The issue of active cyber defense or hacking back is often discussed in a yes/no binary way, but active cyber response is an amalgam of techniques. Such an approach cannot rely on either a pure technology assessment or a pure legal analysis. Instead, it must combine an understanding of what is technically possible with what is legally permissible. This session will use a blend of hypothetical use cases based on the above concepts and audience Q&A to define a continuum and assess the legality and risk of various active cyber response techniques. The panel will begin by identifying some TTPs, then assessing their legality under current laws, exploring the privacy implications, and finally considering legal and policy changes that can and should be made.
Randy Sabett, Special Counsel, Cooley
Davi Ottenheimer, President, flyingpenguin
How We Could Use Cyber Letters of Marque
In Defense of Microsoft’s Active Defense Against No-IP