“Hack-Back” Legislation May Get Senate Hearing. Critics Are Skeptical.
August 2, 2021
A bipartisan bill that could lead to private companies being allowed to “hack back” at cyber-attackers has been introduced in the Senate. The draft “Study on Cyber-Attack Response Options Act,” introduced by Senators Steve Daines, R- Mont. and Sheldon Whitehouse, D-R.I., instructs the Department of Homeland to study “potential consequences and benefits” of allowing companies to go after cyber-extortionists and other hackers who have gone after the companies.
“The Colonial Pipeline ransomware attack shows why we should explore a regulated process for companies to respond when they’re targets,” Whitehouse said, in a statement for an article in the digital magazine Breaking Defense. The article notes that retaliation is likely technically possible and that there’s precedent for it, in that U.S. tech companies have in the past worked with CYBERCROM and the FBI to take down cybercriminals. The difficulty, the article suggests, would be arriving at basic definitions for response criteria – e.g., the level of assurance needed and the parameters for what constitutes a “proportional” response.
“It’s all very fuzzy about what it means to hack back,” said one expert form Stanford’s Hoover Institution. He questions the wisdom of allowing (for example) general counsel to determine what’s “proportional.”
Another expert, from the Center for Strategic and International Studies, suggests that however proficient the counter-attackers prove to be, they are likely to be in over their heads when taking on on well-resourced entities from the likes of Russia, China or Iran. “Why don’t you see more privateers?” he asks. The answer, he says, is that no privateer can stand up to a navy. “It would be a bold general counsel who would let his company attack one of those groups, because they will retaliate.”
Read full article at:
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.