Hack Back—Is It Time?

Wednesday, October 30

9:45 AM - 10:45 AM

Location: Asia 4

Speaker(s)

Jim Jenkins, M.Sc., CISSP

Director, Cybersecurity Architecture
Boeing Employees Credit Union (BECU)

Co-Speaker(s)

Gerhard Steinke, CISSP

Professor, Management and Information Systems
Seattle Pacific University

Information security teams have been constrained by laws in the United States to a defensive posture. This legal constraint has focused the development of the information security tool industry to those systems that help detect, contain, eradicate and recover from specific attack vectors. However, in a proposed U.S. bill (Active Cyber Defense Certainty Act), victims of an ongoing attack would be enabled to fight back. The amendment would allow organizations more powers to build and maintain an offensive capacity in a concerted effort to not only identify hackers, but to disrupt any attacks. The goal of this session is to ensure there is a clear understanding of how organizations might change to support and take advantage of this type of legal structure change.

Learning Objectives:

Describe the brief history of the information security legal framework that established the current defensive posture.
Describe the proposed amendment to section 1030 of the Computer Fraud and Abuse Act and its potential implications.
Understand an ethical framework for organizations to support and take advantage of this type of legal structure change.