22 USC 10302 - International cyberspace and digital policy strategy

U.S Code last checked for updates: Nov 22, 2024

§ 10302.

International cyberspace and digital policy strategy

(a)

Strategy required

(b)

Elements

The strategy required under subsection (a) shall include—

(1)

a review of actions and activities undertaken to support the policy described in section 10301(a) of this title;

(2)

a plan of action to guide the diplomacy of the Department with regard to foreign countries, including—

(A)

conducting bilateral and multilateral activities—

(i)

to develop and support the implementation of norms of responsible country behavior in cyberspace consistent with the commitments listed in section 10301(b)(5) of this title;

(ii)

to reduce the frequency and severity of cyberattacks on United States individuals, businesses, governmental agencies, and other organizations;

(iii)

to reduce cybersecurity risks to United States and allied critical infrastructure;

(iv)

to improve allies’ and partners’ collaboration with the United States on cybersecurity issues, including information sharing, regulatory coordination and improvement, and joint investigatory and law enforcement operations related to cybercrime; and

(v)

to share best practices and advance proposals to strengthen civilian and private sector resiliency to threats and access to opportunities in cyberspace; and

(B)

reviewing the status of existing efforts in relevant multilateral fora, as appropriate, to obtain commitments on international norms regarding cyberspace;

(3)

a review of alternative concepts for international norms regarding cyberspace offered by foreign countries;

(4)

a detailed description, in consultation with the Office of the National Cyber Director and relevant Federal agencies, of new and evolving threats regarding cyberspace from foreign adversaries, state-sponsored actors, and non-state actors to—

(A)

United States national security;

(B)

the Federal and private sector cyberspace infrastructure of the United States;

(C)

intellectual property in the United States; and

(D)

the privacy and security of citizens of the United States;

(5)

a review of the policy tools available to the President to deter and de-escalate tensions with foreign countries, state-sponsored actors, and private actors regarding—

(A)

threats in cyberspace;

(B)

the degree to which such tools have been used; and

(C)

whether such tools have been effective deterrents;

(6)

a review of resources required to conduct activities to build responsible norms of international cyber behavior;

(7)

a review, in coordination with the Office of the National Cyber Director and the Office of Management and Budget, to determine whether the budgetary resources, technical expertise, legal authorities, and personnel available to the Department are adequate to achieve the actions and activities undertaken by the Department to support the policy described in section 10301(a) of this title;

(8)

a review to determine whether the Department is properly organized and coordinated with other Federal agencies to achieve the objectives described in section 10301(b) of this title; and

(9)

a plan of action, developed in coordination with the Department of Defense and in consultation with other relevant Federal departments and agencies as the President may direct, with respect to the inclusion of cyber issues in mutual defense agreements.

(c)

Form of strategy

(1)

Public availability

(2)

Classified annex

(d)

Briefing

(e)

Updates

The strategy required under subsection (a) shall be updated—

(1)

not later than 90 days after any material change to United States policy described in such strategy; and

(2)

not later than 1 year after the inauguration of each new President.

(Pub. L. 117–263, div. I, title XCV, § 9503, Dec. 23, 2022, 136 Stat. 3902.)

cite as: 22 USC 10302