Hacking Back – Do the Benefits Outweigh the Risks?
With the increased frequency and sophistication of cyber-attacks worldwide, companies and executives are becoming frustrated with a traditional focus on defensive tactics. As a result, some private sector actors are taking a more active role in cybersecurity by “hacking back” – hacking against the very groups that are attacking their systems in retaliation or to retrieve stolen data. As hacking back rises in popularity, it is important to consider a number of political and legal issues and the risks to counter-terrorism efforts. The legality of hacking back is murky at best. In 2017, Congress introduced the Active Cyber Defense Certainty Act (ACDC) bill which, if passed, allows private actors to leave their network to establish attribution of an attack, disrupt cyber-attacks, and retrieve or destroy stolen files. The private sector plays a major role in cyberspace and brings specialized cyber capabilities. Because of these capabilities and increased resources, the private sector can often address cyber threats more directly and quickly than the Federal government in certain situations.
The integration of the private sector into offensive capabilities such as hacking back creates a more robust cyber posture for Federal Agencies. Among the biggest challenges in cyber security is attribution- understanding who is responsible for an attack. Attribution is challenging in cyberspace, as there are no borders and hackers intentionally mask their identity and location. What may appear to be the action of one actor may really be a false-lead planted by the real threat. Private sector actors enhance Federal investigators’ ability to identify the ultimate perpetrators. The addition of non-governmental players into offensive hacking blurs the lines of responsibility for countering cyber-crime and cyber-terrorism.
Cyberspace is an ever-evolving frontier where malicious groups continue to threaten Federal agencies and private sector organizations. To defend against these threats, the Government and private sector have cooperated on both defensive and offensive measures. Hacking back is one of many legal, political, and ethical issues that every country’s government needs to start talking about and defining boundaries for, which the ACDC bill attempted to address.
About Arc Aspicio
Arc Aspicio is a management, strategy, and technology consulting firm that takes a mission-oriented approach to complex client challenges. Focused on innovation, Arc Aspicio provides services in strategy, design, human capital, operations, analytics and visualization, technology, and information sharing. The company is known for a strong, collaborative culture that values gratitude, provides leadership opportunities, and explores the future. Our teams use a human-centered approach to working with clients and are flexible and responsive within dynamic Government client environments that often have new priorities and evolving missions. We thrive on these situations and promote continuous improvement and new ideas. And, #welovedogs! Follow us on Twitter @arcaspicio or learn more at www.arcaspicio.com.