In an era when cyberattacks are becoming ever more prevalent, there is a growing demand for private companies to “hackback” to deter and defend against attacks. But federal law precludes them from doing so. Sam Parker addresses the risks and benefits of allowing companies to respond to cyber-threats by going on the offensive and analyzes three legislative hackback proposals.
Because Parker finds that each proposal is either insufficiently effective or bears unacceptable risks, he recommends a hybrid proposal that would allow federal authorities to authorize and strictly supervise companies to engage in defensive cyberattacks. Parker argues this approach enables private companies to be “force multipliers” against cyberthreats while also mitigating the risks of a feared “Wild West” scenario where the private sector can hackback against anyone without restraint.
By McKay Smith & Garrett Mulrain
The Equifax hack, which impacted nearly half of the U.S. population, should be viewed as a triggering event for worthwhile government reform and increased public-private cooperation, creating a model that is both scalable and adaptable to multiple industries. Framed by the Equifax data breach, McKay Smith and Garrett Mulrain focus the reader on the national security implications of attacks on the American consumer economy, perpetrated by cybercriminals and hostile nation states. This article provides a detailed analysis of government oversight efforts and contains a novel and creative proposal for reform, intended to serve as a blueprint for widespread, whole-of-government action. In a pragmatic call for reform, Smith and Mulrain recommend seven concrete steps that government can take to demonstrate a renewed commitment to protecting its data, and the data of its private citizens, from malicious foreign adversaries.
Equi-failure: The National Security Implications of the Equifax Hack and a Critical Proposal for Reform