The “hackback” debate has been with us for many years.
Latest in Cyber attack
Last month, more than 50 countries and over 200 major corporations and organizations came together to agree that the international nature of cyber threats needs a cooperative global response and a common set of principles as a basis for security. This conclusion seems obvious—millions of people have been affected by malicious activity perpetrated through the internet—and yet consensus has proved difficult to obtain until now.
This article proposes the creation of an international organization modeled after the International Committee of the Red Cross (ICRC) to provide assistance and relief to vulnerable citizens and enterprises affected by serious cyberattacks. Companies that have signed onto the Tech Accord principles would form the core of the organization, thereby filling an important gap in an increasingly volatile geopolitical environment.
In February 2018, the German government’s network was attacked. Germany did not specify what kind of information was accessed by the foreign hackers, but it is publicly known that the hackers successfully attacked the IT system of the Ministry of Foreign Affairs.
As Bobby Chesney recently discussed, President Trump on Aug. 15 reportedly substituted a new classified order for a classified Obama-era presidential directive governing the interagency review and decision process for cyber operations.
In light of Michael Sulmeyer’s excellent recent piece on splitting NSA and CYBERCOM, which ran at War on the Rocks last week, I want to pull together some of the key legal and policy developments of the past year in a single narrative. My aim is to put them in context with each other in a way that will provide useful background for those new to this issue, while also putting a spotlight on the deconfliction-of-equities issue that the split proposal raises.
Below is a condensed version of the statement I have prepared for my testimony tomorrow before the Senate Armed Services Committee on the international law dimensions of U.S. cyber strategy and policy (link to the hearing is here). The full version, which also includes some extra detail and sourcing in the footnotes, is available here.
In my first post on this subject, I quoted a news story in fedscoop saying that
The development of “loud” offensive cyber tools, [that could be definitively traced to the United States and thus] able to possibly deter future intrusions, represent a “different paradigm shift” from what the agency has used to in the past.
From our friends at CYBERCOM:
NATO recently announced that it will regard cyber as a domain of conflict, joining land, sea, and air as other domains in which conflict may occur. At a press conference on June 14, 2016, NATO Secretary General Jens Stoltenberg said that NATO “will recognize cyberspace as an operational domain, just like air, sea and land. Cyber defence is part of collective defence.