Home Social Sciences US Policy on Active Cyber Defense
Article
Licensed
Unlicensed Requires Authentication

US Policy on Active Cyber Defense

  • Angelyn Flowers and Sherali Zeadally EMAIL logo
Published/Copyright: June 19, 2014
Journal of Homeland Security and Emergency Management
From the journal Journal of Homeland Security and Emergency Management Volume 11 Issue 2

Abstract

Today cyberspace is playing a pivotal role in many sectors of society and has become an integral part in the lives of individuals. Much of the critical infrastructure responsible for basic facilities such as water, energy, food, gas and electricity has become heavily integrated with cyberspace. As a result, securing cyberspace has become an issue of high national priority for many governments around the world and the US is no exception. For quite some time, this has been achieved through passive cyber defense strategies. Unfortunately, in recent years, these strategies have proved ineffective in accomplishing this goal, requiring a shift in strategy from passive to active cyber defense strategies. We examine the US policy on active cyber defense and the circumstances under which active cyber defense may be utilized by the US Government or those acting on its behalf. It can be difficult in some circumstances to distinguish active cyber defense from cyber offense. As may therefore be expected, the utilization of active cyber defense has the potential for creation of political, ethical as well as legal, and operational risks. In a brief comparison of US policy on active cyber defense with a few selected cybersecurity policies of other states the US policy is on the aggressive end of the spectrum, at least among the democratic states.

Keywords: cyber attacks; cyber defense; law; policy; risk
Corresponding author: Sherali Zeadally, College of Communication and Information, University of Kentucky, Lexington, KY, 40506, USA, email:

Acknowledgments

We thank Jasmine McNealy for her useful comments and feedback on early drafts of this paper. We would also like to express our gratitude to the anonymous reviewers for their valuable feedback and comments which help us to improve the quality and presentation of this work.

References

Adams, A., P. Reich and S. Weinstein (2012) “A Non-Militarised Approach to Cyber-Security.” In: Proceedings of the 11th European conference on Information Warfare and Security, Laval, France, 2012.Search in Google Scholar

“Argentina, Brazil Agree on Cyber-Alliance Against U.S. Espionage.” September 15, 2013. [Online]. Available at: http://rt.com/news/brazil-argentina-cyber-defense-879/ (accessed February 26, 2014).Search in Google Scholar

Chabinsky, S. (2013) Passive Cyber Defense: The Law of Diminishing and Negative Returns. American Center for Democracy: Economic Warfare Institute, May 6, 2013. [Online]. Available at: http://acdemocracy.org/passive-cyber-defense-the-laws-of-diminishing-and-negative-returns/ (accessed March 3, 2014).Search in Google Scholar

Clarke, R. and R. Knake (2010) Cyber War. New York: HarperCollins Publishers.Search in Google Scholar

Crosston M. (2012) “Virtual Patriots and a New American Cyber Strategy: Changing the Zero-Sum Game,” Strategic Studies Quarterly, Winter: 100–118.Search in Google Scholar

“Cybersecurity Strategy of the European Union: An Open, Safe, and Secure Cyberspace,” July 2, 2013. [Online]. Available at: http://eeas.europa.eu/policies/eu-cyber-security/cybseccomm en.pdf. [accessed 26 February 2014].Search in Google Scholar

DARPA. (2013) “Driving Technological Surprise: DARPA’s Mission in a Changing World.” April 2013. [Online]. Available at: http://www.darpa.mil/WorkArea/DownloadAsset.aspx@id=2147486475.pdf (accessed October 26, 2013).Search in Google Scholar

Denning, D. (2014) “Framework and Principles for Active Cyber Defense,” Computers and Security, 40(February):108–113.10.1016/j.cose.2013.11.004Search in Google Scholar

Department of Homeland Security. (2013) “Critical Infrastructure Sectors.” 2013. [Online]. Available at: http://www.dhs.gov/critical-infrastructure-sectors (accessed November 6, 2013).Search in Google Scholar

