On March 10, 2015 the Center for Strategic and International Studies, in concert with the Cybersecurity Unit of the Criminal Division of the U.S. Department of Justice, convened a group of private sector cybersecurity practitioners for a roundtable discussion regarding so-called “active cyber defense.” This is a topic about which I published a law review article about last year (http://jolt.richmond.edu/v20i4/article12.pdf). The roundtable was part of the Cybersecurity Unit’s ongoing efforts to solicit information about techniques that the private entities are using to protect their networks in a "heightened cyber threat environment."
Although the meeting was conducted under Chatham House rules, both organizations published a high-level summary here: http://www.justice.gov/criminal/cybercrime/docs/CSIS%20Roundtable%205-18-15.pdf They call for a new phrase to describe "active defense," "offensive countermeasures, and "retaliatory hacking," which is "Defensive Cyber Actions." The balance of the paper doesn't contain much in the way of surprises, and indicates that there is general confusion and considerable apprehension about the applicability of the Computer Fraud and Abuse Act and the Wiretap Act to certain types of defensive cyber actions.
On Friday, May 15th, I met with an official from the DoJ who was present at the roundtable, and learned that the DoJ is soliciting feedback on what type of published guidance it may be able to permissibly provide to the private sector to facilitate lawful actions in mitigating cyber threats and in separating fact from fiction in this area. In addition to defensive cyber actions, I suggested that clarifying the current lawful capabilities of "reasonable network management" by ISPs would be helpful in furthering candid and continuing dialogue about the ISPs role.