U.S. SENATE — U.S. Senators Steve Daines (R-Mont.) and Sheldon Whitehouse (D-R.I.) introduced a bipartisan bill that requires the Department of Homeland Security (DHS) to conduct a study on the benefits and risks of allowing private entities to take actions to protect their operations in response to cyber-attacks.
“The United States is home to some of the best and brightest technological minds in the world—we should be doing all we can to support them, not hold them back,” Daines said. “The federal government should do more to empower the private sector to directly counter cyber threats from across the globe rather than tie their hands.”
“The Colonial Pipeline ransomware attack shows why we should explore a regulated process for companies to respond when they’re targets,” said Whitehouse. “This bill will help us determine whether that process could deter and respond to future attacks, and what guidelines American businesses should follow.”
Current law prohibits unauthorized access of any computer network which limits private entities within the United States to only internal defensive measures when it comes to cyber-attacks. Only the federal government has the legal authority to take offensive action on perpetrators of cyber-attacks, but their responses are limited and often fail to fully protect the American people.
This bill would require DHS to conduct a study on potential benefits and risks of allowing private entities to take action. Within 180 days of enactment, DHS would have to submit a report with its findings and recommendations. This would include which federal agencies would have oversight, level of certainty for attribution, which entities would be allowed to take action and what safe guards would be in place. It would also identify any impacts to national security or foreign affairs.
For bill text, click HERE.