The Right to Bear Cyber-Arms

By Kevin Coleman
Defense Tech Cyber-War Correspondent

Defending the United States against acts of cyber aggression is now a major concern shared across the Department of Defense’s (DoD) Cyber Command, Department of Homeland Security (DHS) and the Executive Branch of Government. The 2010 QDR discussed the need for improved capabilities to counter threats in cyber space. The Military’s New Cyber Command has stated the scope of their protection as did the Department of Homeland Security.

DoD’s focus Protecting military Systems
DHS focus Protecting critical infrastructure

However, non-critical infrastructure businesses seem to have fallen through the cracks. In a recent briefing I was asked if the 2nd Amendment gave private citizens and private companies the right to bear cyber-arms and if they are attacked, do they have the right to return cyber-fire in self-defense. These are two really interesting questions. The answers are unclear.

It appears one could make the claim since private sector businesses are not specifically addressed by DoD or DHS, cyber self-defense is reasonable, but this is a slippery slope fraught with international issues. You can be sure that these questions will eventually make it all the way up to the Supreme Court for a final decision.

  • eric

    in the good old days this was called “espionage” and was dealt with by the police and the secret services. calling it “war” probably is more profitable to the corporations selling “cyber-arms”. don’t believe the hype!

    • Dave

      I don’t think there are companies that sell cyber attack software.

      Unlike a gun, which can be used for offense and defense, cyber defense and cyber attacks are 2 completely separate types of programs.

      • Kevin

        Not only are there cyber ams dealers, there are companies that will do the attack for you!

  • Cyb

    believe the hype.

  • byc

    Don’t believe the hype!

  • Gerald Anthro

    Some of us have cyber side arms.
    “Unlike a gun, which can be used for offense and defense, cyber defense and cyber attacks are 2 completely separate types of programs.”
    Can be used Just like a gun.
    One Use of cyber side arm takes the Threat off line, good defensively,
    and damn nice offense.


  • I’m all for self defense rights, but allowing at-will cyber counterattacks is a really bad idea. The internet is really complicated and it would be extremely easy for a counterattack to be misdirected or otherwise cause collateral damage. Most of the commercial customers I’ve seen are lucky if they even know they’re being attacked, let alone have the skills and tools to retaliate effectively. At minimum there would have to be really specific ROE and training/certification for a company to be permitted to act in this manner, and I still haven’t even gotten around to the international ramifications.

  • Gerald Anthro

    Well Jeeze, I don’t know where to begin.
    You are making a lot of assumptions.
    Your basic paradigm seems to be confused.
    “I’m all for self defense rights, but allowing at-will cyber counterattacks is a really bad idea.”
    Cyber counterattacks are allowed..
    under common law, “self defense rights” you are all for?
    Huh what are they in your mind?
    One cyber side arm only takes the perp off line,
    “misdirected or otherwise cause collateral damage.”
    Not a problem, doesn’t happen.
    “training/certification” same as a real gun.
    Same responsibilities, liabilities as any self
    defense actions, your over complicating the paradigm.
    “international ramifications” only ramifications I’m concerned
    with are US laws.
    There ain’t no Sheriff on the WWW.
    And you are assuming I can be tracked.
    The bad guys understand the WWW paradigm,
    we need to even forces and effects out.
    Attack me at your own risk.
    The heavy Cyber Weapons squad
    would really un nerve you.

    When do we stop just acting like
    Go ahead and report a cyber theft
    to the police of feds, nothing happens.
    Criminal activity is rampant on the WWW.
    Even when we track them down and report
    IP’s nothing happens, there just isn’t the
    man power to reign the crooks in.
    ID theft has become so rampant that
    the price of a stolen ID has dropped
    every year for the past 5 years.
    Of course cyber weapons can be abused
    just as guns can be abused.
    And the same paradigm can be
    used to address these abuses
    as the remedies for gun abuse.
    The Constitution gives us the right
    to bare arms, that right I would argue
    includes cyber weapons.
    Law Enforcement is over whelmed.
    We have the right to self defense.
    I exercise that right.


  • torben

    so what is a cyber arm?
    me running AntiVirus = locking my door or pulling my gun in SD?
    me blocking an attackers IP at my router = locking my door or pulling my gun in SD?
    me using a DoS attack to block the attackers IP from continuing to attack me…or others = locking my door or pulling my gun in SD?
    me taking over the attackers server or botnet to stop attacks against me or others = locking my door or pulling my gun in SD?

    i don’t have an answer to that but until someone says otherwise, I’ll continue doing what I always have. If that eventually requires a CWP, cyber weapon permit, I guess I pay the fee and continue keeping my computer and beloved network safe from the BGs.

  • shawn

    I’m all for it to, the problem is the fact that, unlike a criminal walking into your home/business pointing a gun at you, then you know who is pointing the gun and who to shoot. Unfortunately, the same is not always true for cyber attacks- the one point the gun at you (and even firing it) may not even realize that they are- their servers/computers/etc. may have been hijacked. Do we prosecute the owner of a vehicle that was stolen and used in a felony when they didn’t even know it was stolen yet?

  • Gerald Anthro

    If a zombie pc attacks we take it off line.
    I don’t care who is pointing the cyber gun,
    just that the cyber gun is shooting at me.
    Notify them of infection, tell them
    to clean infection or next time we
    will do more than just take them off line.
    If someone hijacked the PC, its Not
    my problem.
    The PC owner must face the consequences
    of his PC becoming a zombie and attacking
    some one.
    If a dog attacks someone the owner
    is responsible, even of he is not
    present at the attack.
    I’m not giving a OK to
    a zombie PC attacking me
    because the owner didn’t
    Cyber side arm could be a DOS
    attack, mine uses other methods,


    • Cónego

      I’m a retired Naval officer, and the church I attend has had a dozen members’ computers “zombied”– they find out about it when their families and friends want to know why they’re sending out links to buy “viagra”. In almost every case, the computers belong to senior citizens, used for emailing with their friends & grandchildren.

      These aren’t people with pitbulls that run wild– these are elders who are themselves victims. Saying “they must face the consequences” is kind of rough on someone who doesn’t have a clue about ‘cleaning the infection’ beyond what the installed anti-virus program is already doing, and your threatening that “next time we
      will do more than just take them off line” is over the line. [See part 2]

  • Cónego

    [Part 2] I don’t know if you were ever active duty military– other people are interested in defense tech. If you were, then these are the people you once gave your oath to defend. If a bad guy sneaks into an elder’s garage, hotwires her car to rob a bank, then puts the car back into her garage so it can’t be traced to him, would you jail the senior citizen for owning the car that was stolen? Or would you consider the car theft a crime against its owner, and hunt down the actual bad guy and charge him with both crimes?
    Sounds like you’d be just as happy shooting grandma.

  • If Grandmas car was used to try and rob a bank,
    and was being chased by police, you bet they
    would spin the car off the road, they wouldn’t
    think twice about taking that car off the road.
    even if grandma
    didn’t know it got stolen.

    You expect the police to say well grandma
    doesn’t know her car was hijacked/stolen
    so we have to let the bank robbers car go,
    Same with a PC.
    If Grand mas PC attacks my PC
    then its going off line.