Snowden revealed the existence of the MonsterMind system developed by the NSA to automatically mitigate and respond cyber attacks.
In his last interview Edward Snowden explained the risks related to use of automated attacks in response to the offensive against the US. Many experts identify with the term proactive defense the possibility to respond instantaneously and in an automated manner a cyber attack, Snowden explained that the US Government is developing a system, codenamed as MonsterMind, that is able to automatically reply to the cyber attacks against the US, but that they can fail in the identification of the source of attacks. A wrong attribution could cause serious problems for intermediate nations, those countries that host compromised systems used in the offensive or that host computers whose IP have been spoofed by bad actors.
“The NSA whistleblower says the agency is developing a cyber defense system that would instantly and autonomously neutralize foreign cyberattacks against the US, and could be used to launch retaliatory strikes as well. The program, called MonsterMind, raises fresh concerns about privacy and the government’s policies around offensive digital attacks.” states Wired Magazine.
Imagine that Russia decides to run a DDoS attack against US systems, but that the attacker is able to spoof the origin IP address of a different country or to route through its infrastructure the malicious traffic, then a retaliatory automated attack could hit the wrong country rather than Russia networks.