Proposed "hack-back" bill could allow companies to retaliate against hackers

News
By Rene Millman
published

The bipartisan bill would direct Homeland Security to look at the risks and benefits of private sector countermeasures

Man typing code on a laptop

A bipartisan bill is making its way through the Senate that could potentially enable private companies to take retaliatory action against cyber criminals hacking their networks.

According to The Hill, Senators Steve Daines (R-Mont.) and Sheldon Whitehouse (D-R.I.) have launched the bill that would push the Department of Homeland Security carry out a study on what potential benefits and risks there would be in permitting private sector organizations “hack back” in the event of an attack. Currently, private companies are banned from doing such things.

Western Digital to provide recovery services for hacked NAS drives SolarWinds hackers breach Microsoft support agent to target customers Fortinet firewall vulnerability could give hackers full control Secure Boot flaws could enable hackers to take control of Dell devices

Within 180 days of enactment, DHS would have to submit a report with its findings and recommendations. This would include which federal agencies would have oversight, the level of certainty for attribution, which entities would be allowed to act, and what safeguards would be in place. It would also identify any impacts on national security or foreign affairs.

The senators said that while only the federal government has the legal authority to take offensive action on perpetrators of cyber attacks, their responses are limited and “often fail to fully protect the American people.”

“The United States is home to some of the best and brightest technological minds in the world—we should be doing all we can to support them, not hold them back,” Daines said. “The federal government should do more to empower the private sector to directly counter cyber threats from across the globe rather than tie their hands,” he continued.

The bill was originally an amendment to the US Innovation and Competition Act after the SolarWinds hack. Despite getting Senate approval on a party-line vote, the Innovation and Competition Act was not included in this year’s science and technology package. This new bipartisan bill will stand on its own.

Senator Whitehouse said that the Colonial Pipeline ransomware attack shows why the US should “explore a regulated process for companies to respond when they’re targets.”

“This bill will help us determine whether that process could deter and respond to future attacks, and what guidelines American businesses should follow,” he said.

Rene Millman
Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.