{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T12:06:04Z","timestamp":1772798764892,"version":"3.50.1"},"reference-count":84,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2021,3,30]],"date-time":"2021-03-30T00:00:00Z","timestamp":1617062400000},"content-version":"vor","delay-in-days":88,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100007729","name":"Dutch Ministry of Foreign Affairs","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100007729","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,2,16]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Private sector Active Cyber Defence (ACD) lies on the intersection of domestic security and international security and is a recurring subject, often under the more provocative flag of \u2018hack back\u2019, in the American debate about cyber security. This article looks at the theory and practice of private cyber security provision and analyses in more detail a number of recent reports and publications on ACD by Washington DC based commissions and think tanks. Many of these propose legalizing forms of active cyber defence, in which private cyber security companies would be allowed to operate beyond their own, or their clients\u2019 networks, and push beyond American law as it currently stands. Generally, public-private governance solutions for security problems have to manage a balance between (i) questions of capacity and assigning responsibilities, (ii) the political legitimacy of public\u2013private security solutions and (iii) the mitigation of their external effects. The case of private active cyber defence reveals a strong emphasis on addressing the domestic security (and political) problem, while failing to convincingly address the international security problems. The proposals aim to create a legitimate market for active cyber defence, anchored to the state through regulation and certification as a way to balance capacity, responsibilities and domestic political legitimacy. A major problem is that even though these reports anticipate international repercussions and political pushback, against what is likely be received internationally as an escalatory and provocative policy, they offer little to mitigate it.<\/jats:p>","DOI":"10.1093\/cybsec\/tyab010","type":"journal-article","created":{"date-parts":[[2021,3,30]],"date-time":"2021-03-30T03:26:17Z","timestamp":1617074777000},"source":"Crossref","is-referenced-by-count":17,"title":["Private active cyber defense and (international) cyber security\u2014pushing the line?"],"prefix":"10.1093","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8827-2814","authenticated-orcid":false,"given":"Dennis","family":"Broeders","sequence":"first","affiliation":[{"name":"The Hague Program for Cyber Norms, Institute of Security and Global Affairs, Leiden University, The Hague, The Netherlands"}]}],"member":"286","published-online":{"date-parts":[[2021,3,30]]},"reference":[{"key":"2021070819462539300_tyab010-B1","volume-title":"Regional Risks for Doing Business 2018","author":"World Economic Forum","year":"2018"},{"key":"2021070819462539300_tyab010-B2","doi-asserted-by":"crossref","first-page":"43","DOI":"10.1111\/1468-2346.12504","article-title":"Public-private partnerships in national cyber-security strategies","volume":"92","author":"Carr","year":"2016","journal-title":"Int Aff"},{"key":"2021070819462539300_tyab010-B3","doi-asserted-by":"crossref","first-page":"105","DOI":"10.1111\/misr.12023","article-title":"From Cyber-bombs to political fallout: threat representations with an impact in the cyber-security discourse","volume":"15","author":"Dunn Cavelty","year":"2013","journal-title":"Int Stud Rev"},{"key":"2021070819462539300_tyab010-B4","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1016\/j.ijcip.2009.08.006","article-title":"Public-private partnerships are no silver bullet: an expanded governance model for critical infrastructure protection","volume":"2","author":"Dunn Cavelty","year":"2009","journal-title":"Int J Crit Infrastruct