The Japanese government is reportedly planning a computer virus for use against cyber-attackers.
The state-sanctioned malware, scheduled for readiness next March, will be able to break into an attacker’s computer system, according to reports in the Japanese press.
Not much else is known about the proposed software at this point, other than that it will only be used for offensive defense and not for pre-emptive attacks. However, it raises the question of whether it’s ethical to respond to an attack by compromising the attacker’s network (a technique known as active defense, or hacking back).
This is a tricky problem to unpack with some subtle considerations. For example, who should be allowed to do it? In 2015, global banks lost up to $1bn in a co-ordinated heist. Some US banks reportedly lobbied for permission to track down and disable their attackers’ computers. But is this something that the private sector should be allowed to do?
If it’s to be a government-only affair, then which level of government should be allowed to do it? Are state or federal-level law enforcement agencies permitted, or should we just give the military or the intelligence community the reins? Can they target domestic actors or only foreign ones?
Then there’s the problem of attribution. Identifying who’s really behind an attack is a probabilistic effort. You can never be entirely certain who’s behind an attack, because the attacker might be using someone else’s infrastructure to hide themselves. The best thing you can do is say who’s probably responsible based on indicators of compromise.
Reports suggest that Japan’s Defense Ministry has an uphill battle justifying its offensive cybersecurity stance. It outlaws the creation of computer viruses, even when used for counterattacks, and has previously adopted a defence-only approach.
However, it hinted at a more aggressive stance in its latest National Defense Program Guidelines, issued in December. It said: “SDF [Self Defence Forces] will fundamentally strengthen its cyber defense capability, including capability to disrupt, during attack against Japan, opponent’s use of cyberspace for the attack.”
The topic of Incident Response & Security Operations will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Incident Response & Security Operations here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.