(First in a continuing series.)
Active Cyber Defense, or ACD, is a broad category encompassing different kinds of actions that organizations can take to defend against breaches and cyberattacks. The operative word is “active.” Conventional security against breaches tend to involve anti-virus software, encryption, and other perimeter defenses that act to prevent outsiders from coming in to your organization’s systems. ACD tools are different, and involve anticipating, planning, proactively executing cyberdefense actions. Such actions can take on many forms. Decoys, for example, are fake systems that can stymie would-be attackers. Honeypots are treasure troves of false information that can lure attackers and provide them fake information — including fake credentials — wasting their time or even, in some cases, permitting organizations to identify where attacks are originating. Technology companies offering cybersecurity products are increasingly offering ACD tools. Such tools, however, can range from the permissible (such as decoys) to the questionable: hacking back, for example, almost certainly violates the Computer Fraud and Abuse Act (CFAA), with the possible exception of circumstances where organizations are working with law enforcement. Proposed legislation seeks to change that by amending the CFAA. Make sure you consult with counsel before determining how aggressive you can be.