This week I’ll be presenting my latest thoughts to law students on the technical and ethical foundations for “hackback”.
I’ve been asked to present on the ever popular slides from 2012 CONSEGI in Brazil called CyberFall: Active Defense (sometimes called by others my peak “letters of marque” period).
IT is a matter of when, not if, your systems will be breached by attack. Many security experts argue against an active defense plan for fear of legal ramifications, harm to innocent bystanders or risk of failure. This presentation takes the audience through the heart of the debate; participants will learn key legal, ethical and business considerations to practice technical self-defense in cyberspace. The latest trends in threat innovation and actions are contrasted with conflict theory in order to offer the philosophical, political and economic framework of a successful active defense. As Carl von Clausewitz might say: “CyberFall is the continuation of political intercourse with the addition of other means”.
My belated thanks to Canada for providing such a wonderful escort home from South America. Probably should have said that sooner.
I wonder to this day who was operating the Mercury outboard if their Navy was sitting with me.
Kidding of course. I’m sure they used Honda inboard by then.
I’ll also be discussing with students the online casebook by Robert Chesney, “Cybersecurity Law, Policy, and Institutions” pp. 185-208, especially the pages on “hackback” lawfulness or unlawfulness (pp. 201-208).
…we should note that there is some disagreement regarding the proper meaning of the term “hackback.” Some use it to refer to any defensive measure adopted by a potential victim where the measure will have a downstream effect inside an adversary’s system. On that view, even a simple beacon would count. Others would reserve the term for more aggressive forms of self-defense, limiting it to measures that have a disruptive effect on the adversary’s system or that provide the victim (or whomever is assisting the victim, for the victim may turn to an outside security vendor for help) with ongoing unauthorized access to some part of that system. Those who take this narrower view sometimes distinguish between “hackback” and “active defense,” with the latter referring to less-aggressive measures (like beacons) that are not disruptive and that do not provide ongoing access. On the other hand, you sometimes will see the phrase “active defense” used more broadly to span across this entire category. The important point, at any rate, is that you should make sure to make clear how you are using these labels, and likewise that you understand how others use them. For the sake of convenience, I will use “hackback” as a catch-all phrase meant to encompass the entire category of self-defense measures that might have an effect within the attacker’s own system.