Offensive defence

“Innocent bystanders will never notice anything out of the ordinary as the active defense mechanisms are triggered by malicious activity such as network scanning or connecting to restricted services,” said the distribution’s SourceForge page.1 Active defence is a long-lived concept in the security sector, but it hasn’t been put into practice much, at least in the civilian world. In 2001, one month after terrorists launched a kinetic attack on the US, National Academy of Engineering president William Allan Wulf testified before the US House of Representatives on moving beyond the ‘Maginot Line’ in cyber-security. “Effective cyber-security must include some kind of active response, some threat, some cost higher than the attacker is willing to pay, to complement passive defence,” he said, defining the principle.2 He called for a long-term research programme into the subject, which hasn’t materialised.