Dittrich, D. and K. Himma (2005) “Active Responses to Computer Intrusions.” In: (H. Bidgoli, ed.) The Handbook of Information Security, Vol. II. Hoboken, John Wiley & Sons.Search in Google Scholar

Fleming, J. (2013) “Security Reports say EU needs More ‘Honeypots’ for Lure Cyberattackers.” March 2013. [Online]. Available at: http://www.euractiv.com/specialreport-cybersecurity/europe-needs-honeypots-trap-cybe-news-518279. (accessed February 25, 2014).Search in Google Scholar

Flowers, A., S. Zeadally and A. Murray (2013) “Cybersecurity and U.S. Legislative Efforts to Address Cybercrime,” Journal of Homeland Security and Emergency Management, 10(1):29–55.10.1515/jhsem-2012-0007Search in Google Scholar

Ginsberg, W., M. P. Carey, L. E. Halchin and N. Keegan (2012) Government Transparency and Secrecy: An Examination of Meaning and Its Use in the Executive Branch. Congressional Research Service, Washington DC.Search in Google Scholar

Government Accountability Office. (2013) Cybersecurity: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented. GAO, Washington DC.Search in Google Scholar

Greenwald, G. and E. MacAskill (2013) “Obama Orders U.S. to draw up Overseas Target List for Cyber-Attacks,” The Guardian, June 7, 2013. [Online]. Available at: http://www.theguardian.com/world/2013/jun/07/obama-china-targets-cyber-overseas (accessed April 23, 2014).Search in Google Scholar

Keating, J. (2010) “U.S. and Europe at Odds Over Cyberdefense Policy.” October 5, 2010. [Online]. Available at: http://blog.foreignpolicy.com/posts/2010/10/05/us_and_europe_at_odds_over_cyberdense_policy (accessed February 22, 2014).Search in Google Scholar

Kesan, J. P. and C. M. Hayes (2010) “Thinking Through Active Defense in Cyberspace.” In: Proceedings of the Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options. Washington: National Research Council, National Academies of Science.Search in Google Scholar

Lachow, I. (2013) Active Cyber Defense: A Framework for Policymakers. Washington, DC: Center for a New American Security.Search in Google Scholar

Lotrionte, C. (2012) “State Sovereignth and Self-Defense in Cyberspace: A Normative Framework for Balancing Legal Rights,” Emory International Law Review, 26:825–919.Search in Google Scholar

Luiijf, H., K. Besseling, M. Spoelstra and P. de Graff (2013) “Ten National Cyber Security Strategies: A Comparison.” In: (S. Bologna, B. Hämmerli, D. Gritzalis, and S. Wolthusen, eds.) Critical Information Infrastructure Security: 6th International Workshop, CRITIS 2011, Lucerne, Springer Berlin Heidelberg, pp.1–17.10.1007/978-3-642-41476-3_1Search in Google Scholar

McGhee, S., R. V. Sabett and A. Shah (2013) “Adequate Attribution: A Framework for Developing a National Policy for Private Sector Use of Active Defense,” Journal of Business & Technology Law, 8(1):1–47.Search in Google Scholar

Melnitzky, A. (2012) “Defending America Against Chinese Cyber Espionage Through the Use of Active Defenses,” Cardozo Journal of international and Comparative Law, 20: 537–570.Search in Google Scholar

Natashima, E. (2012) “Obama Signs Secret Directive to Help Thwart Cyberattacks.” The Washington Post, November 14, 2012. [Online]. Available at: http://www.washingtonpost.com/world/national-security/obama-signs-secret-cybersecurity-directive-allowing-more-aggressive-military-role/2012/11/14/7bf51512-2cde-11e2-9ac2-1c61452669c3_story.html (accessed April 22, 2014).Search in Google Scholar

National Academy of Engineering of the National Academies. (2012) National Academy of Engineering Grand Challenges for Engineering. [Online]. Available at: http://www.engineeringchallenges.org/cms/challenges.aspx. (Accessed April 20, 2014).Search in Google Scholar

