I am a bit of an outlier in the cybersecurity community since I think that there are circumstances in which private actors ought to be allowed to more aggressively respond to intrusions on their systems (though I don't go "full postal" on the issue). For those who are interested in the subject I just published a piece at Heritage co-authored with my colleagues Steve Bucci and David Inserra, entitled "Next Steps for U.S.
Latest in Cybersecurity and Deterrence
Bobby Chesney raised a number of issues regarding the Active Defense Certainty Act, and I’m just getting into it now. I think Bobby’s comments are spot on, but I want to amplify some of his concerns.
Thoughts on the international law dimensions of the Defense Science Board’s Task Force Report on Cyber Deterrence and Joseph Nye’s article on Deterrence and Dissuasion in Cyberspace.
Defense and deterrence won't prevent cyber-meddling in future elections. The United States should consider cooperation.
Russian meddling and notes from the Harvard Institute of Politics' Campaign for President: The Managers Look conference.
State-Sponsored Doxing and Manipulation of the U.S. Election: How Should the U.S. Government Respond?
As Thomas Rid explains in this terrific piece in Esquire, the Russian government has developed a remarkable capacity for blending the fruits of espionage with information operations designed to manipulate public opinion abroad. It has deployed this capacity in the past in various contexts without generating much discussion in U.S. circles, but recent activities apparently designed to impact the U.S.
In my first post on this subject, I quoted a news story in fedscoop saying that
The development of “loud” offensive cyber tools, [that could be definitively traced to the United States and thus] able to possibly deter future intrusions, represent a “different paradigm shift” from what the agency has used to in the past.
Recent news reports regarding Russian hacks affecting the November election suggest that the United States is preparing on possible U.S. cyber actions in response, such as revealing information to the Russian public about Putin’s financial holdings that would be embarrassing for him. Without comment on whether this would be a wise policy move, it’s necessary to point out that such an action would not be a “cyber response” in any meaningful sense of the term.
Will the United States folow through on its pledge to retaliate for the DNC hack, and can secret retaliation deter third parties?