Proposed ‘hack back’ law would not have stopped WannaCry

On Monday, the Financial Times published a story concerning a proposed bill form Representative Tom Graves, a Republican from Georgia’s 14^th district.

The Seven Assumptions of Hacking Back

• Private companies can attribute:
  “Very few, if any, private entities can as of today with high granularity determine who attacked them…”
• The ability to engage a state sponsored organization:
  “[It] is assumed that the counterstriking corporation can handle a heavily funded aggressive statesponsored organization.”
• There will be no uncontrolled escalation:
  “If counter cyberattacks are legalized, logically it carries an assumption that there will be no uncontrolled escalation that affects a 3rd party.”
• The duplicated intellectual property is at one location:
  “This assumption also ignores the likelihood that the initial attacker uses backups to store their data so the initial attacker can retrieve the stolen information if lost.”

Note: This list contains four of the seven assumptions outlined in a paper by Jan Kallberg, at University of Texas at Dallas: A Right to Cybercounter Strikes: The Risks of Legalizing Hack Backs.

Graves has proposed changing the Computer Fraud and Abuse Act (CFAA) to allow organizations to fight back when being attacked online. But is this a smart, or even workable solution for enterprise operations?

To read this article in full or to leave a comment, please click here

from CSO Online Data Protection http://www.csoonline.com/article/3198490/security/proposed-hack-back-law-would-not-have-stopped-wannacry.html#tk.rss_dataprotection