Proposed "hack-back" bill could allow companies to retaliate against hackers
The bipartisan bill would direct Homeland Security to look at the risks and benefits of private sector countermeasures
According to The Hill, Senators Steve Daines (R-Mont.) and Sheldon Whitehouse (D-R.I.) have launched the bill that would push the Department of Homeland Security carry out a study on what potential benefits and risks there would be in permitting private sector organizations “hack back” in the event of an attack. Currently, private companies are banned from doing such things.
Within 180 days of enactment, DHS would have to submit a report with its findings and recommendations. This would include which federal agencies would have oversight, the level of certainty for attribution, which entities would be allowed to act, and what safeguards would be in place. It would also identify any impacts on national security or foreign affairs.
The senators said that while only the federal government has the legal authority to take offensive action on perpetrators of cyber attacks, their responses are limited and “often fail to fully protect the American people.”
“The United States is home to some of the best and brightest technological minds in the world—we should be doing all we can to support them, not hold them back,” Daines said. “The federal government should do more to empower the private sector to directly counter cyber threats from across the globe rather than tie their hands,” he continued.
The bill was originally an amendment to the US Innovation and Competition Act after the SolarWinds hack. Despite getting Senate approval on a party-line vote, the Innovation and Competition Act was not included in this year’s science and technology package. This new bipartisan bill will stand on its own.
Senator Whitehouse said that the Colonial Pipeline ransomware attack shows why the US should “explore a regulated process for companies to respond when they’re targets.”
“This bill will help us determine whether that process could deter and respond to future attacks, and what guidelines American businesses should follow,” he said.
Accelerating AI modernisation with data infrastructure
Generate business value from your AI initiativesFree Download
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programsFree Download
Modernise your legacy databases in the cloud
An introduction to cloud databasesFree Download
Powering through to innovation
IT agility drive digital transformationFree Download