[Congressional Record Volume 167, Number 67 (Monday, April 19, 2021)]
[House]
[Pages H1930-H1934]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                      CYBER DIPLOMACY ACT OF 2021

  Mr. MEEKS. Madam Speaker, I move to suspend the rules and pass the 
bill (H.R. 1251) to support United States international cyber 
diplomacy, and for other purposes, as amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 1251

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

       (a) Short Title.--This Act may be cited as the ``Cyber 
     Diplomacy Act of 2021''.
       (b) Table of Contents.--The table of contents for this Act 
     is as follows:

Sec. 1. Short title; table of contents.
Sec. 2. Findings.
Sec. 3. Definitions.
Sec. 4. United states international cyberspace policy.
Sec. 5. Department of state responsibilities.
Sec. 6. International cyberspace executive arrangements.
Sec. 7. International strategy for cyberspace.
Sec. 8. Annual country reports on human rights practices.
Sec. 9. Gao report on cyber diplomacy.
Sec. 10. Sense of congress on cybersecurity sanctions against north 
              korea and cybersecurity legislation in vietnam.

     SEC. 2. FINDINGS.

       Congress makes the following findings:
       (1) The stated goal of the United States International 
     Strategy for Cyberspace, launched on May 16, 2011, is to 
     ``work internationally to promote an open, interoperable, 
     secure, and reliable information and communications 
     infrastructure that supports international trade and 
     commerce, strengthens international security, and fosters 
     free expression and innovation . . . in which norms of 
     responsible behavior guide states' actions, sustain 
     partnerships, and support the rule of law in cyberspace''.
       (2) In its June 24, 2013, report, the Group of Governmental 
     Experts on Developments in the Field of Information and 
     Telecommunications in the Context of International Security 
     (referred to in this section as ``GGE''), established by the 
     United Nations General Assembly, concluded that ``State 
     sovereignty and the international norms and principles that 
     flow from it apply to States' conduct of [information and 
     communications technology] ICT-related activities and to 
     their jurisdiction over ICT infrastructure with their 
     territory''.
       (3) In January 2015, China, Kazakhstan, Kyrgyzstan, Russia, 
     Tajikistan, and Uzbekistan proposed a troubling international 
     code of conduct for information security, which could be used 
     as a pretext for restricting political dissent, and includes 
     ``curbing the dissemination of information that incites 
     terrorism, separatism or extremism or that inflames hatred on 
     ethnic, racial or religious grounds''.
       (4) In its July 22, 2015, consensus report, GGE found that 
     ``norms of responsible State behavior can reduce risks to 
     international peace, security and stability''.
       (5) On September 25, 2015, the United States and China 
     announced a commitment that neither country's government 
     ``will conduct or knowingly support cyber-enabled theft of 
     intellectual property, including trade secrets or other 
     confidential business information, with the intent of 
     providing competitive advantages to companies or commercial 
     sectors''.
       (6) At the Antalya Summit on November 15 and 16, 2015, the 
     Group of 20 Leaders' communique--
       (A) affirmed the applicability of international law to 
     state behavior in cyberspace;
       (B) called on states to refrain from cyber-enabled theft of 
     intellectual property for commercial gain; and
       (C) endorsed the view that all states should abide by norms 
     of responsible behavior.
       (7) The March 2016 Department of State International 
     Cyberspace Policy Strategy noted that ``the Department of 
     State anticipates a continued increase and expansion of our 
     cyber-focused diplomatic efforts for the foreseeable 
     future''.
       (8) On December 1, 2016, the Commission on Enhancing 
     National Cybersecurity, which was established within the 
     Department of Commerce by Executive Order 13718 (81 Fed. Reg. 
     7441), recommended that ``the President should appoint an 
     Ambassador for Cybersecurity to lead U.S. engagement with the 
     international community on cybersecurity strategies, 
     standards, and practices''.
       (9) On April 11, 2017, the 2017 Group of 7 Declaration on 
     Responsible States Behavior in Cyberspace--
       (A) recognized ``the urgent necessity of increased 
     international cooperation to promote security and stability 
     in cyberspace'';
       (B) expressed commitment to ``promoting a strategic 
     framework for conflict prevention, cooperation and stability 
     in cyberspace, consisting of the recognition of the 
     applicability of existing international law to State behavior 
     in cyberspace, the promotion of voluntary, non-binding norms 
     of responsible State behavior during peacetime, and the 
     development and the implementation of practical cyber 
     confidence building measures (CBMs) between States''; and
       (C) reaffirmed that ``the same rights that people have 
     offline must also be protected online''.
       (10) In testimony before the Select Committee on 
     Intelligence of the Senate on May 11, 2017, Director of 
     National Intelligence Daniel R. Coats identified six cyber 
     threat actors, including--
       (A) Russia, for ``efforts to influence the 2016 U.S. 
     election'';
       (B) China, for ``actively targeting the U.S. Government, 
     its allies, and U.S. companies for cyber espionage'';
       (C) Iran, for ``leverag[ing] cyber espionage, propaganda, 
     and attacks to support its security priorities, influence 
     events and foreign perceptions, and counter threats'';
       (D) North Korea, for ``previously conduct[ing] cyber-
     attacks against U.S. commercial entities--specifically, Sony 
     Pictures Entertainment in 2014'';
       (E) terrorists, who ``use the Internet to organize, 
     recruit, spread propaganda, raise funds, collect 
     intelligence, inspire action by followers, and coordinate 
     operations''; and
       (F) criminals, who ``are also developing and using 
     sophisticated cyber tools for a variety of purposes including 
     theft, extortion, and facilitation of other criminal 
     activities''.
       (11) On May 11, 2017, President Donald J. Trump issued 
     Executive Order 13800 (82 Fed. Reg. 22391), entitled 
     ``Strengthening the Cybersecurity of Federal Networks and 
     Infrastructure'', which--
       (A) designates the Secretary of State to lead an 
     interagency effort to develop an engagement strategy for 
     international cooperation in cybersecurity; and
       (B) notes that ``the United States is especially dependent 
     on a globally secure and resilient internet and must work 
     with allies and other partners toward maintaining . . . the 
     policy of the executive branch to promote an open, 
     interoperable, reliable, and secure internet that fosters 
     efficiency, innovation, communication, and economic 
     prosperity, while respecting privacy and guarding against 
     disruption, fraud, and theft''.

     SEC. 3. DEFINITIONS.

       In this Act:
       (1) Appropriate congressional committees.--The term 
     ``appropriate congressional committees'' means the Committee 
     on Foreign Relations of the Senate and the Committee on 
     Foreign Affairs of the House of Representatives.
       (2) Information and communications technology; ict.--The 
     terms ``information and communications technology'' and 
     ``ICT'' include hardware, software, and other products or 
     services primarily intended to fulfill or enable the function 
     of information processing and communication by electronic 
     means, including transmission and display, including via the 
     Internet.
       (3) Executive agency.--The term ``Executive agency'' has 
     the meaning given the term in section 105 of title 5, United 
     States Code.

     SEC. 4. UNITED STATES INTERNATIONAL CYBERSPACE POLICY.

       (a) In General.--It is the policy of the United States to 
     work internationally to

[[Page H1931]]

     promote an open, interoperable, reliable, unfettered, and 
     secure Internet governed by the multi-stakeholder model, 
     which--
       (1) promotes human rights, democracy, and rule of law, 
     including freedom of expression, innovation, communication, 
     and economic prosperity; and
       (2) respects privacy and guards against deception, fraud, 
     and theft.
       (b) Implementation.--In implementing the policy described 
     in subsection (a), the President, in consultation with 
     outside actors, including private sector companies, 
     nongovernmental organizations, security researchers, and 
     other relevant stakeholders, in the conduct of bilateral and 
     multilateral relations, shall pursue the following 
     objectives:
       (1) Clarifying the applicability of international laws and 
     norms to the use of ICT.
       (2) Reducing and limiting the risk of escalation and 
     retaliation in cyberspace, damage to critical infrastructure, 
     and other malicious cyber activity that impairs the use and 
     operation of critical infrastructure that provides services 
     to the public.
       (3) Cooperating with like-minded democratic countries that 
     share common values and cyberspace policies with the United 
     States, including respect for human rights, democracy, and 
     the rule of law, to advance such values and policies 
     internationally.
       (4) Encouraging the responsible development of new, 
     innovative technologies and ICT products that strengthen a 
     secure Internet architecture that is accessible to all.
       (5) Securing and implementing commitments on responsible 
     country behavior in cyberspace based upon accepted norms, 
     including the following:
       (A) Countries should not conduct, or knowingly support, 
     cyber-enabled theft of intellectual property, including trade 
     secrets or other confidential business information, with the 
     intent of providing competitive advantages to companies or 
     commercial sectors.
       (B) Countries should take all appropriate and reasonable 
     efforts to keep their territories clear of intentionally 
     wrongful acts using ICTs in violation of international 
     commitments.
       (C) Countries should not conduct or knowingly support ICT 
     activity that, contrary to international law, intentionally 
     damages or otherwise impairs the use and operation of 
     critical infrastructure providing services to the public, and 
     should take appropriate measures to protect their critical 
     infrastructure from ICT threats.
       (D) Countries should not conduct or knowingly support 
     malicious international activity that, contrary to 
     international law, harms the information systems of 
     authorized emergency response teams (also known as ``computer 
     emergency response teams'' or ``cybersecurity incident 
     response teams'') of another country or authorize emergency 
     response teams to engage in malicious international activity.
       (E) Countries should respond to appropriate requests for 
     assistance to mitigate malicious ICT activity emanating from 
     their territory and aimed at the critical infrastructure of 
     another country.
       (F) Countries should not restrict cross-border data flows 
     or require local storage or processing of data.
       (G) Countries should protect the exercise of human rights 
     and fundamental freedoms on the Internet and commit to the 
     principle that the human rights that people have offline 
     should also be protected online.
       (6) Advancing, encouraging, and supporting the development 
     and adoption of internationally recognized technical 
     standards and best practices.

