyber 
diplomacy, and for other purposes, as amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 3776

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Cyber Diplomacy Act of 
     2017''.

     SEC. 2. FINDINGS.

       Congress finds the following:
       (1) The stated goal of the United States International 
     Strategy for Cyberspace, launched on May 16, 2011, is to 
     ``work internationally to promote an open, interoperable, 
     secure, and reliable information and communications 
     infrastructure that supports international trade and 
     commerce, strengthens international security, and fosters 
     free expression and innovation . . . in which norms of 
     responsible behavior guide States' actions, sustain 
     partnerships, and support the rule of law in cyberspace.''.
       (2) The Group of Governmental Experts (GGE) on Developments 
     in the Field of Information and Telecommunications in the 
     Context of International Security, established by the United 
     Nations General Assembly, concluded in its June 24, 2013, 
     report ``that State sovereignty and the international norms 
     and principles that flow from it apply to States' conduct of 
     [information and communications technology or ICT] related 
     activities and to their jurisdiction over ICT infrastructure 
     with their territory.''.
       (3) On January 13, 2015, China, Kazakhstan, Kyrgyzstan, 
     Russia, Tajikistan, and Uzbekistan proposed a troubling 
     international code of conduct for information security which 
     defines responsible State behavior in cyberspace to include 
     ``curbing the dissemination of information'' and the ``right 
     to independent control of information and communications 
     technology'' when a country's political security is 
     threatened.
       (4) The July 22, 2015, GGE consensus report found that, 
     ``norms of responsible State behavior can reduce risks to 
     international peace, security and stability.''.
       (5) On September 25, 2015, the United States and China 
     announced a commitment ``that neither country's government 
     will conduct or knowingly support cyber-enabled theft of 
     intellectual property, including trade secrets or other 
     confidential business information, with the intent of 
     providing competitive advantages to companies or commercial 
     sectors.''.
       (6) At the Antalya Summit from November 15-16, 2015, the 
     Group of 20 (G20) Leaders' Communique affirmed the 
     applicability of international law to State behavior in 
     cyberspace, called on States to refrain from cyber-enabled 
     theft of intellectual property for commercial gain, and 
     endorsed the view that all States should abide by norms of 
     responsible behavior.
       (7) The March 2016 Department of State International 
     Cyberspace Policy Strategy noted that, ``the Department of 
     State anticipates a continued increase and expansion of our 
     cyber-focused diplomatic efforts for the foreseeable 
     future.''.
       (8) On December 1, 2016, the Commission on Enhancing 
     National Cybersecurity established

[[Page H436]]

     within the Department of Commerce recommended ``the President 
     should appoint an Ambassador for Cybersecurity to lead U.S. 
     engagement with the international community on cybersecurity 
     strategies, standards, and practices.''.
       (9) The 2017 Group of 7 (G7) Declaration on Responsible 
     States Behavior in Cyberspace recognized on April 11, 2017, 
     ``the urgent necessity of increased international cooperation 
     to promote security and stability in cyberspace . . . 
     consisting of the applicability of existing international law 
     to State behavior in cyberspace, the promotion of voluntary, 
     non-binding norms of responsible State behavior during 
     peacetime'' and reaffirmed ``that the same rights that people 
     have offline must also be protected online.''.
       (10) In testimony before the Select Committee on 
     Intelligence of the Senate on May 11, 2017, the Director of 
     National Intelligence identified six cyber threat actors, 
     including Russia for ``efforts to influence the 2016 US 
     election''; China, for ``actively targeting the US 
     Government, its allies, and US companies for cyber 
     espionage''; Iran for ``leverage[ing] cyber espionage, 
     propaganda, and attacks to support its security priorities, 
     influence events and foreign perceptions, and counter 
     threats''; North Korea for ``previously conduct[ing] cyber-
     attacks against US commercial entities--specifically, Sony 
     Pictures Entertainment in 2014''; terrorists, who ``use the 
     Internet to organize, recruit, spread propaganda, raise 
     funds, collect intelligence, inspire action by followers, and 
     coordinate operations''; and criminals who ``are also 
     developing and using sophisticated cyber tools for a variety 
     of purposes including theft, extortion, and facilitation of 
     other criminal activities''.
       (11) On May 11, 2017, President Trump issued Presidential 
     Executive Order 13800 on Strengthening the Cybersecurity of 
     Federal Networks and Infrastructure which designated the 
     Secretary of State to lead an interagency effort to develop 
     strategic options for the President to deter adversaries from 
     cyber threats and an engagement strategy for international 
     cooperation in cybersecurity, noting that ``the United States 
     is especially dependent on a globally secure and resilient 
     internet and must work with allies and other partners'' 
     toward maintaining ``the policy of the executive branch to 
     promote an open, interoperable, reliable, and secure internet 
     that fosters efficiency, innovation, communication, and 
     economic prosperity, while respecting privacy and guarding 
     against deception, fraud, and theft.''.

