7/21/2019 Should cyber attack victims launch counter attacks?

http://slidepdf.com/reader/full/should-cyber-attack-victims-launch-counter-attacks 1/12

7/21/2019 Should cyber attack victims launch counter attacks?

http://slidepdf.com/reader/full/should-cyber-attack-victims-launch-counter-attacks 2/12

7/21/2019 Should cyber attack victims launch counter attacks?

http://slidepdf.com/reader/full/should-cyber-attack-victims-launch-counter-attacks 3/12

oweer soe scholars clai that an attack on cyber space is not the sae thing as a

physical attack in real world and hence does not warrant a retaliatory action.

Dhile a counter attack ay be a legitiate act of warfare in soe circustances3 = argue

in this paper that fighting back adersaries and pursuing retaliatory cyber attacks is

counter productie and explain the legal and technical issues inoled in this. =t is ore

worthwhile to build your own cyber defense echaniss rather than orchestrating hot

cyber pursuits.

The essay carries out a literature reiew of retaliatory cyber attacks and draws up

arguents for and against such attacks and explains the risks and technical ipacts of

these attacks.

Outline of Argument

0oncerns related to cyber attacks are growing across the globe3 as are the eans

adopted by arious countries to fight this enace.

Source: http://www.ne.!"/en/#l!b$l/s!luti!ns/s$%ety/in%!"$n$#e"ent/ybe&$tt$'.ht"l

 A real tie cyber attacks ap deeloped by Easpersky shows the depth and breadth of

7/21/2019 Should cyber attack victims launch counter attacks?

http://slidepdf.com/reader/full/should-cyber-attack-victims-launch-counter-attacks 4/12

7/21/2019 Should cyber attack victims launch counter attacks?

http://slidepdf.com/reader/full/should-cyber-attack-victims-launch-counter-attacks 5/12

0yber attack is asyetric warfare in which an attacker with liited budget and publicly

aailable tools can cause huge daage to the public reputation and business confidence

of the organizations and goernents3 they are attacking. Dhile there are any ethical

hackers or hackers who launch opportunistic attacks3 there are a ery large nuber of

hackers who are launching targeted attacks to either proote their ideology or to discredit

goernents and business organization.

 A cyber attack is far easier to orchestrate than cyber defense 8 as @ary Jllen argues that

=nternational law raises substantial barriers to both using cyber weapons and defending

cyber space fro cyber-attacks through the use of force.9  0oputer crie and cyber-

terroris could be stopped dead in its track if those at risk ipleented preentatie

easures3 "  howeer gien the changing nature of technology3 hackers are always

finding poor processes and ulnerabilities in =T infrastructure within copanies and

goernent bodies leaing the exposed to cyber attacks. @ost cyber attacks hae not

resulted in any ared conflicts so far3 but there is a growing call for counter cyber attacks

in case of targeted attacks. oweer there is no agreeent on how uch of cyber actiity

and intrusion will classify as a cyber ared attack. Thus the basis of initiating any offensie

cyber capability is issing3 as there is 4no international agreeent on legal interpretation

and to enforce it with respect to cyber-attacks.( "" 

 A security study has found that ore than one-third of breaches take hours to detect and

resoling breaches could take days3 weeks3 or onths."# Thus identification of cyber

attackers in ost cases would take tie3 which will enable the adersaries either to

regroup or oe locations. The anonyity of the attacker who hides behind a ale of spoof 

=> Addresses liits the options of launching counter attacks. Leterining the true identity

of an attacker is a big challenge in cyber warfare. The attackers could be operating in a

) 2hackelford 2cott ?3 F6ro Nuclear Dar to Net Dar7 Analogizing 0yber Attacks in =nternationalGaw *#9+3I Kerkeley ?ournal of =nternational Gaw3 <olue #$ M =ssue "3 p . #$* @ary Jllen /(0onnell3 F0yber 2ecurity without 0yber DarI3 ? 0onflict 2ecurity Gaw *2uer#"#+ "$ *#+7 "8$-#9 doi7"."9%)cslkrs"$3p. #%