     SEC. 5. DEPARTMENT OF STATE RESPONSIBILITIES.

       (a) In General.--Section 1 of the State Department Basic 
     Authorities Act of 1956 (22 U.S.C. 2651a) is amended--
       (1) by redesignating subsection (g) as subsection (h); and
       (2) by inserting after subsection (f) the following new 
     subsection:
       ``(g) Bureau of International Cyberspace Policy.--
       ``(1) In general.--There is established, within the 
     Department of State, a Bureau of International Cyberspace 
     Policy (referred to in this subsection as the `Bureau'). The 
     head of the Bureau shall have the rank and status of 
     ambassador and shall be appointed by the President, by and 
     with the advice and consent of the Senate.
       ``(2) Duties.--
       ``(A) In general.--The head of the Bureau shall perform 
     such duties and exercise such powers as the Secretary of 
     State shall prescribe, including implementing the policy of 
     the United States described in section 4 of the Cyber 
     Diplomacy Act of 2021.
       ``(B) Duties described.--The principal duties and 
     responsibilities of the head of the Bureau shall be--
       ``(i) to serve as the principal cyberspace policy official 
     within the senior management of the Department of State and 
     as the advisor to the Secretary of State for cyberspace 
     issues;
       ``(ii) to lead the Department of State's diplomatic 
     cyberspace efforts, including efforts relating to 
     international cybersecurity, Internet access, Internet 
     freedom, digital economy, cybercrime, deterrence and 
     international responses to cyber threats, and other issues 
     that the Secretary assigns to the Bureau;
       ``(iii) to coordinate cyberspace policy and other relevant 
     functions within the Department of State and with other 
     components of the United States Government, including through 
     the Cyberspace Policy Coordinating Committee described in 
     paragraph (6), and by convening other coordinating meetings 
     with appropriate officials from the Department and other 
     components of the United States Government on a regular 
     basis;
       ``(iv) to promote an open, interoperable, reliable, 
     unfettered, and secure information and communications 
     technology infrastructure globally;
       ``(v) to represent the Secretary of State in interagency 
     efforts to develop and advance the policy described in 
     section 4 of the Cyber Diplomacy Act of 2021;
       ``(vi) to act as a liaison to civil society, the private 
     sector, academia, and other public and private entities on 
     relevant international cyberspace issues;
       ``(vii) to lead United States Government efforts to 
     establish a global deterrence framework for malicious cyber 
     activity;
       ``(viii) to develop and execute adversary-specific 
     strategies to influence adversary decisionmaking through the 
     imposition of costs and deterrence strategies, in 
     coordination with other relevant Executive agencies;
       ``(ix) to advise the Secretary and coordinate with foreign 
     governments on external responses to national security-level 
     cyber incidents, including coordination on diplomatic 
     response efforts to support allies threatened by malicious 
     cyber activity, in conjunction with members of the North 
     Atlantic Treaty Organization and other like-minded countries;
       ``(x) to promote the adoption of national processes and 
     programs that enable threat detection, prevention, and 
     response to malicious cyber activity emanating from the 
     territory of a foreign country, including as such activity 
     relates to the United States' European allies, as 
     appropriate;
       ``(xi) to promote the building of foreign capacity relating 
     to cyberspace policy priorities;
       ``(xii) to promote the maintenance of an open and 
     interoperable Internet governed by the multistakeholder 
     model, instead of by centralized government control;
       ``(xiii) to promote an international regulatory environment 
     for technology investments and the Internet that benefits 
     United States economic and national security interests;
       ``(xiv) to promote cross-border flow of data and combat 
     international initiatives seeking to impose unreasonable 
     requirements on United States businesses;
       ``(xv) to promote international policies to protect the 
     integrity of United States and international 
     telecommunications infrastructure from foreign-based, cyber-
     enabled threats;
       ``(xvi) to lead engagement, in coordination with Executive 
     agencies, with foreign governments on relevant international 
     cyberspace and digital economy issues as described in the 
     Cyber Diplomacy Act of 2021;
       ``(xvii) to promote international policies to secure radio 
     frequency spectrum for United States businesses and national 
     security needs;
       ``(xviii) to promote and protect the exercise of human 
     rights, including freedom of speech and religion, through the 
     Internet;
       ``(xix) to promote international initiatives to strengthen 
     civilian and private sector resiliency to threats in 
     cyberspace;
       ``(xx) to build capacity of United States diplomatic 
     officials to engage on cyberspace issues;
       ``(xxi) to encourage the development and adoption by 
     foreign countries of internationally recognized standards, 
     policies, and best practices;
       ``(xxii) to consult, as appropriate, with other Executive 
     agencies with related functions vested in such Executive 
     agencies by law; and
       ``(xxiii) to conduct such other matters as the Secretary of 
     State may assign.
       ``(3) Qualifications.--The head of the Bureau should be an 
     individual of demonstrated competency in the fields of--
       ``(A) cybersecurity and other relevant cyberspace issues; 
     and
       ``(B) international diplomacy.
       ``(4) Organizational placement.--During the 1-year period 
     beginning on the date of the enactment of the Cyber Diplomacy 
     Act of 2021, the head of the Bureau shall report to the Under 
     Secretary for Political Affairs or to an official holding a 
     higher position in the Department of State than the Under 
     Secretary for Political Affairs. After the conclusion of such 
     period, the head of the Bureau may report to a different 
     Under Secretary or to an official holding a higher position 
     than Under Secretary if, not less than 15 days prior to any 
     change in such reporting structure, the Secretary of State 
     consults with and provides to the Committee on Foreign 
     Relations of the Senate and the Committee on Foreign Affairs 
     of the House of Representatives the following:
       ``(A) A notification that the Secretary has, with respect 
     to the reporting structure of the Bureau, consulted with and 
     solicited feedback from--
       ``(i) other relevant Federal entities with a role in 
     international aspects of cyber policy; and
       ``(ii) the elements of the Department of State with 
     responsibility over aspects of cyber policy, including the 
     elements reporting to--

       ``(I) the Under Secretary for Political Affairs;
       ``(II) the Under Secretary for Civilian Security, 
     Democracy, and Human Rights;

[[Page H1932]]

       ``(III) the Under Secretary for Economic Growth, Energy, 
     and the Environment;
       ``(IV) the Under Secretary for Arms Control and 
     International Security Affairs; and
       ``(V) the Under Secretary for Management.

       ``(B) A description of the new reporting structure for the 
     head of the Bureau, as well as a description of the data and 
     evidence used to justify such new structure.
       ``(C) A plan describing how the new reporting structure 
     will better enable the head of the Bureau to carry out the 
     responsibilities specified in paragraph (2), including the 
     security, economic, and human rights aspects of cyber 
     diplomacy.
       ``(5) Rule of construction.--Nothing in this subsection may 
     be construed to preclude the head of the Bureau from being 
     designated as an Assistant Secretary, if such an Assistant 
     Secretary position does not increase the number of Assistant 
     Secretary positions at the Department above the number 
     authorized under subsection (c)(1).
       ``(6) Coordination.--
       ``(A) Cyberspace policy coordinating committee.--In 
     conjunction with establishing the Bureau pursuant to this 
     subsection, there is established a senior-level Cyberspace 
     Policy Coordinating Committee to ensure that cyberspace 
     issues receive broad senior level-attention and coordination 
     across the Department of State and provide ongoing oversight 
     of such issues. The Cyberspace Policy Coordinating Committee 
     shall be chaired by the head of the Bureau or an official of 
     the Department of State holding a higher position, and 
     operate on an ongoing basis, meeting not less frequently than 
     quarterly. Committee members shall include appropriate 
     officials at the Assistant Secretary level or higher from--
       ``(i) the Under Secretariat for Political Affairs;
       ``(ii) the Under Secretariat for Civilian Security, 
     Democracy, and Human Rights;
       ``(iii) the Under Secretariat for Economic Growth, Energy 
     and the Environment;
       ``(iv) the Under Secretariat for Arms Control and 
     International Security;
       ``(v) the Under Secretariat for Management; and
       ``(vi) other senior level Department participants, as 
     appropriate.
       ``(B) Other meetings.--The head of the Bureau shall convene 
     other coordinating meetings with appropriate officials from 
     the Department of State and other components of the United 
     States Government to ensure regular coordination and 
     collaboration on crosscutting cyber policy issues.
       ``(b) Sense of Congress.--It is the sense of Congress that 
     the Bureau of International Cyberspace Policy established 
     under section 1(g) of the State Department Basic Authorities 
     Act of 1956, as added by subsection (a), should have a 
     diverse workforce composed of qualified individuals, 
     including such individuals from traditionally under-
     represented groups.
       ``(c) United Nations.--The Permanent Representative of the 
     United States to the United Nations should use the voice, 
     vote, and influence of the United States to oppose any 
     measure that is inconsistent with the policy described in 
     section 4.''.

     SEC. 6. INTERNATIONAL CYBERSPACE EXECUTIVE ARRANGEMENTS.