     SEC. 3. UNITED STATES INTERNATIONAL CYBERSPACE POLICY.

       (a) In General.--Congress declares that it is the policy of 
     the United States to work internationally with allies and 
     other partners to promote an open, interoperable, reliable, 
     unfettered, and secure internet governed by the 
     multistakeholder model which promotes human rights, 
     democracy, and rule of law, including freedom of expression, 
     innovation, communication, and economic prosperity, while 
     respecting privacy and guarding against deception, fraud, and 
     theft.
       (b) Implementation.--In implementing the policy described 
     in subsection (a), the President, in consultation with 
     outside actors, including technology companies, 
     nongovernmental organizations, security researchers, and 
     other relevant stakeholders, shall pursue the following 
     objectives in the conduct of bilateral and multilateral 
     relations:
       (1) Clarifying the applicability of international laws and 
     norms, including the law of armed conflict, to the use of 
     ICT.
       (2) Clarifying that countries that fall victim to malicious 
     cyber activities have the right to take proportionate 
     countermeasures under international law, provided such 
     measures do not violate a fundamental human right or 
     peremptory norm.
       (3) Reducing and limiting the risk of escalation and 
     retaliation in cyberspace, such as massive denial-of-service 
     attacks, damage to critical infrastructure, or other 
     malicious cyber activity that impairs the use and operation 
     of critical infrastructure that provides services to the 
     public.
       (4) Cooperating with like-minded democratic countries that 
     share common values and cyberspace policies with the United 
     States, including respect for human rights, democracy, and 
     rule of law, to advance such values and policies 
     internationally.
       (5) Securing and implementing commitments on responsible 
     country behavior in cyberspace based upon accepted norms, 
     including the following:
       (A) Countries should not conduct or knowingly support 
     cyber-enabled theft of intellectual property, including trade 
     secrets or other confidential business information, with the 
     intent of providing competitive advantages to companies or 
     commercial sectors.
       (B) Countries should cooperate in developing and applying 
     measures to increase stability and security in the use of 
     ICTs and to prevent ICT practices that are acknowledged to be 
     harmful or that may pose threats to international peace and 
     security.
       (C) Countries should take all appropriate and reasonable 
     efforts to keep their territories clear of intentionally 
     wrongful acts using ICTs in violation of international 
     commitments.
       (D) Countries should not conduct or knowingly support ICT 
     activity that, contrary to international law, intentionally 
     damages or otherwise impairs the use and operation of 
     critical infrastructure, and should take appropriate measures 
     to protect their critical infrastructure from ICT threats.
       (E) Countries should not conduct or knowingly support 
     malicious international activity that, contrary to 
     international law, harms the information systems of 
     authorized emergency response teams (sometimes known as 
     ``computer emergency response teams'' or ``cybersecurity 
     incident response teams'') or related private sector 
     companies of another country.
       (F) Countries should identify economic drivers and 
     incentives to promote securely-designed ICT products and to 
     develop policy and legal frameworks to promote the 
     development of secure internet architecture.
       (G) Countries should respond to appropriate requests for 
     assistance to mitigate malicious ICT activity aimed at the 
     critical infrastructure of another country emanating from 
     their territory.
       (H) Countries should not restrict cross-border data flows 
     or require local storage or processing of data.
       (I) Countries should protect the exercise of human rights 
     and fundamental freedoms on the Internet and commit to the 
     principle that the human rights that people have offline 
     enjoy the same protections online.

     SEC. 4. DEPARTMENT OF STATE RESPONSIBILITIES.

