The Best Defense

Is a good offense?  If you or your company has been a victim of cyber-crime, I am sure you have had fantasies about back-hacking the perpetrators back to the stone age.  Or having some sort of magic button phone app that would do the same thing.

Currently, the bad guys are running the offense, 24/7/365.  The good guys are limited to defense only.  There is a third option.  In military terms, it is called a counter-offensive.  Basically, after you are done taking a pounding as a defender, you amass your forces, and attack.  In the world of cybersecurity, starting a counter-offensive is currently illegal.  The question is: should it be legal under certain circumstances?

I just finished reading two great articles about the movement in cybersecurity from a purely defensive posture, to one that has elements of the counter-offensive in them.  The first is a new article from TechRepublic titled “Can deterrence counter the threat of cyberweapons?”  The other is a post from the Infosec Institute published in 2013 titled ” The Offensive Approach to Cyber Security in Government and Private Industry.”

In the first article, Dorothy Denning recommends a posture of deterrence.  We are familiar with deterrence in the form of “mutually assured destruction.”  It is the major deterrent to nuclear war.  Dorothy suggests ways that we can create a deterrent environment for cyber-attackers, by making it too costly to continue an attack, or by providing serious penalties that would server to discourage attack.

The second article looks at the issue confronting governments and private industry if we were to develop a policy of permitting counter-attacks in certain situations.  To be sure, the US government and many others do in fact have offensive cybersecurity groups such as the US Cyber Command.  Extending this counter-attack capability to private businesses has not happened to a large extent, although the Japanese appear to be in the forefront of this effort.

Some of the issues that are being considered:

  • If a company loses some data to a breach, should they have the right to break into the attacker’s computer to recover the data or destroy it so the attackers cannot use it or sell it?
  • Should it be legal to use spearphishing and malware against suspected perpetrators to track their activity and discover their location?
  • What about using software tools to back trace a connection through an anonymizing service such as TOR?

To be sure, some of these tools probably exist and are being used by agencies such as the NSA.  Perhaps similar tools are also being used by private security firms to aid their clients in discovery of the attack, recovery of the stolen information, and pinpointing the location of the cyber-attacker.

This is certainly an interesting subject, and one we are likely to hear more about.

More information:


About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.