Prot"},{"key":"2021070819462539300_tyab010-B5","author":"Arnold","year":"2015"},{"key":"2021070819462539300_tyab010-B6","first-page":"93","volume-title":"Cyber Enabled Economic Warfare: An Evolving Challenge","author":"Zarate","year":"2015"},{"key":"2021070819462539300_tyab010-B7","author":"Chesney","year":"2019"},{"key":"2021070819462539300_tyab010-B8","author":"Active Cyber Defense Certainty Act, H.R. 4036, 115th Cong","year":"2017"},{"key":"2021070819462539300_tyab010-B9","volume-title":"Into the Gray Zone. The Private Sector and Active Defense against Cyber Threats","author":"Center for Cyber and Homeland Security","year":"2016"},{"key":"2021070819462539300_tyab010-B10","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1111\/j.1749-5687.2008.00060.x","article-title":"Security beyond the state: global security assemblages in international politics","volume":"3","author":"Abrahamsen","year":"2009","journal-title":"Int Political Sociol"},{"key":"2021070819462539300_tyab010-B11","volume-title":"Security Beyond the State: Private Security in International Politics","author":"Abrahamsen","year":"2011"},{"key":"2021070819462539300_tyab010-B12","volume-title":"Corporate Warriors: The Rise of Privatized Military Industry","author":"Singer","year":"2003"},{"key":"2021070819462539300_tyab010-B13","doi-asserted-by":"crossref","first-page":"803","DOI":"10.1177\/03058298050330030601","article-title":"The power to construct international security: on the significance of private military companies","volume":"33","author":"Leander","year":"2005","journal-title":"Millenn J Int Stud"},{"key":"2021070819462539300_tyab010-B14","doi-asserted-by":"crossref","first-page":"408","DOI":"10.1080\/10439463.2015.1072180","article-title":"Global assemblages and counter-piracy: public and private maritime policing","volume":"27","author":"Gould","year":"2017","journal-title":"Polic Soc"},{"key":"2021070819462539300_tyab010-B15","first-page":"38","article-title":"The hybridization of cyber security governance: the emergence of global cyber security assemblages","author":"Broeders","year":"2017","journal-title":"Glob Policy Digit Debates"},{"key":"2021070819462539300_tyab010-B16","doi-asserted-by":"crossref","first-page":"13","DOI":"10.17645\/pag.v6i2.1324","article-title":"Cyber security assemblages: a framework for understanding the dynamic and contested nature of security provision","volume":"6","author":"Collier","year":"2018","journal-title":"Politics Gov"},{"key":"2021070819462539300_tyab010-B17","volume-title":"The Public Core of the Internet: An International Agenda for Internet Governance","author":"Broeders","year":"2015"},{"key":"2021070819462539300_tyab010-B18","volume-title":"Black Code. Inside the Battle for Cyber Space","author":"Deibert","year":"2013"},{"key":"2021070819462539300_tyab010-B19","doi-asserted-by":"crossref","DOI":"10.12987\/yale\/9780300181357.001.0001","volume-title":"The Global War for Internet Governance","author":"DeNardis","year":"2014"},{"key":"2021070819462539300_tyab010-B20","first-page":"379","volume-title":"Bytes, Bombs and Spies. The Strategic Dimensions of Offensive Cyber Operations","author":"Lachow","year":"2018"},{"key":"2021070819462539300_tyab010-B21","doi-asserted-by":"crossref","DOI":"10.1017\/9781316422724","volume-title":"Cyber Mercenaries: The State, Hackers, and Power","author":"Maurer","year":"2018"},{"key":"2021070819462539300_tyab010-B22","volume-title":"@War: The Rise of the Military Industry Complex","author":"Harris","year":"2014"},{"key":"2021070819462539300_tyab010-B23","first-page":"69","author":"Boeke","year":"2015"},{"key":"2021070819462539300_tyab010-B24","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1007\/s10611-016-9653-3","article-title":"A typology of cybersecurity and public-private partnerships in the context of the EU","volume":"67","author":"Bossong","year":"2017","journal-title":"Crime Law Soc Change"},{"key":"2021070819462539300_tyab010-B25","doi-asserted-by":"crossref","first-page":"449","DOI":"10.1111\/gove.12309","article-title":"National cyber crisis management: different European