       (a) Office of Cyber Issues.--Section 1 of the State 
     Department Basic Authorities Act of 1956 (22 U.S.C. 2651a) is 
     amended--
       (1) by redesignating subsection (g) as subsection (h); and
       (2) by inserting after subsection (f) the following new 
     subsection:
       ``(g) Office of Cyber Issues.--
       ``(1) In general.--There is established an Office of Cyber 
     Issues (in this subsection referred to as the `Office'). The 
     head of the Office shall have the rank and status of 
     ambassador and be appointed by the President, by and with the 
     advice and consent of the Senate.
       ``(2) Duties.--
       ``(A) In general.--The head of the Office shall perform 
     such duties and exercise such powers as the Secretary of 
     State shall prescribe, including implementing the policy of 
     the United States described in section 3 of the Cyber 
     Diplomacy Act of 2017.
       ``(B) Duties described.--The principal duties of the head 
     of the Office shall be to--
       ``(i) serve as the principal cyber-policy official within 
     the senior management of the Department of State and advisor 
     to the Secretary of State for cyber issues;
       ``(ii) lead the Department of State's diplomatic cyberspace 
     efforts generally, including relating to international 
     cybersecurity, internet access, internet freedom, digital 
     economy, cybercrime, deterrence and international responses 
     to cyber threats;
       ``(iii) promote an open, interoperable, reliable, 
     unfettered, and secure information and communications 
     technology infrastructure globally;
       ``(iv) represent the Secretary of State in interagency 
     efforts to develop and advance the United States 
     international cyberspace policy;
       ``(v) coordinate within the Department of State and with 
     other components of the United States Government cyberspace 
     efforts and other relevant functions, including countering 
     terrorists' use of cyberspace; and
       ``(vi) act as liaison to public and private sector entities 
     on relevant cyberspace issues.
       ``(3) Qualifications.--The head of the Office should be an 
     individual of demonstrated competency in the field of--
       ``(A) cybersecurity and other relevant cyber issues; and
       ``(B) international diplomacy.
       ``(4) Organizational placement.--The head of the Office 
     shall report to the Under Secretary for Political Affairs or 
     official holding a higher position in the Department of 
     State.
       ``(5) Rule of construction.--Nothing in this subsection may 
     be construed as precluding--
       ``(A) the Office from being elevated to a Bureau of the 
     Department of State; and
       ``(B) the head of the Office from being elevated to an 
     Assistant Secretary, if such an Assistant Secretary position 
     does not increase the number of Assistant Secretary positions 
     at the Department above the number authorized under 
     subsection (c)(1).''.
       (b) Sense of Congress.--It is the sense of Congress that 
     the Office of Cyber Issues established under section 1(g) of 
     the State Department Basic Authorities Act of 1956 (as 
     amended by subsection (a) of this section) should be a Bureau 
     of the Department of State headed by an Assistant Secretary, 
     subject to the rule of construction specified in paragraph 
     (5)(B) of such section 1(g).
       (c) United Nations.--The Permanent Representative of the 
     United States to the United Nations shall use the voice, 
     vote, and influence of the United States to oppose any 
     measure that is inconsistent with the United States 
     international cyberspace policy described in section 3.

     SEC. 5. INTERNATIONAL CYBERSPACE EXECUTIVE ARRANGEMENTS.

       (a) In General.--The President is encouraged to enter into 
     executive arrangements with foreign governments that support 
     the United States international cyberspace policy described 
     in section 3.
       (b) Transmission to Congress.--The text of any executive 
     arrangement (including the text of any oral arrangement, 
     which shall be reduced to writing) entered into by the United 
     States under subsection (a) shall be transmitted to the 
     Committee on Foreign Affairs of the House of Representatives 
     and the Committee on Foreign Relations of the Senate not 
     later than five days after such arrangement is signed or 
     otherwise agreed to, together with an explanation of such 
     arrangement, its purpose, how such arrangement is consistent 
     with the United States international cyberspace policy 
     described in section 3, and how such arrangement will be 
     implemented.
       (c) Status Report.--Not later than one year after the text 
     of an executive arrangement is transmitted to Congress 
     pursuant to subsection (b) and annually thereafter for seven 
     years, or

