Home » Cyber Security Center » The Right to Bear Cyber-Arms
DefenseTech Cyber Warfare, presented by University of Maryland University College

The Right to Bear Cyber-Arms

By Kevin Coleman
Defense Tech Cyber-War Correspondent

Defending the United States against acts of cyber aggression is now a major concern shared across the Department of Defense’s (DoD) Cyber Command, Department of Homeland Security (DHS) and the Executive Branch of Government. The 2010 QDR discussed the need for improved capabilities to counter threats in cyber space. The Military’s New Cyber Command has stated the scope of their protection as did the Department of Homeland Security.

DoD’s focus Protecting military Systems
DHS focus Protecting critical infrastructure

However, non-critical infrastructure businesses seem to have fallen through the cracks. In a recent briefing I was asked if the 2nd Amendment gave private citizens and private companies the right to bear cyber-arms and if they are attacked, do they have the right to return cyber-fire in self-defense. These are two really interesting questions. The answers are unclear.

It appears one could make the claim since private sector businesses are not specifically addressed by DoD or DHS, cyber self-defense is reasonable, but this is a slippery slope fraught with international issues. You can be sure that these questions will eventually make it all the way up to the Supreme Court for a final decision.

University of Maryland University College

UMUC: Cultivating Tomorrow's Cyber Warriors
UMUC's cybersecurity programs are designed to address the serious workforce shortages of highly skilled cyber professionals needed to protect our nation's infrastructure. These programs provide students — looking to advance professionally, change careers or build on existing skill sets — with the proper tools to enter the cybersecurity field. UMUC is designated a National Center of Academic Excellence in Information Assurance Education by the National Security Agency and the Department of Homeland Security. To learn more about these degree and certificate programs offered entirely online, visit http://military.umuc.edu.

{ 15 comments… read them below or add one }

eric July 13, 2010 at 12:48 pm

in the good old days this was called "espionage" and was dealt with by the police and the secret services. calling it "war" probably is more profitable to the corporations selling "cyber-arms". don't believe the hype!


Dave July 13, 2010 at 2:47 pm

I don't think there are companies that sell cyber attack software.

Unlike a gun, which can be used for offense and defense, cyber defense and cyber attacks are 2 completely separate types of programs.


Kevin July 15, 2010 at 2:06 pm

Not only are there cyber ams dealers, there are companies that will do the attack for you!


Cyb July 13, 2010 at 1:08 pm

believe the hype.


byc July 13, 2010 at 2:09 pm

Don't believe the hype!


Gerald Anthro July 13, 2010 at 12:24 pm

Some of us have cyber side arms.
“Unlike a gun, which can be used for offense and defense, cyber defense and cyber attacks are 2 completely separate types of programs.”
Can be used Just like a gun.
One Use of cyber side arm takes the Threat off line, good defensively,
and damn nice offense.



The_Hand July 13, 2010 at 8:00 pm

I'm all for self defense rights, but allowing at-will cyber counterattacks is a really bad idea. The internet is really complicated and it would be extremely easy for a counterattack to be misdirected or otherwise cause collateral damage. Most of the commercial customers I've seen are lucky if they even know they're being attacked, let alone have the skills and tools to retaliate effectively. At minimum there would have to be really specific ROE and training/certification for a company to be permitted to act in this manner, and I still haven't even gotten around to the international ramifications.


Gerald Anthro July 14, 2010 at 3:30 am

Well Jeeze, I don’t know where to begin.
You are making a lot of assumptions.
Your basic paradigm seems to be confused.
“I’m all for self defense rights, but allowing at-will cyber counterattacks is a really bad idea.”
Cyber counterattacks are allowed..
under common law, “self defense rights” you are all for?
Huh what are they in your mind?
One cyber side arm only takes the perp off line,
“misdirected or otherwise cause collateral damage.”
Not a problem, doesn’t happen.
“training/certification” same as a real gun.
Same responsibilities, liabilities as any self
defense actions, your over complicating the paradigm.
“international ramifications” only ramifications I’m concerned
with are US laws.
There ain’t no Sheriff on the WWW.
And you are assuming I can be tracked.
The bad guys understand the WWW paradigm,
we need to even forces and effects out.
Attack me at your own risk.
The heavy Cyber Weapons squad
would really un nerve you.