       (a) In General.--The President is encouraged to enter into 
     executive arrangements with foreign governments that support 
     the policy described in section 4.
       (b) Transmission to Congress.--Section 112b of title 1, 
     United States Code, is amended--
       (1) in subsection (a) by striking ``International 
     Relations'' and inserting ``Foreign Affairs'';
       (2) in subsection (e)(2)(B), by adding at the end the 
     following new clause:
       ``(iii) A bilateral or multilateral cyberspace 
     agreement.'';
       (3) by redesignating subsection (f) as subsection (g); and
       (4) by inserting after subsection (e) the following new 
     subsection:
       ``(f) With respect to any bilateral or multilateral 
     cyberspace agreement under subsection (e)(2)(B)(iii) and the 
     information required to be transmitted to Congress under 
     subsection (a), or with respect to any arrangement that seeks 
     to secure commitments on responsible country behavior in 
     cyberspace consistent with section 4(b)(5) of the Cyber 
     Diplomacy Act of 2021, the Secretary of State shall provide 
     an explanation of such arrangement, including--
       ``(1) the purpose of such arrangement;
       ``(2) how such arrangement is consistent with the policy 
     described in section 4 of such Act; and
       ``(3) how such arrangement will be implemented.''.
       (c) Status Report.--During the 5-year period immediately 
     following the transmittal to Congress of an agreement 
     described in clause (iii) of section 112b(e)(2)(B) of title 
     1, United States Code, as added by subsection (b)(2), or 
     until such agreement has been discontinued, if discontinued 
     within 5 years, the President shall--
       (1) notify the appropriate congressional committees if 
     another country fails to adhere to significant commitments 
     contained in such agreement; and
       (2) describe the steps that the United States has taken or 
     plans to take to ensure that all such commitments are 
     fulfilled.
       (d) Existing Executive Arrangements.--Not later than 180 
     days after the date of the enactment of this Act, the 
     Secretary of State shall brief the appropriate congressional 
     committees regarding any executive bilateral or multilateral 
     cyberspace arrangement in effect before the date of enactment 
     of this Act, including--
       (1) the arrangement announced between the United States and 
     Japan on April 25, 2014;
       (2) the arrangement announced between the United States and 
     the United Kingdom on January 16, 2015;
       (3) the arrangement announced between the United States and 
     China on September 25, 2015;
       (4) the arrangement announced between the United States and 
     Korea on October 16, 2015;
       (5) the arrangement announced between the United States and 
     Australia on January 19, 2016;
       (6) the arrangement announced between the United States and 
     India on June 7, 2016;
       (7) the arrangement announced between the United States and 
     Argentina on April 27, 2017;
       (8) the arrangement announced between the United States and 
     Kenya on June 22, 2017;
       (9) the arrangement announced between the United States and 
     Israel on June 26, 2017;
       (10) the arrangement announced between the United States 
     and France on February 9, 2018;
       (11) the arrangement announced between the United States 
     and Brazil on May 14, 2018; and
       (12) any other similar bilateral or multilateral 
     arrangement announced before such date of enactment.

     SEC. 7. INTERNATIONAL STRATEGY FOR CYBERSPACE.

       (a) Strategy Required.--Not later than one year after the 
     date of the enactment of this Act, the President, acting 
     through the Secretary of State, and in coordination with the 
     heads of other relevant Federal departments and agencies, 
     shall develop a strategy relating to United States engagement 
     with foreign governments on international norms with respect 
     to responsible state behavior in cyberspace.
       (b) Elements.--The strategy required under subsection (a) 
     shall include the following:
       (1) A review of actions and activities undertaken to 
     support the policy described in section 4.
       (2) A plan of action to guide the diplomacy of the 
     Department of State with regard to foreign countries, 
     including--
       (A) conducting bilateral and multilateral activities to--
       (i) develop norms of responsible country behavior in 
     cyberspace consistent with the objectives specified in 
     section 4(b)(5); and
       (ii) share best practices and advance proposals to 
     strengthen civilian and private sector resiliency to threats 
     and access to opportunities in cyberspace; and
       (B) reviewing the status of existing efforts in relevant 
     multilateral fora, as appropriate, to obtain commitments on 
     international norms in cyberspace.
       (3) A review of alternative concepts with regard to 
     international norms in cyberspace offered by foreign 
     countries.
       (4) A detailed description of new and evolving threats in 
     cyberspace from foreign adversaries, state-sponsored actors, 
     and private actors to--
       (A) United States national security;
       (B) Federal and private sector cyberspace infrastructure of 
     the United States;
       (C) intellectual property in the United States; and
       (D) the privacy and security of citizens of the United 
     States.
       (5) A review of policy tools available to the President to 
     deter and de-escalate tensions with foreign countries, state-
     sponsored actors, and private actors regarding threats in 
     cyberspace, the degree to which such tools have been used, 
     and whether such tools have been effective deterrents.
       (6) A review of resources required to conduct activities to 
     build responsible norms of international cyber behavior.
       (7) A plan of action, developed in consultation with 
     relevant Federal departments and agencies as the President 
     may direct, to guide the diplomacy of the Department of State 
     with regard to inclusion of cyber issues in mutual defense 
     agreements.
       (c) Form of Strategy.--
       (1) Public availability.--The strategy required under 
     subsection (a) shall be available to the public in 
     unclassified form, including through publication in the 
     Federal Register.
       (2) Classified annex.--The strategy required under 
     subsection (a) may include a classified annex, consistent 
     with United States national security interests, if the 
     Secretary of State determines that such annex is appropriate.
       (d) Briefing.--Not later than 30 days after the completion 
     of the strategy required under subsection (a), the Secretary 
     of State shall brief the appropriate congressional committees 
     on the strategy, including any material contained in a 
     classified annex.
       (e) Updates.--The strategy required under subsection (a) 
     shall be updated--
       (1) not later than 90 days after any material change to 
     United States policy described in such strategy; and
       (2) not later than one year after the inauguration of each 
     new President.

     SEC. 8. ANNUAL COUNTRY REPORTS ON HUMAN RIGHTS PRACTICES.

