Cybersecurity

Senators propose bill to help private sector defend against hackers

Sens. Steve Daines (R-Mont.) and Sheldon Whitehouse (D-R.I.) on Wednesday introduced a bill that would take steps to potentially allow private sector companies to strike back at hackers launching attacks against their operations.

The bipartisan bill would direct the Department of Homeland Security to conduct a study on what the potential benefits and risks may be of allowing companies to “hack back” in the event of an attack, actions that private sector groups are currently banned from undertaking.

Federal law only allows federal agencies to go on the offense against hackers, while all other groups are prohibited from any type of unauthorized access to other networks.

The bill was originally proposed as an amendment to the U.S. Innovation and Competition Act, approved by the Senate along bipartisan lines earlier this month, but was ultimately not included in the massive science and technology package.

Daines stressed Wednesday the need to ensure an all-hands-on-deck approach to cyber threats.

“The United States is home to some of the best and brightest technological minds in the world—we should be doing all we can to support them, not hold them back,” Daines said in a statement. “The federal government should do more to empower the private sector to directly counter cyber threats from across the globe rather than tie their hands.”

The bill was formally introduced on the heels of escalating cyberattacks, such as the SolarWinds hack, which involved Russian government-backed hackers exploiting a vulnerability in an update from IT group SolarWinds to compromise nine federal agencies and 100 private sector groups.

More recently, ransomware attacks have temporarily crippled operations at Colonial Pipeline, which supplies 45 percent of the East Coast’s fuel, and JBS USA, the nation’s largest beef supplier.

Whitehouse in a separate statement noted that the attack on Colonial, which led to gas shortages in several states when the pipeline was temporarily shut down last month, “shows why we should explore a regulated process for companies to respond when they’re targets.”

“This bill will help us determine whether that process could deter and respond to future attacks, and what guidelines American businesses should follow,” Whitehouse said.