Is “Hackback” Official US Cybersecurity Strategy?
Summary
The 2026 US Cyber Strategy for America includes a sentence suggesting the creation of incentives for the private sector to "identify and disrupt adversary networks." This has been interpreted as a potential call for "hackback," allowing private companies to conduct offensive cyber operations.
IFF Assessment
This is bad news for defenders because it suggests a shift towards allowing private entities to conduct offensive operations, which could lead to escalation and a less stable cybersecurity landscape.
Defender Context
Defenders should be aware of this policy shift, as it could lead to increased and potentially uncoordinated offensive actions against perceived adversaries. This might blur lines between state-sponsored and private sector attacks, complicating attribution and response efforts. Organizations should prepare for a more complex threat environment where private entities might actively pursue attackers.