approaches","volume":"31","author":"Boeke","year":"2018","journal-title":"Governance"},{"key":"2021070819462539300_tyab010-B26","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1111\/gove.12368","article-title":"Securing cyberspace: how states design governance arrangements","volume":"32","author":"Weiss","year":"2019","journal-title":"Governance"},{"key":"2021070819462539300_tyab010-B27","doi-asserted-by":"crossref","first-page":"400","DOI":"10.1111\/1467-6478.00263","article-title":"Nodal governance, democracy, and the new \u2018denizens\u2019","volume":"30","author":"Shearing","year":"2003","journal-title":"J Law Soc"},{"key":"2021070819462539300_tyab010-B28","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511611117","volume-title":"Civilizing Security","author":"Loader","year":"2007"},{"key":"2021070819462539300_tyab010-B29","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1177\/1362480611410903","article-title":"The new political economy of private security","volume":"16","author":"White","year":"2012","journal-title":"Theor Criminol"},{"key":"2021070819462539300_tyab010-B30","first-page":"407","article-title":"Toward the political economy of plural policing: tacking stock of a burgeoning literature","volume":"19","author":"Scarpello","year":"2017","journal-title":"Int Stud Rev"},{"key":"2021070819462539300_tyab010-B31","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1111\/rego.12125","article-title":"Citizen co-production of cyber security: self-help, vigilantes and cybercrime","volume":"12","author":"Chang","year":"2018","journal-title":"Regul Gov"},{"key":"2021070819462539300_tyab010-B32","doi-asserted-by":"crossref","DOI":"10.1093\/acprof:oso\/9780190204792.001.0001","volume-title":"Cyber War versus Cyber Realities. Cyber Conflict in the International System","author":"Valeriano","year":"2015"},{"key":"2021070819462539300_tyab010-B33","doi-asserted-by":"crossref","DOI":"10.7208\/chicago\/9780226190174.001.0001","volume-title":"Culture of Control: Crime and Social Order in Contemporary Society","author":"Garland","year":"2001"},{"key":"2021070819462539300_tyab010-B34","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1007\/s10611-016-9649-z","article-title":"Bots, cops, and corporations: on the limits of enforcement and the promise of polycentric regulation as a way to control large-scale cybercrime","volume":"67","author":"Dupont","year":"2017","journal-title":"Crime Law Soc Change"},{"key":"2021070819462539300_tyab010-B35","doi-asserted-by":"crossref","DOI":"10.1057\/9780230299290","volume-title":"The Politics of Private Security","author":"White","year":"2010"},{"key":"2021070819462539300_tyab010-B36","doi-asserted-by":"crossref","DOI":"10.1093\/acprof:oso\/9780198295457.001.0001","volume-title":"Governing Europe: Effective and Democratic?","author":"Scharpf","year":"1999"},{"key":"2021070819462539300_tyab010-B37","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1111\/j.1748-5991.2010.01076.x","article-title":"Governance without a state. Can it work?","volume":"4","author":"B\u00f6rzel","year":"2010","journal-title":"Regul Gov"},{"key":"2021070819462539300_tyab010-B38","first-page":"195","volume-title":"Complex Sovereignty: Reconstituting Political Authority in the 21st Century","author":"B\u00f6rzel","year":"2005"},{"key":"2021070819462539300_tyab010-B39","doi-asserted-by":"crossref","first-page":"451","DOI":"10.1111\/j.1468-2486.2009.00869.x","article-title":"Transnational public-private partnerships in international relations: making sense of concepts, research frameworks, and results","volume":"11","author":"Sch\u00e4ferhoff","year":"2009","journal-title":"Int Stud Rev"},{"key":"2021070819462539300_tyab010-B40","volume-title":"The Vocation Lectures. Science as a Vocation\/Politics as a Vocation","author":"Weber","year":"2004"},{"key":"2021070819462539300_tyab010-B41","volume-title":"Mercenaries, Pirates & Sovereigns","author":"Thompson","year":"1994"},{"key":"2021070819462539300_tyab010-B42","doi-asserted-by":"crossref","first-page":"190","DOI":"10.2307\/j.ctt1trkjd1","volume-title":"The Virtual Weapon and International