The Privatization of Security and the Market for Cyber Tools and Services

{
  "authors": [
    "Tim Maurer",
    "Wyatt Hoffman"
  ],
  "type": "other",
  "centerAffiliationAll": "dc",
  "centers": [
    "Carnegie Endowment for International Peace"
  ],
  "collections": [
    "Cyber and Digital Policy"
  ],
  "englishNewsletterAll": "ctw",
  "nonEnglishNewsletterAll": "",
  "primaryCenter": "Carnegie Endowment for International Peace",
  "programAffiliation": "TIA",
  "programs": [
    "Technology and International Affairs"
  ],
  "projects": [],
  "regions": [
    "Iran"
  ],
  "topics": [
    "Security",
    "Technology"
  ]
}

Other

The Privatization of Security and the Market for Cyber Tools and Services

A look at the emerging and expanding gaps in the governance of private cybersecurity companies and activities and the ways forward and policy options for governments.

By Tim Maurer and Wyatt Hoffman

Published on Aug 23, 2019

Source: Geneva Centre for Security Sector Governance

Abstract

This paper seeks to identify the emerging and expanding gaps in the governance of private cybersecurity companies and activities and to explore ways forward and policy options for governments. First, it explores the characteristics of typical cyber operations and challenges related to their conduct by private actors. Thereafter, it addresses the governance challenges around cybersecurity and three main departure points for regulation: the fact that geographic scope does not limit cybersecurity companies, that cyber operations can slide from defensive to offensive very quickly; and that cybersecurity services are often exported for the purpose of (or with the knowledge they will be) violating human rights. This section will also integrate perspectives of international law. Finally, the paper lays out suggestions for policy options in relation to international law and existing international normative frameworks. In conclusion, the paper offers a framework and way forward as food for thought in order to address cybersecurity operations in relation to PMSCs.

Read Full Text

This analysis was originally published by the Geneva Centre for Security Sector Governance.

About the Authors

Tim Maurer

Former Senior Fellow, Technology and International Affairs Program

Dr. Tim Maurer was a senior fellow in Carnegie’s Technology and International Affairs program.

Wyatt Hoffman

Former Senior Research Analyst, Cyber Policy Initiative

Wyatt Hoffman was a senior research analyst with the Nuclear Policy Program and the Cyber Policy Initiative at the Carnegie Endowment for International Peace.

Security Technology Iran

Carnegie India does not take institutional positions on public policy issues; the views represented herein are those of the author(s) and do not necessarily reflect the views of Carnegie, its staff, or its trustees.

More Work from Carnegie India

Research
For People, Planet, and Progress: Perspectives from India's AI Impact Summit
This collection of essays by scholars from Carnegie India’s Technology and Society program traces the evolution of the AI summit series and examines India’s framing around the three sutras of people, planet, and progress. Scholars have catalogued and assessed the concrete deliverables that emerged and assessed what the precedent of a Global South country hosting means for the future of the multilateral conversation.
+3
Nidhi Singh, Tejas Bharadwaj, Shruti Mittal, …
Article
India’s Press Note 3 Gamble: Opening the FDI Door to China
On March 10, 2026, India’s Union Cabinet approved amendments to Press Note 3, a regulation that mandated government approval on all foreign direct investment (FDI) from countries sharing a land border with India. This amendment raises questions primarily about whether its stated benefits will materialize and if the risks have been adequately weighed. This piece will address the same.
Konark Bhandari
Commentary
The Coming of Age of India’s Nuclear Triad
The induction of INS Aridhaman, which features several technological enhancements, now gives India the third nuclear ballistic missile submarine to ensure continuous at-sea deterrent.
Dinakar Peri
Article
India’s Oil Security Strategy: Structural Vulnerabilities and Strategic Choices
This piece argues that the present Indian strategy, based on opportunistic diversification and utilization of limited strategic reserves, remains inadequate when confronting supply disruptions. It evaluates India’s options in the short, medium, and long terms.
Vrinda Sahai
Article
What Could a Reciprocal Defense Procurement Agreement Do for U.S.-India Ties?
India and the United States are close to concluding a Reciprocal Defense Procurement Agreement (RDPA) that will allow firms from the two countries to sell to each other’s defense establishments more easily. While this may not remedy the specific grievances both sides may have regarding larger bilateral issues, an RDPA could restore some momentum, following the trade deal announcement.
Konark Bhandari

More Work from Carnegie India

Research

For People, Planet, and Progress: Perspectives from India's AI Impact Summit

This collection of essays by scholars from Carnegie India’s Technology and Society program traces the evolution of the AI summit series and examines India’s framing around the three sutras of people, planet, and progress. Scholars have catalogued and assessed the concrete deliverables that emerged and assessed what the precedent of a Global South country hosting means for the future of the multilateral conversation.

- +3
Nidhi Singh, Tejas Bharadwaj, Shruti Mittal, …

Article

India’s Press Note 3 Gamble: Opening the FDI Door to China

On March 10, 2026, India’s Union Cabinet approved amendments to Press Note 3, a regulation that mandated government approval on all foreign direct investment (FDI) from countries sharing a land border with India. This amendment raises questions primarily about whether its stated benefits will materialize and if the risks have been adequately weighed. This piece will address the same.

Konark Bhandari

Commentary

The Coming of Age of India’s Nuclear Triad

The induction of INS Aridhaman, which features several technological enhancements, now gives India the third nuclear ballistic missile submarine to ensure continuous at-sea deterrent.

Dinakar Peri

Article

India’s Oil Security Strategy: Structural Vulnerabilities and Strategic Choices

This piece argues that the present Indian strategy, based on opportunistic diversification and utilization of limited strategic reserves, remains inadequate when confronting supply disruptions. It evaluates India’s options in the short, medium, and long terms.

Vrinda Sahai

Article

What Could a Reciprocal Defense Procurement Agreement Do for U.S.-India Ties?

India and the United States are close to concluding a Reciprocal Defense Procurement Agreement (RDPA) that will allow firms from the two countries to sell to each other’s defense establishments more easily. While this may not remedy the specific grievances both sides may have regarding larger bilateral issues, an RDPA could restore some momentum, following the trade deal announcement.

Konark Bhandari