US legislators are proposing new legislation that would empower US cyber defenses to hack back at cyber aggressors, even if they’re using a third-party country’s infrastructure, without the explicit consent of the respective country.
The National Defense Authorization Act would also create a new cyber entity with the technology and skills to strike back at cyber aggressors, namely China and Russia, that seek to disrupt US critical infrastructure or weaken its cyber resilience. If approved, the bill not only let the US military “hack back” at aggressors, but also creates a “Cyberspace Solarium Commission” whose purpose is to propose and implement strategic cyber defenses that augment the United States’ resilience towards cyber-attacks.
What could possibly go wrong?
- Attribution is imprecise and prone to error, and so
Attribution is vulnerable to “false flags”
Relies on having people with the needed skills to launch the “hack back”
Assumes the government, private industry, individuals, non-profits, etc．can defend the counter attack
Lacks judicial and/or legislative oversight to make sure it’s not abused
Arguably violates dozens of treaties
And these are off the top of my head.