Robert Bigman, founder of 2BSecure and former CIA Chief Information Security Officer, discusses the idea of “hack-backs” and why he believes that going on the offensive in cyberspace isn’t a good idea.
Former Chairman of the Joint Chiefs Admiral Mike Mullen recently told Cyberscoop that he believes U.S. Cyber Command should have the authority to retaliate against state-sponsored hacking of private corporations. The remarks come after a few high-profile network intrusions, such as the 2014 Sony Pictures hack. “It had been discussed earlier in Congress… I attended a briefing many years ago discussing ‘is hack‑back a good idea?’ This is the highest-ranking individual who’s ever proposed it or discussed it. Now, I think it is a horrible idea. I think the down side is much greater than the up side here,” said Robert Bigman, founder of 2BSecure and former CIA Chief Information Security Officer. “A lot of people compare this to the days of mutually assured destruction in the military when we knew who all the players were. It was easy, you just looked and saw them. In the cyber world, because systems are so vulnerable and not built with any type of security architecture, manipulating MAC addresses, how the addresses get interpreted by whom and the logs are written and how you can potentially rewrite logs — the risk is really dramatic. And of course, there will be those out there who want to embarrass or even create greater frictional conflict and perform these types of activities.”