Simply relying on a virtual wall to defend your IT infrastructure will not be effective, says a law professor from the University of Illinois. If you want to protect your data, you will have to adopt a strategy of “mitigative counterstriking”.

“The threats from cyber-attacks are real, and the harm of a potential attack can be far greater than what we can currently combat,” Kesan said. According to the law professor, counterstrikes are legally justifiable in domestic and international law and “can be made consistent by amending or reinterpreting the law.” In its foundation, Kesan proposes a self-defense approach to protect IT infrastructures from malicious intrusions.

He said that active defense would consist of detecting an intrusion, tracing the attack back to a criminal and execute a counterstrike. While there are certainly legal concerns over the extent of such a solution, including the danger of creating a substantial amount of collateral damage, Kesan said that there are no accepted “apparatus” to deter cyber-attacks. The legal environment is too complicated and civil litigation as a deterrent would be “slow and impractical”. Self-defense, however, could be a measure to limit the damage caused by an attack.

SOURCE via University of Illinois