{"id":9564,"date":"2026-04-13T09:19:14","date_gmt":"2026-04-13T09:19:14","guid":{"rendered":"https:\/\/sawahsolutions.com\/range\/us-push-to-counter-hackers-draws-industry-deeper-into-offensive-cyber-debate\/"},"modified":"2026-04-13T09:19:15","modified_gmt":"2026-04-13T09:19:15","slug":"us-push-to-counter-hackers-draws-industry-deeper-into-offensive-cyber-debate","status":"publish","type":"post","link":"https:\/\/sawahsolutions.com\/range\/us-push-to-counter-hackers-draws-industry-deeper-into-offensive-cyber-debate\/","title":{"rendered":"US push to counter hackers draws industry deeper into offensive cyber debate"},"content":{"rendered":"<div>\n<p>The U.S. government has an offensive cyber wish list, and the private sector is already bidding. Many federal contractors back the effort, though they still have deeper questions about semantics and where offense ends and defense begins.<\/p>\n<p>Terms like \u201cdisruption,\u201d \u201ccyber effects\u201d and \u201cdefensive operations\u201d were flung around in discussions at the RSAC Conference in San Francisco last month, one of the largest cybersecurity gatherings in the world. In discussions during and after the conference, <em>Nextgov\/FCW<\/em> sought to learn how industry players perceive the vision under President Donald Trump to punch back harder against cyber adversaries, and how those industry leaders might contribute to the cause.<\/p>\n<p>For the past year, industry executives and U.S. officials in closed-door meetings have weighed the concept of enlisting private sector cyber titans to hack for the government, inspired by the centuries-old practice of letters of marque and reprisal that made waves in the old days of naval warfare. But last month, National Cyber Director Sean Cairncross appeared to pour cold water on the concept.<\/p>\n<p>He told audience members at an event that there\u2019s \u201can enormous amount of capability on the private sector side,\u201d but that he\u2019s \u201cnot talking about private sector, industry or companies engaged in a cyber offensive campaign.\u201d<\/p>\n<p>Cairncross said he wants to use the \u201cability of our private sector \u2026 to inform and share information so that the [U.S. government] can respond\u201d either defensively or in a more agile way to enemy hackers. His remarks came after the release of Trump\u2019s national cyber strategy, whose first pillar focuses on ways to create obstacles for foreign state cyber operatives and criminal hackers.<\/p>\n<p>But nearly a dozen interviews with industry stakeholders and former officials indicate that it remains an open question where companies draw the line on cyber offense and where the government does. The boundaries around offensive cyber are often blurred, and the private sector is still trying to learn its place. That uncertainty leaves more questions than answers about how offensive cyber operations should be structured, regulated and integrated into a broader U.S. national security strategy.<\/p>\n<p><strong>New market force<\/strong><\/p>\n<p>There\u2019s consensus among security leaders that the private sector doesn\u2019t want to be deployed for offensive hacking, said Adam Marr\u00e8, chief information security officer at Arctic Wolf. The talk of \u201chacking back\u201d comes up every five to ten years, he said, but those talks break down every time for a number of reasons, mainly because of legal and ethical concerns.<\/p>\n<p>Still, there\u2019s no indication that the global cybersecurity environment is calming. Foreign adversaries would \u201cabsolutely\u201d want access to powerful exploits that can steal information or wreak havoc on systems, Marr\u00e8 said.\u00a0<\/p>\n<p>\u201c[Adversaries] are mainly worried about what\u2019s effective. So if it works, and if it ain\u2019t broke, don\u2019t fix it,\u201d he said. \u201cBut if I can find a more exotic exploit that is going to allow me to have more access or access without being detected, or be able to get to somewhere I haven\u2019t been able to get before, 100% they\u2019re going to be looking for that.&#8221;<\/p>\n<p>Governments across the world are hankering for the latest and greatest hacking tools, said Elad Schulman, CEO of Lasso Security.\u00a0<\/p>\n<p>\u201cIf we are not developing capabilities, our enemies are developing those capabilities,\u201d he said. \u201cThat is why we need to assume that, at any point in time, someone will find and use exploits against us.\u201d<\/p>\n<p>For years, companies have helped develop special technologies for the U.S. government\u2019s secret cyber missions. But the new White House cyber strategy\u2019s offensive focus sets a tone for companies and their investors, said Rob Joyce, the NSA\u2019s former cybersecurity director.\u00a0<\/p>\n<p>\u201cThere\u2019s been companies that are defense industrial base firms that know how to sell to the government, and there\u2019s been some very boutique cyber companies that sell into the military cyber and intel community,\u201d he said. \u201cBut this has the whole community and people out here in Silicon Valley who are not government-adjacent talking about ideas that they can help with in offensive cyber. I think it changes that ecosystem a little bit.