[[Page H437]]

     until such an arrangement has been discontinued, the 
     President shall report to the Committee on Foreign Affairs of 
     the House of Representatives and the Committee on Foreign 
     Relations of the Senate on the status of such arrangement, 
     including an evidence-based assessment of whether all parties 
     to such arrangement have fulfilled their commitments under 
     such arrangement and if not, what steps the United States has 
     taken or plans to take to ensure all such commitments are 
     fulfilled, whether the stated purpose of such arrangement is 
     being achieved, and whether such arrangement positively 
     impacts building of cyber norms internationally. Each such 
     report shall include metrics to support its findings.
       (d) Existing Executive Arrangements.--Not later than 60 
     days after the date of the enactment of this Act, the 
     President shall satisfy the requirements of subsection (c) 
     for the following executive arrangements already in effect:
       (1) The arrangement announced between the United States and 
     Japan on April 25, 2014.
       (2) The arrangement announced between the United States and 
     the United Kingdom on January 16, 2015.
       (3) The arrangement announced between the United States and 
     China on September 25, 2015.
       (4) The arrangement announced between the United States and 
     Korea on October 16, 2015.
       (5) The arrangement announced between the United States and 
     Australia on January 19, 2016.
       (6) The arrangement announced between the United States and 
     India on June 7, 2016.
       (7) The arrangement announced between the United States and 
     Argentina on April 27, 2017.
       (8) The arrangement announced between the United States and 
     Kenya on June 22, 2017.
       (9) The arrangement announced between the United States and 
     Israel on June 26, 2017.
       (10) Any other similar bilateral or multilateral 
     arrangement announced before the date of the enactment of 
     this Act.

     SEC. 6. INTERNATIONAL STRATEGY FOR CYBERSPACE.

       (a) Strategy Required.--Not later than one year after the 
     date of the enactment of this Act, the Secretary of State, in 
     coordination with the heads of other relevant Federal 
     departments and agencies, shall produce a strategy relating 
     to United States international policy with regard to 
     cyberspace.
       (b) Elements.--The strategy required under subsection (a) 
     shall include the following:
       (1) A review of actions and activities undertaken to 
     support the United States international cyberspace policy 
     described in section 3.
       (2) A plan of action to guide the diplomacy of the 
     Department of State with regard to foreign countries, 
     including conducting bilateral and multilateral activities to 
     develop the norms of responsible international behavior in 
     cyberspace, and status review of existing efforts in 
     multilateral fora to obtain agreements on international norms 
     in cyberspace.
       (3) A review of alternative concepts with regard to 
     international norms in cyberspace offered by foreign 
     countries.
       (4) A detailed description of new and evolving threats to 
     United States national security in cyberspace from foreign 
     countries, State-sponsored actors, and private actors to 
     Federal and private sector infrastructure of the United 
     States, intellectual property in the United States, and the 
     privacy of citizens of the United States.
       (5) A review of policy tools available to the President to 
     deter and de-escalate tensions with foreign countries, State-
     sponsored actors, and private actors regarding threats in 
     cyberspace, and to what degree such tools have been used and 
     whether or not such tools have been effective.
       (6) A review of resources required to conduct activities to 
     build responsible norms of international cyber behavior.
       (7) A clarification of the applicability of international 
     laws and norms, including the law of armed conflict, to the 
     use of ICT.
       (8) A clarification that countries that fall victim to 
     malicious cyber activities have the right to take 
     proportionate countermeasures under international law, 
     including exercising the right to collective and individual 
     self-defense.
       (9) A plan of action to guide the diplomacy of the 
     Department of State with regard to existing mutual defense 
     agreements, including the inclusion in such agreements of 
     information relating to the applicability of malicious cyber 
     activities in triggering mutual defense obligations.
       (c) Form of Strategy.--
       (1) Public availability.--The strategy required under 
     subsection (a) shall be available to the public in 
     unclassified form, including through publication in the 
     Federal Register.
       (2) Classified annex.--
       (A) In general.--If the Secretary of State determines that 
     such is appropriate, the strategy required under subsection 
     (a) may include a classified annex consistent with United 
     States national security interests.
       (B) Rule of construction.--Nothing in this subsection may 
     be construed as authorizing the public disclosure of an 
     unclassified annex under subparagraph (A).
       (d) Briefing.--Not later than 30 days after the production 
     of the strategy required under subsection (a), the Secretary 
     of State shall brief the Committee on Foreign Affairs of the 
     House of Representatives and the Committee on Foreign 
     Relations of the Senate on such strategy, including any 
     material contained in a classified annex.
       (e) Updates.--The strategy required under subsection (a) 
     shall be updated--
       (1) not later than 90 days after there has been any 
     material change to United States policy as described in such 
     strategy; and
       (2) not later than one year after each inauguration of a 
     new President.
       (f) Preexisting Requirement.--Upon the production and 
     publication of the report required under section 3(c) of the 
     Presidential Executive Order 13800 on Strengthening the 
     Cybersecurity of Federal Networks and Critical Infrastructure 
     on May 11, 2017, such report shall be considered as 
     satisfying the requirement under subsection (a) of this 
     section.

