navigation-background arrow-down-circle Reply Icon Show More Heart Delete Icon wiki-circle wiki-square wiki arrow-up-circle add-circle add-square add arrow-down arrow-left arrow-right arrow-up calendar-circle chat-bubble-2 chat-bubble check-circle check close contact-us credit-card drag menu email embed facebook-circle snapchat-circle facebook-square facebook faq-circle faq film gear google-circle google-square googleplus history home instagram-circle instagram-square instagram linkedin-circle linkedin-square linkedin load monitor Video Player Play Icon person pinterest-circle pinterest-square pinterest play readlist remove-circle remove-square remove search share share2 sign-out star trailer trash twitter-circle twitter-square twitter youtube-circle youtube-square youtube

House bill would allow companies to directly respond to cyberattacks

March 7, 2017 (Photo Credit: Natali_Mis/Getty Images)
The U.S. House of Representatives has floated what is titled the “Active Cyber Defense Certainty Act,” which basically allows companies experiencing a cyberattack to hack back! This essentially counters the “Computer Fraud and Abuse Act,” which bars companies and individuals from hacking into a computer system that is attacking them.

Click here to see the 3-page bill — well worth reading.

The proposed legislation was floated March 3, 2017, and will surely get the attention of security professionals and organizations around the world.

Those defending the bill compare this proposed piece of legislation to the right of self-defense in the physical world. Opponents are quick to point out that the difference is cyber anonymity. The tools and techniques that are commonly used to obscure those truly behind the attack have increased in number, sophistication and use. This increases the likelihood that the hack-back activities will be focused on unwilling intermediaries whose systems have been unknowingly hacked and those not really behind the attack. Some are concerned that this could easily cause an escalation of cyber hostilities.

Those in national cyber defense and others (including myself) have frequently warned against allowing unauthorized individuals and companies to “hack back.” Errors in attribution are not just possible, they are likely! What would you do if your organization had a situation where a server was compromised and then it was used as an intermediary drawing retribution in the form of a “hack back?"

Clearly, this is a slippery slope with a number of negative effects. Without question, this is a must-watch issue for all those involved in cybersecurity on the national security side and within the private sector!
Next Article