Skip to main content
banner image
venafi logo

As the Cyber War Grows: Is It Time to Strike Back?

As the Cyber War Grows: Is It Time to Strike Back?

cyber warfare, cyber security defense, cyber protection
July 2, 2019 | Eva Hanscom

Army Gen. Paul Nakasone, head of US Cyber Command, recently spoke about cyber threats to a congressional subcommittee. According to Nakasone, cyber attacks from nation state actors, like Russia, North Korea and Iran, have increased in sophistication and intensity; some even breached critical naval systems. As a result, the general recommended the United States become more prepared to aggressively strike back their assailants.


How well is your enterprise prepared for a cyber threat? Find out

Simply put, this is a very tense time for the cyber security industry. At this year’s RSA conference, Venafi wanted to see how security professionals are responding to cyber war threats and offensive hacking proposals. We evaluated the opinions of over 500 convention attendees and the results were quite interesting. For example, 87% of the respondents say the world is currently in the middle of a cyber war.


“It’s clear that security professionals feel under siege,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “With the increasing sophistication and frequency of cyber attacks targeting businesses, everyone is involved in cyber war.”

Participants were also asked about who should be allowed to participate relatiatory hacking actions, and the results were slightly mixed. For example. 72% believe nation-states should have the right to “hack back” by targeting cyber criminals who level attacks on their infrastructure.



Meanwhile, 58% believe private organizations have the same right to “hack back.”

Currently, the Computer Fraud and Abuse Act prohibits many retaliatory cyber defense methods, including accessing an attackers computer without authorization. The Active Cyber Defense Certainty (ACDC) Act addresses active cybersecurity defense methods and was introduced to the U.S. House of Representatives in October 2018.

The ACDC Act proposes “to provide a defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorized intrusions into their computers.” As we saw with Nakasone’s recent subcommittee meeting, these proposals should become more common in the future.

“Today, private companies do not have a legal right to actively defend themselves against cyberattacks,” Bocek added.

“Even if this type of action were to become legal, most organizations are too optimistic about their abilities to target the correct intruder. Even with the most sophisticated security technology, it’s nearly impossible to be certain about attack attribution because attackers are adept at using a wide range of technologies to mislead security professionals.”

“For many organizations, it would be better to focus on establishing stronger defense mechanisms. We’ve seen excellent growth in cloud, DevOps and machine identity technologies that allow digital business services to be restarted in the event of a breach, effectively delivering a knockout blow against attackers,” Bocek concluded.

Learn more about machine identity protection. Explore now.

Related posts

Like this blog? We think you will love this.
woman touching a floating glass screen in the middle of a city at night
Featured Blog

Venafi Study: How Much Do Global Consumers Worry About Private Data Protection?

According to the survey, consumers do not trust major cyber security talking points pushed by the

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies

Machine Identity Protection for Dummies

About the author

Eva Hanscom
Eva Hanscom

Eva is Public Relations Manager at Venafi. She is passionate about educating the global marketplace about infosec and machine-identity issues, and in 2018 grew Venafi's global coverage by 45%.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more