Private Sector Cyber Ops Getting Hotter

By Kevin Coleman — DefenseTech Cyber Warfare Correspondent

Last week the Washington Post reported that the Cyber Command is seeking authority to launch cyber attacks in efforts to protect U.S. interests. This request is said to have drawn objections from administration lawyers concerned about the legality of offensive cyber operations. The right to bear cyber arms and the right to return fire in cyber space are both issues we have discussed recently on this blog. As you may recall back in April of this year, the Pentagon took a retaliatory tone when it asserted its right to return fire against cyber attacks aimed at the United States.

They say timing is everything so… Last week, I received a tip about a private sector entity returning cyber fire. The tip came with a high degree of confidence and raised a number of concerns. First of all, if the given the administration’s legal advisors are concerned about the legality of returning fire in cyber space, how legal is it for private sector organizations to be doing it? Secondly, most cyber attacks are routed through intermediary servers that have been compromised and are unwilling/unknowing participants in the attack, so returning fire on them is problematic to say the least. The final concern is; could a retaliatory strike by the private sector, or for that matter, an individual seeking revenge for an attack on their personal computer, escalate to a full fledged cyber war?

While it is unclear if any laws are being broken by that private company (a component of our critical infrastructure) returning fire, this is a very slippery slope.  It is not inconceivable to think that if the private sector and individuals are permitted to return cyber fire, the amount of retaliatory strikes would grow uncontrollably and further escalate cyber tensions between countries.

  • Musson

    I guess they could always say they were in fear for their life?

    Seriously, since the law is always a generation behind the real world, there is no return fire exemption. You would definitely be in violation of the federal anti-hacking laws.

  • The_Hand

    I would favor private organizations’ right to defend themselves, but in my experience, the overwhelming majority of private entities are hopelessly clueless about cyber ops. Odds are that any offensive operation they launched would be totally ineffective at best, and at worst would take out some other third party. Major hacking organizations are highly sophisticated and are especially good at stealth, misdirection, and their own security. There are very few white hat orgs capable of beating them at their own game.

  • Stiennon

    My understanding has been that various computer laws have been enacted that make it illegal to strike back in any form. Governments can always declare their right to counter attack but individuals and companies cannot. One may ask how Google discovered documents belonging to “more than 20 companies” on a server in Taiwan. I can see over-zealous and pissed off engineers at Google engaging in illegal back-hacking.

    Time to consider letters of cyber-marque issued by Congress?

  • Oblat

    Cyberwar makes about as much sense as the government robbing peoples houses in retaliation for car thefts. Meanwhile the greatest threat remains software bugs and consultants .As we see every weekend on this web site that still cant get their websphere settings right.

  • Max

    You’re missing the big picture entirely. Now that corporations and other juridical persons have finally — after generations of grassroots struggle — secured their God-given, First Amendment-guaranteed rights to unrestricted speech, the obvious next logical step in their struggle for great justice will be to secure full recognition of their broader Second Amendment rights to keep and bear arms of all kinds, conventional and cyber~. In a world where public authorities are increasingly unable or unwilling to protect the natural property rights of artificial persons against illegal takings — e.g., their failure to make online intellectual property owners whole, their failure to expeditiously remove millions of unlawful occupants now squatting in bank-owned (foreclosed) homes — it is both inevitable and appropriate for free corporate entities to do their part to secure the individual pursuit of happiness, a.k.a. private property. Moreover, once the wasteful and corrupting influences of any remaining so-called “bankruptcy protection,” “consumer welfare,” and “social security” laws have been swept away, every corporate entity will need to be prepared to forcefully assert and defend the priority of its lawful claims against other, equally well-armed artificial persons. Corporations that are unable to pro-actively defend their payment streams (in some cases by physically securing their under-performing customers in new “repayment assurance centers”), will risk losing those revenues to the debtors detention facilities of corporate rivals. An orderly disposition of property rights claims being the bedrock of every Free civilization, the rights of Corporate Persons to keep and bear arms of any kind shall not be infringed!

  • D. Dieterle

    Kevin, this really does need to be straightened out quick. Several have stated making cyber an additional sovereign territory like Land, sea and air. I think this needs to be done quickly.

    Foreign governments know what happens if they sail warships to near the coast of another country. Or fly fighters into another’s airspace. Why do they think they can freely enter military and private industry systems without consequence?

    Foreign countries do this because right now there is no serious threat of escalation or retaliation. Russian Col. Anatoly Tsyganok said about cyber-attacks, “These attacks have been quite successful, and today the alliance has nothing to oppose Russia’s virtual attacks.”
    I hope our nation takes Russian Col. Anatoly Tsyganok words to heart when they finally beat out cyber war response policy.