IN THE SENATE OF THE UNITED STATES
June 24, 2021
Mr. Daines (for himself and Mr. Whitehouse) introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental Affairs
To require the Secretary of Homeland Security to study the potential consequences and benefits of amending the Computer Fraud and Abuse Act to allow private companies to take proportional actions in response to an unlawful network breach.
This Act may be cited as the
Study on Cyber-Attack Response Options Act.
Study relating to consequences and benefits of amending the CFAA
The Secretary of Homeland Security, in consultation with other Federal agencies as appropriate, shall conduct a study on the potential benefits and risks of amending section 1030 of title 18, United States Code (commonly known as the
Computer Fraud and Abuse Act), to allow private entities to take proportional actions in response to an unlawful network breach, subject to oversight and regulation by a designated Federal agency.
Not later than 180 days after the date of enactment of this Act, the Secretary of Homeland Security shall submit a report on the findings of the study conducted under subsection (a), including any recommendations, to Congress.
The report required under paragraph (1) shall—
address any impact on national security and foreign affairs; and
include recommendations for—
which Federal agency or agencies may authorize proportional actions by private entities;
what level of certainty regarding the identity of the attacker is needed before such actions would be authorized;
which entities would be allowed to take such actions and under what circumstances;
what actions would be permissible; and
what safeguards should be in place.