Obama, B. (2008) The Comprehensive National Cybersecurity Initiatve. [Online]. Available at: www.whitehouse.gov/issues/foreign-policy/cybersecurity/national-initiative. (accessed October 28, 2013).Search in Google Scholar

Obama, B. (2011) “International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World.” [Online]. May 2011. Available at: http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf. (accessed October 20, 2013).Search in Google Scholar

Obama, B. (2012) Presidential Policy Directive/PPD-20. Washington: White House.Search in Google Scholar

O’Connell, M. E. (2012) “Cyber Security without Cyber War,” Journal of Conflict & Security Law, 17(2):187–209.10.1093/jcsl/krs017Search in Google Scholar

Osawa, J. (2013) Is Cyberwar Around the Corner? Collective Defense in the Near Future. Brookings Institute East Asia Commentary Series No. 73 of 75, November 12, 2013. [Online]. Available at: http://www.brookkngs.Edu/reserach/opinions/2013/11/12-cyber-defense-us-jana-alliance-osawa (accessed February 20, 2014).Search in Google Scholar

Ragsdale, D. (2013) “Active Cyber Defense (ACD) Information Innovation Office.” November 8, 2013. [Online]. Available at: www.darpa.mil/Our_Work/120/Programs/Active_Cyber_Defense_(ACD).aspx. (accessed November 10, 2013).Search in Google Scholar

Schmitt, M. (2013) Tallinn Manual on the International Law Applicable to Cyber Warfare. NY: Cambridge University Press.10.1017/CBO9781139169288Search in Google Scholar

U.S. Department of Defense. (2011) Strategy for Operating in Cyberspace. Washington, DC, 2011.Search in Google Scholar

United Nations. (1945) Charter of the United Nations and Statute of the International Court of Justice, as amended. United Nations, New York, 1945.Search in Google Scholar

Wong, T. (2011) Thesis: Active Cyber Defense – Enhancing National Cyber Defense. Monterey: Naval Postgraduate School.Search in Google Scholar

Zeadally, S., H. Martinez and H. Chao (2013) “Securing Cyberspace in the 21st Century,” IEEE Computer, 22–23.10.1109/MC.2013.144Search in Google Scholar

Published Online: 2014-6-19

©2014 by Walter de Gruyter Berlin/Boston

Articles in the same Issue

  1. Frontmatter
  2. Opinion Article
  3. Bridging the Gap: Hazard Mitigation in the Global Context
  4. Research Articles
  5. The Impact of Natural Disasters on Critical Infrastructures: A Domino Effect-based Study
  6. How Does Climate Adaptation Affect Emergency Management?
  7. Emergency Preparedness on Campus: Improving Procedural Knowledge and Response Readiness
  8. Environmental Security and Climate Change: A Link to Homeland Security
  9. Challenging Illicit Bulk Cash Flows: Next Steps for US Law Enforcement
  10. US Policy on Active Cyber Defense
https://doi.org/10.1515/jhsem-2014-0021
Keywords for this article
cyber attacks; cyber defense; law; policy; risk

Articles in the same Issue

  1. Frontmatter
  2. Opinion Article
  3. Bridging the Gap: Hazard Mitigation in the Global Context
  4. Research Articles
  5. The Impact of Natural Disasters on Critical Infrastructures: A Domino Effect-based Study
  6. How Does Climate Adaptation Affect Emergency Management?
  7. Emergency Preparedness on Campus: Improving Procedural Knowledge and Response Readiness
  8. Environmental Security and Climate Change: A Link to Homeland Security
  9. Challenging Illicit Bulk Cash Flows: Next Steps for US Law Enforcement
  10. US Policy on Active Cyber Defense
Sign up now to receive a 20% welcome discount
Institutional Access
How does access work?
Have an idea on how to improve our website?
Please write us.
© 2026 De Gruyter Brill
Downloaded on 15.1.2026 from https://www.degruyterbrill.com/document/doi/10.1515/jhsem-2014-0021/html
Scroll to top button