informa
Announcements
Event
How to Launch a Threat Hunting Program | Webinar <REGISTER>
Event
How to Accelerate XDR Outcomes: Bridging the Gap Between Network and Endpoint | Webinar <REGISTER>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top of Mind | <READ IT NOW>
PreviousNext
Risk
2 MIN READ
Commentary

NSA Director On The Cyber-Counterattack

According to an Associated Press report, the director of the National Security Agency told Congress the U.S. should respond in force to computer-based attacks -- even when the attacker is not known. Is that possible, and is it a good idea?
Gadi Evron
CEO & Founder, Cymmetria, head of Israeli CERT, Chairman, Cyber Threat Intelligence Alliance
April 15, 2010
According to an Associated Press report, the director of the National Security Agency told Congress the U.S. should respond in force to computer-based attacks -- even when the attacker is not known. Is that possible, and is it a good idea?He also suggested the option of preemptive cyber offensives:

Lt. Gen. Keith Alexander, who is the Obama administration's nominee to take on additional duties as head of the new Cyber Command, also said the U.S. should not be deterred from taking action against countries such as Iran and North Korea just because they might launch cyberattacks.
Whether a country should respond to computer attacks is a question for policy makers and diplomats -- not unlike any other decision to employ force on behalf of a nation. A much more important question is what he means when he says a counterattack should be launched even when the offender isn't known.

The nature of information warfare (or cyberwarfare, if you prefer) is that you may know who your rivals or enemies are, but have no actual idea who is attacking you. An attacker can hide behind the Internet's inherent anonymity or even pretend to be someone else entirely.

Before launching an attack, we may want to know where to aim it, which requires intelligence.


"In cyberspace, he said, it is difficult to deliver an effective response if the attacker's identity is not known."

But commanders have clear rights to self-defense, he said. He added that while "this right has not been specifically established by legal precedent to apply to attacks in cyberspace, it is reasonable to assume that returning fire in cyberspace, as long as it complied with law of war principles ... would be lawful."

Senators noted, in their questions, that police officers don't have to know the identity of a shooter in order to shoot back. In cyberspace, the U.S. may be able to counter a threat, rebuff an electronic probe or disable a malicious network without knowing who is behind the attack.

The senators' analogy is a false one. When shooting back at a mugger, even if you don't know him, you are likely to hit your attacker.

On the Internet, when you shoot back you are likely to hit an innocent bystander, with a lot of collateral damage to boot.

I believe what Gen. Alexander was referring to is the legal ability to both:

    1. Shoot back when the identity is in fact known.
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports
Editors' Choice
7 Women Leading the Charge in Cybersecurity Research & Analysis
Ericka Chickowski, Contributing Writer, Dark Reading
Microsoft Patches 'Dangerous' RCE Flaw in Azure Cloud Service
Elizabeth Montalbano, Contributor, Dark Reading
Top Tech Talent Warns of AI's Threat to Human Existence in Open Letter
Becky Bracken, Editor, Dark Reading
Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos, Contributing Writer, Dark Reading
Webinars
More Webinars
Reports
More Reports
White Papers
More White Papers
Events
More Events
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports