CIO Review: Why Offensive Countermeasures Weaken Our Cybersecurity
CDT President and CEO Nuala O’Connor in CIO Review: “Offensive or retaliatory cyber countermeasures are generally prohibited under current law, specifically the Computer Fraud and Abuse Act. This is a good thing, because there are a myriad of serious problems with a company launching offensive countermeasures. While countermeasures may be designed to prevent harms, such as ones aimed at deleting stolen data or deploying ‘helpful worms’ that could automatically remove malware and fix vulnerabilities, the possibility of unintended consequences is real and severe.
…
The instinct to punch back is undeniable, but in the cyber world it is far better to focus on having the best security in place and a good response plan developed, rather than introducing well-intentioned malicious programs into cyberspace. Congress should resist the urge to create any legislation that invites companies to ‘hack back’ and companies should avoid entering into cyber battles that may escalate beyond their control.”