Finding the Fine Line - Taking an Active Defense Posture in Cyberspace without Breaking the Law or Ruining an Enterprise's Reputation

Active cyber defense, referred to in this paper simply as active defense, has become more common in recent years. The definition and legality of active defense varies, ranging from non-intrusive means such as using deception to make a potential attacker believe the network is not worth exploiting, to hacking back, i.e., direct counterattack against the attacker's computer or network. Before taking an active defense posture, network owners would be well served by engaging in a broader discussion on the legal and policy implications of active defense. Enterprise leaders must assess whether or not the security gained by active defense measures is worth the potential risks, which could include not only legal repercussions but also political risks, as well as negative public perception of the enterprise. Defenders may gain some legal protection by posting warning banners, but this is not a guarantee of safety from legal troubles or bad public relations. With the number of high-profile data breaches seemingly increasing without end, most enterprises can benefit from some degree of active defense while staying within the bounds of the law and on the favorable side of public opinion if they take a deliberate, reasoned approach to the matter.