Cyber self-defense refers to self-defense in cybersecurity to defend against cyberattack. While it generally emphasizes active cybersecurity measures by computer users themselves it is sometimes also used to refer to self-defense of organizations as a whole such as corporate entities or even entire nations. Surveillance self-defense is a variant of cyber self-defense or largely overlaps with it.
Cybersecurity researcher, entrepreneur and consultant Jeffrey Carr compares cyber self-defense to martial arts with one's computer network having numerous vulnerabilities like one's body. He notes that similar to it, one's digital attack surface can be shrunk.
- Making use of antivirus software
- Making use of a firewall on Internet-connected devices
- Updating all of one's software — including but not only operating systems and potentially by the usage of dedicated updating-software
- Multi-factor authentication
- Strong and unique passwords for each account
- Encrypting one's computer and phone
- Regularly creating backups of one's data
- Reducing one's social networking footprint
- Uninstalling insecure software such as Adobe Flash
- Regularly checking one's social media security settings
- Paying more attention to what information one could accidentally reveal in online posts
- Not rooting one's phone
- Never giving out logins or passwords to anyone
- Using security questions and answers that are impossible for anybody else to answer even if they have access to one's social media posts or engage in social engineering
- Gathering evidence, creating documentation and contacting relevant authorities, administrators or organisations in the case of a cyberattack
- Being cautious when browsing and opening email attachments or links in emails
- Avoiding free WiFi or not logging into any accounts while using it
- Making adequate use of privacy and anonymity software
- Publishing public keys for PGP authentication for being able to prove one's identity
Information security professional Paul Carugati states that training, awareness and education is "the only path forward to holistically protect ourselves against these very dynamic threats".
He also advices employers to "continue to advance their employees in cyber self defense and look for cyber security skill level".
Legal theorists and policy makers are increasingly considering authorizing the private sector to take active measures on their own.
The question: 'when does a cyber-attack (or threat therof) give rise to a right of self-defense?' is the subject of studies and discussion.
In March 2017 Tom Graves proposed the Active Cyber Defense Certainty Act (ACDC) that would enhance the Computer Fraud and Abuse Act (CFAA) to allow individuals and the private sector to use limited defensive measures, including tools that are currently restricted under the CFAA, for identification and stopping attackers.
Brad Maryman warns of unintended consequences, stating that in his view "the notion that we should legislate and accept a level of undocumented and unmonitored cyber actions by anyone who thinks they have been hacked is unfathomable".
- Whitehouse, Sheldon; Mikulski, Barbara; Snowe, Olympia. "Cyber self-defense can help U.S. security - CNN.com". CNN. Retrieved 13 April 2017.
- Jr., Sydney J. Freedberg. "Adm. Zukunft Unveils New Coast Guard Cyber Strategy". Breaking Defense. Retrieved 13 April 2017.
- "Qatari tech helps Hamas in tunnels, rockets: Expert". The Times of Israel. Retrieved 13 April 2017.
- Rella, Christoph. "Neutrales Österreich setzt auf "Cyber"-Selbstverteidigung - Wiener Zeitung Online" (in German). Wiener Zeitung Online. Retrieved 13 April 2017.
- "Cyberattacks could trigger self-defense rule, U.S. official says". Washington Post. Retrieved 13 April 2017.
- Greenberg, Ivan. Surveillance in America: Critical Analysis of the FBI, 1920 to the Present. Lexington Books. ISBN 9780739172483. Retrieved 13 April 2017.
- Ziccardi, Giovanni. Resistance, Liberation Technology and Human Rights in the Digital Age. Springer Science & Business Media. ISBN 9789400752757. Retrieved 13 April 2017.
- "EFF Relaunches Surveillance Self-Defense". Electronic Frontier Foundation. 23 October 2014. Retrieved 13 April 2017.
- "Cyber Self Defense For Non-Geeks". jeffreycarr.blogspot.de. Retrieved 13 April 2017.
- Thornton, Michael (16 February 2017). "You Can't Depend on Antivirus Software Anymore". Slate. Retrieved 13 April 2017.
- Seay, Gary. "4 Keys to Cyber Security Self-Defense". Retrieved 13 April 2017.
- Firewall, The. "Cyber Self Defense: Reduce Your Attack Surface". Forbes. Retrieved 13 April 2017.
- Barrett, Brian. "Flash. Must. Die". WIRED. Retrieved 13 April 2017.
- Whittaker, Zack. "13 new vulnerabilities? You should disable or uninstall Adobe Flash | ZDNet". ZDNet. Retrieved 13 April 2017.
- Conn, Richard. "Cybersecurity Expert Gives Tips To Stay Safe Online". Retrieved 13 April 2017.
- Moore, Alexis; Edwards, Laurie. Cyber Self-Defense: Expert Advice to Avoid Online Predators, Identity Theft, and Cyberbullying. Rowman & Littlefield. ISBN 9781493015429.
- "Cyber Self-Defense | Paul Carugati | TEDxSpokane". 24 November 2015. Retrieved 13 April 2017.
- Zurkus, Kacy. "Social engineering scam doesn't fool this writer". CSO Online. Retrieved 13 April 2017.
- "International Law and Private Actor Active Cyber Defensive Measures". Lawfare. 29 May 2013. Retrieved 13 April 2017.
- Waxman, Matthew C. (19 March 2013). "Self-Defensive Force Against Cyber Attacks: Legal, Strategic and Political Dimensions". SSRN .
- Hawkins, Garrett. "Rep. Tom Graves Proposes Cyber Self Defense Bill". www.thedallasnewera.com. Retrieved 13 April 2017.
- "'Self-Defense' Bill Would Allow Victims to Hack Back". Retrieved 13 April 2017.