Apparently, yes
According to thehill.com:
Reps. Tom Graves (R-Ga.) and Kyrsten Sinema (D-Ariz.) introduced a bill Friday that would allow hacking victims to "hack back" when attacked.
The
Active Cyber Defense Certainty Act allows individuals and companies
to hack hackers if the goal is to disrupt, monitor or attribute the
attack, or destroy stolen files.
“While it doesn’t solve every
problem, [the legislation] brings some light into the dark places where
cybercriminals operate,” Graves said in a statement.
“The
certainty the bill provides will empower individuals and companies [to]
use new defenses against cybercriminals," he said. "I also hope it spurs
a new generation of tools and methods to level the lopsided cyber
battlefield, if not give an edge to cyber defenders."
The bill
does not allow counterattackers to destroy anything other than their own
stolen files and requires that someone "hacking back" under the bill's
provisions notify the FBI National Cyber Investigative Joint Task
Force. (more...) http://thehill.com/policy/cybersecurity/355305-hack-back-bill-hits-house
Well, rumor is that there are commercial that are already close to doing this, and doing it well, but want to be able to CYA if things go non-linear ( read: hit the press ), and the snippet above says they " notify the FBI National Cyber Investigative Joint Task
Force". This means it's not allowing every script kiddy or wannabee to become legal, as if these jokers would wait for permission anyway.
They've been talking about it for a while now, so I wouldn't be surprised if it really goes through, won't change for the maturity of mature companies - attribution is still hard, and ops are risky.
PS. Not data security, but as the Trump meltdown continues, thehill.com has a great article
http://thehill.com/opinion/white-house/355569-juan-williams-trump-is-becoming-a-failed-president
