As the Cyber War Grows: Is It Time to Strike Back?

Simply put, this is a very tense time for the cyber security industry. At this year’s RSA conference, Venafi wanted to see how security professionals are responding to cyber war threats and offensive hacking proposals. We evaluated the opinions of over 500 convention attendees and the results were quite interesting. For example, 87% of the respondents say the world is currently in the middle of a cyber war.

“It’s clear that security professionals feel under siege,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “With the increasing sophistication and frequency of cyber attacks targeting businesses, everyone is involved in cyber war.”

Participants were also asked about who should be allowed to participate relatiatory hacking actions, and the results were slightly mixed. For example. 72% believe nation-statesshould have the right to “hack back” by targeting cyber criminals who level attacks on their infrastructure. Meanwhile, 58% believe private organizationshave the same right to “hack back.”

Currently, the Computer Fraud and Abuse Act prohibits many retaliatory cyber defense methods, including accessing an attackers computer without authorization. The Active Cyber Defense Certainty (ACDC) Act addresses active cybersecurity defense methods and was introduced to the U.S. House of Representatives in October 2018. The ACDC Act proposes “to provide a defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorized intrusions into their computers.” As we saw with Nakasone’s recent subcommittee meeting, these proposals should become more common in the future.

Sponsorships Available

Sponsorships Available

Sponsorships Available

“Today, private companies do not have a legal right to actively defend themselves against cyberattacks,” Bocek added. “Even if this type of action were to become legal, most organizations are too optimistic about their abilities to target the correct intruder. Even with the most sophisticated security technology, it’s nearly impossible to be certain about attack attribution because attackers are adept at using a wide range of technologies to mislead security professionals.”

“For many organizations, it would be better to focus on establishing stronger defense mechanisms. We’ve seen excellent growth in cloud, DevOps and machine identity technologies that allow digital business services to be restarted in the event of a breach, effectively delivering a knockout blow against attackers,” Bocek concluded.

Related posts

• 86% of IT Security Professionals Say the World Is in a Cyber War
• Survey Results: Consumers Skeptical of Government Backdoors
• The War on Encryption: Who Decides What ‘Private’ Really Means?
• Crypto-Wars: The Fight to be the Defender of Your Digital Privacy

Army Gen. Paul Nakasone, head of US Cyber Command, recently spoke about cyber threats to a congressional subcommittee. According to Nakasone, cyber attacks from nation state actors, like Russia, North Korea and Iran, have increased in sophistication and intensity; some even breached critical naval systems. As a result, the general recommended the United States become more prepared to aggressively strike back their assailants.