Briefly on "The Network Use of Force Continuum"

Tuesday, January 08, 2013

Ali-Reza Anghaie

Bd623fa766512fdf6b57db66f522b741

A bit of Twitter discussion (read: argument) came up about The Network Use of Force Continuum from @brasscount (and @bsdunlap?)..

I have long said that history and legal precedent will eventually defend "hack back" techniques for those with well established procedures and some degree of market clout (e.g. DIB, Fortune 100s). I've even said, when discussing the Patriot Hacker "The Jester", that self-defense and stand-your-ground will almost certainly come into play and be successfully used in some legal context.

I've also been adamant ~against~ such "hack back" techniques outside of the Government because projection-of-force issues have a lot of geopolitical consequences that aren't easily discernable at first. I've been even more opposed to such measures, even by Government, that support the idea that "weaponizing" Cyberspace is a good idea - or even a better idea (to saves lives) versus kinetic options.

I won't reiterate all of those musings and reasonings here - you need only go back a few pages in this blog to find ample background.

Here is what I will say today: STOP TALKING ABOUT THE LEGAL ASPECTS.. RED. HERRING.

And start talking about the social and technical aspects - collateral damage, what happens as today's nuisance hacks (e.g. Facebook profiles) increasingly intersect with immediate long-term life consequences (inevitable as more data is connected), as threat surface area rises more rapidly than we can defend OR hack back, the technical inevitability that forensics and IR will be used against your "hack back" and then result in end-points outside of any intention you had, etc.

So while I think the courts actually WILL defend such Force Continuum theories for Cyber, I believe it's our duty as Security Professionals to make them understand why the analogous comparisons are red herrings we need to avoid. Now.

We're technology professionals and we shouldn't be looking for legal backing to do things we technically know have much wider consequences than the legacy comparables. -Ali (@Packetknife)

9102
Policy Breaches Privacy
General Legal
Hactivism Defensive Hacking
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.