When do we stop just acting like
Go ahead and report a cyber theft
to the police of feds, nothing happens.
Criminal activity is rampant on the WWW.
Even when we track them down and report
IP’s nothing happens, there just isn’t the
man power to reign the crooks in.
ID theft has become so rampant that
the price of a stolen ID has dropped
every year for the past 5 years.
Of course cyber weapons can be abused
just as guns can be abused.
And the same paradigm can be
used to address these abuses
as the remedies for gun abuse.
The Constitution gives us the right
to bare arms, that right I would argue
includes cyber weapons.
Law Enforcement is over whelmed.
We have the right to self defense.
I exercise that right.



torben July 14, 2010 at 3:48 pm

so what is a cyber arm?
me running AntiVirus = locking my door or pulling my gun in SD?
me blocking an attackers IP at my router = locking my door or pulling my gun in SD?
me using a DoS attack to block the attackers IP from continuing to attack me…or others = locking my door or pulling my gun in SD?
me taking over the attackers server or botnet to stop attacks against me or others = locking my door or pulling my gun in SD?

i don't have an answer to that but until someone says otherwise, I'll continue doing what I always have. If that eventually requires a CWP, cyber weapon permit, I guess I pay the fee and continue keeping my computer and beloved network safe from the BGs.


shawn July 14, 2010 at 2:58 pm

I’m all for it to, the problem is the fact that, unlike a criminal walking into your home/business pointing a gun at you, then you know who is pointing the gun and who to shoot. Unfortunately, the same is not always true for cyber attacks- the one point the gun at you (and even firing it) may not even realize that they are- their servers/computers/etc. may have been hijacked. Do we prosecute the owner of a vehicle that was stolen and used in a felony when they didn’t even know it was stolen yet?


Gerald Anthro July 14, 2010 at 4:47 pm

If a zombie pc attacks we take it off line.
I don’t care who is pointing the cyber gun,
just that the cyber gun is shooting at me.
Notify them of infection, tell them
to clean infection or next time we
will do more than just take them off line.
If someone hijacked the PC, its Not
my problem.
The PC owner must face the consequences
of his PC becoming a zombie and attacking
some one.
If a dog attacks someone the owner
is responsible, even of he is not
present at the attack.
I’m not giving a OK to
a zombie PC attacking me
because the owner didn’t
Cyber side arm could be a DOS
attack, mine uses other methods,



Cónego July 15, 2010 at 11:34 pm

I'm a retired Naval officer, and the church I attend has had a dozen members' computers "zombied"- they find out about it when their families and friends want to know why they're sending out links to buy "viagra". In almost every case, the computers belong to senior citizens, used for emailing with their friends & grandchildren.

These aren't people with pitbulls that run wild- these are elders who are themselves victims. Saying "they must face the consequences" is kind of rough on someone who doesn't have a clue about 'cleaning the infection' beyond what the installed anti-virus program is already doing, and your threatening that "next time we
will do more than just take them off line" is over the line. [See part 2]


Cónego July 15, 2010 at 11:34 pm

[Part 2] I don't know if you were ever active duty military- other people are interested in defense tech. If you were, then these are the people you once gave your oath to defend. If a bad guy sneaks into an elder's garage, hotwires her car to rob a bank, then puts the car back into her garage so it can't be traced to him, would you jail the senior citizen for owning the car that was stolen? Or would you consider the car theft a crime against its owner, and hunt down the actual bad guy and charge him with both crimes?
Sounds like you'd be just as happy shooting grandma.


Gerald Anthro July 16, 2010 at 4:36 pm

If Grandmas car was used to try and rob a bank,
and was being chased by police, you bet they
would spin the car off the road, they wouldn’t
think twice about taking that car off the road.
even if grandma
didn’t know it got stolen.

You expect the police to say well grandma
doesn’t know her car was hijacked/stolen
so we have to let the bank robbers car go,
Same with a PC.
If Grand mas PC attacks my PC
then its going off line.



Cónego July 29, 2010 at 4:19 am

Mr. Anthro,

You seem to have all the human charity of the hard drive you're so prepared to defend. I am sorry for you- it must be lonely, in a world that's all black and white with no grays… and no possibility of either unintentional injury, or forgiveness.

I hope, for your sake as much as "grandma's", that your computer doesn't get attacked by a 'bot', because it's true, as you say, "There ain't no Sheriff on the WWW. And you are assuming I can be tracked."

I recognize that you consider yourself your own untraceable "Sheriff". For the sake of the victims you revictimize, I hope you consider "community policing", which most PDs discover works better than "One warning, then I shoot you in the back". That's my hope for the victims. For you yourself? I hope that you'll look in the mirror and ask yourself if you really want to be the person shown by your web comments. You can do better than 'heartless' and 'self-important'.


Leave a Comment

Previous post:

Next post: