A legal system is here to help each one of us, but we have to accept that it may not be perfect, and that it may take some time to adjust it to the cyber domain.
Gut response or intellectual reflection?
A gut response to direct threat is retaliation (or you may choose to run and hide). Consider that we are all part of a global community these days. It is not only you and that horse thief anymore. It is you, your employees, your country, your country´s trade partners, and so forth. In cyberspace, you cannot act like a rogue player who does whatever comes to his or her mind. Your playground is no longer your own backyard where you can argue “self defense” and get away with it.
The implications of hacking back are much larger than you and your organization. What you think of as a simple retaliation operation may quickly evolve into a geopolitical situation with multilateral impact.
It is one thing to shoot a horse thief, and it is a very different thing to accidentally trigger a nation-state’s war machine. I urge you to take a moment to think things through. Use your intellectual capacity to reflect on what is better - a closed-down world where everyone shoots at each other, or a world where we all abide to the same laws made out to build global stability, peace and predictability?
Patience, my friend
Yes, the current laws and legal systems are a major challenge to cybersecurity. History has shown us that allowing every man his own justice system simple does not scale well. We do not need a granulated “hack back” retaliation regime.
We must focus our efforts on making an international cyber governing body that will decide the laws and that will have the authority to pursue and make justice across national and regional borders. Personally, I would not mind hearing a prosecutor say: "The World versus Hector Hacker."
We need a new system, and that system must be larger than each individual, organization and nation-state. Obviously, the creation and implementation of such a multilateral governing body will take time and effort. While we are waiting, we can help by pushing our governments in the right direction. Open dialogue, building trust and sharing information are important building blocks. Respecting differences, and seeking to learn how to overcome them is vital.
Private organizations may help by setting up and funding think-tanks, inviting both public and educational sectors to discuss alternative courses of action. Nation-states can help by using existing governing bodies like WHO, UN and Interpol to create a new, global cybersecurity unit, and enter into agreements that enable it to govern the sector on a global perspective.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.