     SEC. 7. ANNUAL COUNTRY REPORTS ON HUMAN RIGHTS PRACTICES.

       (a) Report Relating to Economic Assistance.--Section 116 of 
     the Foreign Assistance Act of 1961 (22 U.S.C. 2151n) is 
     amended by adding at the end the following new subsection:
       ``(h)(1) The report required by subsection (d) shall 
     include an assessment of freedom of expression with respect 
     to electronic information in each foreign country. Such 
     assessment shall consist of the following:
       ``(A) An assessment of the extent to which government 
     authorities in each country inappropriately attempt to 
     filter, censor, or otherwise block or remove nonviolent 
     expression of political or religious opinion or belief via 
     the internet, including electronic mail, as well as a 
     description of the means by which such authorities attempt to 
     block or remove such expression.
       ``(B) An assessment of the extent to which government 
     authorities in each country have persecuted or otherwise 
     punished an individual or group for the nonviolent expression 
     of political, religious, or ideological opinion or belief via 
     the internet, including electronic mail.
       ``(C) An assessment of the extent to which government 
     authorities in each country have sought to inappropriately 
     collect, request, obtain, or disclose personally identifiable 
     information of a person in connection with such person's 
     nonviolent expression of political, religious, or ideological 
     opinion or belief, including expression that would be 
     protected by the International Covenant on Civil and 
     Political Rights.
       ``(D) An assessment of the extent to which wire 
     communications and electronic communications are monitored 
     without regard to the principles of privacy, human rights, 
     democracy, and rule of law.
       ``(2) In compiling data and making assessments for the 
     purposes of paragraph (1), United States diplomatic personnel 
     shall consult with human rights organizations, technology and 
     internet companies, and other appropriate nongovernmental 
     organizations.
       ``(3) In this subsection--
       ``(A) the term `electronic communication' has the meaning 
     given such term in section 2510 of title 18, United States 
     Code;
       ``(B) the term `internet' has the meaning given such term 
     in section 231(e)(3) of the Communications Act of 1934 (47 
     U.S.C. 231(e)(3));
       ``(C) the term `personally identifiable information' means 
     data in a form that identifies a particular person; and
       ``(D) the term `wire communication' has the meaning given 
     such term in section 2510 of title 18, United States Code.''.
       (b) Report Relating to Security Assistance.--Section 502B 
     of the Foreign Assistance Act of 1961 (22 U.S.C. 2304) is 
     amended--
       (1) by redesignating the second subsection (i) (relating to 
     child marriage status) as subsection (j); and
       (2) by adding at the end the following new subsection:
       ``(k)(1) The report required by subsection (b) shall 
     include an assessment of freedom of expression with respect 
     to electronic information in each foreign country. Such 
     assessment shall consist of the following:
       ``(A) An assessment of the extent to which government 
     authorities in each country inappropriately attempt to 
     filter, censor, or otherwise block or remove nonviolent 
     expression of political or religious opinion or belief via 
     the internet, including electronic mail, as well as a 
     description of the means by which such authorities attempt to 
     block or remove such expression.
       ``(B) An assessment of the extent to which government 
     authorities in each country have persecuted or otherwise 
     punished an individual or group for the nonviolent expression 
     of political, religious, or ideological opinion or belief via 
     the internet, including electronic mail.
       ``(C) An assessment of the extent to which government 
     authorities in each country have sought to inappropriately 
     collect, request, obtain, or disclose personally identifiable 
     information of a person in connection with such person's 
     nonviolent expression of political, religious, or ideological 
     opinion or belief, including expression that would be 
     protected by the International Covenant on Civil and 
     Political Rights.
       ``(D) An assessment of the extent to which wire 
     communications and electronic communications are monitored 
     without regard to the principles of privacy, human rights, 
     democracy, and rule of law.
       ``(2) In compiling data and making assessments for the 
     purposes of paragraph (1), United States diplomatic personnel 
     shall consult with human rights organizations, technology and 
     internet companies, and other appropriate nongovernmental 
     organizations.
       ``(3) In this subsection--
       ``(A) the term `electronic communication' has the meaning 
     given such term in section 2510 of title 18, United States 
     Code;
       ``(B) the term `internet' has the meaning given such term 
     in section 231(e)(3) of the Communications Act of 1934 (47 
     U.S.C. 231(e)(3));
       ``(C) the term `personally identifiable information' means 
     data in a form that identifies a particular person; and
       ``(D) the term `wire communication' has the meaning given 
     such term in section 2510 of title 18, United States Code.''.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from 
California (Mr. Royce) and the gentleman from New Jersey (Mr. Sires) 
each will control 20 minutes.
  The Chair recognizes the gentleman from California.

