by Doug Olenick, Online Editor
October 13, 2017
Reps. Tom Graves, R-Ga., and Kyrsten Sinema, D-Az., today introduced the Active Cyber Defense Bill which if passed would give individuals and companies hit with a cyberattack the legal authority to hack back against their assailant.
The bill alters the Computer Fraud and Abuse Act (CFAA) of 1986 and would allow those victimized by a cyberattack to take certain countermeasures. This includes leaving their network to establish who attacked, disrupt cyberattacks without damaging others’ computers, retrieve and destroy stolen files, monitor the behavior of an attacker and utilize beaconing technology, the bill reads.
“While it doesn’t solve every problem, ACDC brings some light into the dark places where cybercriminals operate,” said Rep. Tom Graves. “The certainty the bill provides will empower individuals and companies use new defenses against cybercriminals,” Graves said.
However, not everyone believes it is in the best interest of a company to counterattack.
In November 2016 the United Kingdom announced it would hack back against nation-state attackers, said Israel Barak, CISO at Cybereason, adding that such a maneuver might not be in the victim’s best interest. In particular he noted any retaliatory moves could incur collateral damage and the line between legal and illegal activities could be crossed.