       The Foreign Assistance Act of 1961 is amended--
       (1) in section 116 (22 U.S.C. 2151n), by adding at the end 
     the following new subsection:

[[Page H1933]]

       ``(h)(1) The report required under subsection (d) shall 
     include an assessment of freedom of expression with respect 
     to electronic information in each foreign country, which 
     information shall include the following:
       ``(A) An assessment of the extent to which government 
     authorities in the country inappropriately attempt to filter, 
     censor, or otherwise block or remove nonviolent expression of 
     political or religious opinion or belief through the 
     Internet, including electronic mail, and a description of the 
     means by which such authorities attempt to inappropriately 
     block or remove such expression.
       ``(B) An assessment of the extent to which government 
     authorities in the country have persecuted or otherwise 
     punished, arbitrarily and without due process, an individual 
     or group for the nonviolent expression of political, 
     religious, or ideological opinion or belief through the 
     Internet, including electronic mail.
       ``(C) An assessment of the extent to which government 
     authorities in the country have sought, inappropriately and 
     with malicious intent, to collect, request, obtain, or 
     disclose without due process personally identifiable 
     information of a person in connection with that person's 
     nonviolent expression of political, religious, or ideological 
     opinion or belief, including expression that would be 
     protected by the International Covenant on Civil and 
     Political Rights, adopted at New York December 16, 1966, and 
     entered into force March 23, 1976, as interpreted by the 
     United States.
       ``(D) An assessment of the extent to which wire 
     communications and electronic communications are monitored 
     without due process and in contravention to United States 
     policy with respect to the principles of privacy, human 
     rights, democracy, and rule of law.
       ``(2) In compiling data and making assessments under 
     paragraph (1), United States diplomatic personnel should 
     consult with relevant entities, including human rights 
     organizations, the private sector, the governments of like-
     minded countries, technology and Internet companies, and 
     other appropriate nongovernmental organizations or entities.
       ``(3) In this subsection--
       ``(A) the term `electronic communication' has the meaning 
     given the term in section 2510 of title 18, United States 
     Code;
       ``(B) the term `Internet' has the meaning given the term in 
     section 231(e)(3) of the Communications Act of 1934 (47 
     U.S.C. 231(e)(3));
       ``(C) the term `personally identifiable information' means 
     data in a form that identifies a particular person; and
       ``(D) the term `wire communication' has the meaning given 
     the term in section 2510 of title 18, United States Code.''; 
     and
       (2) in section 502B (22 U.S.C. 2304)--
       (A) by redesignating the second subsection (i) (relating to 
     child marriage) as subjection (j); and
       (B) by adding at the end the following new subsection:
       ``(k)(1) The report required under subsection (b) shall 
     include an assessment of freedom of expression with respect 
     to electronic information in each foreign country, which 
     information shall include the following:
       ``(A) An assessment of the extent to which government 
     authorities in the country inappropriately attempt to filter, 
     censor, or otherwise block or remove nonviolent expression of 
     political or religious opinion or belief through the 
     Internet, including electronic mail, and a description of the 
     means by which such authorities attempt to inappropriately 
     block or remove such expression.
       ``(B) An assessment of the extent to which government 
     authorities in the country have persecuted or otherwise 
     punished, arbitrarily and without due process, an individual 
     or group for the nonviolent expression of political, 
     religious, or ideological opinion or belief through the 
     Internet, including electronic mail.
       ``(C) An assessment of the extent to which government 
     authorities in the country have sought, inappropriately and 
     with malicious intent, to collect, request, obtain, or 
     disclose without due process personally identifiable 
     information of a person in connection with that person's 
     nonviolent expression of political, religious, or ideological 
     opinion or belief, including expression that would be 
     protected by the International Covenant on Civil and 
     Political Rights, adopted at New York December 16, 1966, and 
     entered into force March 23, 1976, as interpreted by the 
     United States.
       ``(D) An assessment of the extent to which wire 
     communications and electronic communications are monitored 
     without due process and in contravention to United States 
     policy with respect to the principles of privacy, human 
     rights, democracy, and rule of law.
       ``(2) In compiling data and making assessments under 
     paragraph (1), United States diplomatic personnel should 
     consult with relevant entities, including human rights 
     organizations, the private sector, the governments of like-
     minded countries, technology and Internet companies, and 
     other appropriate nongovernmental organizations or entities.
       ``(3) In this subsection--
       ``(A) the term `electronic communication' has the meaning 
     given the term in section 2510 of title 18, United States 
     Code;
       ``(B) the term `Internet' has the meaning given the term in 
     section 231(e)(3) of the Communications Act of 1934 (47 
     U.S.C. 231(e)(3));
       ``(C) the term `personally identifiable information' means 
     data in a form that identifies a particular person; and
       ``(D) the term `wire communication' has the meaning given 
     the term in section 2510 of title 18, United States Code.''.

     SEC. 9. GAO REPORT ON CYBER DIPLOMACY.