Order","author":"Kello","year":"2017"},{"key":"2021070819462539300_tyab010-B43","doi-asserted-by":"crossref","first-page":"735","DOI":"10.1177\/0305829811401459","article-title":"The big bangs of IR: the myths that your teachers still tell you about 1648 and 1919","volume":"39","author":"De Carvalho","year":"2011","journal-title":"Millennium"},{"key":"2021070819462539300_tyab010-B44","first-page":"29","article-title":"Cyber Westphalia: asserting state prerogatives in cyberspace","author":"Demchak","year":"2013","journal-title":"Georget J Int Aff"},{"key":"2021070819462539300_tyab010-B45","author":"Lewis","year":"2013"},{"key":"2021070819462539300_tyab010-B46","first-page":"107","volume-title":"Governing cyberspace: behavior, power, and diplomacy","author":"Creemers","year":"2020"},{"key":"2021070819462539300_tyab010-B47","first-page":"85","volume-title":"Governing Cyberspace: Behavior, Power, and Diplomacy","author":"Kurowska","year":"2020"},{"key":"2021070819462539300_tyab010-B48","volume-title":"Coalition of the Unwilling? Chinese and Russian Perspectives on Cyberspace","author":"Broeders","year":"2019"},{"key":"2021070819462539300_tyab010-B49","first-page":"10","article-title":"When China rules the web: technology in service of the state","volume":"97","author":"Segal","year":"2018","journal-title":"Foreign Aff"},{"key":"2021070819462539300_tyab010-B50","doi-asserted-by":"crossref","DOI":"10.1515\/9781400823260","volume-title":"Sovereignty: Organized Hypocrisy","author":"Krasner","year":"1999"},{"key":"2021070819462539300_tyab010-B51","doi-asserted-by":"crossref","first-page":"779","DOI":"10.1093\/isr\/viz044","article-title":"Against sovereignty in cyberspace","author":"Mueller","year":"2020","journal-title":"Int Stud Rev"},{"key":"2021070819462539300_tyab010-B52","doi-asserted-by":"crossref","DOI":"10.1017\/9781316822524","volume-title":"The Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations","author":"Schmitt","year":"2017"},{"key":"2021070819462539300_tyab010-B53","doi-asserted-by":"crossref","first-page":"315","DOI":"10.1007\/978-3-319-47852-4_17","volume-title":"The Responsibilities of Online Service Providers","author":"Broeders","year":"2017"},{"key":"2021070819462539300_tyab010-B54","volume-title":"Three Tales of Attribution in Cyberspace: Criminal Law, International Law and Policy Debates","author":"Broeders","year":"2020"},{"key":"2021070819462539300_tyab010-B55","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1080\/13523260.2019.1677324","article-title":"Contested public attributions of cyber incidents and the role of academia","volume":"41","author":"Egloff","year":"2020","journal-title":"Contemp Secur Policy"},{"key":"2021070819462539300_tyab010-B56","volume-title":"Application of International Law to Cyber Operations: A Comparative Analysis of States\u2019 Views","author":"Roguski","year":"2020"},{"key":"2021070819462539300_tyab010-B57","doi-asserted-by":"crossref","first-page":"383","DOI":"10.1093\/jcsl\/krw015","article-title":"\u2018Proxies\u2019 and Cyberspace","volume":"21","author":"Maurer","year":"2016","journal-title":"J Confl Sec Law"},{"key":"2021070819462539300_tyab010-B58","volume-title":"The Cybersecurity Dilemma: Hacking, Trust, and Fear between Nations","author":"Buchanan","year":"2016"},{"key":"2021070819462539300_tyab010-B59","volume-title":"Should the U.S. Allow Companies to \u2018Hack Back\u2019 Against Foreign Cyber Spies?.","author":"Fisher","year":"2013"},{"key":"2021070819462539300_tyab010-B60","author":"Ponta","year":"2020"},{"key":"2021070819462539300_tyab010-B61","first-page":"205","article-title":"Cross-border data access and active cyber defense: assessing legislative options for a new international cyber security rulebook","volume":"29","author":"Cook","year":"2018","journal-title":"Stanf Law Policy Rev"},{"key":"2021070819462539300_tyab010-B62","author":"Nusca","year":"2011"},{"key":"2021070819462539300_tyab010-B63","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/19331681.2020.1776658","article-title":"A tale of two cybers \u2013 how threat reporting by cybersecurity firms systematically