The Ethics of Hacking Back

Get BibTex-formatted data

Download

PDF

Author

Corey T. Holzer, James E. Lerums

Tech report number

CERIAS TR 2016-01

Entry type

article

Abstract

Cyber breaches are increasing in frequency and scope on a regular basis. The targeted systems include both commercial and governmental networks. As the threat of these breaches rises, the public sector and private industry seek solutions that stop to the ones responsible for the attacks. While all would agree that organizations have the right to protect their networks from these cyber-attacks, the options for defending networks are not quite as clear. Few would question that a passive defense (i.e. the filtering of traffic, rejecting packets based on the source, etc.) is well within the realm of options open to a defender. What active defensive measures are ethically available to the defenders when passive options fail to stop a persistent threat is not as clear. This paper outlines the two (law enforcement and military) ethical frameworks commonly applied by cyber security professionals when considering the option of a cyber counter-offensive or “hacking back.” This examination includes current applicable literature in the fields of information security, international law, and information assurance ethics.

Download

PDF

Date

2016 – 6 – 9

Institution

Purdue University

Key alpha

Ethics

Publication Date

2016-06-09

Keywords

Active Cyber Defense, Cybersecurity, Information Assurance Ethics, Laws of Armed Conflict, Law Enforcement

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Ethics,
	title = "The Ethics of Hacking Back",
	author = "Corey T. Holzer, James E. Lerums",
	year = "2016",
	month = "6",
	institution = "Purdue University",
	day = "9",
	abstract = "Cyber breaches are increasing in frequency and scope on a regular basis. The targeted systems include both commercial and governmental networks. As the threat of these breaches rises, the public sector and private industry seek solutions that stop to the ones responsible for the attacks. While all would agree that organizations have the right to protect their networks from these cyber-attacks, the options for defending networks are not quite as clear. Few would question that a passive defense (i.e. the filtering of traffic, rejecting packets based on the source, etc.) is well within the realm of options open to a defender. What active defensive measures are ethically available to the defenders when passive options fail to stop a persistent threat is not as clear.  This paper outlines the two (law enforcement and military) ethical frameworks commonly applied by cyber security professionals when considering the option of a cyber counter-offensive or “hacking back.” This examination includes current applicable literature in the fields of information security, international law, and information assurance ethics.",
	keywords = "Active Cyber Defense, Cybersecurity, Information Assurance Ethics, Laws of Armed Conflict, Law Enforcement",
}