The Active Cyber Defense Certainty Act (H.R. 4036) is gathering additional bipartisan support with seven House members signing on as co-sponsors.
The bill, originally introduced by Rep. Tom Graves (R-Ga.) and Kyrsten Sinema (D-Ariz.) in October, added Reps. Buddy Carter (R-Ga.), Henry Cuellar (D-Tex.), Trey Gowdy (R-S.C.), Walter Jones (R-N.C.), Barry Loudermilk (R-Ga.), Stephanie Murphy (D-Fla.), and Austin Scott (R-Ga.) to its ranks as co-sponsors.
If passed, the bill would alter the Computer Fraud and Abuse Act (CFAA) of 1986 and would allow those victimized by a cyberattack to take certain countermeasures. These would include leaving the network to establish who attacked them, disrupting cyberattacks without damaging others' computers, retrieving and destroying stolen files, monitoring the behavior of an attacker and utilizing beaconing technology, the bill reads.
"This group of lawmakers – Republicans and Democrats – is committed to ending the status quo and moving cybersecurity solutions forward. I want to thank each of them for joining this effort to give the American people new tools to defend themselves online,” Graves said in a written statement.
On Nov. 1 the bill was referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations of the House Judiciary Committee.
Hacking back is a controversial topic, with some believing such actions could do more harm than good, with the possibility of collateral damage taking place, said Israel Barak, CISO at Cybereason, in a previous statement. Barak added that there is also a fine line between legal and illegal actions that any organization must not cross when hacking back.