Over the last year I have been writing and speaking on hacking back in self-defense, and every time I poll an audience as to whether hacking back is legal I get a resounding NO! 

Then I walk the group through a theory of self-defense in cyberspace and re-ask the question with a slightly different spin. At that moment most agree that based on the manner in which the scenario and theory were presented it does not sound illegal; a ray of hope suddenly appears in their eyes. 

Is this a play on words? Am I mincing words and definitions with questions like “what is the definition of is?”  No, it is a real and workable theory; a new way of looking at the problem.

Let’s face it, if the government was going to and could help you they would. But like most companies they too are overwhelmed defending against a daily barrage of cyber-attacks. So, what‘s the answer? Continue to absorb escalating costs of operation caused by unrelenting hackers? Accept the loss of proprietary data, intellectual property or trade secrets and consequently millions of dollars and reputation?  At what point should the good guys declare enough is enough? 

We are currently in a “cyber-cold war” and the targets are anyone online with something to steal or disrupt. Three options exist:

1. Continue with business as usual
2. Do as some have and take matters into your own hands but try to stay below the radar and not get caught
3. Or, plan an active defense similar to a military operation to defend your company and justify each and every decision made

At RSA Europe in London we will present a legal and workable framework for commercial companies to practice active defense.