The Best Defense

Is a good offense?  If you or your company has been a victim of cyber-crime, I am sure you have had fantasies about back-hacking the perpetrators back to the stone age.  Or having some sort of magic button phone app that would do the same thing.

Currently, the bad guys are running the offense, 24/7/365.  The good guys are limited to defense only.  There is a third option.  In military terms, it is called a counter-offensive.  Basically, after you are done taking a pounding as a defender, you amass your forces, and attack.  In the world of cybersecurity, starting a counter-offensive is currently illegal.  The question is: should it be legal under certain circumstances?

I just finished reading two great articles about the movement in cybersecurity from a purely defensive posture, to one that has elements of the counter-offensive in them.  The first is a new article from TechRepublic titled “Can deterrence counter the threat of cyberweapons?”  The other is a post from the Infosec Institute published in 2013 titled ” The Offensive Approach to Cyber Security in Government and Private Industry.”

In the first article, Dorothy Denning recommends a posture of deterrence.  We are familiar with deterrence in the form of “mutually assured destruction.”  It is the major deterrent to nuclear war.  Dorothy suggests ways that we can create a deterrent environment for cyber-attackers, by making it too costly to continue an attack, or by providing serious penalties that would server to discourage attack.

The second article looks at the issue confronting governments and private industry if we were to develop a policy of permitting counter-attacks in certain situations.  To be sure, the US government and many others do in fact have offensive cybersecurity groups such as the US Cyber Command.  Extending this counter-attack capability to private businesses has not happened to a large extent, although the Japanese appear to be in the forefront of this effort.

Some of the issues that are being considered:

  • If a company loses some data to a breach, should they have the right to break into the attacker’s computer to recover the data or destroy it so the attackers cannot use it or sell it?
  • Should it be legal to use spearphishing and malware against suspected perpetrators to track their activity and discover their location?
  • What about using software tools to back trace a connection through an anonymizing service such as TOR?

To be sure, some of these tools probably exist and are being used by agencies such as the NSA.  Perhaps similar tools are also being used by private security firms to aid their clients in discovery of the attack, recovery of the stolen information, and pinpointing the location of the cyber-attacker.

This is certainly an interesting subject, and one we are likely to hear more about.

More information:


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.