US legislators are proposing new legislation that would empower US cyber defenses to hack back at cyber aggressors, even if they’re using a third-party country’s infrastructure, without the explicit consent of the respective country.
The National Defense Authorization Act would also create a new cyber entity with the technology and skills to strike back at cyber aggressors, namely China and Russia, that seek to disrupt US critical infrastructure or weaken its cyber resilience. If approved, the bill not only let the US military “hack back” at aggressors, but also creates a “Cyberspace Solarium Commission” whose purpose is to propose and implement strategic cyber defenses that augment the United States’ resilience towards cyber-attacks.
“The committee recommends a provision that would authorize the National Command Authority to direct the Commander, U.S. Cyber Command (CYBERCOM), to take appropriate and proportional action through cyberspace to disrupt, defeat, and deter systematic and ongoing attacks by the Russian Federation in cyberspace,” reads the proposed bill. “The provision would also authorize the Secretary of Defense to conduct, through the Commander, U.S. Cyber Command, surveillance in networks outside the United States of personnel and organizations engaged at the behest or in support of the Russian Federation…”
The Cyberspace Solarium Commission, which would be comprised of 13 people with knowledge and expertise both in national security and cyber security, would also be tasked with evaluating adversarial strategies and allocating resources for defending against offensive strategies.
“The Commission would weigh the benefits and costs of various strategic frameworks (e.g., deterrence, normsbased regimes, and cyber persistence), evaluate the sufficiency of the current allocation of resources in cyberspace, and consider potential realignments in governmental structure and authorities,” reads the proposed bill. ”The Commission would have broad authorities to hold hearings, request information from government entities, subpoena witnesses, and contract out taskings.”
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Liviu Arsene. Read the original post at: https://hotforsecurity.bitdefender.com/blog/us-lawmakers-propose-hack-back-law-to-allow-cyber-retaliation-without-permission-of-third-party-country-20000.html