The cyber realm is increasingly vital to national security, but much of cybersecurity is provided privately. Private firms provide a range of roles, from purely defensive operations to more controversial ones, such as active-cyber defense (ACD) and ‘hacking back’. As with the outsourcing of traditional military and security services to private military and security companies (PMSCs), the reliance on private firms raises the ethical question of to what extent the private sector should be involved in providing security services. In this article, I consider this question. I argue that a moderately restrictive approach should be adopted, which holds that private firms can justifiably launch some cybersecurity services – defensive measures – but are not permitted to perform others – offensive measures.

中文翻译：

---

从防御到进攻：私人网络安全的伦理

网络领域对国家安全越来越重要，但大部分网络安全都是私人提供的。私营公司提供一系列角色，从纯粹的防御性操作到更具争议性的角色，例如主动网络防御 (ACD) 和“反黑客攻击”。与将传统军事和安全服务外包给私营军事和安全公司 (PMSC) 一样，对私营公司的依赖引发了一个道德问题，即私营部门应在多大程度上参与提供安全服务。在这篇文章中，我考虑了这个问题。我认为应该采取适度限制的方法，认为私营公司可以合理地推出一些网络安全服务——防御措施——但不允许执行其他的——进攻性措施。