Government

Experts call for “active defense” measures to deter hacks against the U.S.

A panel of experts assembled by the George Washington University Center for Cyber and Homeland Security said on October 31 that the U.S. government and private sector should have stronger measures in place to strike back against hackers and to counter cyber-attacks, aimed at stealing sensitive information and disrupting computer networks.

The experts said policies should be put in place that allow “active defense” measures that deter hackers, rather than “hacking back” to disable systems used by hackers and more-or-less stooping to their level. Some of the solutions raised by the experts included measures including taking down “botnets” that disrupt cyberspace, freeing data from “ransomware” hackers and “rescue missions” to recover stolen data, AFP reported.

The report reads, "The time for action on the issue of active defense is long overdue, and the private sector will continue to be exposed to theft, exfiltration of data, and other attacks in the absence of a robust deterrent. When private sector companies have a capability to engage in active defense measures, they are building such a deterrent, which will reduce risks to these companies, protect the privacy and integrity of their data, and decrease the risks of economic and societal harm from large-scale cyber-attacks."

On October 7, the U.S. government formally accused Russia of trying to “interfere” with the American presidential election, and promised to respond at an undisclosed time and place. Adding to the already tense relations between the two nations, a joint statement from the Department of Homeland Security and Office of the Director of National Intelligence was the first formal statement made by Washington, accusing Moscow of cyber attacks to gain political advantage. It represents a tense time for the U.S. and its battle against cybercrime.

Many believe that U.S. policymakers are moving too slowly with a “dynamic” threat from cyberspace, according to former national intelligence director and task force co-chair, Dennis Blair. "We are shooting so far behind the rabbit that we will only hit it if the rabbit makes another lap and comes back to where it was," he told a conference presenting the report.

However, the panel did not recommend hacking back "because we don't want the cure to be worse than the disease," project co-director, Frank Cilluffo said. But "there are certain steps companies can take" to repel and deter cyber-attacks, he added, advocating the establishment of a legal framework for them.

The threat facing the U.S. regarding cybercrime is well-understood, but some of the solutions to counter it have been controversial. Task force co-chair, Nuala O’Connor, president of the Center for Democracy & Technology, said many of the recommendations go too far such as inviting companies to gain unauthorized access to outside computer networks.

"I believe these types of measures should remain unlawful," she wrote, adding that it remains difficult to be sure of cyberattacks' sources. "The risks of collateral damage to innocent internet users, to data security, and to national security that can result from overly aggressive defensive efforts needs to be better accounted for."