underrepresents threats to civil society","volume":"18","author":"Maschmeyer","year":"2021","journal-title":"J Inf Technol Politics"},{"key":"2021070819462539300_tyab010-B64","first-page":"251","author":"Healey","year":"2020"},{"key":"2021070819462539300_tyab010-B65","volume-title":"The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Based on Spam Data","author":"van Eeten","year":"2010"},{"key":"2021070819462539300_tyab010-B66","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1109\/MSP.2015.110","article-title":"Economics of fighting botnets: lessons from a decade of mitigation","volume":"13","author":"Asghari","year":"2015","journal-title":"IEEE Secur Priv"},{"key":"2021070819462539300_tyab010-B67","doi-asserted-by":"crossref","first-page":"469","DOI":"10.1007\/s10551-012-1494-0","article-title":"Business under threat, technology under attack, ethics under fire: the experience of google in China","volume":"110","author":"Tan","year":"2012","journal-title":"J Bus Ethics"},{"key":"2021070819462539300_tyab010-B68","author":"Timberg","year":"2014"},{"key":"2021070819462539300_tyab010-B69","author":"Sobczak","year":"2018"},{"key":"2021070819462539300_tyab010-B70","volume-title":"The Competition of Ideas: The World of the Washington Think Tanks","author":"Weidenbaum","year":"2008"},{"key":"2021070819462539300_tyab010-B71","author":"Foundation for Defense of Democracies","year":"2020"},{"key":"2021070819462539300_tyab010-B72","volume-title":"Active Cyber Defense, a Framework for Policy Makers","author":"Lachow","year":"2013"},{"key":"2021070819462539300_tyab010-B73","volume-title":"The Cyber Financial Wars on the Horizon: The Convergence of Financial and Cyber Warfare and the Need for a 21st Century National Security Response","author":"Zarate","year":"2015"},{"key":"2021070819462539300_tyab010-B74","author":"Commission on the Theft of American Intellectual Property. The IP Commission Report. Washington DC: The IP Commission","year":"2013"},{"key":"2021070819462539300_tyab010-B75","author":"Nelson","year":"2018"},{"key":"2021070819462539300_tyab010-B76","volume-title":"Private Sector Cyber Defense, Can Active Measures Help Stabilize Cyberspace?","author":"Hoffman","year":"2017"},{"key":"2021070819462539300_tyab010-B77","volume-title":"Next Steps for U.S. Cybersecurity in the Trump Administration: Active Cyber Defense","author":"Rosenzweig","year":"2017"},{"key":"2021070819462539300_tyab010-B78","volume-title":"Enhancing Network Security. A Cyber Strategy for the Next Administration","author":"Rabkin","year":"2016"},{"key":"2021070819462539300_tyab010-B79","first-page":"103","article-title":"International Law and Private Actor Cyber Defensive Measures","volume":"50","author":"Rosenzweig","year":"2013","journal-title":"Stanf J Int Law"},{"key":"2021070819462539300_tyab010-B80","volume-title":"The Perfect Weapon. War, Sabotage, and Fear in the Cyber Age","author":"Sanger","year":"2018"},{"key":"2021070819462539300_tyab010-B81","author":"Fire-Eye","year":"2018"},{"key":"2021070819462539300_tyab010-B82","first-page":"231","volume-title":"Understanding Cyber Conflict: Fourteen Analogies","author":"Egloff","year":"2017"},{"key":"2021070819462539300_tyab010-B83","author":"France","year":"2018"},{"key":"2021070819462539300_tyab010-B84","author":"Schneier","year":"2014"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/cybersecurity\/article-pdf\/7\/1\/tyab010\/37019168\/tyab010.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"http:\/\/academic.oup.com\/cybersecurity\/article-pdf\/7\/1\/tyab010\/37019168\/tyab010.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,7,9]],"date-time":"2021-07-09T03:22:24Z","timestamp":1625800944000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyab010\/6199903"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,1,1]]},"references-count":84,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,2,16]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyab010","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2021,1,1]]},"published":{"date-parts":[[2021,1,1]]},"article-number":"tyab010"}}