The ability to retaliate against cyber attackers—irrespective of the legalities of such actions—appears to have gained traction in the United States government, but is it a practical response for achieving tactical and strategic objectives in cyberspace? Attribution limitations, collateral damage considerations, the Internet’s global archi- tecture, and potential event escalation make the challenges of engaging in active cyber defense an ineffective course of action destined to achieve limited tactical successes at best; and it risks accelerating digital as well as physical conflict. Too many variables prevent active cyber defense deter- ring or punishing adversaries in cyberspace. For that reason, this article advocates a more productive solution—aggressive cyber defense—to frustrate attackers via nondestructive or damaging activities.
Read the full article here.