Security Matters: Vigilantism Is a Poor Response to Cyber Attack
Bruce Schneier writes for Wired News:
Last month Marine General James Cartwright told the House Armed Services Committee that the best cyber defense is a good offense.More here.
As reported in Federal Computer Week, Cartwright said: "History teaches us that a purely defensive posture poses significant risks," and that if "we apply the principle of warfare to the cyberdomain, as we do to sea, air and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests."
The general isn't alone. In 2003, the entertainment industry tried to get a law passed giving them the right to attack any computer suspected of distributing copyrighted material. And there probably isn't a sys-admin in the world who doesn't want to strike back at computers that are blindly and repeatedly attacking their networks.
Of course, the general is correct. But his reasoning illustrates perfectly why peacetime and wartime are different, and why generals don't make good police chiefs.