       Not later than one year after the date of the enactment of 
     this Act, the Comptroller General of the United States shall 
     submit a report and provide a briefing to the appropriate 
     congressional committees that includes--
       (1) an assessment of the extent to which United States 
     diplomatic processes and other efforts with foreign 
     countries, including through multilateral fora, bilateral 
     engagements, and negotiated cyberspace agreements, advance 
     the full range of United States interests in cyberspace, 
     including the policy described in section 4;
       (2) an assessment of the Department of State's 
     organizational structure and approach to managing its 
     diplomatic efforts to advance the full range of United States 
     interests in cyberspace, including a review of--
       (A) the establishment of a Bureau in the Department of 
     State to lead the Department's international cyber mission;
       (B) the current or proposed diplomatic mission, structure, 
     staffing, funding, and activities of the Bureau;
       (C) how the establishment of the Bureau has impacted or is 
     likely to impact the structure and organization of the 
     Department; and
       (D) what challenges, if any, the Department has faced or 
     will face in establishing such Bureau; and
       (3) any other matters determined relevant by the 
     Comptroller General.

     SEC. 10. SENSE OF CONGRESS ON CYBERSECURITY SANCTIONS AGAINST 
                   NORTH KOREA AND CYBERSECURITY LEGISLATION IN 
                   VIETNAM.

       It is the sense of Congress that--
       (1) the President should designate all entities that 
     knowingly engage in significant activities undermining 
     cybersecurity through the use of computer networks or systems 
     against foreign persons, governments, or other entities on 
     behalf of the Government of North Korea, consistent with 
     section 209(b) of the North Korea Sanctions and Policy 
     Enhancement Act of 2016 (22 U.S.C. 9229(b));
       (2) the cybersecurity law approved by the National Assembly 
     of Vietnam on June 12, 2018--
       (A) may not be consistent with international trade 
     standards; and
       (B) may endanger the privacy of citizens of Vietnam; and
       (3) the Government of Vietnam should work with the United 
     States and other countries to ensure that such law meets all 
     relevant international standards.

  The SPEAKER pro tempore (Ms. Garcia of Texas). Pursuant to the rule, 
the gentleman from New York (Mr. Meeks) and the gentleman from Texas 
(Mr. McCaul) each will control 20 minutes.
  The Chair recognizes the gentleman from New York.


                             General Leave

  Mr. MEEKS. Madam Speaker, I ask unanimous consent that all Members 
have 5 legislative days in which to revise and extend their remarks and 
to include any extraneous material on H.R. 1251, as amended.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from New York?
  There was no objection.
  Mr. MEEKS. Madam Speaker, I yield myself such time as I may consume.
  Madam Speaker, I rise today in support of H.R. 1251, the Cyber 
Diplomacy Act of 2021, as amended, by my good friend and the Foreign 
Affairs Committee's ranking member, Mr. McCaul. I thank him for his 
work on this important bill.
  This Congress, the House Foreign Affairs Committee aims to prioritize 
efforts to reassert American leadership on a variety of issues. I can't 
think of any issue that is more timely than ensuring American 
leadership is prepared to confront the growing national security 
challenge in cyberspace.
  The U.S. is increasingly under attack online by foreign actors, 
whether it is the recent SolarWinds hack or other attempted cyber 
intrusions on critical American infrastructure.
  Now more than ever, we need a senior cyber diplomat who can support 
American efforts to keep the internet open, interoperable, reliable, 
and secure.
  To demonstrate how seriously the United States takes these issues, it 
is vital that we strengthen the State Department's tools to address the 
challenges in cyberspace to American foreign policy. The State 
Department needs a bureau capable and focused on tackling the growing 
global challenges of cybersecurity, the digital economy, and internet 
freedom in order to be

[[Page H1934]]

