From data breaches to denial of service attacks, the private sector routinely faces a barrage of threats from those seeking to wreak havoc on their digital systems for profits, politics, or pleasure. When faced with an attack, companies can take steps to secure their own systems, but they are not authorized to retaliate against any system that they do not own—even one that is actively causing them harm. In response, some stakeholders have proposed authorizing companies to take action against servers, networks, and devices they do not own to identify and monitor attackers, disrupt ongoing attacks, and destroy stolen data.
What are the domestic and international implications of authorizing private entities to engage in offensive cybersecurity operations? Should governments allow this, and if so, what restrictions should governments impose on these actions? Would these measures ultimately help improve cybersecurity or create more problems than they solve?
Please join ITIF for a panel discussion on the viability and consequences of authorizing companies to “hack back.”
This event will be live streamed here.