Sponsors
The bill strengthens the U.S. ability to quickly and credibly identify and punish foreign cyber actors—improving deterrence and allied coordination—but risks economic disruption to trade and markets and potential diplomatic or humanitarian harm if attribution or sanctions are misapplied.
Taxpayers, state governments, and private-sector actors: Faster, more credible U.S. attribution of state-sponsored cyber actors using clearer evidentiary standards and private-sector intelligence—improving deterrence, informing defensive responses, and enabling coordinated allied action.
Financial institutions, small businesses, and domestic infrastructure owners: Authority to impose targeted economic measures (export controls, investment and financial restrictions) to protect U.S. infrastructure and markets from harmful foreign cyber activity.
Taxpayers and domestic security agencies: Makes foreign cyber actors and their facilitators ineligible for U.S. visas and admission, reducing the risk of on-shore malicious operations and complicity.
Taxpayers, U.S. businesses and manufacturers: Designations, sanctions, and export prohibitions (including bans on intrusion/surveillance tools) could disrupt international trade and supply chains, constrain exports of dual‑use technologies, and raise costs or threaten jobs.
U.S. investors and capital markets: Restrictions on purchasing or selling securities tied to designations could create market volatility or investor losses if applied broadly or abruptly.
Taxpayers, state-governments, and humanitarian recipients: Risk that politicized or erroneous attribution leads to wrongful sanctions, diplomatic fallout, reduced U.S. leverage for assistance, harmed humanitarian outcomes, and greater congressional/administrative oversight burdens.
Based on analysis of 2 sections of legislative text.
Requires the National Cyber Director and agencies to create a National Attribution Framework and designate foreign cyber actors and their material supporters as critical cyber threat actors.
Introduced November 25, 2025 by August Pfluger · Last progress November 25, 2025
Requires the President, working through the National Cyber Director and other federal agency heads, to identify and designate foreign persons and foreign state entities as “critical cyber threat actors” when they knowingly carry out or materially support state‑sponsored cyber operations that are likely to cause serious harm to U.S. national security, foreign policy, economic health, or financial stability. The designation covers direct actors whose cyber activities cause harms such as disrupting networks, compromising critical infrastructure, stealing funds or sensitive data, destabilizing financial or energy systems, or interfering in elections and government institutions, as well as foreign persons who knowingly provide significant material or technological support to those actors. Requires the National Cyber Director to develop, in consultation with relevant agencies (DHS, DOD, DNI, State, DOJ, etc.), a uniform National Attribution Framework and deliver it to congressional committees within 180 days of enactment; the Framework must set criteria, evidentiary standards, and a process for interagency coordination for making these designations.