U.S. Congressman August Pfluger (R) has introduced the Cyber Deterrence and Response Act of 2025, a major national security proposal aimed at deterring foreign adversaries from launching cyber attacks against critical American infrastructure.
The legislation establishes a unified federal process to identify, attribute, and sanction state-sponsored cyber actors, giving the United States new tools to impose real costs on foreign governments and entities that target American networks, infrastructure, and elections.
"As cyberattacks in the United States grow more sophisticated and widespread, we must ensure the Trump administration and all future administrations have a strong framework to hold bad actors accountable and safeguard our national security," said Pfluger. "Protecting America's critical infrastructure from malicious cyberattacks is essential, and this bill does exactly that."
Under the legislation, the federal government would take several major steps. The President, through the National Cyber Director, would identify foreign individuals, agencies, and entities responsible for significant cyber attacks, including attacks on infrastructure, large-scale data theft, financial manipulation, and election interference.
There would also be the establishment of a government-wide system for cyber attribution, requiring evidentiary standards, technical verification, and confidence levels. It would align the DHS, DoD, State, ODNI, DOJ, and ONCD, while allowing vetted private intelligence firms to contribute and encouraging close coordination with allies.
Designated actors could face asset blocking, financial restrictions, export controls, procurement bans, visa denials, and suspended assistance. Sanctions may also apply to foreign governments that direct or support cyber operations.
According to the FBI data, cyber attacks caused over $16 billion in U.S. losses in 2024, driven largely by sophisticated state-sponsored actors targeting energy, health, financial, and election systems.
The Cyber Deterrence and Response Act aims to build a unified and credible deterrent against escalating state-sponsored cyber threats.
