Cybersecurity legislation

Senate Bill Could Allow Private Companies to Launch Counter-Hacking Efforts

A proposed bill in the Senate aims to give private companies authorization to initiate counter attacks on hackers.

If passed, the legislation would direct the Department of Homeland Security to study the pros and cons of legalizing counter-hacking efforts across the private sector.

Under federal law, companies are prohibited from any type of unauthorized access to other networks. Only federal agencies are allowed to carry out such undertakings, The Hill reported.

One of the bill’s proponents, Sen. Steve Daines, emphasized the need for an all-hands-on-deck approach to cyber threats.

According to Daines, the federal government should expand efforts to help the private sector directly counter cyber threats from across the globe.

The bill’s introduction comes after a series of cyber intrusions targeting government networks and critical infrastructure.

The SolarWinds supply chain attack, which was discovered in December, compromised nine federal agencies and 100 private sector groups. Zero-day vulnerabilities in Microsoft’s Exchange software also presented risks to military and civilian agency networks.

More recently, a ransomware attack temporarily shut down the operations of Colonial Pipeline, which supplies fuel to states on the East Coast.

Sen. Sheldon Whitehouse, who co-sponsored the bill, noted that the attack on the oil pipeline operator shows the need to explore a regulated process for companies to respond to cyberattacks.

“This bill will help us determine whether that process could deter and respond to future attacks, and what guidelines American businesses should follow,” Whitehouse said.