This topic is based upon a law review article authored by the presenter published in the Richmond Journal of Law and Technology, and covers the techniques of beaconing, sinkholing, honeypots, threat intelligence gathering, hunter groups, and retaliatory hacking, and explores the ethical and legal boundaries of each. The presenter will discuss potential practical, political, legal, and ethical risks associated with, among other things, misattribution, attracting attacks, and escalation. Finally, the presenter will discuss promising alternatives, including centralized information sharing through the ISACs and open threat intelligence, “next-gen” tools, proposed cyber legislation or Executive Order (or other executive branch or independent agency action), and collaboration with Internet service providers.
- Summarize the most common active defense approaches.
- Enumerate the risks of each active defense approach.
- Appreciate promising alternatives to active defense strategies.
About Sean Harrington

Sean L. Harrington is a cybersecurity attorney, law professor, digital forensics examiner, expert witness, instructor, and author, with a background in the financial services and healthcare sectors and critical infrastructure protection. He holds the CIPP/US, CISSP, CCFP, CHFI, MCSE, and CSOXP certifications, is licensed by the Texas Private Security Bureau, and is admitted to state bars of California and Wisconsin.