- with readers working within the Banking & Credit industries
The Trump administration's new National Cybersecurity Strategy signals a major shift in federal policy, one that could put private companies in the driver's seat for offensive cyber operations against nation-state actors, ransomware groups, and cybercriminals. In Lawfare, Partners Aaron Cooper and Shoba Pillay and Associate Philip Chertoff examine the strategy's proposal to enlist the private sector in "disrupting adversary networks" and the substantial legal and compliance risks companies will need to navigate.
The legal landscape remains largely prohibitive. No federal framework currently authorizes private companies to conduct offensive cyber operations, and the Computer Fraud and Abuse Act, along with a patchwork of state and foreign hacking laws, broadly criminalizes exactly the conduct strategy envisions. Until Congress acts, the gap between the administration's policy aspirations and legal reality creates real exposure for companies in technology, defense, critical infrastructure, and cybersecurity.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