1+ Karton >aul and Nissanka <i3 F0yber-crie criinal offence or ciil wrongBI3 0oputer GawO 2ecurity 1eiew <olue "93 =ssue 53 2epteber #%3 p. '%11 Daxan @atthew 03 F0yber-Attacks and the Hse of 6orce7 Kack to the 6uture of Article #*'+I3

The Pale )ournal of international law3 <ol. %&7 '#"3 p. '#512 TK 2ecurity3 iewed # /ctober3 #"'3 http7tbgsecurity.co"%-of-cyber-attacks-take-hours-to-detect:

7/21/2019 Should cyber attack victims launch counter attacks?

http://slidepdf.com/reader/full/should-cyber-attack-victims-launch-counter-attacks 6/12

different country and deterining the geographical boundaries of cyber attack is ery

difficult and launching offensie attacks raises Questions of territorial state control. 40yber

attackers with cloaked identities3 proxied network connections or bulletproof hosting

serices3 and operating bases in reote locations( create probles in identification."%

4=f an aggressor is sitting in 1ussia and launches an attack against an Aerican asset3

een if the aggressor is located and identified it can take three to six onths for =nterpol to

pass a reQuest along to the appropriate police agency for follow up.( "'  The inability to

correctly identify the attacker coupled with the unknown collateral daage an offensie

cyber attack would cause3 is the a)or reason why conducting cyber attacks is fraught with

risk. Dhile the attackers could be sall tie players3 the ere act of offensie cyber

attacks by large organizations and goernents could classify the as coitting the

sae crie and expose the to lawsuits and ore cyber attacks.

This sybiotic relationship of crie and cyber warfare 4coplicates the broad battle-space

understanding for early warning igilance or defensie and offensie aneuers against

nebulous networks and asked relationships("5 . That is not to say that there are no

proponents for waging an offensie cyber attack. 2oe argue that building effectie cyber

security easures inoles fighting back adersaries. @cGaughlin recoends that the

ability to coit an aggressie and copletely deastating counter attack should be part

of an organization(s incident response toolkit."&  HE has signaled that it will carry out

offensie cyber warfare "$ while H2 >atriot Act carries a prison ter for # years for

coitting cyber attacks."8  According to edia reports3 H.2. intelligence serices hae

13 2wanson 2cott 3 Astrich 0raig and 1obinson @ichael3 F0yber Threat =ndications O Darning7>redict3 =dentify and 0ounterI3 2all Dar ?ournals3 ?uly #&3 #"#3 iewed "st /ctober #"'http7sallwars)ournal.co)rnlartcyber-threat-indications-warning-predict-identify-and-counter:14 @cGaughlin3 Eein G3 F0yber Attack R =s a 0ounter Attack DarrantedBI =nforation 2ecurity?ournal7 A lobal >erspectie3 <olue #3 =ssue "3 #""3 p. 59

15 2wanson 2cott 3 Astrich 0raig and 1obinson @ichael3 op. cit.

16 @cGaughlin Eein G3 op. cit.3 p. &#

1( 6inancial Ties3 FHE becoes first state to adit to offensie cyber attack capabilityI3 iewed #/ctober #"' http7www.ft.cointlcss9ac&ede&-#8fd-""e%-ab&#-"''feab$de.htlSaxzz%6'2H@:

1) Dashington >ost3 accessed " /ctober #"'3 http7www.washingtonpost.coworldnational-securityus-spy-agencies-ounted-#%"-offensie-cyber-operations-in-#""-docuents-show#"%8%d9a&ae-""9e-""e%-b'cb-fd$ce'"d8"'story.htl:

7/21/2019 Should cyber attack victims launch counter attacks?

http://slidepdf.com/reader/full/should-cyber-attack-victims-launch-counter-attacks 7/12

already carried out #%" offensie cyber-operations in #"". "9 

There are software tools like 0rowdstrike in the arket3 which allow you to feed fake data

to attackers and helps identify the patterns and otie of attackers and identify who is

conducting these attacks. The otiation of cyber attack is a typical factor in deterining

response.

