CYS5331: Cyberlaw Regulations and Compliance. Paper #6: How to Defend Compliantly??
In this writing assignment, you will Analyze offensive cybersecurity scenarios that implicate the CFAA. The CISO of Company X has just notified you, the CEO, and the General Counsel that someone has gained unauthorized access to the company’s network, has accessed sensitive files, has infiltrated copies of some of these files to some external server already, and at this moment appears to be exploring for more such files. The CISO tells you that she has done some analysis and is confident about a few things. First, she has determined the IP address of the server where the attacker appears to have stored the exfiltrated files at least initially. She says that her team very likely could cook up some malware of their own in order to access that server, and once inside to locate and delete any of the company’s files found there. It should also be possible to determine who controls the server, including the possibility that it is some innocent third-party whose own machine was compromised by the actual attacker in order to serve this staging function. In the latter case, the CISO says, it might also be possible to locate the server issuing orders to the compromised intermediate server, and so on until the identity of the attacker might become clear. The CISO is ready to make some or all of these attempts right now. From a policy perspective, why might it be good to authorize the CISO to carry out some or all of these steps? Why might it be bad? (Remember the CFAA)