![]() | This article has multiple issues. Please help
improve it or discuss these issues on the
talk page. (
Learn how and when to remove these template messages)
|
In cybersecurity, cyber self-defense refers to self-defense against cyberattack. [1] While it generally emphasizes active cybersecurity measures by computer users themselves, cyber self-defense is sometimes used to refer to the self-defense of organizations as a whole, [2] such as corporate entities or entire nations. [3] [4] [5] Surveillance self-defense [6] [7] [8] is a variant of cyber self-defense and largely overlaps with it. Active and passive cybersecurity measures provide defenders with higher levels of cybersecurity, intrusion detection, incident handling and remediation capabilities. Various sectors and organizations are legally obligated to adhere to cyber security standards.
Organizations may conduct a penetration test via internal team or hire a third-party organization to audit the organization's systems. Larger organizations may conduct internal attacker-defender scenarios with a " red team" attacking and a "blue team" defending. The defenders, namely threat hunters, system administrators, and programmers, proactively manage information systems, remediate vulnerabilities, gather cyber threat intelligence, and harden their operating systems, code, connected devices, and networks. Blue teams may include all information and physical security personnel employed by the organization. [9] Physical security may be tested for weaknesses, and all employees may be the target of social engineering attacks and IT security audits. Digital and physical systems may be audited with varying degrees of knowledge of relevant systems to simulate realistic conditions for attackers and for employees, who are frequently trained in security practices and measures. In full-knowledge test scenarios, known as white box tests, the attacking party knows all available information regarding the client's systems. In black box tests, the attacking party is provided with no information regarding the client's systems. Gray box tests provide limited information to the attacking party.
Cybersecurity researcher Jeffrey Carr compares cyber self-defense to martial arts as one's computer and network attack surface may be shrunk to reduce the risk of exploitation. [10]
Legal theorists and policy makers are increasingly considering authorizing the private sector to take active measures by "hacking back" (also known as hackbacks). [20] [21] In contrast to active attack measures, passive defense measures present a reduced risk of cyberwarfare, legal, political, and economic fallout.
A contemporary topic in debate and research is the question of 'when does a cyber-attack, or the threat thereof, give rise to a right of self-defense?' [22]
In March 2017,
Tom Graves proposed the Active Cyber Defense Certainty Act (ACDC) that would enhance the
Computer Fraud and Abuse Act (CFAA) to allow individuals and the private sector to use certain tools currently restricted under the CFAA to identify attackers and prevent attacks by hacking them.
[20]
[23]
[24] This presents a "chicken or the egg" problem, wherein if everyone were allowed to hack anyone, then everyone would hack everyone and only the most skilled and resourced would remain.
Brad Maryman warns of
unintended consequences, stating that in his view "the notion that we should legislate and accept a level of undocumented and unmonitored cyber actions by anyone who thinks they have been hacked is unfathomable".
[24]
![]() | This article has multiple issues. Please help
improve it or discuss these issues on the
talk page. (
Learn how and when to remove these template messages)
|
In cybersecurity, cyber self-defense refers to self-defense against cyberattack. [1] While it generally emphasizes active cybersecurity measures by computer users themselves, cyber self-defense is sometimes used to refer to the self-defense of organizations as a whole, [2] such as corporate entities or entire nations. [3] [4] [5] Surveillance self-defense [6] [7] [8] is a variant of cyber self-defense and largely overlaps with it. Active and passive cybersecurity measures provide defenders with higher levels of cybersecurity, intrusion detection, incident handling and remediation capabilities. Various sectors and organizations are legally obligated to adhere to cyber security standards.
Organizations may conduct a penetration test via internal team or hire a third-party organization to audit the organization's systems. Larger organizations may conduct internal attacker-defender scenarios with a " red team" attacking and a "blue team" defending. The defenders, namely threat hunters, system administrators, and programmers, proactively manage information systems, remediate vulnerabilities, gather cyber threat intelligence, and harden their operating systems, code, connected devices, and networks. Blue teams may include all information and physical security personnel employed by the organization. [9] Physical security may be tested for weaknesses, and all employees may be the target of social engineering attacks and IT security audits. Digital and physical systems may be audited with varying degrees of knowledge of relevant systems to simulate realistic conditions for attackers and for employees, who are frequently trained in security practices and measures. In full-knowledge test scenarios, known as white box tests, the attacking party knows all available information regarding the client's systems. In black box tests, the attacking party is provided with no information regarding the client's systems. Gray box tests provide limited information to the attacking party.
Cybersecurity researcher Jeffrey Carr compares cyber self-defense to martial arts as one's computer and network attack surface may be shrunk to reduce the risk of exploitation. [10]
Legal theorists and policy makers are increasingly considering authorizing the private sector to take active measures by "hacking back" (also known as hackbacks). [20] [21] In contrast to active attack measures, passive defense measures present a reduced risk of cyberwarfare, legal, political, and economic fallout.
A contemporary topic in debate and research is the question of 'when does a cyber-attack, or the threat thereof, give rise to a right of self-defense?' [22]
In March 2017,
Tom Graves proposed the Active Cyber Defense Certainty Act (ACDC) that would enhance the
Computer Fraud and Abuse Act (CFAA) to allow individuals and the private sector to use certain tools currently restricted under the CFAA to identify attackers and prevent attacks by hacking them.
[20]
[23]
[24] This presents a "chicken or the egg" problem, wherein if everyone were allowed to hack anyone, then everyone would hack everyone and only the most skilled and resourced would remain.
Brad Maryman warns of
unintended consequences, stating that in his view "the notion that we should legislate and accept a level of undocumented and unmonitored cyber actions by anyone who thinks they have been hacked is unfathomable".
[24]