Some cyber companies
are on "thin ice" legally, said Nate Fick, now CEO of Endgame
Inc., speaking this
morning at the CNAS conference. (You can tune into the meeting on your computer
by going to the CNAS website.)

Fick, a former CEO of CNAS,  said this is a murky world we need to know
more about, with companies emerging that are providing capabilities that run
way ahead of policy and rules.

One of the big issues looming out there is the issue of the
"hack back." That is, does someone under cyberattack -- whether an individual,
a company, or a part of the government -- have the right to respond in kind? Or
to hire someone to do that?

I think this parallels the issue in government of having
pre-existing authorization to respond to a cyber intrusion. I am told that the
Pentagon cyberwarriors have been asking for such authorizations, but that the
White House has been resisting giving such blanket pre-approvals. This is an
interesting issue that could get into questions of civilian control of the
military. In some ways it is reminiscent of the creation of doctrine for the
command and control of nuclear weapons. But it also gets us deep into issues of
privacy and surveillance -- as we are seeing now with the NSA.