1esponding to cyber attack reQuires Quick decision aking using 4systes that are

theseles targeted and hot pursuit can be applied in cyberspace )ust as in aritie

doain3 which along with air3 land3 and space is iewed as a global coons.( #

Hnlike conentional weapons that can be identified by intelligence and satellites3 4the

deelopent of a cyber weapon is rather difficult to locate( #"  as this could be done in the

confines of a priate hoe with little or no connectiity.

The options for adopting a legal recourse can be a non-starter as cyber laws in different

countries ary and soe countries ay not adopt a hard line approach to cyber intrusions.

Thus countereasures3 sanctions and een law enforceent cannot substitute for frontline

coputer and network security easures.##  There are no consistent guidelines to identify

a state sponsored cyber attacker is-U-is an opportunistic attacker3 to identify the real

intent of attackers and also to pin point their exact geographical coordinates. 2cholarly

articles hae failed to arrie at a definition of how a cyber intrusion can be classified as a

cyber attack and how should passie and offensie strategies be initiated. Eenneth eers

akes a alid point by suggesting that 4>ropaganda and low-leel coputer network

exploitation *0NJ+ ay trigger the first line of passie cyber defense3 while the

anipulation of code in an operational weapons syste could be grounds for real-world

retaliation.( #%

1* Dashington >ost3 accessed " /ctober #"'3 http7www.washingtonpost.coworldnational-securityus-spy-agencies-ounted-#%"-offensie-cyber-operations-in-#""-docuents-show#"%8%d9a&ae-""9e-""e%-b'cb-fd$ce'"d8"'story.htl:2+ 6arwell ?aes and 1ohozinski 1afal3 FThe New 1eality of 0yber DarI accessed # /ctober#"'3 http7www.defenceiQ.cocontributors%'&'-)aes-farwell-and-rafal-rohozinski:

21 >aganini >ierluigi3 F0yber DeaponsI3 The acker New @agazine3 April #"#3 =ssue " iewed% /ctober3 #"'3 http7news.thehackernews.coTN-April#"#.pdf:

22@ary Jllen /(0onnell op. cit.3 p. #&

23 eers Eenneth3 F2trategic 0yber 2ecurityI3 NAT/ 0ooperatie 0yber Lefence 0entre ofJxcellence3 p. %#

7/21/2019 Should cyber attack victims launch counter attacks?

http://slidepdf.com/reader/full/should-cyber-attack-victims-launch-counter-attacks 8/12

7/21/2019 Should cyber attack victims launch counter attacks?

http://slidepdf.com/reader/full/should-cyber-attack-victims-launch-counter-attacks 9/12

,!u&e: -I,T ,P )++61 p&!ess !w %!& ybe& inident &esp!nse

=n a physical war against other Nation3 in ost cases a Hnited Nations 2ecurity 1esolution

is reQuired3 howeer there is no conention of who can launch a counter cyber attack. =n

case of a physical or a nuclear war there is a defined coand structure in place3

whereas the chain of coand for conducting a cyber attack is nebulous. A decentralized

approach can cause confusion that will liit the efficiency of a coordinated cyber attack.

Dhile Nation states hae an inherent right to self-defense3 the HN 0harter Art #*'+ states

that 4All @ebers shall refrain in their international relations fro the threat or use of force

against the territorial integrity or political independence of any 2tate3 or in any other

anner inconsistent with the >urposes of the Hnited Nations(. Thus an actie pursuit of

cyber adersaries ay put Nations at risk of iolating HN regulations. =nternational law

related to self-defense and ared inasions is still unclear after so any years of debate

as the onus of proiding a credible proof of cyber attacks becoes the responsibility of the

country which is attacked. Thus foring an effectie international cyber crie law will take

tie3 which will leae the field open for Nations to pursue cyber attackers and also proide

cyber criinals to spread terror and seek fae and satisfaction in disrupting digital

econoies.