[[Page H438]]

  



                             General Leave

  Mr. ROYCE of California. Mr. Speaker, I ask unanimous consent that 
all Members may have 5 legislative days to revise and extend their 
remarks and to include extraneous material on this measure.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from California?
  There was no objection.
  Mr. ROYCE of California. Mr. Speaker, I yield myself such time as I 
may consume.
  Mr. Speaker, let me begin by saying the United States is increasingly 
under attack by foreign actors online. Nobody knows this better than 
our members on the Foreign Affairs Committee, but especially Mike 
McCaul, who assisted me on this bill. As you know, Mike McCaul also 
chairs the Homeland Security Committee.
  So this legislation is focused on correcting a serious threat.
  Malicious cyber activities by state and non-state actors threaten our 
U.S. foreign policy, our security, and our economic interests right now 
around the globe.
  Last year, the intelligence community's Worldwide Threat Assessment 
summed this up well. As they looked at the problem, they said: ``Our 
adversaries are becoming more adept at using cyberspace to threaten our 
interests and advance their own, and despite improving our cyber 
defenses, nearly all information, communication networks, and systems 
will be at risk for years.''
  But it is not just the security of our networks that the United 
States needs to protect. It is the very fabric of the internet itself 
that is increasingly under assault by governments that want to erect 
digital borders, that want to impose more control, and that want 
censorship online.
  The State Department has a critical role to play in promoting an open 
and secure cyberspace by developing international norms of responsible 
state behavior and deterring malicious actors from carrying out 
destructive cyber operations.
  Last year, the President signed an executive order charging the 
Secretary of State with creating an interagency strategy to protect the 
American people from cyber threats along with a plan to improve 
international cooperation in cybersecurity.
  Despite the prominent role assigned to the Department by the 
President's executive order and support from this body for such work, 
the office tasked with leading this effort for the State Department was 
merged into the Bureau of Economic and Business Affairs. The concern is 
that this limits the Department's ability to confront the full range of 
issues in cyberspace--such as security, internet access, online human 
rights, and cybercrime--beyond the clear economic challenges.
  So I believe this sends the wrong signal to Moscow, to Beijing, and 
to other governments around the world. The United States should make it 
clear that we place a high priority on the whole range of cyber issues, 
including cybersecurity, internet access, online rights, deterrence, 
and cybercrime.
  In testimony before the Foreign Affairs Committee--and here is the 
good news--I was relieved to hear our Deputy Secretary Sullivan say 
that this was just an interim step and that he expects cyber issues 
will ultimately be elevated to a Senate-confirmed role. This is exactly 
what this bill requires.
  So now, more than ever, we need a high-ranking cyber diplomat at the 
State Department to prioritize these efforts to ensure that we keep the 
internet open, keep it reliable, and keep it secure. The bipartisan 
Cyber Diplomacy Act is going to help counter foreign threats on the 
internet, it is going to promote human rights abroad, and it is going 
to also, by the way, create new jobs and economic growth here at home.
  Mr. Speaker, I urge my colleagues to support the bill, and I reserve 
the balance of my time.
  Mr. SIRES. Mr. Speaker, I yield myself such time as I may consume.
  I rise today in support of this measure.
  Mr. Speaker, let me first thank our chairman of the Foreign Affairs 
Committee, Ed Royce, and Ranking Member Eliot Engel, for their 
leadership on this issue.
  Mr. Speaker, malicious cyber activity has become a grave threat to 
