Short: Cybersecurity and the Castle Doctrine

This shows up in my Twitter feed

No.

Attribution is already a fucking joke. Don’t believe me? All I gotta say is Sony Pictures.

Now we’re proposing allowing Joe Blow to “investigate” who popped him and authorize him to “hack back” whoever he points at? Just… no.

As for adding networks to the castle doctrine, it’s super important to point out that the castle doctrine usually comes with a responsibility to attempt to deescalate the situation without using deadly force. If you discover someone’s popping you right now, not only is hacking them back probably not gonna stop the attack, but if there’s a similar duty to retreat, you’re never gonna get “authorization” to use… whatever the cybersecurity equivalent of deadly force is… when stopping the attack is almost always gonna be possible by removing affected machines from the Internet, or at least walling off your attacker.

Leave a Reply

Your email address will not be published. Required fields are marked *