Lawmakers introduce legislation to allow Americans to take foreign hackers to court

A group of bipartisan House lawmakers on Monday introduced legislation that would allow Americans to hold foreign governments and their employees accountable in court for malicious cyber activity. 

The Homeland and Cyber Threat Act would eliminate the immunity given to other nations, along with their employees or agents, if they have engaged in cyberattacks against U.S. nationals. This would enable Americans to file cases against foreign hackers in federal or state courts for any damage from a cyberattack. 

The bill was led by Rep. Colin Allred (D-Texas), with a bipartisan group of co-sponsors including Reps. Jack Bergman (R-Mich.), Brian Fitzpatrick (R-Pa.), Jaime Herrera Beutler (R-Wash.), Joe Neguse (D-Colo.), and Andy Kim (D-N.J.).

The legislation was introduced as the federal government continues to grapple with the fallout of a massive Russian cyber espionage campaign that has become known as the SolarWinds hack, which a White House official said last month had compromised at least nine federal agencies and 100 private sector companies. 

Compounding this hack are a set of previously unknown vulnerabilities affecting a Microsoft email application, which the company announced last week, that were potentially used by a Chinese state-sponsored hacking group to gain access to thousands of U.S. organizations. The full scope of the incident is under investigation. 

Allred said in a statement Monday that the escalating high-profile foreign attacks in cyberspace made the new legislation a necessity. 

“Cyberattacks against American citizens are only increasing and Congress should give Americans the tools they need to fight back against foreign attacks,” Allred said. “This legislation does just that by giving Americans the ability to hold foreign governments accountable for damage done by cyberattacks. I’m grateful to my colleagues from both sides of the aisle for their work on this timely and commonsense legislation.”

The bill’s other sponsors said the legislation is a key part in pushing back against foreign attacks on the U.S. in cyberspace through the court system. 

“A foreign government that sponsors cyber-attacks on American citizens should be held accountable for its actions,” Herrera Beutler said in a separate statement. “Congress should stop bad acting foreign nations from undermining our national security, and opening a path to seize assets they hold here in the U.S. as a consequence for misdeeds is a good place to start.” 

The Justice Department has taken an active role during both the Trump administration and the Biden administration in pushing back against malicious cyber activity, announcing indictments for a range of activities by hackers in Russia, China, Iran and North Korea.  

The legislation is likely to be among several bipartisan bills introduced in the coming weeks to respond to increasing foreign cyberattacks. There is a huge amount of bipartisan interest in taking action after the SolarWinds hack. 

Lawmakers expressed support for creating some form of cyber breach notification from the private sector to the federal government, and at least two House lawmakers are working on legislation to target this issue. The SolarWinds hack also continues to be a topic of interest as part of a joint investigation by the House Oversight and Reform and the House Homeland Security committees.