Written byPatrick Howell O'Neill
The Active Cyber Defense Certainty Act (ACDC), which legalizes an “active defense” against hackers in efforts to identify and stop cyberattacks, gained seven new co-sponsors on Friday.
In addition to the original co-authors Reps. Tom Graves, R-Ga., and Kyrsten Sinema, D-Ariz., now Reps. Buddy Carter, R-Ga. Henry Cuellar, D-Texas, Trey Gowdy, R-S.C., Walter Jones, R-N.C., Barry Loudermilk, R-Ga, Stephanie Murphy, D-Fla., and Austin Scott, R-Ga., all now co-sponsor the bill.
ACDC amends the Computer Fraud and Abuse Act (CFAA) so that companies and individuals would be granted the right to identify, disrupt and possibly even destroy hacked data outside of their own network in the name of “active defense.” The practice is more commonly known as “hacking back” although the congressman views that term as negative and inaccurate given the guardrails on what ACDC allows.
“ACDC is gaining momentum as bipartisan support for the bill continues to grow,” Rep. Graves said in a statement. “This group of lawmakers – Republicans and Democrats – is committed to ending the status quo and moving cybersecurity solutions forward. I want to thank each of them for joining this effort to give the American people new tools to defend themselves online.”
Graves calls ACDC potentially the most significant amendment to the CFAA since that bill’s 1986 enactment.
Under ACDC, “authorized individuals” are allowed to leave their network to attribute and disrupt attacks “without damaging others’ computers,” retrieve and destroy stolen files, monitor an attacker and utilize beaconing technology. Anyone who does this will be required to report to the FBI-led National Cyber Investigative Joint Task.
The bill has a sunset clause of two years.
You can read the full bill here.