IN THE SENATE OF THE UNITED STATES
February 27, 2018
Mr. Brown (for himself, Mr. Toomey, Ms. Klobuchar, and Mr. Graham) introduced the following bill; which was read twice and referred to the Committee on Foreign Relations
To encourage United States-Ukraine cybersecurity cooperation and require a report regarding such cooperation, and for other purposes.
This Act may be cited as the
Ukraine Cybersecurity Cooperation Act of 2018.
Congress finds the following:
The United States established diplomatic relations with Ukraine in 1992, following Ukraine’s independence from the Soviet Union.
The United States attaches great importance to the success of Ukraine’s transition to a modern democratic country with a flourishing market economy.
In an effort to undermine democracy in Ukraine, hackers targeted the country’s voting infrastructure just days before its 2014 presidential election.
In December 2015, a malicious cyber intrusion into Ukrainian electric utility companies resulted in widespread power outages.
As a result of the December 2015 cyber incident, the United States sent an interagency team to Ukraine, including representatives from the Department of Energy, the Federal Bureau of Investigation, and the North American Electric Reliability Corporation, to help with the investigation and to assess the vulnerability of Ukraine’s infrastructure to cyber intrusion. The visit was followed up by another interagency delegation to Ukraine in March 2016 and a May 2016 United States-Ukrainian tabletop exercise on mitigating attacks against Ukraine’s infrastructure.
In response to an escalating series of cyber attacks on the country’s critical infrastructure—including its national railway system, its major stock exchanges, and its busiest airport—President Petro Poroshenko declared that
Cyberspace has turned into another battlefield for state independence..
In May 2017, Ukraine cited activities on Russian social media platforms, including pro-Russian propaganda and offensive cyber operations, as threats to Ukrainian national security.
Following the June 2017 Petya malware event—a global cyber incident that primarily affected Ukraine—the Secretary General of the North Atlantic Treaty Organization (NATO) said
the cyber attacks we have seen … very much highlight the importance of the support, the help NATO provides … gives … or provides to Ukraine to strengthen its cyber defenses, technical and other kinds of support. We will continue to do that and it’s an important part of our cooperation with Ukraine..
In September 2017, the United States and Ukraine conducted the first United States-Ukraine Bilateral Cyber Dialogue in Kyiv, during which both sides affirmed their commitment to an internet that is open, interoperable, reliable, and secure, and the United States announced $5 million in new cyber assistance to strengthen Ukraine’s ability to prevent, mitigate, and respond to cyber attacks.
Statement of policy
It is the policy of the United States to—
reaffirm the United States-Ukraine Charter on Strategic Partnership, which highlights the importance of the bilateral relationship and outlines enhanced cooperation in the areas of defense, security, economics and trade, energy security, democracy, and cultural exchanges;
support continued cooperation between NATO and Ukraine;
support Ukraine’s political and economic reforms;
reaffirm the commitment of the United States to the Budapest Memorandum on Security Assurances;
assist Ukraine’s efforts to enhance its cybersecurity capabilities; and
improve Ukraine’s ability to respond to Russian-supported disinformation and propaganda efforts in cyberspace, including through social media and other outlets.
United States cybersecurity cooperation with Ukraine
Sense of Congress
It is the sense of Congress that the Secretary of State should take the following actions, commensurate with United States interests, to assist Ukraine to improve its cybersecurity:
Provide Ukraine such support as may be necessary to secure government computer networks from malicious cyber intrusions, particularly such networks that defend the critical infrastructure of Ukraine.
Provide Ukraine support in reducing reliance on Russian information and communications technology.
Assist Ukraine to build its capacity, expand cybersecurity information sharing, and cooperate on international cyberspace efforts.
Not later than 180 days after the date of the enactment of this Act, the Secretary of State shall submit to the Committee on Foreign Relations of the Senate and the Committee on Foreign Affairs of the House of Representatives a report on United States cybersecurity cooperation with Ukraine. The report shall also include information relating to the following:
United States efforts to strengthen Ukraine’s ability to prevent, mitigate, and respond to cyber incidents, including through training, education, technical assistance, capacity building, and cybersecurity risk management strategies.
The potential for new areas of collaboration and mutual assistance between the United States and Ukraine in addressing shared cyber challenges, including cybercrime, critical infrastructure protection, and resilience against botnets and other automated, distributed threats.
NATO’s efforts to help Ukraine develop technical capabilities to counter cyber threats.