By: Wyatt Hoffman and Ariel E. Levite (Lawfare)
From the article:
A nascent international “gray” market for active cyber defense services (including hacking back) already exists. The growth of private sector [active cyber defense (ACD)] mirrors a similar development in maritime security: the shipping industry’s adoption of private armed guards in response to the escalating threat from Somali piracy. By the late 2000s, even huge naval deployments were unable to provide sufficient defense to shipping vessels. Private maritime security contractors left many governments struggling to belatedly impose order where little prevented or discouraged the private sector from turning to its own means of defense. But through the combined efforts of ship-owners, maritime insurers, and private maritime security providers, the private sector was to implement a credible and responsible solution that defused the threat. The same factors that catalyzed the rise of private maritime security contractors are pervading the cyber domain. Rather than continuing to debate whether to allow the practice of ACD, it is time to consider how to responsibly and credibly place ACD in the corporate tool kit. Wherever possible, this approach should draw on established private sector self-regulation mechanisms, including insurance-based solutions.
Read more: full text