Expand / Collapse search
Watch TV
Menu

Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital SolutionsLegal Statement.

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. FAQ - New Privacy Policy

Opinion
Published

Our cybercrime crisis has left Americans as victims – This is how we start to change that: Reps. Graves, Gottheimer

When it comes to cyber defense, the status quo is unacceptable

Fox News Headlines 24/7 radio host Brett Larson discusses photo recognition company Clearview AI being hacked and a new app that sues robocallers. Video

We have a cybercrime crisis in this country. For too long, Americans have been victims of a lopsided cyber battlefield that allows hackers to act without consequence.

There’s a good chance that you, or someone you know, has been a victim of a cyberattack. Between phishing scams, identity theft, data breaches and hacks, the opportunities for cybercriminals seem limitless, and these threats don’t just stop at our borders. It’s time to level the playing field. That’s why we teamed up to introduce bipartisan legislation, the Active Cyber Defense Certainty Act (ACDC), H.R. 3270.

HOW TO SAFELY STORE PERSONAL DATA ON 'THE CLOUD'

After the United States killed known terrorist and Iranian General Qasem Soleimani, the Cybersecurity and Infrastructure Security Agency (CISA) warned us against the Islamic Republic of Iran’s “historic use of cyber offensive activities to retaliate against perceived harm.” CISA shared several recommended actions aimed at reducing vulnerabilities.

The tips are helpful for IT professionals and providers, who are primarily tasked with keeping their systems safe. But for the rest of us, it’s scary to watch criminals and bad actors become more sophisticated while technology continues to infiltrate every aspect of our lives, from smart homes to cell phones. It’s a massive invasion of privacy, one that unfortunately has been experienced by millions of Americans.

Just last week the personal details of more than 10 million MGM hotel guest details were posted on a hacking forum. The details contained birthdays, home addresses, emails, and phone numbers.

In the last few years, the state of Georgia has experienced major cyberattacks, costing the state millions and disrupting consumers and businesses. Last year the City of Atlanta was crippled by ransomware and the hackers demanded a ransom payment in bitcoin. It affected nearly 6 million people.

DATA BREACHES AND THEIR MAIN CAUSES

In New Jersey, there were more than 8,400 victims of cybercrimes across the state last year who reported losses of $79.7 million. This places New Jersey in the top ten states in the nation for high-tech theft, according to the FBI.

It’s estimated that cyberattacks will cost businesses more than $5 trillion in the next five years. Every sector, from government at all levels to small businesses to Fortune 500 companies, is facing data breaches and dangerous hacks. When it comes to cyber defense, the status quo is unacceptable.

Under our bipartisan ACDC bill, authorized individuals and companies would be empowered to actively defend their networks. This means they could leave their networks to establish attribution of a cyberattack, disrupt cyberattacks without damaging others’ computers, retrieve or destroy their stolen files, monitor the behavior of an attacker and utilize beaconing technology.

WHY YOUR BUSINESS VOIP SYSTEM MIGHT NOT BELONG ON THE CLOUD

Right now, under the Computer Fraud and Abuse Act (CFAA), individuals are unable to take offensive or defensive actions against hackers outside of their own networks. A network is a system of computers and devices that can communicate with each other. Our bipartisan bill would allow authorized individuals and companies the use of new tools and methods to help fight back against hackers. This would be a paradigm shift in thinking, but for too long we have fallen victim without the tools or resources to effectively defend ourselves online.

The CFAA was enacted in 1986, when the launch of the first iPhone was still 20 years away, and only 10 percent of Americans owned personal computers. Times have changed, and our policies have failed to keep up.

There are a couple of ways these techniques could be used legally under ACDC. Think of beaconing technology like a GPS tracker, but for your data. If you are a business owner facing a hack involving proprietary information, once you are notified of an attack on your network, you would be able to follow the stolen data through the beacon installed in your code. Under ACDC, following this stolen data – the way you’d follow a GPS to your destination – would be allowed.

You could also legally choose to go one step further in the event you are hacked and your information is stolen. During a robbery, banks place dye packs in the bags of money that are stolen. The pack taints the money with dye, rendering it unusable and making it easy to identify as stolen cash. Under ACDC, you could choose to corrupt your data once it’s been stolen, rendering it unusable to the hacker and protecting any proprietary information.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

You would also be able to monitor the behavior of the attacker through a code placed in the now-stolen data and report this information to law enforcement. This could be done in a non-intrusive way. You wouldn’t be able to monitor every mouse click your attacker makes, but you could see how your stolen data is being used. This information would then be shared with law enforcement, who would take appropriate action. In the meantime, you could work on patching the vulnerabilities in your network to ensure an attack doesn’t happen again.

While active defense techniques are not legal under current law, defenders are currently using them to stop attacks and take back what’s been stolen from them. Some in the tech industry have expressed fears that active defense would unleash a “wild west” of hacking and vigilantism. This is not true. ACDC protects privacy rights by prohibiting vigilantism, forbidding physical damage or destruction of information on anyone else’s computer and prevents collateral damage by constraining the types of actions that would be considered active defense.

We also want to be clear that this bill only changes U.S. law, so defenders could face penalties if they take actions against a hacker in another country.

In the event you find your systems infiltrated with ransomware, or notice your data being stolen and misused, ACDC requires you to notify the FBI and wait for a response prior to taking action.

This won’t solve all our cybersecurity issues and vulnerabilities, but it’s a start. We can all take more steps to protect ourselves when it comes to being cyber secure.

To learn more about ways you can protect yourself online, visit https://www.consumer.ftc.gov/topics/online-security.

Republican Tom Graves represents Georgia’s 14th Congressional District in Congress. He is Republican Leader of the Appropriations Committee’s Financial Services and General Government Subcommittee, and the Vice-Chair of the Select Committee on the Modernization of Congress. 

Democrat Rep. Josh Gottheimer represents New Jersey’s 5th Congressional District in Congress. He serves on the House Financial Services Committee and is Co-Chair of the bipartisan Problem Solvers Caucus.

CLICK HERE TO READ MORE ON FOX BUSINESS