Rep. Tom Graves Announces Additional ACDC Co-Sponsors

Momentum Builds as Bipartisan Support Continues to Grow

Washington, D.C. – Rep. Tom Graves (R-GA-14) today announced additional co-sponsors to the Active Cyber Defense Certainty Act (ACDC) (H.R. 4036): Reps. Buddy Carter (R-GA-1), Henry Cuellar (D-TX-28), Trey Gowdy (R-SC-4), Walter Jones (R-NC-3), Barry Loudermilk (R-GA-11), Stephanie Murphy (D-FL-7) and Austin Scott (R-GA-8).
“ACDC is gaining momentum as bipartisan support for the bill continues to grow,” said Rep. Graves. “This group of lawmakers – Republicans and Democrats – is committed to ending the status quo and moving cybersecurity solutions forward. I want to thank each of them for joining this effort to give the American people new tools to defend themselves online.”

BACKGROUND
ACDC makes targeted changes to the Computer Fraud and Abuse Act (CFAA) to allow the use of limited defensive measures that exceed the boundaries of one’s network in order to monitor, identify and stop attackers.
The CFAA, which was enacted in 1986, currently prohibits individuals from taking any defensive actions other than preventative protections, such as ant-virus software. ACDC is likely the most significant update to the Computer Fraud and Abuse Act since its enactment.
Specifically, ACDC gives authorized individuals and companies the legal authority to leave their network to 1) establish attribution of an attack, 2) disrupt cyberattacks without damaging others’ computers, 3) retrieve and destroy stolen files, 4) monitor the behavior of an attacker, and 5) utilize beaconing technology. The enhanced flexibility will allow individuals and the private sector to develop and use tools that are currently restricted under the CFAA to protect their own network. Additionally, allowing defenders to develop and deploy new tools will help deter criminal hacking.
Although ACDC allows a more active role in cyber defense, it protects privacy rights by prohibiting vigilantism, forbidding physical damage or destruction of information on anyone else’s computer, and preventing collateral damage by constraining the types of actions that would be considered active defense.
Additionally, the bill requires reporting to the FBI-led National Cyber Investigative Joint Task. Force before taking active-defense measures, which will help federal law enforcement ensure defenders use these tools responsibly. The bill also includes a voluntary review process through the FBI Joint Taskforce that individuals and companies could utilize before using active-defense techniques, which will assist defenders in conforming to federal law and improving the technical operation of the measure.
ACDC is the result of a lengthy feedback process, which began on March 3 when Rep. Graves introduced the first ACDC discussion draft. After incorporating feedback from the business community, academia and cybersecurity policy experts, including recommendations he received at his cybersecurity event in Atlanta, Rep. Graves introduced an updated discussion draft on May 25.
During the intervening period, Rep. Graves again solicited feedback and suggestions, which resulted in the final version of the bill that Rep. Graves introduced with Rep. Kyrsten Sinema (D-AZ-9) on October 12.