[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[S. 2292 Introduced in Senate (IS)]

<DOC>






117th CONGRESS
  1st Session
                                S. 2292

 To require the Secretary of Homeland Security to study the potential 
consequences and benefits of amending the Computer Fraud and Abuse Act 
to allow private companies to take proportional actions in response to 
                      an unlawful network breach.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             June 24, 2021

 Mr. Daines (for himself and Mr. Whitehouse) introduced the following 
 bill; which was read twice and referred to the Committee on Homeland 
                   Security and Governmental Affairs

_______________________________________________________________________

                                 A BILL


 
 To require the Secretary of Homeland Security to study the potential 
consequences and benefits of amending the Computer Fraud and Abuse Act 
to allow private companies to take proportional actions in response to 
                      an unlawful network breach.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Study on Cyber-Attack Response 
Options Act''.

SEC. 2. STUDY RELATING TO CONSEQUENCES AND BENEFITS OF AMENDING THE 
              CFAA.

    (a) Study.--The Secretary of Homeland Security, in consultation 
with other Federal agencies as appropriate, shall conduct a study on 
the potential benefits and risks of amending section 1030 of title 18, 
United States Code (commonly known as the ``Computer Fraud and Abuse 
Act''), to allow private entities to take proportional actions in 
response to an unlawful network breach, subject to oversight and 
regulation by a designated Federal agency.
    (b) Report.--
            (1) In general.--Not later than 180 days after the date of 
        enactment of this Act, the Secretary of Homeland Security shall 
        submit a report on the findings of the study conducted under 
        subsection (a), including any recommendations, to Congress.
            (2) Required contents.--The report required under paragraph 
        (1) shall--
                    (A) address any impact on national security and 
                foreign affairs; and
                    (B) include recommendations for--
                            (i) which Federal agency or agencies may 
                        authorize proportional actions by private 
                        entities;
                            (ii) what level of certainty regarding the 
                        identity of the attacker is needed before such 
                        actions would be authorized;
                            (iii) which entities would be allowed to 
                        take such actions and under what circumstances;
                            (iv) what actions would be permissible; and
                            (v) what safeguards should be in place.
                                 <all>