better prepared to advance America's international interests on cyber 
policy.
  Madam Speaker, that is exactly what this Cyber Diplomacy Act will do. 
Our allies and adversaries are prioritizing international engagement to 
set the standards and rules that govern how the internet is structured 
and used. The United States has always been a leader in this space, and 
now is the time to redouble our efforts to ensure we remain an 
influential voice in establishing the rules of the road.
  It is critical that the United States prioritize our diplomatic 
efforts in this area and work with our partners and allies to establish 
agreed-upon norms. To keep the internet open and accessible, we must 
push back against countries that will exploit the internet to pilfer 
our intellectual property and hack into our country's most sensitive 
information, and which seek to derail international norms.
  This bill is critical to supporting these key priorities. It 
authorizes the Bureau of International Cyberspace Policy to lead the 
State Department's cyber diplomatic efforts, including on issues 
relating to international cybersecurity, internet access and freedom, 
and international cyber threats, including countering terrorists' use 
of cyberspace.
  This bill also directs the President to devise a strategy related to 
U.S. engagement with foreign governments on international norms with 
respect to responsible state behavior in cyberspace.
  I am also pleased that in authorizing this office, we make clear 
bipartisan congressional intent that the Bureau of International 
Cyberspace Policy is comprised of a diverse workforce. Like the rest of 
our national security policy establishments, we know that ensuring a 
diverse and inclusive workforce improves the effectiveness of national 
security activities, and this bill makes that intent very clear.
  Madam Speaker, I am pleased to support this critical and, again, 
bipartisan measure that will reassert American leadership on this 
important issue, and I reserve the balance of my time.
  Mr. McCAUL. Madam Speaker, I yield myself such time as I may consume.
  Madam Speaker, I am pleased the House is considering the Cyber 
Diplomacy Act that I reintroduced this Congress with Chairman Meeks and 
a strong roster of bipartisan cosponsors. I also want to thank my good 
friend from Rhode Island (Mr. Langevin), my co-chair on the 
Congressional Cybersecurity Caucus. Over the past decade, he and I have 
worked very hard to advance critical cyber legislation like the law 
that set up the Cybersecurity and Infrastructure Security Agency at the 
Department of Homeland Security.
  With today's bill, we are taking the protection provided by CISA to 
the United States to the international stage and, as the chairman 
mentioned, providing rules of the road, which we do not have today.
  The United States has strategic and economic interests in ensuring 
the internet remains open, reliable, and secure around the world. 
Unfortunately, not all governments agree.
  For example, Russia and China are aggressively promoting their vision 
of ``cyber sovereignty,'' which emphasizes state control over 
cyberspace and tramples individual freedoms. That is why the United 
States and our allies must be prepared to advance our own vision for 
cyberspace.
  The Cyber Diplomacy Act gives the State Department the necessary 
tools to work with our allies and partners to stop the spread of 
misinformation, to stop the cyberattacks, and to stop the imposition of 
their so-called cyber security.
  Madam Speaker, a new ambassador will be given the authority to 
establish critical cyber norms and standards that do not exist today to 
help define what is good behavior and what is bad.
  Let me say that when the SolarWinds attack occurred, in the past, 
there were no consequences to bad behavior with the Russians or the 
Chinese, and I was very supportive and proud that President Biden 
struck back with sanctions against Russia for this bad behavior. That 
is what this office is really all about.

  Without these clear guidelines, it is not possible to mount a strong 
response to our adversaries' destructive behavior. This bill is long 
overdue. To me, it is the last piece in terms of our cyber role in the 
Federal Government, now taking it to the international stage with our 
allies around the world.
  Madam Speaker, again, I want to thank Chairman Meeks, Mr. Langevin, 
and all of the bipartisan cosponsors. The recent high-profile attacks 
remind us that what happens in cyberspace is vitally important to the 
United States and our allies and partners around the world. This act 
will enhance our ability to protect and promote our national security, 
our ability to compete, and the freedoms and ideals America represents 
to the world.
  A decade ago, we had to determine what is the cyber role--or maybe 
even 15--what the role is of the Federal Government. We knew the 
Department of Defense and NSA had great offensive capabilities. We 
needed a civilian agency to work with the private sector to share 
threat information, and that became the beginning of the cybersecurity 
agency at the Department of Homeland Security. And, of course, the FBI 
investigates. But we have never had any international norms or 
standards or, as the chairman said, the rules of the road.
  This bill, as I said, is long overdue. The Russians influenced our 
elections. There are, finally, sanctions against them. But before that, 
few consequences occurred. When the Chinese stole 23 million security 
clearances, including my own, there was zero response from the United 
States of America.
  When these attacks occurred, and when our intellectual property has 
been stolen, so much so that Keith Alexander, the NSA Director, said it 
was the ``greatest transfer of wealth in human history,'' with no 
consequence, we finally shut down the Chinese consulate in Houston 
because of the tremendous theft of intellectual property through the 
Texas Medical Center in my home State, including research and 
development on the vaccine. Then there was a Texas A&M professor being 
indicted for espionage for giving NASA data to the Chinese. This has to 
stop.
  This act, this cyber diplomacy bill, will ensure that, at the 
international level, the United States is respected and that we are 
going to work with our allies to provide the norms and standards that 
are so desperately needed to better protect our interests and the 
interests of our allies.
  Madam Speaker, I yield back the balance of my time.
  Mr. MEEKS. Madam Speaker, I yield myself the balance of my time.
  Madam Speaker, H.R. 1251, the Cyber Diplomacy Act, introduced by my 
friend and the ranking member, Mr. McCaul, is bipartisan legislation 
that is essential to America's national security and positioning our 
country to meet the current and future threats in cyberspace head-on.
  This bill will give the State Department the tools it needs to 
further secure peace, stability, and economic prosperity for the United 
States in the cyber realm now and in the future.
  Again, I hope all of my colleagues join both Mr. McCaul and myself in 
supporting this bill, and I yield back the balance of my time.

                              {time}  1800

  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from New York (Mr. Meeks) that the House suspend the rules 
and pass the bill, H.R. 1251, as amended.
  The question was taken.
  The SPEAKER pro tempore. In the opinion of the Chair, two-thirds 
being in the affirmative, the ayes have it.
  Mr. GOOD of Virginia. Madam Speaker, on that I demand the yeas and 
nays.
  The SPEAKER pro tempore. Pursuant to section 3(s) of House Resolution 
8, the yeas and nays are ordered.
  Pursuant to clause 8 of rule XX, further proceedings on this motion 
are postponed.

                          ____________________