Experts believe US Cyber Command it the only entity that can carry out ‘hack backs’

The U.S. government should opt to carry out hack backs as retaliation against the massive attacks against organizations in the US private sector.

The U.S. government should opt to carry out hack backs as retaliation against the massive attacks against organizations in the US private sector, and when appropriate, the military’s hacking unit should hit back, this is what three experts said at a panel organized by APCO.

The three experts with experience in the private sector, intelligence community and military, agreed that the private organization victims of cyber attacks have to delegate the response against the attackers to the US Cyber Command.

“I think if it’s going to happen, it’s best in the hands of the government,” said Sean Weppner, chief strategy officer at NISOS Group and a former DOD cyber officer.

The experts highlighted that private companies have no intelligence abilities to attribute the attacks to a specific threat actor and have no specific offensive capabilities to conduct hack backs.

Private companies not only have no capabilities to conduct hack backs, they are not legally authorized to do it.

“The U.S. government should decide how to retaliate against the worst attacks on the country’s private sector, and when appropriate, the military’s hacking unit should hit back, three experts said Monday.reported CyberScoop.

“The controversial idea entails taking the fight to nefarious actors by attacking their computer network in-kind, probing for exfiltrated data and employing measures to retrieve or destroy stolen information.”

Alex Bolling, the former chief of operations at the CIA’s Information Operations Center, approached the problem of cyber attacks against critical infrastructure that in most of the cases are owned by private entities.

The response of attacks against critical infrastructure operated by private organizations must be delegated to the US Government.

In the majority of the cases, attacks against critical infrastructure are powered by persistent attackers and for this reason, a response requests specific cyber skills and the US CYBERCOM has them.

Speaking of the CYBERCOM Bolling said it is the “agency that is best resourced to respond to threats to [U.S.] national interests…[and] critical infrastructure in the energy, finance and wider commercial space,” 

Private companies cannot carry out hack backs if we want to avoid a digital far west. A private company that decides to target its attackers is anyway a serious threat to the overall digital community.

“For one, companies venturing out into foreign networks would run the risk of disrupting existing U.S. intelligence or military operations.” continues CyberScoop.

According to Edward Amoroso, CEO of Tag Cyber, the US CYBERCOM should isolate the specific target to hit and attack it limiting the risk of any collateral damage.

“I’d like to think there’s a lot of human intelligence and spy-craft that provides a really good view” to the government, said Amoroso.

Experts warn of the risk of hack back non-responsible party due to a wrong attribution of the attack.

Of course, every threat must be properly approached especially the ones that daily target the U.S. private sector. The three experts urge a proper cyber hygiene to mitigate the risks of cyber attacks and limit the necessity to carry out hack backs.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.