PROTECT US Act

Providing Retaliation Options against Those Engaging in Cyberattacks Targeting the United States Act or PROTECT US Act

This bill directs the President to submit to Congress a list of countries designated as state-sponsors of cyberattacks.

A country shall be so designated if the President determines that the United States or a U.S. person has been targeted in a cyber-enabled activity originating from or directed by a person located in a foreign country, and such activity is likely to result in or have contributed to a threat to U.S. national security or foreign policy, or harmed U.S. economic health or financial stability or a U.S. person, or has the purpose or effect of:

• harming or compromising the provision of services by a computer or network of computers that support the United States or a U.S. person in a critical infrastructure sector;
• compromising the provision of services by the United States or a U.S. person in a critical infrastructure sector;
• disrupting the availability of a computer or network of computers owned or operated by the United States or a U.S. person; or
• causing a misappropriation of funds or economic resources, trade secrets, personally identifiable information, or financial information of the United States or a U.S. person.

The President may impose a trade-related penalty and take other actions, including assistance limitations, trade embargoes, and cyber counter attacks, with respect to a designated country.

A country may be removed from the list of state-sponsors of cyberattacks if: (1) the President determines that it no longer meets the requirements for the designation, or (2) Congress enacts a law providing for such removal.

A country that has been removed from the list by Congress may not be added back to the list by the President until at least one year after removal.