Allowing Companies to Hack Back: Good Security or Vigilante Justice?
From data breaches to denial of service attacks, the private sector routinely faces a barrage of threats from those seeking to wreak havoc on their digital systems for profits, politics, or pleasure. When faced with an attack, companies can take steps to secure their own systems, but they are not authorized to retaliate against any system that they do not own—even one that is actively causing them harm. In response, some US stakeholders have proposed authorizing companies to take action against servers, networks, and devices they do not own to identify and monitor attackers, disrupt ongoing attacks, and destroy stolen data. Dr. Sven Herpig was invited as European voice to embed the discussion into the norms debate from Paris Call to UN Open-Ended Working Group and the risk for US global leadership in the stability of cyberspace. As a German representative, Sven also advocated for a more strategic approach - from attribution to full-spectrum response.