The deluge of cyberattacks sweeping across the world has governments and companies thinking about new ways to protect their digital systems, and the corporate and state secrets stored within. For a long time, cybersecurity experts have erected firewalls to keep out unwanted traffic and set up decoy targets on their networks to distract hackers who do get in. They have also scoured the internet for hints about what cybercriminals might be up to next to better protect themselves and their clients.
Now, though, many leaders and officials are starting to think about stepping up their defensive activities, by taking more active measures. An extreme option within this field of active defense is sometimes called “hacking back” into an adversary’s systems to get clues about what they’re doing, shut down the attack, or even delete data or otherwise damage an attacker’s computers.
I have been researching the benefits and drawbacks of various active defense options with Danuvasin Charoen of the Thai National Institute of Development Administration and Kalea Miao, an undergraduate Cox scholar at the Indiana University Kelley School of Business. We have found a surprising number and variety of firms — and countries — exploring various ways to be more proactive in their cybersecurity practices, often with little fanfare.