the United States and our allies.
  In 2014, North Korea hacked Sony Pictures. In 2015, the Chinese stole 
the personal data of millions of people from the Office of Personnel 
Management.
  In 2016, Russia illegally interfered in our Presidential election, 
stealing election data and doing real damage to American democracy.
  Now, in 2018, our midterm elections are at risk. Putin and his 
cronies were not finished after the last election. They have hacked our 
allies, and they will hack our elections again and again unless we do 
something about it.
  We cannot allow foreign governments to meddle in democracy and steal 
data from our networks. To stand up against these threats, this bill 
establishes a high-level ambassador to lead the State Department's 
cyber diplomacy efforts. It also requires the Secretary of State to 
create an international cyber policy that will improve international 
cyber norms on security and democratic principles, including a 
commitment to keep the internet free, open, and interoperable.
  America cannot cede cyberspace to China or Russia. Now, more than 
ever, we need to use all the tools we have to help shape international 
norms, ramp up coordination with our partners, and stiffen our 
defenses.
  Mr. Speaker, I urge my colleagues to support this bipartisan measure, 
and I reserve the balance of my time.
  Mr. ROYCE of California. Mr. Speaker, I yield 3 minutes to the 
gentleman from Texas (Mr. McCaul), who is the chairman of the Homeland 
Security Committee.
  Mr. McCAUL. Mr. Speaker, I rise today in support of the Cyber 
Diplomacy Act, and I want to thank Chairman Royce and Eliot Engel for 
their strong work on this very important issue.
  As chairman of the Homeland Security Committee, I have passed 
numerous bills to strengthen our cyber operations to defend the 
American people and the homeland. Now, I am pleased to see that we are 
doing the same at the State Department.
  As we have seen, rapid technological advancements have increased our 
dependence on computer networks. With this growing dependence comes 
exposure to the myriad vulnerabilities and threats from cybercriminals 
and hackers but also nation states who continue to launch malicious 
attacks against us.
  Currently, as the chairman stated, there are no real international 
norms or standards to follow when it comes to cybersecurity. As the 
threat landscape continues to evolve, I believe that Congress must put 
forth responsible policies to keep pace--protecting our systems, our 
critical infrastructure, and American citizens' information and 
privacy.
  This legislation helps ensure the open, reliable, and secure use of 
the internet by establishing the Office of Cyber Issues within the 
Department of State, headed by an ambassador responsible for advancing 
U.S. national security and foreign policy interests on cybersecurity 
and issues of internet freedom around the globe.
  This legislation also requires the Secretary of State to produce a 
strategy on cyberspace to guide U.S. policy.
  Lastly, it requires the State Department to add a section to its 
annual report on human rights detailing governments'--such as Iran, 
Russia, and China--silence of their opposition through internet 
censorship.
  Mr. Speaker, I stand proud to be with my colleagues in the House in a 
bipartisan fashion to propose solutions to these very grave challenges 
that face the United States and the world.

                              {time}  1430

  Mr. SIRES. Mr. Speaker, I yield 4 minutes to the gentleman from Rhode 
Island (Mr. Langevin), co-chair of the Congressional Cybersecurity 
Caucus.
  Mr. LANGEVIN. Mr. Speaker, I thank the gentleman for yielding.
  Mr. Speaker, I rise today in strong support of the Cyber Diplomacy 
Act and efforts to increase international cooperation and promote 
global stability in cyberspace.
  As the cofounder and co-chair of the Congressional Cybersecurity 
Caucus, I firmly believe that cybersecurity is the national and 
economic security challenge of the 21st century, and we must integrate 
cyberspace into our foreign