Gife in the digital world iics life in the real world. As traditional crie and terror oes

into digital space and traditional warfare oes into digital doain3 there is a need to

replicate the sae easures in online world as well. There are growing calls for cyber

7/21/2019 Should cyber attack victims launch counter attacks?

http://slidepdf.com/reader/full/should-cyber-attack-victims-launch-counter-attacks 10/12

disaraent and following the sae protocols as defined in nuclear disaraent. Dhile

the analogy is correct3 the building of offensie cyber weapons has ery low barriers to

entry as copared to nuclear world3 where you need specialized eQuipent and huan

resources and rare aterials like Hraniu and cyber attackers ostly indiiduals could

collaborate in real tie to launch attacks. The life cycle cost of deeloping cyber weapons

are inial and also hae the potential to scale draaticallyV a single algorith could

disable a whole class of adersary systes.#9 

There is disagreeent between experts about the feasibility of designing cyber tools that

can be reliably eployed with confidence about their collateral effects.% 

=f a retaliatory cyber attack causes a disruption in critical serices or loss of life3 then thishas the potential to escalate into a a)or conflict and rather than affecting the adersary

will put the offending entity at risk of ciil liability and copensating for the loss of life and

daage to infrastructure if any. >rotocol "3 Article 5" codifies the law of proportionality3

which indicates that the punishent offered should be coensurate with the crie

coitted and that indiscriinate attacks are not tolerated.%" An offensie attack in cyber

space ay be seen as disproportionate to the intensity of crie conducted by cyber

attackers and if the offensie attacks put the lies of citizens in danger3 this could be a

iolation of HN laws.

 

 A cyber attack can either hae no direct physical conseQuence or it could facilitate kinetic

attacks3 which results in physical destruction. %#  Any offensie cyber retaliation is ore

likely to be seen as disproportionate by the global counity and is likely to backlash and

priate copanies don(t hae the legal right of conducting hot pursuits across its business

boundaries.

Conclusion:

2* Geed @aren3 op. cit.3 p 9.

3+ Geed @aren3 op. cit.3 p 5.

31 Hnited Nations3 "99' 0onentions and Additional protocols and their coentaries3 iewed '

/ctober #"'3 https7www.icrc.orgihlDebA1T'$-$5&5:32 athaway /ona A3 0rootof 1ebecca3 et al3 FThe law of cyber-attackI3 0alifornia Gaw 1eiew3#"#3 p #&

7/21/2019 Should cyber attack victims launch counter attacks?

http://slidepdf.com/reader/full/should-cyber-attack-victims-launch-counter-attacks 11/12

Lue to the interconnectedness of the world3 it is likely that a country can be a cyber

attacker as well as be a icti of cyber attacks. 0urrently there is no consensus about

when does a cyber attack warrant a counter retaliatory physical or cyber strike. 1ather

than concentrating the efforts on counter attacks3 it is prudent to build defence

echaniss to dissuade cyber attackers so that they concentrate on less secure

enironents.

REFERENCES

Karton >aul and Nissanka <i3 F0yber-crie criinal offence or ciil wrongBI3 0oputer Gaw O2ecurity 1eiew <olue "93 =ssue 53 2epteber #%3 p. '%

0isco;s <isual Networking =ndex 6orecast >ro)ects Nearly alf 3 iewed "st /ctober #"'3http7newsroo.cisco.corelease""9$%9"

0onnell3 A.V >alko3 T.V Pasar3 .3 W0erebro7 A platfor for collaboratie incident response andinestigation3W Technologies for &omelan Security '&ST(, #$!) I*** International Conference,pp.#'"3#'53 "#-"' No. #"%

 6arwell ?aes and 1ohozinski 1afal3 FThe New 1eality of 0yber DarI accessed # /ctober #"'3 http7www.defenceiQ.cocontributors%'&'-)aes-farwell-and-rafal-rohozinski:

6K=3 Terroris ##"3 iewed 5 /ctober #"'3 http7www.fbi.gostats-sericespublicationsterrorterroris-#-#"SThe!#H2A!#>AT1=/T:

6inancial Ties3 FHE becoes first state to adit to offensie cyber attack capabilityI3 iewed #/ctober #"' http7www.ft.cointlcss9ac&ede&-#8fd-""e%-ab&#-"''feab$de.htlSaxzz%6'2H@:

