Cyber security counterattacks are quite a legal and ethical problem. Within the United States responses that counter attack threat actors is unlawful based on legislations like the Computer Fraud and Abuse Act of 1986 and the Cybersecurity Information Sharing Act of 2015. Counterstrikes are seen as vigilantism hence subjecting the attacker to an equivalent harm, continuation of the attack and severe global implications if the attackers are state actors. The only legal rights of an individual to respond for oneself is in a position of federal employment or if one is a member of military force.

Internationally, the rules regarding counter attacks are not as rigid as the domestic rules but they are quite rigid. The International Court of Justice (ICJ) allows counterattacks under specific conditions: they have to aim at the first aggressor only, express a demand to cease the attack, not increase the violence and be one-step withdraw-able. But counterattacks can hardly be launched to do so, because legal and ethical issues, which are not easy to quantify and contain, are at large here.

For a number of reasons, counterattacks are unethical towards other frameworks such as the confidentiality, integrity and availability (CIA). By definition, cybersecurity specialists have a moral duty to protect the personal information, flag issues, and integrate security with the law. These obligations are supported and reinforced by laws, such as HIPAA in the area of health care, which ensure legal permissiveness, legal reasonableness as well as regard for legal privacy. In the last instance, it is crucial for cybersecurity specialists to follow the concept of ‘do not do unto others what you would not like to have done to you,’ committing no unlawful or unethical activity in response to an attack.