The recent WannaCry and NotPetya global cyber incidents have fueled the debate already raging over the role of and limits on corporate self-defense in cyberspace. The emerging international practice of “active cyber defense” (ACD) moves this debate beyond the merely theoretical realm. Private sector active defense potentially shifts the balance in favor of defenders and would improve companies’ ability to complicate and disrupt attacks and mitigate damages.
Latest in Hacking back
Bobby Chesney raised a number of issues regarding the Active Defense Certainty Act, and I’m just getting into it now. I think Bobby’s comments are spot on, but I want to amplify some of his concerns.
Some thoughts on Representative Tom Graves's discussion draft of a bill that would create a defense to liability under the Computer Fraud and Abuse Act (CFAA) (18 USC 1030) for “active cyber defense measures."
Back for a rematch, John Lynch and I return to the “hackback” debate in episode 97, with Jim Lewis of CSIS providing color commentary.