Proactive defence of networks is not about vigilantism, according to US security technology company Crowdstrike.
In a presentation titled 'Highway to the danger zone – going offensive legally' at the RSA Conference in San Francisco, Crowdstrike president and CEO George Kurtz admitted that the concept of proactive defence and 'hacking the bad guys back' is a hot topic and the legal aspects need to be understood.
He said: “Take vigilantism off the table, we look at ways and methods to make it harder for the adversary and be more hostile in the network.”
Crowdstrike's senior vice president of legal affairs and chief risk officer Steve Chabinsky said that the concept of 'hacking back' can be defined into the laws of trespass and surveillance. “We see the differences between felony and misdemeanour. Remember if they shouldn't have been there in the first place then it is a felony, but if they were there and caused damage but it was unintended, it is a misdemeanour,” he said.
“If you tackle a guy who robs you, it is assault, you don't just leave him. There is no room for revenge and vigilantism, it is about stability and up until government processes take over. If someone steals your wallet, you say stop that man, you don't just stand there you catch the guy and the police thank you. This is the same thing, so this is an area to develop to show how to equate that theory in cyber. The government understands it and has to know how to coordinate it.”
Kurtz said that people are "tired of getting punched in the face and want to understand what actions they can take" and what the circumstances are, but there is no right answer.
Chabinsky said that if you detect someone in your system, you have the opportunity to do something in return so you want flexibility in your response. “You can help yourself and you have to go in that direction. The government will recognise that you tried to stabilise the situation to retrain with restraint and once you have got attribution, you will see civil action to sue nation states or those companies who have benefited from that stolen information.
“We will start seeing changes in architectures, to get rid of state rules and start adopting national law, so if you find anyone on your network, you can do something about it.”
Kurtz concluded by saying this developing area is about actionable intelligence and understanding who the enemy is, as active defence is not about hacking back. “It is understanding the nuances of the law and if you don't know your enemy it is hard to protect yourself,” he said. Both men also recommended speaking to lawyers and consulting the law in these cases.