New bill proposes government-wide processes to attribute, sanction hackers

Legislation introduced Monday night by Rep. August Pfluger, R-Texas, would build sweeping a framework across multiple federal agencies to identify, attribute and impose harsh reprisals against nation-state hackers and cybercrime groups.

The 2025 Cyber Deterrence and Response Act would direct the National Cyber Director to designate foreign agencies, individuals and organizations that pose a cyber threat to U.S. interests.

It also would create a “national attribution framework” that directs major agencies like the Departments of Homeland Security, Justice, State and others to craft a uniform, technical consensus on how to designate hacking groups, leaning on the private sector and international partners to aid in that work.

Cybersecurity firms and intelligence agencies use various techniques to identify hackers’ ties to specific countries or other entities, though the process is not entirely consistent across organizations. The different monikers and labels that organizations use to designate and categorize the same groups can add to that inconsistency. Major cyber firms have recently worked to reassess and better align with each other on their naming conventions.

The bill also authorizes “robust sanctions against designated actors, including asset blocking, financial restrictions, export controls, procurement prohibitions, visa bans and suspension of assistance,” a statement from Pfluger’s office said. The U.S. has undertaken many of these steps in recent years, including visa restrictions on people accused of misusing spyware tools.

The measure is named after similar 2022 legislation introduced by Pfluger that sought to deter foreign hackers from targeting critical infrastructure at home. The lawmaker currently leads the counterterrorism and intelligence panel on the House Homeland Security Committee.

“As cyberattacks in the United States grow more sophisticated and widespread, we must ensure the Trump administration and all future administrations have a strong framework to hold bad actors accountable and safeguard our national security,” he said in a statement.

The 24-page bill reflects a growing desire among many lawmakers and officials for the U.S. to take a more aggressive stance in cyberspace. The push for stronger action has been fueled in part by Trump allies and officials over the past year, who argue that the U.S. has not adequately countered cyberattacks, particularly those originating from China.

A forthcoming national cybersecurity strategy from the Office of the National Cyber Director aims to take a more offensive, responsive stance against enemy hacking collectives, focused largely on “introducing costs and consequences,” NCD Sean Cairncross said last month.