Last month Rep Graves (R,GA) introduced HR 3270,
the Active Cyber Defense Certainty Act. The bill would amend 18
USC 1030 to allow use of limited defensive measures that exceed the
boundaries of one’s network in order to monitor, identify and stop attackers.
The bill is identical to HR
4036 from the 115th Congress; no action was seen on that bill.
While the new bill has more cosponsors than HR 4036 (17 vs
9) there is still no representation on the House Judiciary Committee, the committee
to which this bill was assigned for consideration, by a sponsor or cosponsor of
the bill. This means that the bill is unlikely to be considered in that
Committee.
As I noted in my post on HR 4036 there is a natural
legislative inertia when it comes to changing criminal law. I expect that the
same inertia would apply to this bill, above and beyond the lack of influence
that the sponsors have to move the bill forward.
There is one point that I did not make in my post about the
original bill that needs to be addressed. Both bills include a sunset clause (§9) that terminates “exclusion
from prosecution created by this Act” two years after the bill is enacted. This
short termination provision would make it exceedingly difficult to have the
Federal guidance (from the FBI and DOJ) mandated by the bill developed and published in
time for corporate attorneys to review and plan the corporate implementation of
the cybersecurity measures.
This is a smoke and mirrors bill that allows
congresscritters to look like they are doing something.
Posts
No comments:
Post a Comment