Private active cyber defense and (international) cyber security—pushing the line?

Abstract Private sector Active Cyber Defence (ACD) lies on the intersection of domestic security and international is a recurring subject, often under more provocative flag ‘hack back’, in American debate about cyber security. This article looks at theory practice private provision analyses detail number recent reports publications ACD by Washington DC based commissions think tanks. Many these propose legalizing forms active defence, which companies would be allowed to operate beyond their own, or clients’ networks, push law as it currently stands. Generally, public-private governance solutions for problems have manage balance between (i) questions capacity assigning responsibilities, (ii) political legitimacy public–private (iii) mitigation external effects. The case defence reveals strong emphasis addressing (and political) problem, while failing convincingly address problems. proposals aim create legitimate market anchored state through regulation certification way capacity, responsibilities legitimacy. A major problem that even though anticipate repercussions pushback, against what likely received internationally an escalatory policy, they offer little mitigate it.