Cybersecurity & Tech

Partners or Provocateurs? Private-Sector Involvement in Offensive Cyber Operations

Sezaneh Seymour, Brandon Wales
Wednesday, July 16, 2025, 4:07 PM
A structured framework to evaluate the risks and benefits of authorizing private companies to “hack back.”
Stock photo: Increasing cyber attacks in countries (Hardik Pandey, https://pixahive.com/photo/increasing-cyber-attacks/, Free to Use/Public Domain)
Meet The Authors

Published by The Lawfare Institute
in Cooperation With
Brookings

Subscribe to Lawfare

As the scale and sophistication of cyber threats from state and criminal actors grow, U.S. officials are reevaluating the long-standing policy that reserves offensive cyber operations as an exclusively governmental function. In this new Lawfare research report, we examine the risks and benefits of expanding private-sector participation in such operations. Rather than endorsing a specific policy change, we present a structured framework to guide a focused discussion among policymakers.

The framework is built on three interdependent factors. First, it requires defining clear policy objectives, such as augmenting government capacity or disrupting adversary infrastructure. Second, it addresses the scope of authorized activities, clarifying what actions are permissible, who may be targeted, and where they may be attacked. Finally, it tackles the complex legal and liability considerations, including the potential legal authorities for such actions and the unresolved question of who bears responsibility when operations harm innocent third parties.

By systematically addressing these questions, we aim to help policymakers clarify goals and mitigate the significant risks of escalation and diplomatic fallout before altering the rules of cyber offense.

You can read the paper here or below:

Topics:
Cybersecurity & Tech
Back to Top
Sezaneh Seymour

Sezaneh Seymour

Read More
Sezaneh Seymour is vice president and head of regulatory risk and policy at Coalition, a leading provider of cyber insurance and security services. She served as senior advisor for cyber and emerging technology on the National Security Council staff, and as deputy assistant U.S. trade representative at the Office of the U.S. Trade Representative in the Executive Office of the President, where she negotiated and enforced trade agreements.
Brandon Wales

Brandon Wales

Read More
Brandon Wales is vice president for cybersecurity strategy at SentinelOne, a leading AI-powered cybersecurity firm, where he manages its strategic advisory work. He has more than twenty years of experience advancing U.S. national security interests at the highest level of the federal government, most recently as the executive director of the Cybersecurity and Infrastructure Security Agency (CISA).
}

Subscribe to Lawfare