Sponsors (4)
The bill strengthens tools to deter and punish attacks on U.S. critical infrastructure and to sanction foreign actors, but it does so by expanding executive sanctions powers and imposing much harsher criminal penalties that risk chilling security research, increasing compliance costs, and raising civil‑liberties and diplomatic concerns.
Operators of U.S. critical infrastructure (e.g., utilities, hospitals, transport) face stronger legal deterrents and clearer statutory prioritization, encouraging greater cybersecurity investment and improved federal–state coordination to reduce successful attacks.
All Americans benefit because the President can block assets of foreign actors who access or intend to harm U.S. critical infrastructure, disrupting financing and operations of hostile actors.
Public safety is protected by making foreign individuals who knowingly target U.S. critical infrastructure inadmissible for visas, reducing the chance that malicious actors can enter the country to cause harm.
Individuals (including employees and others who interact with infrastructure systems) could face dramatically longer prison terms—up to life—greatly increasing the criminal penalties for computer offenses involving critical infrastructure.
Security researchers and good‑faith vulnerability reporters face a higher risk of severe prosecution because of harsher criminalization and a potentially broad or vague 'critical infrastructure' definition, chilling research and disclosure that improve security.
Foreign nationals and immigrants may lose visa rights or be sanctioned based on executive determinations with limited appeal, creating significant due‑process and designation-risk concerns.
Based on analysis of 3 sections of legislative text.
Imposes a new 30-years-to-life penalty for computer crimes that involve critical infrastructure and requires sanctions on foreign persons who knowingly target such infrastructure to harm U.S. security.
Introduced May 8, 2025 by Pat Fallon · Last progress May 8, 2025
Expands federal criminal and sanctions tools for harms to U.S. “critical infrastructure.” It creates a new, much harsher sentencing tier for computer crimes that involve critical infrastructure (penalties of at least 30 years up to life) and directs the President to impose mandatory economic and immigration-related sanctions on foreign persons who knowingly access or try to access critical infrastructure to harm U.S. national security or the safety of U.S. citizens and lawful permanent residents. The President may waive sanctions short-term in individual cases, must publish implementing regulations on a tight schedule, and may use existing IEEPA authorities to carry out the sanctions.