Privatizing Cyber War?
I read this article and thought, WOW! Is there really a suggestion that private industry should be authorized to "hack back?" To actively pursue those "bad guys" they find on their network? WIthout law enforcement involvement? According to the article Sen. Sheldon Whitehouse (D-R.I.) raised the issue of “how and when to license hack-back authority so capable, responsible private-sector actors can deter foreign aggression.” What does "capable and responsible" mean? Who would be responsible for judging that standard? For instance, there is no current cyber warfare agency.
I think it is dangerous and misguided to suggest that private industry should protect themselves in cyber warfare by "hacking back." What is needed is assistance from the US Government, especially against state sponsored attacks, to defend private industry. When I was in government, it was said, that the private industry was better. When I was in private industry, the sentiment was the government was better. Here is a novel thought, how about we work together to determine the best course of action? Not by sanctioning individual companies to do whatever they need to do to protect themselves, but honest dialogue about how to best protect ourselves as a nation.