§9229 — Title 22 Foreign Relations and Intercourse | U.S. Code

Summary

The President must send the proper congressional committees a report that names and explains major cyber attacks or other efforts to weaken cybersecurity that were aimed at the U.S. government or any U.S. person, and that were done by North Korea, by people owned or controlled by North Korea, or by people acting for North Korea. The report must list who did it and their nationality, describe what each person did, say whether any foreign government helped North Korea do these things, and lay out a U.S. plan to stop North Korea’s cyber efforts, including working with other countries. The first report was due not later than 90 days after October 25, 2018, and then every 180 days for 5 years. The report must be unclassified but can have a classified annex. The President must also officially designate for sanctions any person named in the report who knowingly uses computer networks or systems to carry out these cyber activities for North Korea.

Title 22, §9229

Foreign Relations and Intercourse — Source: USLM XML via OLRC

(a)(1)The President shall submit to the appropriate congressional committees a report that describes significant activities undermining cybersecurity aimed against the United States Government or any United States person and conducted by the Government of North Korea, or a person owned or controlled, directly or indirectly, by the Government of North Korea or any person acting for or on behalf of that Government.

(2)The report required under paragraph (1) shall include—

(A)the identity and nationality of persons that have knowingly engaged in, directed, or provided material support to conduct significant activities undermining cybersecurity described in paragraph (1);

(B)a description of the conduct engaged in by each person identified;

(C)an assessment of the extent to which a foreign government has provided material support to the Government of North Korea or any person acting for or on behalf of that Government to conduct significant activities undermining cybersecurity; and

(D)a United States strategy to counter North Korea’s efforts to conduct significant activities undermining cybersecurity against the United States, that includes efforts to engage foreign governments to halt the capability of the Government of North Korea and persons acting for or on behalf of that Government to conduct significant activities undermining cybersecurity.

(3)(A)The report required under paragraph (1) shall be submitted not later than 90 days after October 25, 2018, and every 180 days thereafter for 5 years.

(B)The report required under paragraph (1) shall be submitted in an unclassified form, but may include a classified annex.

(b)The President shall designate under section 9214(a) of this title any person identified in the report required under subsection (a)(1) that knowingly engages in significant activities undermining cybersecurity through the use of computer networks or systems against foreign persons, governments, or other entities on behalf of the Government of North Korea.

Notes & Related Subsidiaries

Editorial Notes

Amendments

2018—Subsec. (a)(3)(A). Pub. L. 115–272 substituted “not later than 90 days after

October 25, 2018, and every 180 days thereafter for 5 years” for “not later than 90 days after

February 18, 2016, and every 180 days thereafter”.

Executive Documents

Delegation of Functions For delegation of certain functions of President under this section, see Memorandum of President of the United States, May 18, 2016, 81 F.R. 37479, set out as a note under section 9212 of this title.

§9229 Report on and Imposition of Sanctions to Address Persons Responsible for Knowingly Engaging in Significant Activities Undermining Cybersecurity