Proposed "hack-back" bill could allow companies to retaliate against hackers
The bipartisan bill would direct Homeland Security to look at the risks and benefits of private sector countermeasures
A bipartisan bill is making its way through the Senate that could potentially enable private companies to take retaliatory action against cyber criminals hacking their networks.
According to The Hill, Senators Steve Daines (R-Mont.) and Sheldon Whitehouse (D-R.I.) have launched the bill that would push the Department of Homeland Security carry out a study on what potential benefits and risks there would be in permitting private sector organizations “hack back” in the event of an attack. Currently, private companies are banned from doing such things.
Within 180 days of enactment, DHS would have to submit a report with its findings and recommendations. This would include which federal agencies would have oversight, the level of certainty for attribution, which entities would be allowed to act, and what safeguards would be in place. It would also identify any impacts on national security or foreign affairs.
The senators said that while only the federal government has the legal authority to take offensive action on perpetrators of cyber attacks, their responses are limited and “often fail to fully protect the American people.”
“The United States is home to some of the best and brightest technological minds in the world—we should be doing all we can to support them, not hold them back,” Daines said. “The federal government should do more to empower the private sector to directly counter cyber threats from across the globe rather than tie their hands,” he continued.
The bill was originally an amendment to the US Innovation and Competition Act after the SolarWinds hack. Despite getting Senate approval on a party-line vote, the Innovation and Competition Act was not included in this year’s science and technology package. This new bipartisan bill will stand on its own.
Senator Whitehouse said that the Colonial Pipeline ransomware attack shows why the US should “explore a regulated process for companies to respond when they’re targets.”
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
“This bill will help us determine whether that process could deter and respond to future attacks, and what guidelines American businesses should follow,” he said.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.