cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Is there such a thing as responsible Lawful Offense?

All

 

Is there such an acceptable for taking responsibility for lawful offense, given the current cybersecurity landscape and potential issues which have been going on for years, silently in the background?

 

Do we need to have a set of ethics as to what is acceptable vs non acceptance?

 

What are your thoughts?

 

https://www.lawfareblog.com/responsible-cyber-offense

 

Regards

 

Caute_Cautim

 

Caute_Cautim

4 Replies

Re: Is there such a thing as responsible Lawful Offense?

Unless you are a Government, there is no such thing as "Lawful Offense". Let's not even try to address "responsible".

No organization/entity has the right to use offensive measures in cyberspace -- period. That governments engage in it is bad enough. That we prosecute individuals is clear. Why should a business or other organization be allowed to do something that we prosecute individuals for?
denbesten
Community Champion

Re: Is there such a thing as responsible Lawful Offense?

In my mind, "offensive" measures can at times be perfectly reasonable. The big requirement is guardrails, such as operating within the bounds of ethics, the law and ensuring sufficient judicial oversight.  

 

A few examples of ones I feel appropriate: 

Another scenario is when I hire a red-team to attack my own company, complete with the appropriate contractual arrangements to guide and protect the red-team.  

 

That said, I completely agree that vigilante ("attack me, I attack back") strategies should not be tolerated on the Internet any more than they are in real life.

Caute_cautim
Community Champion

Re: Is there such a thing as responsible Lawful Offense?

@Edwin_CybSecGuyWell that states it all:  For example under the ITU Radio communications rules, only China and Russia have the right to use certain frequencies within the international agreed frequency spectrum for defense purposes.  So they use wide bandwidth spectrums, completely disrupting other traffic that flows using the High Frequency bands.  They have published right.

 

So stating that only Government have the rights to Lawful Offenses, establishes that certain nations outwardly attack other nations for espionage and commercial IP purposes such as China, North Korea and Russia.  however, when you look closer, almost every nation is either protecting themselves or have offensive countermeasures to return the favour to the attack host nation even if they use proxies and then claim it was not them.   This is a state nation gamification, where the attackers have high stakes, tonnes of investment and are prepared to keep smiling whilst pretending it was not them who did the attacking.

 

Regards

 

Caute_Cautim

 

James89
Viewer

Re: Is there such a thing as responsible Lawful Offense?

Hello,

 

Everything is very open with a clear description of the issues. It was truly informative. Your website is very helpful. Many thanks for sharing!

Tags (1)