news

WASHINGTON, D.C. — Congressman August Pfluger (TX-11) introduced legislation to protect critical American infrastructure and enhance national security. The Cyber Deterrence and Response Act of 2025 deters foreign nation-states from launching cyberattacks against critical American infrastructure by creating a unified federal process to identify, attribute, and sanction the world’s most dangerous state-sponsored cyber actors. It will give the U.S. real tools to impose costs on foreign governments and entities that target American networks, critical infrastructure, and elections.

“As cyberattacks in the United States grow more sophisticated and widespread, we must ensure the Trump administration and all future administrations have a strong framework to hold bad actors accountable and safeguard our national security. Protecting America's critical infrastructure from malicious cyberattacks is essential, and this bill does exactly that,” said Rep. Pfluger.

Specifically, this legislation...

·     Formally designates critical cyber threats: Directs the President, through the National Cyber Director, to formally identify foreign persons, agencies, and entities responsible for significant cyberattacks against the United States. This includes disruptions to critical infrastructure, large-scale data theft, financial manipulation, and election interference, as well as individuals and organizations that knowingly assist or enable these operations.

·     Creates a national attribution framework: Establishes the first government-wide process for cyber attribution, requiring clear evidentiary standards, technical verification, and confidence levels for any determination. It aligns DHS, DoW, State, ODNI, DOJ, and ONCD under a unified framework while permitting vetted private-sector intelligence companies to contribute. It also mandates close coordination with allies to share information to strengthen attribution statements.

·     Imposes strong sanctions: Authorizes robust sanctions against designated actors, including asset blocking, financial restrictions, export controls, procurement prohibitions, visa bans, and suspension of assistance. It further allows sanctions on foreign governments that direct or support state-sponsored cyber operations.

Background:

In 2024, the FBI reported more than $16 billion in U.S. economic losses from cyberattacks, an unprecedented surge primarily driven by increasingly sophisticated foreign state-sponsored actors. Cyberattacks against the U.S. are increasing in scale and sophistication, and our adversaries are actively targeting our energy systems, health networks, financial institutions, and election infrastructure.

This is a significant national security threat that must be addressed through meaningful legislation, which is precisely what the Cyber Deterrence and Response Act of 2025 will do. A unified, credible deterrent against state-sponsored cyber threats that protects U.S. infrastructure, businesses, government systems, and citizens.