\u201d<\/p>\n<p>Joyce is now a venture partner at DataTribe, which invests in early-stage cybersecurity companies often led by people who worked in the intelligence community. He said the government is in the market for an array of cyber capabilities, including vulnerability scanning, exploit development, tooling to analyze cyber threat data and digital infrastructure to obscure the origin of covert cyber operations.<\/p>\n<p>Last\u00a0week, the cybersecurity world was sent into shock when Anthropic revealed it was holding back a powerful frontier AI model that could find previously undiscovered vulnerabilities at mass scale. The intelligence community is already eyeing its capabilities, <em>Nextgov\/FCW<\/em> reported.<\/p>\n<p><strong>Still operating defensively<\/strong><\/p>\n<p>Many practitioners are advising the cyber ecosystem to invest in defensive measures, regardless of the White House\u2019s more offensive posture.<\/p>\n<p>\u201cBeing a defender, an ounce of prevention is worth a pound of cure,\u201d said Ryan Anschutz, the incident response lead at IBM\u2019s X-Force threat intelligence arm and a former FBI official. \u201cA defensive prevention perspective, I think, would have more of an impact \u2026 than offensive capabilities, which, quite frankly, some arms of the federal government\u2014their offensive capabilities far surpass the private sector.\u201d<\/p>\n<p>Even among companies that simulate adversary cyberattacks to improve network defenses, known formally as red-teaming, the definition of \u201coffensive hacking\u201d can get fuzzy.<\/p>\n<p>\u201cWould you classify offensive hacking as going out and fingerprinting the threat that was attacking you to gain the threat intelligence?\u201d Anschutz said. \u201cIs that offensive? Where does that change? Where\u2019s the line drawn between what is offensive and what\u2019s not offensive?\u201d<\/p>\n<p>The answer depends on who you ask.\u00a0<\/p>\n<p>Hacking back, in the sense of breaking into adversaries\u2019 computer systems for data and geopolitical intelligence, takes a level of access that only belongs in the government space, said another industry executive that works closely with the intelligence community on cyber matters.<\/p>\n<p>Google\u2019s threat intelligence arm recently came out swinging with discussions of its new disruption unit, though executives soon quashed the notion that the unit is \u201coffensive\u201d in any way, arguing that removing infrastructure that hackers sit on is a defensive move that impedes their forward operations onto U.S. and allied systems.<\/p>\n<p>Some companies are building out advanced defensive cyber solutions at as rapid a pace as the offensive market, a sign that a more capable offense is driving equally urgent demand for stronger digital shielding.<\/p>\n<p>\u201cWe had just seen too many examples over and over again of how burned out these poor kids in these security operations centers are, how just overwhelmed at the enormity of all the alerts, all the boxes always flashing red,\u201d said Bill MacMillan, a former CIA official and now the chief product officer at security operations center solutions provider Andesite.<\/p>\n<p>\u201cWe have to transform. We have to adopt this technology because this is the threat environment and the resource environment that we\u2019re operating in,\u201d he said.<\/p>\n<p><strong>Considering new frameworks<\/strong><\/p>\n<p>The offensive philosophy in Washington, D.C., has made some cyber experts weigh the pros and cons of the current legal environment that facilitates hacking activities.<\/p>\n<p>The NSA, Cyber Command and others are permitted to take more aggressive cyber actions to stop foreign adversaries and criminal hacker gangs. This week, the FBI said it covertly sent shutdown commands to kick Russian state-backed hackers out of thousands of routers housed in organizations around the world.<\/p>\n<p>The move, like many FBI takedowns of digital infrastructure, required court authorization. More broadly, some of the most sensitive intelligence operations do not rely on a standard U.S. court warrant at all.<\/p>\n<p>Even so, private companies lack those authorities. They may build the capabilities used in cyber operations, but\u2014like a defense contractor manufacturing a missile\u2014the decision to deploy them and the consequences that follow rest with the government, not the company.<\/p>\n<p>But what happens if a firm is hacked and wants to take action? There\u2019s room to discuss \u201cstand-your-ground\u201d laws that could permit companies to respond to intrusions, at least to a certain degree, said Philip George, executive technical strategist at Merlin Cyber.<\/p>\n<p>\u201cObviously, there are some authority issues and some rules of engagement concerns, and we don\u2019t necessarily want everyone returning fire or preemptively thwarting an attack,\u201d he said. But if attacked in cyberspace, \u201cwhat\u2019s the extent that I can return fire, to at least take down infrastructure that may be targeting me?\u201d<\/p>\n<p>Asked if such a legal authority constitutes a counter-attack, he clarified it as a \u201ccounter-action\u201d or \u201ccounter-response\u201d because the former term carries \u201ca lot of weight.\u201d<\/p>\n<p>Some serious conversations will need to be had about the future of legal measures under this offensive posture, said John Fokker, head of threat intelligence at Trellix and a former official in the Dutch National Police\u2019s High-Tech Crime Unit.<\/p>\n<p>\u201cIf authorities are operating in the grey area with certain private sector entities, I\u2019d much rather define and start talking about that grey area,\u201d he said.<\/p>\n<p>Information-sharing between the public and private sectors\u2014a cornerstone of modern efforts to stop cyberattacks\u2014should also continue, he said, though he argued the process should be streamlined given the number of existing groups.<\/p>\n<p>But one executive said they expect the U.S. government will ultimately find ways to involve private contractors in offensive cyber operations, even as the administration publicly draws limits.<\/p>\n<p>\u201cI believe that the government will contract for cyber operations under carefully crafted contracts,\u201d said Kevin Spease, president at ISSE Services. \u201cIt simply depends on how you define it.\u201d<\/p>\n<p>He pointed to past U.S. conflicts where private firms supported offensive missions, arguing cyber operations could follow a similar path.<\/p>\n<p>The rationale, Spease added, comes down to capability. The government, in both civilian and defense agencies, already predominantly relies on technology made by the private sector for day-to-day operations.<\/p>\n<p>\u201cThe private companies have far better expertise,\u201d he said. \u201cSometimes it\u2019s easier to have a contractor do it.\u201d<svg class=\"content-tombstone\">\n<use xlink:href=\"http:\/\/www.defenseone.com\/static\/base\/svg\/spritesheet.svg#icon-d1-logo-tiny\"\/>\n<\/svg><\/p>\n<\/div>\n<p><script>\n!function(f,b,e,v,n,t,s)\n{if(f.fbq)return;n=f.fbq=function(){n.callMethod?\nn.callMethod.apply(n,arguments):n.queue.push(arguments)};\nif(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\nn.queue=[];t=b.createElement(e);t.async=!0;\nt.src=v;s=b.getElementsByTagName(e)[0];\ns.parentNode.insertBefore(t,s)}(window,document,'script',\n'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\nfbq('init', '10155007044873614'); \nfbq('track', 'PageView');\n<\/script><script>\n  window.fbAsyncInit = function() {\n    FB.init({\n      appId      : '1546266055584988',\n      autoLogAppEvents : true,\n      xfbml      : true,\n      version    : 'v2.11'\n    });\n  };\n  (function(d, s, id){\n     var js, fjs = d.getElementsByTagName(s)[0];\n     if (d.getElementById(id)) {return;}\n     js = d.createElement(s); js.id = id;\n     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n     fjs.parentNode.insertBefore(js, fjs);\n   }(document, 'script', 'facebook-jssdk'));\n<\/script><br \/>\n<br \/>Read the full article <a href=\"https:\/\/www.defenseone.com\/business\/2026\/04\/us-push-counter-hackers-draws-industry-deeper-offensive-cyber-debate\/412791\/\" target=\"_blank\" rel=\"nofollow noopener\">here<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The U.S. government has an offensive cyber wish list, and the private sector is already bidding. Many federal contractors back the effort, though they still have deeper questions about semantics and where offense ends and defense begins. Terms like \u201cdisruption,\u201d \u201ccyber effects\u201d and \u201cdefensive operations\u201d were flung around in discussions at the RSAC Conference in<\/p>\n","protected":false},"author":1,"featured_media":9565,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.defenseone.com\/media\/img\/cd\/2026\/04\/13\/041026hackNG\/open-graph.jpg","fifu_image_alt":"","footnotes":""},"categories":[31],"tags":[],"class_list":["post-9564","post","type-post","status-publish","format-standard","has-post-thumbnail","category-defense"],"_links":{"self":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts\/9564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/comments?post=9564"}],"version-history":[{"count":1,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts\/9564\/revisions"}],"predecessor-version":[{"id":9566,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts\/9564\/revisions\/9566"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/media\/9565"}],"wp:attachment":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/media?parent=9564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/categories?post=9564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/tags?post=9564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}