View all text of Part B [§ 9521 - § 9532]

§ 9524. Imposition of sanctions with respect to activities of the Russian Federation undermining cybersecurity
(a) In generalOn and after the date that is 60 days after August 2, 2017, the President shall—
(1) impose the sanctions described in subsection (b) with respect to any person that the President determines—
(A) knowingly engages in significant activities undermining cybersecurity against any person, including a democratic institution, or government on behalf of the Government of the Russian Federation; or
(B) is owned or controlled by, or acts or purports to act for or on behalf of, directly or indirectly, a person described in subparagraph (A);
(2) impose five or more of the sanctions described in section 9529 of this title with respect to any person that the President determines knowingly materially assists, sponsors, or provides financial, material, or technological support for, or goods or services (except financial services) in support of, an activity described in paragraph (1)(A); and
(3) impose three or more of the sanctions described in section 8923(c) of this title with respect to any person that the President determines knowingly provides financial services in support of an activity described in paragraph (1)(A).
(b) Sanctions describedThe sanctions described in this subsection are the following:
(1) Asset blocking
(2) Exclusion from the United States and revocation of visa or other documentation
(c) Application of new cyber sanctionsThe President may waive the initial application under subsection (a) of sanctions with respect to a person only if the President submits to the appropriate congressional committees—
(1) a written determination that the waiver—
(A) is in the vital national security interests of the United States; or
(B) will further the enforcement of this chapter; and
(2) a certification that the Government of the Russian Federation has made significant efforts to reduce the number and intensity of cyber intrusions conducted by that Government.
(d) Significant activities undermining cybersecurity definedIn this section, the term “significant activities undermining cybersecurity” includes—
(1) significant efforts—
(A) to deny access to or degrade, disrupt, or destroy an information and communications technology system or network; or
(B) to exfiltrate, degrade, corrupt, destroy, or release information from such a system or network without authorization for purposes of—
(i) conducting influence operations; or
(ii) causing a significant misappropriation of funds, economic resources, trade secrets, personal identifications, or financial information for commercial or competitive advantage or private financial gain;
(2) significant destructive malware attacks; and
(3) significant denial of service activities.
(Pub. L. 115–44, title II, § 224, Aug. 2, 2017, 131 Stat. 908.)