Lawful Countermeasures Group  

Lawful Countermeasures Group Charter 

The ACDA Lawful Countermeasures working group aims to: clarify the safe boundaries on what counter measures are lawful for critical industry organisations when defending themselves from cyber-attack, what are the consequences of not acting, and to clarify interfaces between industry, law enforcement & national security.

"For thousands of years laws in many jurisdictions around the world have recognised the

legal defence to the offence of damage and harm caused as a result of action taken in:

(a) Self-Defence;

(b) Intervening conduct or event;

(c) Sudden or extraordinary emergency; and

(d) Duress.

This right has not yet specifically been recognised to apply in the cyber realm.

This is only one example of the ambitious scope of work to be undertaken to clarify if and how existing Australian law applies to cyberspace.

Benefits to Cyber Defenders

  • Enable organisations to lift their security posture, improve alert fidelity, and acquire customised targeted intelligence.
  • Broaden the range of action available to cyber defenders
  • Reduce risk by clarifying the benefits and limits of lawful active cyber defence
  • Educate practitioners on the efficacy of active defence measures and how to adopt them

Benefits to the Community

  • Extend the rule of law in the cyber realm
  • Make Australian organisations less attractive because of their robust response
  • Increase awareness and adoption of active defence, thus enhancing cyber resilience

Activities and Scope

The initial year’s work is designed to demonstrate the feasibility and value of thorough application of law in the cyber realm in selected scenarios in, initially, two Australian jurisdictions and three critical industries. Subsequent work would extend this scope.

Operational Research

  • Use MITRE ATT&CK and other frameworks to define attacker techniques and behaviours and inform the countermeasures in, initially, three critical industries
  • Engage CIOs, CISOs and threat hunters to ensure the research is relevant
  • Identify adversary behaviours and develop countermeasure scenarios that are industry specific

Legal Research

  • Research the regulatory universe for initially three industries and two jurisdictions
  • Clarify legal issues raised by the selected scenarios in the selected jurisdictions
  • Make recommendations on safe guardrails for lawful active cyber countermeasures