The recent WannaCry and NotPetya global cyber incidents have fueled the debate already raging over the role of and limits on corporate self-defense in cyberspace. The emerging international practice of “active cyber defense” (ACD) moves this debate beyond the merely theoretical realm. Private sector active defense potentially shifts the balance in favor of defenders and would improve companies’ ability to complicate and disrupt attacks and mitigate damages.
Latest in Hacking back
Bobby Chesney raised a number of issues regarding the Active Defense Certainty Act, and I’m just getting into it now. I think Bobby’s comments are spot on, but I want to amplify some of his concerns.
Meaning of persistent intrusion
Representative Tom Graves (R-GA) recently released a discussion draft of a bill that would create a defense to liability under the Computer Fraud and Abuse Act (CFAA) (18 USC 1030) f
Back for a rematch, John Lynch and I return to the “hackback” debate in episode 97, with Jim Lewis of CSIS providing color commentary.