Sens. Sheldon Whitehouse, D-R.I., and Steve Daines, R-Mont., have proposed a bill that would direct the Department of Homeland Security to study the potential advantages and risks of allowing private sector organizations to initiate measures against hackers during cyberattacks.
The bipartisan bill would require DHS to submit a report containing its recommendations and findings, including potential impacts on national security and foreign affairs, federal oversight, private entities that would be allowed to take actions, safeguards and level of certainty for attribution, Whitehouse’s office said Wednesday.
“The Colonial Pipeline ransomware attack shows why we should explore a regulated process for companies to respond when they’re targets,” said Whitehouse. “This bill will help us determine whether that process could deter and respond to future attacks, and what guidelines American businesses should follow.”
Current law authorizes the federal government to launch offensive operations against hackers and limits U.S. companies to internal defensive actions. Once the measure becomes law, DHS has 180 days to submit the report.
“The federal government should do more to empower the private sector to directly counter cyber threats from across the globe rather than tie their hands," said Daines.