Should the Computer Fraud and Abuse Act be modified so that hacking victims can respond in self-defense outside their own networks? That’s the aim of the new ACDC Act bill, introduced June 13. Here’s what you need to know.
Latest in Active Cyber Defense
In responding to a series of inquiries from the opposition party, the German government has clarified its position on international law in cyberspace—but questions remain.
A year in, the U.K.’s new Active Cyber Defense program has seen some major cybersecurity successes.
The recent WannaCry and NotPetya global cyber incidents have fueled the debate already raging over the role of and limits on corporate self-defense in cyberspace. The emerging international practice of “active cyber defense” (ACD) moves this debate beyond the merely theoretical realm. Private sector active defense potentially shifts the balance in favor of defenders and would improve companies’ ability to complicate and disrupt attacks and mitigate damages.
Bobby Chesney raised a number of issues regarding the Active Defense Certainty Act, and I’m just getting into it now. I think Bobby’s comments are spot on, but I want to amplify some of his concerns.
We are happy to report that Episode 7 of the National Security Law Podcast ("The Less Prep the Better") has just gone live. In about 42 minutes, we discuss:
- the Trump allegation about being wiretapped
- the Trump allegation about GTMO recidivism (and the Spicer follow-up about just when judges got involved in ordering GTMO releases)
- the Vault7/Wikileaks mess
Some thoughts on Representative Tom Graves's discussion draft of a bill that would create a defense to liability under the Computer Fraud and Abuse Act (CFAA) (18 USC 1030) for “active cyber defense measures."
The legitimation of cyber privateering is not without its problems: it would open the door to unnecessary escalation, potential for reprisal, and what is, for the United States, a strategically undesirable international norm.
Over the course of two days in February 2016, the Strauss Center at the University of Texas-Austin will host a unique and timely conference focused on the legal and policy dimensions of cybersecurity.
On February 5-6, 2016, the Strauss Center at the University of Texas-Austin will host a unique and timely conference focused on the legal and policy dimensions of cybersecurity.