By Kevin Coleman — DefenseTech Cyber Warfare Correspondent
Last week the Washington Post reported that the Cyber Command is seeking authority to launch cyber attacks in efforts to protect U.S. interests. This request is said to have drawn objections from administration lawyers concerned about the legality of offensive cyber operations. The right to bear cyber arms and the right to return fire in cyber space are both issues we have discussed recently on this blog. As you may recall back in April of this year, the Pentagon took a retaliatory tone when it asserted its right to return fire against cyber attacks aimed at the United States.
They say timing is everything so… Last week, I received a tip about a private sector entity returning cyber fire. The tip came with a high degree of confidence and raised a number of concerns. First of all, if the given the administration’s legal advisors are concerned about the legality of returning fire in cyber space, how legal is it for private sector organizations to be doing it? Secondly, most cyber attacks are routed through intermediary servers that have been compromised and are unwilling/unknowing participants in the attack, so returning fire on them is problematic to say the least. The final concern is; could a retaliatory strike by the private sector, or for that matter, an individual seeking revenge for an attack on their personal computer, escalate to a full fledged cyber war?
While it is unclear if any laws are being broken by that private company (a component of our critical infrastructure) returning fire, this is a very slippery slope. It is not inconceivable to think that if the private sector and individuals are permitted to return cyber fire, the amount of retaliatory strikes would grow uncontrollably and further escalate cyber tensions between countries.