Jump to ContentJump to Main Navigation
Show Summary Details
In This Section

Journal of Homeland Security and Emergency Management

Editor-in-Chief: Renda-Tanali, Irmak, D.Sc.

Managing Editor: McGee, Sibel, Ph.D.

4 Issues per year


IMPACT FACTOR increased in 2015: 0.466
5-year IMPACT FACTOR: 0.760

SCImago Journal Rank (SJR) 2015: 0.272
Source Normalized Impact per Paper (SNIP) 2015: 0.640
Impact per Publication (IPP) 2015: 0.493

Online
ISSN
1547-7355
See all formats and pricing
In This Section

US Policy on Active Cyber Defense

Angelyn Flowers
  • Department of Criminal Justice, University of the District of Columbia, Washington DC, USA
/ Sherali Zeadally
  • Corresponding author
  • College of Communication and Information, University of Kentucky, Lexington, KY, 40506, USA
  • Email:
Published Online: 2014-06-19 | DOI: https://doi.org/10.1515/jhsem-2014-0021

Abstract

Today cyberspace is playing a pivotal role in many sectors of society and has become an integral part in the lives of individuals. Much of the critical infrastructure responsible for basic facilities such as water, energy, food, gas and electricity has become heavily integrated with cyberspace. As a result, securing cyberspace has become an issue of high national priority for many governments around the world and the US is no exception. For quite some time, this has been achieved through passive cyber defense strategies. Unfortunately, in recent years, these strategies have proved ineffective in accomplishing this goal, requiring a shift in strategy from passive to active cyber defense strategies. We examine the US policy on active cyber defense and the circumstances under which active cyber defense may be utilized by the US Government or those acting on its behalf. It can be difficult in some circumstances to distinguish active cyber defense from cyber offense. As may therefore be expected, the utilization of active cyber defense has the potential for creation of political, ethical as well as legal, and operational risks. In a brief comparison of US policy on active cyber defense with a few selected cybersecurity policies of other states the US policy is on the aggressive end of the spectrum, at least among the democratic states.

Keywords: cyber attacks; cyber defense; law; policy; risk

References

  • Adams, A., P. Reich and S. Weinstein (2012) “A Non-Militarised Approach to Cyber-Security.” In: Proceedings of the 11th European conference on Information Warfare and Security, Laval, France, 2012.

  • “Argentina, Brazil Agree on Cyber-Alliance Against U.S. Espionage.” September 15, 2013. [Online]. Available at: http://rt.com/news/brazil-argentina-cyber-defense-879/ (accessed February 26, 2014).

  • Chabinsky, S. (2013) Passive Cyber Defense: The Law of Diminishing and Negative Returns. American Center for Democracy: Economic Warfare Institute, May 6, 2013. [Online]. Available at: http://acdemocracy.org/passive-cyber-defense-the-laws-of-diminishing-and-negative-returns/ (accessed March 3, 2014).

  • Clarke, R. and R. Knake (2010) Cyber War. New York: HarperCollins Publishers.

  • Crosston M. (2012) “Virtual Patriots and a New American Cyber Strategy: Changing the Zero-Sum Game,” Strategic Studies Quarterly, Winter: 100–118.

  • “Cybersecurity Strategy of the European Union: An Open, Safe, and Secure Cyberspace,” July 2, 2013. [Online]. Available at: http://eeas.europa.eu/policies/eu-cyber-security/cybseccomm en.pdf. [accessed 26 February 2014].

  • DARPA. (2013) “Driving Technological Surprise: DARPA’s Mission in a Changing World.” April 2013. [Online]. Available at: http://www.darpa.mil/WorkArea/DownloadAsset.aspx@id=2147486475.pdf (accessed October 26, 2013).

  • Denning, D. (2014) “Framework and Principles for Active Cyber Defense,” Computers and Security, 40(February):108–113.

  • Department of Homeland Security. (2013) “Critical Infrastructure Sectors.” 2013. [Online]. Available at: http://www.dhs.gov/critical-infrastructure-sectors (accessed November 6, 2013).

  • Dittrich, D. and K. Himma (2005) “Active Responses to Computer Intrusions.” In: (H. Bidgoli, ed.) The Handbook of Information Security, Vol. II. Hoboken, John Wiley & Sons.

  • Fleming, J. (2013) “Security Reports say EU needs More ‘Honeypots’ for Lure Cyberattackers.” March 2013. [Online]. Available at: http://www.euractiv.com/specialreport-cybersecurity/europe-needs-honeypots-trap-cybe-news-518279. (accessed February 25, 2014).

  • Flowers, A., S. Zeadally and A. Murray (2013) “Cybersecurity and U.S. Legislative Efforts to Address Cybercrime,” Journal of Homeland Security and Emergency Management, 10(1):29–55. [Web of Science]

  • Ginsberg, W., M. P. Carey, L. E. Halchin and N. Keegan (2012) Government Transparency and Secrecy: An Examination of Meaning and Its Use in the Executive Branch. Congressional Research Service, Washington DC.

