I concluded my Saturday post by speculating that the attack on RSA posed some serious legal and tactical problems. We don't know much more than the company's characterization of the event as an "extremely sophisticated cyber attack" (ZDNet ran the story). It seems to me that they owe their customers a little more information, and I'll be anxious to see how this plays out.
But from my own perspective, RSA's countermeasure options are severely limited by existing cyber law. If ever there was a justification for a hot-pursuit cyber doctrine, this would certainly qualify. Look how long it took Microsoft to orchestrate last week's botnet takedown. And that was just for a spam operation. RSA's disclosure transcends mere inconvenience and hints of full-blown cyber war.
Who's the culprit? Or should I say, "Hu's the culprit." Time will tell.
No comments:
Post a Comment
Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?