6orbes3 0aution7 Actie 1esponse to 0yber Attacks as igh 1isk3 iewed "st /ctober #"'3

http7www.forbes.cosites)odywestby#"#""#9caution-actie-response-to-cyber-attacks-has-high-risk:

eers Eenneth3 F 2trategic 0yber 2ecurityI3 NAT/ 0ooperatie 0yber Lefence 0entre ofJxcellence3 p. %#

http7csrc.nist.gopublicationsnistpubs8-&"re#2>8-&"re#.pdf 

athaway /ona A3 0rootof 1ebecca3 et al3 FThe law of cyber-attackI3 0alifornia Gaw 1eiew3#"#3 p #&

7/21/2019 Should cyber attack victims launch counter attacks?

http://slidepdf.com/reader/full/should-cyber-attack-victims-launch-counter-attacks 12/12

=nfosec =nstitute3 The 1ise of 0yber Deapons and 1elatie =pact on 0yberspacehttp7resources.infosecinstitute.cothe-rise-of-cyber-weapons-and-relatie-ipact-on-cyberspace:

?erey A. 1abkin and Ariel 1abkin3 FDhy the 0urrent Gaw of Ared 0onflict 2hould Not 6etterH.2. 0yber 2trategy *#"#+3I in Jerging Threats in National 2ecurity and Gaw3 edited by >eterKerkowitz3 http7www.eergingthreatsessays.co p. "

?uniper 1esearch3 @obile >ayents to 1each ,".%tn Annually by #"$3 as N60 and >hysicaloods 2ales Accelerate3 iewed "st /ctober #"'3http7www.)uniperresearch.coiewpressrelease.phpBprC%%#:

Geed @aren3 F/ffensie 0yber 0apabilities at the /perational GeelI3 0entre for 2trategic and=nternational 2tudies3 2epteber #"%3 p. 5

@ary Jllen /(0onnell3 F0yber 2ecurity without 0yber DarI3 ? 0onflict 2ecurity Gaw *2uer#"#+ "$ *#+7 "8$-#9 doi7"."9%)cslkrs"$3p. #%

@cGaughlin3 Eein G3 F0yber Attack R =s a 0ounter Attack DarrantedBI =nforation 2ecurity?ournal7 A lobal >erspectie3 <olue #3 =ssue "3 #""3 p. 59

>aganini >ierluigi3 F0yber DeaponsI3 The acker New @agazine3 April #"#3 =ssue " iewed %/ctober3 #"'3 http7news.thehackernews.coTN-April#"#.pdf:

2hackelford 2cott ?3 F6ro Nuclear Dar to Net Dar7 Analogizing 0yber Attacks in =nternationalGaw *#9+3I Kerkeley ?ournal of =nternational Gaw3 <olue #$ M =ssue "3 p . #$

2wanson 2cott 3 Astrich 0raig and 1obinson @ichael3 F0yber Threat =ndications O Darning7>redict3 =dentify and 0ounterI3 2all Dar ?ournals3 ?uly #&3 #"#3 iewed "st /ctober #"'

http7sallwars)ournal.co)rnlartcyber-threat-indications-warning-predict-identify-and-counter:

TK 2ecurity3 iewed # /ctober3 #"'3 http7tbgsecurity.co"%-of-cyber-attacks-take-hours-to-detect:

Hnited Nations3 "99' 0onentions and Additional protocols and their coentaries3 iewed '/ctober #"'3 https7www.icrc.orgihlDebA1T'$-$5&5:

 Daxan @atthew 03 F0yber-Attacks and the Hse of 6orce7 Kack to the 6uture of Article #*'+I3

The Pale )ournal of international law3 <ol. %&7 '#"3 p. '#5

Deb Dar ==7 Dhat a future cyberwar will look like3 "st /ctober #"'3http7www.bbc.conewsagazine-"$8&8$89:

William J. Lynn, III, Deputy Secretary of Defense, National Defense University, Washington, D.C.,Thursay, July !", #$!! %http7www.defense.gospeechesspeech.aspxBspeechidC"59%:

Dashington >ost3 accessed " /ctober #"'3 http7www.washingtonpost.coworldnational-securityus-spy-agencies-ounted-#%"-offensie-cyber-operations-in-#""-docuents-show#"%8%d9a&ae-""9e-""e%-b'cb-fd$ce'"d8"'story.htl: