Support for reviewing new plans to let private-sector companies hack back against Chinese attackers is growing along bipartisan lines on Capitol Hill, where lawmakers say Beijing is already waging a cyber war against America.
The bipartisan momentum for empowering private-sector hackers spilled into public view during a House Select Committee on the Chinese Communist Party hearing on Wednesday.
Rep. Raja Krishnamoorthi, Illinois Democrat, said he wanted America to hit back against China-linked cyberattackers that have breached critical American infrastructure and telecommunications systems.
“I’m going to say something very provocative: I think that we should also consider potentially enlisting private-sector actors to hack back at the hackers,” Mr. Krishnamoorthi said. “I’m going to get in a lot of trouble for saying that, but I think you have to sometimes use fire against fire.”
By coincidence, the hearing came on the same day that the Justice Department charged 12 Chinese nationals, including non-governmental hackers, law enforcement officers and employees of a private hacking company, as part of what it said was a global cyberespionage campaigns targeting dissidents, news organizations, U.S. agencies and universities.
One indictment charges leaders and founders of a private hacking company known as I-Soon, whose officials conducted a sweeping array of breaches around the world as part of what U.S. officials say was a broad intelligence-gathering operation, the Associated Press reported.
Some of Mr. Krishnamoorthi’s Republican counterparts are similarly eyeing new offensive cyber operations enlisting private sector partners. Potential industry allies, though, appear reluctant to openly request counter-hacking authority from Congress.
Rep. Clay Higgins, Louisiana Republican, asked CrowdStrike Senior Vice President Adam Meyers in January about whether his industry would use such powers, if provided.
“Just yes or no, if you had the legal authority to strike back, if Congress gave the cybersecurity industry the legal authority to strike back, would you be able to effectively identify the bad actor and do so?” Mr. Higgins said at a House Homeland Security Committee hearing.
“We have the visibility to identify many bad actors,” Mr. Meyers said.
Some cyber professionals intimately aware of China’s hacking groups’ capabilities are similarly guarded.
Rob Joyce, former cybersecurity director at the National Security Agency, told lawmakers on Wednesday he wants to see the U.S. use more “tools of national power.”
“We have tremendous leverage in economic and commercial space,” Mr. Joyce said at the House committee hearing. “We don’t use that to push back for cyber intrusions. We need to use everything on a scale that turns the dial to 11.”
The former NSA cyber chief did not explicitly say whether he supported letting companies strike at China, but he expressed support for offensive cyber operations and noted diplomatic expulsions could be used in response to cyber intrusions.
Washington looks to be taking proposals to let companies openly retaliate against foreign hackers more seriously than in previous years.
Sens. Sheldon Whitehouse, Rhode Island Democrat, and Steve Daines, Montana Republican, introduced a bill in 2021 to direct the Department of Homeland Security to study authorizing offensive cyber ops by private companies.
Cybersecurity threats have only grown worse in the ensuing four years, and the new Trump administration has shown an open desire to adopt a more aggressive posture against America’s adversaries.
China, for its part, is needling the U.S. on X. Before Wednesday’s hearing, China raised the issue of war with America in response to the issue of tariffs and fentanyl trafficking to the U.S.
“If war is what the U.S. wants, be it a tariff war, a trade war or any other type of war, we’re ready to fight till the end,” the Chinese Embassy in the U.S. said on X on Tuesday evening.
