Lawmakers Introduce Bill Allowing Americans to Sue Foreign Hackers in US Courts

Lawmakers Introduce Bill Allowing Americans to Sue Foreign Hackers in US Courts
A computer keyboard lit by a displayed cyber code is seen in this illustration picture taken on March 1, 2017. (Kacper Pempel/Illustration/File/Reuters)
Janita Kan

A group of lawmakers has introduced a bill that would allow Americans to sue foreign countries or their agents that engage in cyberattacks against Americans in federal or state courts.

The Homeland and Cyber Threat (HACT) Act would eliminate immunity given to foreign governments, including their officials, employees, or agents so that Americans could sue them in court for monetary damages for personal injury, harm to reputation, or damage to or loss of property resulting from a cyberattack.

This comes as U.S. intelligence agencies are reviewing a major hacking operation that affected as many as 18,000 SolarWinds customers around the globe. Nine federal agencies and 100 private sector companies in the United States were also compromised in the hack, according to a White House official leading the review.

The hack, which was first reported by cybersecurity firm FireEye, itself a SolarWinds customer, is believed to be the biggest ever uncovered, prompting the U.S. government to assemble a multi-department task force to respond to the threat.

U.S. intelligence agencies announced in January that Russia was “likely” behind the Solar Winds hack. The agencies characterized the hack as “a serious compromise that will require a sustained and dedicated effort to remediate.” Russia denies all involvement.
The White House official Anne Neuberger told reporters on Feb. 17 that the Biden administration is preparing an executive action to address the gaps identified in the review, adding that talks are underway on how to respond to Russia.
Separately, Microsoft said earlier this month that a China-linked cyber-espionage group used vulnerabilities in Microsoft’s email program to compromise email inboxes. In a blog post, the company attributed the cyberattack to Hafinium, a group assessed to be state-sponsored and operating out of China.

Rep. Colin Allred (D-Texas), who is the prime sponsor of the bill, said that the bill is necessary as Americans should be given the tools needed to combat foreign attacks.

“This legislation does just that by giving Americans the ability to hold foreign governments accountable for damage done by cyberattacks. I’m grateful to my colleagues from both sides of the aisle for their work on this timely and commonsense legislation,” Allred said in a statement.

The bill is co-sponsored by members of both sides of the aisle, including Reps. Jack Bergman (R-Mich.), Brian Fitzpatrick (R-Pa.), Jaime Herrera Beutler (R-Wash.), Joe Neguse (D-Colo.), and Andy Kim (D-N.J.).

The Justice Department, throughout the Trump administration and now the Biden administration, has been proactively cracking down on cyberattacks by malicious actors in Russia, China, Iran, and North Korea.

Ivan Pentchoukov contributed to this report.