PolicySoupstir the potALPHA

H.R. 3278 (119th)Bill Overview
Full Analysis

Protecting Critical Infrastructure Act

Crime and Law Enforcement|Crime and Law Enforcement
Sponsor
Pat FallonR
Cosponsors
Support
Lean Republican
Introduced
May 8, 2025
Discussions
0
Bill Text
View ↗
Current stageCommittee

Referred to the Committee on the Judiciary, and in addition to the Committee on Foreign Affairs, for a period to be subsequently determined by the Speaker, in each case for consid…

Introduced
Committee
Floor
President
Law
Congressional Activities
01 · The brief
Plain-English summaryWhat this bill actually does

The bill raises criminal penalties under the Computer Fraud and Abuse Act for offenses involving critical infrastructure, adding fines and imprisonment of not less than 30 years or life for such offenses. It also directs the President to impose IEEPA-based asset-blocking sanctions and immigration penalties (inadmissibility and visa revocation) on foreign persons who knowingly access or attempt to access critical infrastructure to harm U.S. national security or the safety of lawful permanent residents, with limited waiver, rulemaking, and oversight provisions and statutory definitions.

Why people may split

Severity of criminal penalties versus proportionality and civil liberties

Watch point

Relative to its intended legislative type, this bill is a substantive policy change that clearly defines its principal actions (increasing criminal penalties for critical infrastructure-related computer offenses and creating mandatory sanctions authorities against foreign persons) and integrates those actions with existing statutory authorities.

The bill raises criminal penalties under the Computer Fraud and Abuse Act for offenses involving critical infrastructure, adding fines and imprisonment of not less than 30 years or life for such offenses.

It also directs the President to impose IEEPA-based asset-blocking sanctions and immigration penalties (inadmissibility and visa revocation) on foreign persons who knowingly access or attempt to access critical infrastructure to harm U.S. national security or the safety of lawful permanent residents, with limited waiver, rulemaking, and oversight provisions and statutory definitions.

Passage45/100

Narrow national security focus helps, but very severe criminal penalties and broad sanctioning/immigration effects create legal and political friction.

CredibilityPartially aligned

Relative to its intended legislative type, this bill is a substantive policy change that clearly defines its principal actions (increasing criminal penalties for critical infrastructure-related computer offenses and creating mandatory sanctions authorities against foreign persons) and integrates those actions with existing statutory authorities. It supplies concrete mechanisms and a usable implementation path for the sanctions provisions but omits fiscal/resourcing statements and detailed procedural safeguards or measurement/oversight provisions that would be expected given the scope of the authorities it creates.

Contention35/100

Severity of criminal penalties versus proportionality and civil liberties

02 · What it does
Full Analysis

Who stands to gain, and who may push back.

Likely benefits vs burdens50% / 50%
Likely helpedFederal agencies

These are examples from the analysis, not a ranked list of the most-affected groups.

Likely helped
  • Potential benefitRaises potential deterrence against severe cyber intrusions into critical infrastructure through much harsher criminal…
  • Potential benefitProvides the President clear authority to quickly block assets of foreign malicious actors under IEEPA.
  • Potential benefitEnables visa inadmissibility and automatic visa revocation, potentially limiting attacker mobility and entry.
Likely burdened
  • Potential burdenMandatory minimum 30-year to life sentences may raise proportionality and fairness concerns in some cases.
  • Federal agenciesBroad critical infrastructure scope may unpredictably expand federal criminal jurisdiction over many cyber incidents.
  • Potential burdenSanctions and visa revocations could strain diplomacy and complicate international cybersecurity cooperation.
03 · Why people split
Full Analysis

Why the argument around this bill splits.

Severity of criminal penalties versus proportionality and civil liberties
Progressive65%

Likely supportive of stronger defenses against attacks on infrastructure, but cautious about civil liberties, overcriminalization, and executive power.

Will want narrow definitions, due process protections, and carve-outs for security researchers and legitimate activity.

Split reaction
Centrist70%

Supports strengthening legal consequences for cyberattacks on critical systems while seeking clearer scope and oversight.

Will weigh national security benefits against proportionality and diplomatic consequences.

Leans supportive
Conservative85%

Generally favorable because the bill increases penalties and gives the President strong tools against foreign cyber threats.

May still want guardrails to ensure penalties target malicious foreign and domestic actors, not ordinary private-sector activity.

Leans supportive
04 · Can it pass?
Full Analysis

The path through Congress.

Introduced

Reached or meaningfully advanced

Committee

Reached or meaningfully advanced

Floor

Still ahead

President

Still ahead

Law

Still ahead

Passage likelihood45/100

Narrow national security focus helps, but very severe criminal penalties and broad sanctioning/immigration effects create legal and political friction.

Scope and complexity
52%
Scopemoderate
52%
Complexitymedium
Why this could stall
  • Exact practical scope of "critical infrastructure" in implementation
  • Absent cost estimate for increased incarceration and enforcement
05 · Recent votes

Recent votes on the bill.

No vote history yet

The bill has not accumulated any surfaced votes yet.

06 · Go deeper

Go deeper than the headline read.

Included on this page

Severity of criminal penalties versus proportionality and civil liberties

Narrow national security focus helps, but very severe criminal penalties and broad sanctioning/immigration effects create legal and politic…

Unlocked analysis

Relative to its intended legislative type, this bill is a substantive policy change that clearly defines its principal actions (increasing criminal penalties for critical infrastructure-related computer offenses and cre…

Go beyond the headline summary with full stakeholder mapping, legislative design analysis, passage barriers, and lens-by-lens tradeoff breakdowns.

Perspective breakdownsPassage barriersLegislative design reviewStakeholder impact map
Open full analysis