House proposes bill amendment that would allow retaliatory hacking
Rep. Tom Graves, R-Ga., introduced a bill as a discussion draft that would allow a victim of a cyberattack to access the attacker’s computer in order to gather information about the attack to share with law enforcement or to stop the hacker from continuing to access their network.
The Active Cyber Defense Certainty Act would not allow cyberattack victims to destroy any information on their attacker’s network or to otherwise cause a threat to public safety. The proposed amendment has not been formally introduced yet.
“This bill is about empowering individuals to defend themselves online, just as they have the legal authority to do during a physical assault,” Graves said in a statement on Friday announcing the proposal. “While the bill doesn’t solve every problem, it’s an important first step. I hope my bill helps individuals defend themselves against cybercriminals while igniting a conversation that leads to more ideas and solutions that address this growing threat.”
Conversation is all that Justin Kapahi, vice president of solutions and security for External IT, expects to come from the proposed bill. He told ThinkAdvisor on Wednesday that the proposal was likely “meant to provoke discussion” rather than to actually become law.
“It’s good to create a discussion around ‘why do we have to play defense? Why can’t we play offense?’” he said. Ultimately, though, he said advisors could take the proposal as “entertainment,” and to continue focusing their cybersecurity efforts on what regulators are looking for now.
He pointed out that most breaches are from users inadvertently giving their passwords to hackers. He recommended financial firms strengthen their cybersecurity programs with training and two-factor authentication.