The United States should prudently explore acceptable domestic parameters for the practice of combating cyber threats in the private sector and engage other nations to harmonize these standards internationally.
Ariel E. Levite is a nonresident senior fellow with the Nuclear Policy Program and the Cyber Policy Initiative at the Carnegie Endowment for International Peace.
Subscribe to this Lawfare contributor via RSS.
The market and the government need to move beyond just punishing corporations after major cybersecurity failures to steer them instead toward proactive and comprehensive cyber risk management.
Litigation raises serious questions about the viability of insurance as a tool to confront escalating cyber risks.
The recent WannaCry and NotPetya global cyber incidents have fueled the debate already raging over the role of and limits on corporate self-defense in cyberspace. The emerging international practice of “active cyber defense” (ACD) moves this debate beyond the merely theoretical realm. Private sector active defense potentially shifts the balance in favor of defenders and would improve companies’ ability to complicate and disrupt attacks and mitigate damages.
Our new Carnegie white paper proposes that countries explicitly commit to refraining from using offensive cyber tools that could undermine financial stability.