The lines between civilian and military are increasingly blurred, creating ambiguity under international law when private contractors engage in offensive cyber-security operations on behalf of states. These private security companies (PSCs) are being contracted for cyber security to engage in offensive cyber operations, but states should not contract PSCs for offensive cyber operations. The next instalment of the 2014 Jr. Fellows Policy Briefs recognizes the benefits of cyber-security contracting and maintains that a transparent distinction should be established between PSCs and state militaries, whereby private actors would only be involved in defensive and supportive operations. The authors address the North Atlantic Treaty Organization to implement a contracting protocol that delineates appropriate classifications for the tasks and personnel required for private cyber-security contracts. They conclude that establishing an oversight organization and submitting a proposal to the International Law Commission to consider the roles of private security actors would create greater transparency and accountability for contracting.
Consult, Command, Control, Contract: Adding a Fourth “C” to NATO’s Cyber Security
CIGI Jr. Fellows Policy Brief No. 13