A bipartisan bill is making its way through the Senate that could potentially enable private companies to take retaliatory action against cyber criminals hacking their networks.
According to The Hill, Senators Steve Daines (R-Mont.) and Sheldon Whitehouse (D-R.I.) have launched the bill that would push the Department of Homeland Security carry out a study on what potential benefits and risks there would be in permitting private sector organizations “hack back” in the event of an attack. Currently, private companies are banned from doing such things.
Within 180 days of enactment, DHS would have to submit a report with its findings and recommendations. This would include which federal agencies would have oversight, the level of certainty for attribution, which entities would be allowed to act, and what safeguards would be in place. It would also identify any impacts on national security or foreign affairs.
The senators said that while only the federal government has the legal authority to take offensive action on perpetrators of cyber attacks, their responses are limited and “often fail to fully protect the American people.”
“The United States is home to some of the best and brightest technological minds in the world—we should be doing all we can to support them, not hold them back,” Daines said. “The federal government should do more to empower the private sector to directly counter cyber threats from across the globe rather than tie their hands,” he continued.
The bill was originally an amendment to the US Innovation and Competition Act after the SolarWinds hack. Despite getting Senate approval on a party-line vote, the Innovation and Competition Act was not included in this year’s science and technology package. This new bipartisan bill will stand on its own.
Senator Whitehouse said that the Colonial Pipeline ransomware attack shows why the US should “explore a regulated process for companies to respond when they’re targets.”
“This bill will help us determine whether that process could deter and respond to future attacks, and what guidelines American businesses should follow,” he said.
-
The IT industry’s shift to circular, low-carbon solutionsMaximize your hardware investment and reach your sustainability goals with HP’s Renew Solutions
-
Lenovo ThinkPad X9 14 Aura Edition reviewReviews This thin and light ultraportable will draw you in with its vibrant screen – but it isn't as powerful as some of its competitors
-
UK cyber experts on red alert after Salt Typhoon attacks on US telcosAnalysis The UK could be next in a spate of state-sponsored attacks on telecoms infrastructure
-
Healthcare data breaches are out of control – here's how the US plans to beef up security standardsNews Changes to HIPAA security rules will require organizations to implement MFA, network segmentation, and more
-
The US could be set to ban TP-Link routersNews US authorities could be lining up the largest equipment proscription since the 2019 ban on Huawei networking infrastructure
-
US government IT contractor could face death penalty over espionage chargesNews The IT pro faces two espionage charges, each of which could lead to a death sentence or life imprisonment, prosecutors said
-
US identifies and places $10 million bounty on LockBit, Hive ransomware kingpinNews Mikhail Pavlovich Matveev was linked to specific ransomware attacks, including a 2021 raid on the DC police department
-
Breach at US Transportation Department exposes 240,000 employee recordsNews An investigation is underway into the breach, which affected former and current employee data
-
IRS mistakenly publishes 112,000 taxpayer records for the second timeNews A contractor is thought to be responsible for the error, with the agency reportedly reviewing its relationship with Accenture
-
US begins seizure of 48 DDoS-for-hire services following global investigationNews Six people have been arrested who allegedly oversaw computer attacks launched using booters