  • Government Accountability Office. (2013) Cybersecurity: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented. GAO, Washington DC.

  • Greenwald, G. and E. MacAskill (2013) “Obama Orders U.S. to draw up Overseas Target List for Cyber-Attacks,” The Guardian, June 7, 2013. [Online]. Available at: http://www.theguardian.com/world/2013/jun/07/obama-china-targets-cyber-overseas (accessed April 23, 2014).

  • Keating, J. (2010) “U.S. and Europe at Odds Over Cyberdefense Policy.” October 5, 2010. [Online]. Available at: http://blog.foreignpolicy.com/posts/2010/10/05/us_and_europe_at_odds_over_cyberdense_policy (accessed February 22, 2014).

  • Kesan, J. P. and C. M. Hayes (2010) “Thinking Through Active Defense in Cyberspace.” In: Proceedings of the Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options. Washington: National Research Council, National Academies of Science.

  • Lachow, I. (2013) Active Cyber Defense: A Framework for Policymakers. Washington, DC: Center for a New American Security.

  • Lotrionte, C. (2012) “State Sovereignth and Self-Defense in Cyberspace: A Normative Framework for Balancing Legal Rights,” Emory International Law Review, 26:825–919.

  • Luiijf, H., K. Besseling, M. Spoelstra and P. de Graff (2013) “Ten National Cyber Security Strategies: A Comparison.” In: (S. Bologna, B. Hämmerli, D. Gritzalis, and S. Wolthusen, eds.) Critical Information Infrastructure Security: 6th International Workshop, CRITIS 2011, Lucerne, Springer Berlin Heidelberg, pp.1–17.

  • McGhee, S., R. V. Sabett and A. Shah (2013) “Adequate Attribution: A Framework for Developing a National Policy for Private Sector Use of Active Defense,” Journal of Business & Technology Law, 8(1):1–47.

  • Melnitzky, A. (2012) “Defending America Against Chinese Cyber Espionage Through the Use of Active Defenses,” Cardozo Journal of international and Comparative Law, 20: 537–570.

  • Natashima, E. (2012) “Obama Signs Secret Directive to Help Thwart Cyberattacks.” The Washington Post, November 14, 2012. [Online]. Available at: http://www.washingtonpost.com/world/national-security/obama-signs-secret-cybersecurity-directive-allowing-more-aggressive-military-role/2012/11/14/7bf51512-2cde-11e2-9ac2-1c61452669c3_story.html (accessed April 22, 2014).

  • National Academy of Engineering of the National Academies. (2012) National Academy of Engineering Grand Challenges for Engineering. [Online]. Available at: http://www.engineeringchallenges.org/cms/challenges.aspx. (Accessed April 20, 2014).

  • Obama, B. (2008) The Comprehensive National Cybersecurity Initiatve. [Online]. Available at: www.whitehouse.gov/issues/foreign-policy/cybersecurity/national-initiative. (accessed October 28, 2013).

  • Obama, B. (2011) “International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World.” [Online]. May 2011. Available at: http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf. (accessed October 20, 2013).

  • Obama, B. (2012) Presidential Policy Directive/PPD-20. Washington: White House.

  • O’Connell, M. E. (2012) “Cyber Security without Cyber War,” Journal of Conflict & Security Law, 17(2):187–209.

  • Osawa, J. (2013) Is Cyberwar Around the Corner? Collective Defense in the Near Future. Brookings Institute East Asia Commentary Series No. 73 of 75, November 12, 2013. [Online]. Available at: http://www.brookkngs.Edu/reserach/opinions/2013/11/12-cyber-defense-us-jana-alliance-osawa (accessed February 20, 2014).

  • Ragsdale, D. (2013) “Active Cyber Defense (ACD) Information Innovation Office.” November 8, 2013. [Online]. Available at: www.darpa.mil/Our_Work/120/Programs/Active_Cyber_Defense_(ACD).aspx. (accessed November 10, 2013).

  • Schmitt, M. (2013) Tallinn Manual on the International Law Applicable to Cyber Warfare. NY: Cambridge University Press.

  • U.S. Department of Defense. (2011) Strategy for Operating in Cyberspace. Washington, DC, 2011.

  • United Nations. (1945) Charter of the United Nations and Statute of the International Court of Justice, as amended. United Nations, New York, 1945.

  • Wong, T. (2011) Thesis: Active Cyber Defense – Enhancing National Cyber Defense. Monterey: Naval Postgraduate School.

  • Zeadally, S., H. Martinez and H. Chao (2013) “Securing Cyberspace in the 21st Century,” IEEE Computer, 22–23. [Web of Science]

About the article

Corresponding author: Sherali Zeadally, College of Communication and Information, University of Kentucky, Lexington, KY, 40506, USA, email:


Published Online: 2014-06-19



Citation Information: Journal of Homeland Security and Emergency Management, ISSN (Online) 1547-7355, ISSN (Print) 2194-6361, DOI: https://doi.org/10.1515/jhsem-2014-0021. Export Citation

Comments (0)

Please log in or register to comment.
Log in