Hacking Back – Do the Benefits Outweigh the Risks?

Hacking Back – Do the Benefits Outweigh the Risks?

Hacking Back – Do the Benefits Outweigh the Risks?

With the increased frequency and sophistication of cyber-attacks worldwide, companies and executives are becoming frustrated with a traditional focus on defensive tactics. As a result, some private sector actors are taking a more active role in cybersecurity by “hacking back” – hacking against the very groups that are attacking their systems in retaliation or to retrieve stolen data. As hacking back rises in popularity, it is important to consider a number of political and legal issues and the risks to counter-terrorism efforts. The legality of hacking back is murky at best. In 2017, Congress introduced the Active Cyber Defense Certainty Act (ACDC) bill which, if passed, allows private actors to leave their network to establish attribution of an attack, disrupt cyber-attacks, and retrieve or destroy stolen files. The private sector plays a major role in cyberspace and brings specialized cyber capabilities. Because of these capabilities and increased resources, the private sector can often address cyber threats more directly and quickly than the Federal government in certain situations.

The integration of the private sector into offensive capabilities such as hacking back creates a more robust cyber posture for Federal Agencies. Among the biggest challenges in cyber security is attribution- understanding who is responsible for an attack. Attribution is challenging in cyberspace, as there are no borders and hackers intentionally mask their identity and location. What may appear to be the action of one actor may really be a false-lead planted by the real threat. Private sector actors enhance Federal investigators’ ability to identify the ultimate perpetrators. The addition of non-governmental players into offensive hacking blurs the lines of responsibility for countering cyber-crime and cyber-terrorism.

Cyberspace is an ever-evolving frontier where malicious groups continue to threaten Federal agencies and private sector organizations. To defend against these threats, the Government and private sector have cooperated on both defensive and offensive measures. Hacking back is one of many legal, political, and ethical issues that every country’s government needs to start talking about and defining boundaries for, which the ACDC bill attempted to address.

About Arc Aspicio
Arc Aspicio is a management, strategy, and technology consulting firm that takes a mission-oriented approach to complex client challenges. Focused on innovation, Arc Aspicio provides services in strategy, design, human capital, operations, analytics and visualization, technology, and information sharing. The company is known for a strong, collaborative culture that values gratitude, provides leadership opportunities, and explores the future. Our teams use a human-centered approach to working with clients and are flexible and responsive within dynamic Government client environments that often have new priorities and evolving missions. We thrive on these situations and promote continuous improvement and new ideas. And, #welovedogs! Follow us on Twitter @arcaspicio or learn more at www.arcaspicio.com.

Blog Cybersecurity

Contributors

Katie Vaughan |

Katie Vaughan is a Consulting Associate at Arc Aspicio. She graduated from American University in December of 2017 with a BA in International Studies and a focus on Global Security. She has experience doing cyber security research with the Department of Defense.

Reinventing Strategy

Reinventing Strategy

Since the GPRA Modernization Act in 2010, agencies across the Federal Government have raced to establish new Strategic Plans in response to incoming Presidential Administrations and agency leaders. Developing a new Strategic Plan is incredibly exciting for an agency. Leaders can redefine priorities, frontline managers can improve mission performance, and employees can better engage with the mission. Strategy, however, is so much more than just a Strategic Plan.

Running IT Like a Business: How Technology Business Management is Shaping the Future of Federal Agencies

Running IT Like a Business: How Technology Business Management is Shaping the Future of Federal Agencies

As the Government continually looks for ways to increase efficiency and encourage innovation, Information Technology (IT) is emerging as a solution to these needs. Recent Federal guidance mandates all agencies to adopt a new framework for better understanding IT costs. Technology Business Management (TBM) is a framework that incorporates IT departments into the overall business network, shifting away from treating IT as an independent unit. This provides a clear way to evaluate and manage IT, running IT as a business and communicating the value of new IT investments.

Behavioral Science – Using Behavioral Science to Effect Action

Behavioral Science – Using Behavioral Science to Effect Action

How do organizations encourage behavior change in their customers? Increasingly, they focus on customer experience, and as a consequence employ behavioral science methodologies. At the heart of behavioral science is the consideration of how an organization can make small investments that generate incremental savings/returns while considering both customers and organizational benefits. One example is Transportation Security Administration’s (TSA) Pre✓® and U.C. Customs and Border Protection’s Global Entry programs.

Launching into #Action Through Strategy

Launching into #Action Through Strategy

As a new employee, your first company-wide meeting can make you nervous. This was how I felt.

Arc Aspicio’s recent Strategy Launch Day was so well planned and it involved participants so that I learned that I had nothing to worry about! The company treats each employee equally and equips even the newest joiners with the information and skills they need to have a meaningful experience

What Being a Consultant Means to Me

What Being a Consultant Means to Me

As a Consulting Associate at Arc Aspicio, I provide expertise and insight to help clients solve difficult problems. To be successful, a consultant does not need only to be a subject matter expert on their client’s industry and needs - though this often ends up happening over time.

Captivate Your Audience Through Design+Data

Captivate Your Audience Through Design+Data

So often, senior leaders must communicate their strategic and simple vision in a world of growing complexity. They must make decisions – and frequently explain them – based on an enterprise view of their data. It’s getting easier to do this these days through data visualizations and infographics that speak to specific employee and stakeholder audiences. Design+Data is what we call it at Arc Aspicio.

Chief Data Officers: Six Steps to Manage Data as an Enterprise Asset

Chief Data Officers: Six Steps to Manage Data as an Enterprise Asset

With an exponential increase in the types and quantities of data, organizations need defined strategies and techniques to manage data as an enterprise asset. To create enterprise-wide use of data, a Chief Data Officer (CDO) needs a clear data agenda for leadership and the whole organization to address current and future needs. CDOs should follow this six-part data plan to achieve short term capability gains and plot a path to greater enterprise data maturity.