Rethinking Active Defense: A Comparative Analysis of Proactive Cybersecurity Policymaking

Although one segment of the proactive cybersecurity debate—e.g., hack back—has long been derided as a policy option carrying with it great risks of escalation, among other concerns, elements within the U.S. Congress and abroad are actively pushing to give companies a freer hand at defending themselves against cyber attackers. This Article compares several of these efforts, focusing on the so-called Graves bill in the United States with the experiences of China, Singapore, Thailand, Australia, and the G7. Given the Republican National Committee’s 2016 embrace of active defense principles, even as some firms like FireEye have begun to publicly admit to hacking back, the time has come to take a fresh look at the implications of this regulatory trend for both business integrity and international security.