Abstract
Cyber breaches are increasing in frequency and scope on a regular basis. The targeted systems include both commercial and governmental networks. As the threat of these breaches rises, the public sector and private industry seek solutions that stop to the ones responsible for the attacks. While all would agree that organizations have the right to protect their networks from these cyber-attacks, the options for defending networks are not quite as clear. Few would question that a passive defense (i.e. the filtering of traffic, rejecting packets based on the source, etc.) is well within the realm of options open to a defender. What active defensive measures are ethically available to the defenders when passive options fail to stop a persistent threat is not as clear. This paper outlines the two (law enforcement and military) ethical frameworks commonly applied by cyber security professionals when considering the option of a cyber counter-offensive or “hacking back.” This examination includes current applicable literature in the fields of information security, international law, and information assurance ethics.
Keywords
Active Cyber Defense, Cybersecurity, Information Assurance Ethics, Laws of Armed Conflict, Law Enforcement