An Attempt to Lower the Cyber War Flames

This post is also available in: עברית (Hebrew)

According to a report written by the Active Defense Task Force from the George Washington University’s Center for Cyber and Homeland Security (CCHS), the US government should explicitly prohibit private entities from “hacking back,” but empower them to use other methods of so-called active defense against cyber-threats.

When it comes to active defense, many companies are either “doing nothing or doing them in the dark,” says Christian Beckner, deputy director of CCHS.

The trouble is that these activities – even those in the gray zone – may or may not be considered as Computer Fraud or Abuse Act. As the report explains: “Under US law, there is no explicit right to self-defense by private companies against cyber threat actors.”

Beckner explained that the companies that think they’re doing the right thing and engage in active defense activities ultimately lead to escalation. They make a bad situation worse – either by causing massive collateral damage or by creating a political conflict between nation-states where there might have been none.  

According to darkreading.com, the Task Force suggested 15 key short-term actions for the US federal government and the private sector to make in order to enhance the ability of the private sector to legally and safely use active defense technologies and policies. Some of those recommendations include working with foreign agencies in order to develop norms in cyber security matters and issuing a document from the ministry of justice explaining what they will and won’t prosecute.