skip to main content

H.R. 1997 (115th): Ukraine Cybersecurity Cooperation Act of 2017

The text of the bill below is as of Apr 6, 2017 (Introduced).

Summary of this bill

Source: Republican Policy Committee

H.R. 1997 encourages the Secretary of State to bolster cybersecurity cooperation with Ukraine and requires a report to Congress on U.S. and NATO efforts toward that goal. Specifically, the bill expresses the sense of Congress that the State Department should take the following actions, commensurate with U.S. interests, to help Ukraine improve its cybersecurity: (1) provide Ukraine necessary support to secure government computer networks from malicious cyber intrusions, particularly systems that defend Ukraine’s critical infrastructure; (2) provide Ukraine support to reduce reliance on Russian information and communications technology; and (3) assist Ukraine to build capacity, expand cybersecurity information sharing, and cooperate in international response efforts.

Before the 2014 Presidential election …



1st Session

H. R. 1997


April 6, 2017

(for himself and Mr. Fitzpatrick) introduced the following bill; which was referred to the Committee on Foreign Affairs


To encourage United States-Ukraine cybersecurity cooperation and require a report regarding such cooperation, and for other purposes.


Short title

This Act may be cited as the Ukraine Cybersecurity Cooperation Act of 2017.



Congress finds the following:


The United States established diplomatic relations with Ukraine in 1992, following its independence from the Soviet Union.


The United States attaches great importance to the success of Ukraine’s transition to a modern democratic country with a flourishing market economy.


In 2014, days before the Presidential election in Ukraine, there took place a failed attempt to destroy the election system software through a cyber attack.


In December 2015, Ukrainian power companies experienced unscheduled power outages impacting a large number of customers in Ukraine from a cyber attack.


In response to cyber attacks in Ukraine, Ukrainian President Petro Poroshenko emphasized the need for a National Cyber Security System declaring that cyberspace has turned into another battlefield 101 for State independence.


As a result of the December 2015 cyberattack, the United States sent interagency teams that included representatives from the Department of Energy, the Federal Bureau of Investigation, and the North American Electric Reliability Corporation to Ukraine to look into the safety of their infrastructure and to help with investigations. The visit was followed up by another interagency delegation to Ukraine in March 2016, and a May 2016 United States-Ukrainian tabletop exercise on mitigating attacks against Ukraine’s infrastructure.


As noted by former Deputy Secretary of Commerce, Bruce Andrews, Cybersecurity is a perfect example of a sector in which we can work together to increase national and economic security, create jobs, and provide mutual prosperity for both our economies. Together I am confident that we can provide leadership to enhance cybersecurity capabilities across Central and Southeast Europe..


Statement of policy

It is the policy of the United States to—


reaffirm the commitment of the United States to the United States-Ukraine Charter on Strategic Partnership, which highlights the importance of the bilateral relationship and outlines enhanced cooperation in the areas of defense, security, economics and trade, energy security, democracy, and cultural exchanges;


reaffirm the commitment of the United States to support cooperation between the North Atlantic Treaty Organization (NATO) and Ukraine;


reaffirm the commitment of the United States to provide financial, economic, and technical assistance to Ukraine to achieve its goals for the Ukrainian Government to make progress on reforms and anticorruption initiatives;


reaffirm the commitment of the United States to the Budapest Memorandum on security assurances; and


assist the Ukrainian Government to improve its cybersecurity strategy.


United States actions to assist Ukraine to improve its cybersecurity and protect American interests


Sense of Congress

It is the sense of Congress that the Secretary of State should take the following actions, commensurate with United States interests, to assist Ukraine to improve its cybersecurity:


Provide Ukraine such support as may be necessary to increase most advanced security protection on government computers, particularly such systems that defend the critical infrastructure of Ukraine.


Provide Ukraine support in reducing reliance on Russian technology.


Assist Ukraine to build capacity, expand cybersecurity information sharing, and cooperate in international response efforts.


Report on Ukraine’s cybersecurity

Not later than 180 days after the date of the enactment of this Act, the Secretary of State shall submit to the Committee on Foreign Affairs of the House of Representatives and the Committee on Foreign Relations of the Senate a report on the status of United States cybersecurity cooperation with Ukraine to seek new areas for collaboration and assistance, as well as pursue cooperation with regional partners and organizations to address shared cyber challenges. Such report shall also include information relating to the following:


An update on the U.S. Department of Energy’s efforts to establish a United States-Ukraine Stakeholder Working Group as an element of their work with Ukraine to develop a Ukrainian Cyber Security Program.


An assessment capability to establish joint United States and Ukrainian participation to—


conduct cybersecurity assessments of existing Ukrainian Government, military, critical infrastructure, and banking systems in order to identify critical vulnerabilities;


recommend mitigation strategies relating to such assessments;


combat cybercrime, including through training workshops and joint tabletop exercises covering priority cybersecurity scenarios; and


establish an information security awareness program.


An update of progress on NATO’s agreement to establish an Incident Management Center to monitor cyber security events and laboratories to investigate cybersecurity incidents.