Cyberwarfare

Interesting posts are starting to show up out there about a surge of interested in the US armed forces and cyberwarfare. There's a lot of momentum building up. If you were at SANS in Orlando last week, you might have heard about a new project SANS is going to launch very soon. Stay tuned--expect an official announcement sometime in the next week or so.

Last week I had the pleasure of presenting at the SecureIT Conference in Los Angeles, CA. A keynoter, Randy V. Sabett, J.D., CISSP, made some very interesting points about US law with regards to defense. Generally, US federal laws tend to favor the fact that the individual can do anything necessary to defend his person. For Cyber Law issues, this is contrary to the history of case law established for non-Cyber issues.

So what I'm saying is that playing the Devil's Advocate or to role play a bad guy just to understand an attack is a very useful thing. But what about offensive skills? Does the properties of Mutual Assured Destruction apply to Cyberwarfare? Is it possible to display offensive strength and still be legally OK?

Now don't get me wrong, I'm not standing next to an ankle biter saying "Sweep the leg, Johnny!" But I think some interesting things are in motion . . . Stay tuned . . .