(a) Strategy required

Not later than 1 year after December 23, 2022, the President, acting through the Secretary, and in coordination with the heads of other relevant Federal departments and agencies, shall develop an international cyberspace and digital policy strategy.

(b) Elements

Ask a legal question, get an answer ASAP!
Click here to chat with a lawyer about your rights.

The strategy required under subsection (a) shall include—

(1) a review of actions and activities undertaken to support the policy described in section 10301(a) of this title;

(2) a plan of action to guide the diplomacy of the Department with regard to foreign countries, including—

(A) conducting bilateral and multilateral activities—

(i) to develop and support the implementation of norms of responsible country behavior in cyberspace consistent with the commitments listed in section 10301(b)(5) of this title;

(ii) to reduce the frequency and severity of cyberattacks on United States individuals, businesses, governmental agencies, and other organizations;

(iii) to reduce cybersecurity risks to United States and allied critical infrastructure;

(iv) to improve allies’ and partners’ collaboration with the United States on cybersecurity issues, including information sharing, regulatory coordination and improvement, and joint investigatory and law enforcement operations related to cybercrime; and

(v) to share best practices and advance proposals to strengthen civilian and private sector resiliency to threats and access to opportunities in cyberspace; and


(B) reviewing the status of existing efforts in relevant multilateral fora, as appropriate, to obtain commitments on international norms regarding cyberspace;


(3) a review of alternative concepts for international norms regarding cyberspace offered by foreign countries;

(4) a detailed description, in consultation with the Office of the National Cyber Director and relevant Federal agencies, of new and evolving threats regarding cyberspace from foreign adversaries, state-sponsored actors, and non-state actors to—

(A) United States national security;

(B) the Federal and private sector cyberspace infrastructure of the United States;

(C) intellectual property in the United States; and

(D) the privacy and security of citizens of the United States;


(5) a review of the policy tools available to the President to deter and de-escalate tensions with foreign countries, state-sponsored actors, and private actors regarding—

(A) threats in cyberspace;

(B) the degree to which such tools have been used; and

(C) whether such tools have been effective deterrents;


(6) a review of resources required to conduct activities to build responsible norms of international cyber behavior;

(7) a review, in coordination with the Office of the National Cyber Director and the Office of Management and Budget, to determine whether the budgetary resources, technical expertise, legal authorities, and personnel available to the Department are adequate to achieve the actions and activities undertaken by the Department to support the policy described in section 10301(a) of this title;

(8) a review to determine whether the Department is properly organized and coordinated with other Federal agencies to achieve the objectives described in section 10301(b) of this title; and

(9) a plan of action, developed in coordination with the Department of Defense and in consultation with other relevant Federal departments and agencies as the President may direct, with respect to the inclusion of cyber issues in mutual defense agreements.

(c) Form of strategy

(1) Public availability

The strategy required under subsection (a) shall be available to the public in unclassified form, including through publication in the Federal Register.

(2) Classified annex

The strategy required under subsection (a) may include a classified annex.

(d) Briefing

Not later than 30 days after the completion of the strategy required under subsection (a), the Secretary shall brief the Committee on Foreign Relations of the Senate, the Select Committee on Intelligence of the Senate, the Committee on Armed Services of the Senate, the Committee on Foreign Affairs of the House of Representatives, the Permanent Select Committee on Intelligence of the House of Representatives, and the Committee on Armed Services of the House of Representatives regarding the strategy, including any material contained in a classified annex.

(e) Updates

The strategy required under subsection (a) shall be updated—

(1) not later than 90 days after any material change to United States policy described in such strategy; and

(2) not later than 1 year after the inauguration of each new President.