[[Page H439]]

policy if we are to successfully mitigate the many threats that we face 
in this new domain.
  Then-Secretary of State Hillary Clinton recognized this when she 
created the Office of the Cyber Coordinator within the State Department 
in 2011, and her successor, Secretary John Kerry, continued American 
leadership in cyber diplomacy.
  I had the privilege of working with the inaugural cyber coordinator, 
Chris Painter, and we are deeply indebted for his 6 years of service in 
that role. I cannot remember a meeting I had with a cybersecurity 
expert from a foreign government where his name did not come up as 
someone who is actively promoting American interest in a free, open, 
and secure internet.
  I am deeply grateful for the leadership of Chairman Royce and Ranking 
Member Engel in recognizing the importance of this role and bringing 
this bill forward to codify and expand it.
  This effort is particularly timely as, since Mr. Painter left, there 
has been some confusion about whether the position would even be filled 
or if the office would be reorganized under the Bureau of Economic and 
Business Affairs. It is my goal to see that that does not happen and 
that this bill prevails. That position deeply needs to be in the State 
Department, where we can show American leadership on a diplomatic front 
in cyber.
  As a Member who serves on two national security committees, I must 
emphasize that cybersecurity is not just an economic issue, and this 
bill appropriately recognizes the broad scope of cyber diplomacy.
  Mr. Speaker, every armed conflict going forward in the world today 
has--and all future conflicts will have--a cyber component. We have 
seen our cyber adversaries like Russia use cyber tools as instruments 
of statecraft, including efforts to undermine faith in the bedrock of 
our democracy, our elections.
  We must engage bilaterally and multilaterally with our international 
partners and even our adversaries in order to protect our interests and 
allow us to continue to reap the benefits of a connected society.
  The lack of policies, norms, and precedents in this new sphere of 
state interaction continues to increase the potential for a cyber 
incident to lead to escalating conflict. It is up to the hardworking 
and, sadly, underappreciated members of our foreign service to change 
this paradigm and encourage generally stabilizing rules of the road in 
cyberspace, and this bill will ensure they have the leadership 
structure to do just that.
  Mr. Speaker, let me again thank the chairman and ranking member for 
their extraordinary work on this important bill.
  Mr. ROYCE of California. Mr. Speaker, I continue to reserve the 
balance of my time.
  Mr. SIRES. Mr. Speaker, I yield myself such time as I may consume.
  In closing, keeping the internet open, interoperable, and secure is 
of critical importance to America's national security, economy, and 
domestic values. We must use all the diplomatic tools to develop strong 
international norms, bolster our cyber defenses, and promote internet 
freedom. H.R. 3776 is a necessary step to ensure the United States 
stays engaged on these critical issues.
  Mr. Speaker, I urge my colleagues to support this bill, and I yield 
back the balance of my time.
  Mr. ROYCE of California. Mr. Speaker, I yield myself such time as I 
may consume.
  Mr. Speaker, in closing, I would like to thank Mr. Sires. I 
appreciate his efforts in supporting this legislation. I thank Mr. 
Engel and Mr. McCaul, as well.
  As the birthplace of the internet, it is the United States that has 
been most impacted. We have a foreign policy and economic interests and 
have been working internationally to ensure that the internet remains 
open. Part of our idea is that this would be capable of carrying the 
free flow of ideas. We thought it should remain reliable and secure.
  But increasingly authoritarian regimes are very aggressively 
promoting a different vision from the one that Americans brought to the 
table, their vision of cyber sovereignty, which they sometimes call it. 
What cyber sovereignty means for these governments is state control 
over cyberspace. That does run counter to the values of a free people 
and the values of individual and economic liberty.
  Working with our allies and partners, I think the United States has 
got to be prepared to advance our own vision of cyberspace when it is 
under this kind of attack and censorship. The Cyber Diplomacy Act will 
give us the tools to do just that.
  Mr. Speaker, I thank my colleagues for their help with this 
legislation, and I yield back the balance of my time.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from California (Mr. Royce) that the House suspend the rules 
and pass the bill, H.R. 3776, as amended.
  The question was taken; and (two-thirds being in the affirmative) the 
rules were suspended and the bill, as amended, was passed.
  A motion to reconsider was laid on the table.

                          ____________________