Risk & Repeat: SolarWinds and the hacking back debate

This week's Risk & Repeat podcast discusses Sunday's episode of 60 Minutes, which examined the recent SolarWinds supply chain attack and reignited the debate over hacking back against nation-state adversaries.

The episode and its accompanying "60 Minutes Overtime" segment discussed the severity of the SolarWinds breach in which suspected nation-state hackers got inside the vendor's development environment and placed a backdoor inside software updates for SolarWinds' Orion platform. But the reports came under fire from many infosec professionals, who criticized arguments in favor of launching offensive cyber attacks, also known as hacking back, against adversaries. Many infosec experts have warned that hacking back carries enormous risk and should not be part of U.S. cybersecurity policy.

SearchSecurity editors Rob Wright and Alex Culafi discuss the fallacies of hacking back strategies and the dangers of misinforming the public about them. They also talk about some of the miscues and hyperbole in the 60 Minutes episodes about the SolarWinds attacks, nation-state threat and cybersecurity in general.