The want and need to keep a company's data private is universal, but cyber criminals are constantly trying to gain access to that data. To better protect our nation from malicious hackers, government representatives have proposed offensive measures that companies can take in the case that a hacker steals private information.
The Active Cyber Defense Certainty Act (H.R. 4036) or ACDC for short, was introduced to the house by Representative Tom Graves (R-GA 14th District) on October 12th, 2017. The purpose of which is to allow companies to react proactively to a cyberattack on their enterprise. If an enterprise is attacked and data is stolen, if approved and put into law, the Act would allow the companies to attack the cyber criminal and retaliate by corrupting the files which allows them to protect the data, which works as to not only protect that data but to deter the attacker from a further attack.
ACDC enacts several steps, attribution, the type of attack (I.E. ransomware), disrupt the attack without damage to third parties, retrieve and destroy stolen files, and the monitoring of the attacker. With each step set up for the sole purpose to help protect the attacked companies’ data. When attackers know that there is a possibility for the identification, and for a defensive counter-attack, it is the goal that potential hackers and cybercriminals will end up being deterred from the thought of attacking enterprises for the purpose of inflicting harm, stealing customer data, or trade secrets.
While the theory of ACDC is well-intentioned, there is a risk that the steps to counter-attack or implementation defensive and counter-attacking controls may risk unintended consequences In most cases the cybercriminal doesn’t end up using his own compute power but in fact may reroute his attack through third-party zombie machines or through purchasing time from Bot farms, meaning that even when attacking the cyber criminal’s machine, it becomes possible that the attack may end up attacking another company, nation, end-user, or other third party. This has the potential to create other legal issues. While the new attack may be in defense, it may lead to issues with an unintended third party, where retaliation of this kind would be illegal. At this point, that company is now responsible for that attack and by default becomes the cyber criminal, regardless of their intentions
In the event of a cyber attack, one of the most important things to have in place is an incident response plan. But having a response plan is not enough. Having a well rehearsed and up-to-date plan is critical. If your organization needs a stronger defense posture with a defined and rehearsed incident response plan, Silent Sector's professionals can support you in the plan development and implementation, offloading the burdens so you can focus on your core business objectives.