‘Hacking back’ is back

A controversial cyber defense tactic anathema to many national security officials is making a surprising resurgence on Capitol Hill,” report Martin and Tim.

The legislation, commonly known as the “hack back” bill (H.R. 4036), authorizes individuals and companies to exit their networks to pursue attackers via tactics such as retrieving stolen files and destroying them. It comes after the GOP platform in 2016 said the party would “make clear that users have a self-defense right to deal with hackers as they see fit.” Backers some of who note the bill doesn’t allow straightforward hacking back and instead authorizes tactics more commonly known as “active defense” — call the legislation a vital step as threats grow and the status quo proves ineffective. Critics say it could turn cyberspace into a “Wild West” of escalating attacks.

Story Continued Below

So what’s next? “I’ve been talking members of the Judiciary Committee, they’re very receptive,” bill sponsor Rep. Tom Graves said. “You know what’s different about this, than many ideas that we deal with it seems like, is that this is bipartisan. You have Republicans and Democrats working on an idea that impacts everyone in our country and want to get to a solution.”

Industry, however, is all over the place. The Chamber of Commerce is not on board with Graves’ bill specifically but in favor of a discussion on active defense. Among the private sector overall, it’s hard to generalize, said Frank Cilluffo, director of George Washington University’s Center for Cyber and Homeland Security. “You see different perspectives from different companies, even within sectors.” Sometimes it’s based on which companies would have the technological know-how to take a more aggressive posture, he said. “I can tell you a company that had its intellectual property fleeced will think about it differently than a company that might not know it also had its intellectual property fleeced. I look at it based on capabilities and based on impact.” Read the full story here.

HAPPY MONDAY and welcome to Morning Cybersecurity! Your MC host has a new cable subscription in his new apartment, and for those who are into outro TV, I recommend “American Gods.” Send your thoughts, feedback and especially tips to tstarks@politico.com and be sure to follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info below.

CYBER ON TRUMP’S TOKYO AGENDA — President Donald Trump and Japanese Prime Minister Shinzō Abe will discuss cybersecurity when they meet in Tokyo today, a senior administration official told reporters in a background briefing over the weekend. “They’ll be talking about cyber cooperation, particularly in light of some of the North Korean provocations in the cyber realm,” said the official. “It’s not only in missiles and nuclear devices, but also in cyber. And the U.S. and Japan are tightening their cooperation to deal with those kinds of threats.”

Japan is arguably America’s closest ally on cyber issues, after the Obama administration launched annual “whole-of-government” cyber dialogues under the auspices of State’s now-shuttered cyber coordinator office. Japan’s geographic proximity to two of the U.S.’s top four cyber adversaries — North Korea and China — makes it an important player in regional and global efforts to promulgate cyber norms and reduce the damage from state-sponsored hacking.


Continue reading…