Friday, June 26, 2009

Bad military botnet proposal still being pushed

I just came across an April 2009 BBC story which shows that USAF Col. Williamson is still promoting his idea of building a U.S. military botnet to engage in offensive denial of service attacks against foreign targets on the Internet.

But I haven't seen him respond to any of the criticisms of his bad idea, including in the online forum of the journal where he published it.

I think a more effective idea would be to adjust the computer crime statutes to provide immunity to prosecution (or at the very least an affirmative defense to criminal charges) for private responses to attacks that meet certain criteria, so that ISPs, security researchers, and competent individuals could engage in offensive actions against compromised machines to disable malicious software or take them off the network. Perhaps some kind of licensing or bonding would do the trick, and ISPs could put an exception into their acceptable use policies for entities that met the criteria.

That's also my partial response to this more recent BBC story about "what rules apply in cyber-wars" which led me to find the Williamson article.

No comments: