Taking an Active Role in US Cyber Defense
Director of the Federal Bureau of Investigation, James Comey, testified recently that “virtually every national security threat and crime problem the FBI faces is cyber-based or facilitated.” With the hacking of the Office of Personnel Management in 2015, the theft of F-35 Joint Strike Fighter design data and subsequent Chinese J-31 copycat, and the WikiLeaks email revelations surrounding the current election cycle with suspected Russian involvement, it is clear that the cyber threat must be a major concern for the United States. The Center for Cyber and Homeland Security at George Washington University aims to bring Active Defense into the US arsenal with their latest project report, Into the Gray Zone: The Private Sector and Active Defense Against Cyber Threats.
The report’s advocacy for active defense, not to be confused with “hacking back,” involves private and public sector cooperation in developing a framework to allow a more active role in collecting intelligence on and defending against attackers. Although many view the tools and activities involved in active defense to be prohibited under US law, Into the Gray Zone advocates for a new framework for risk-driven policies to protect government and private information from the ever-evolving threats in the cyber realm.
The report includes recommendations for the Executive Branch, Congress, and the private sector to better create an active defense policy to protect public and private interests.