{
"authors": [
"Tim Maurer",
"Wyatt Hoffman"
],
"type": "other",
"centerAffiliationAll": "dc",
"centers": [
"Carnegie Endowment for International Peace"
],
"collections": [
"Cyber and Digital Policy"
],
"englishNewsletterAll": "ctw",
"nonEnglishNewsletterAll": "",
"primaryCenter": "Carnegie Endowment for International Peace",
"programAffiliation": "TIA",
"programs": [
"Technology and International Affairs"
],
"projects": [],
"regions": [
"Iran"
],
"topics": [
"Security",
"Technology"
]
}
Source: Getty
A look at the emerging and expanding gaps in the governance of private cybersecurity companies and activities and the ways forward and policy options for governments.
Source: Geneva Centre for Security Sector Governance
This paper seeks to identify the emerging and expanding gaps in the governance of private cybersecurity companies and activities and to explore ways forward and policy options for governments. First, it explores the characteristics of typical cyber operations and challenges related to their conduct by private actors. Thereafter, it addresses the governance challenges around cybersecurity and three main departure points for regulation: the fact that geographic scope does not limit cybersecurity companies, that cyber operations can slide from defensive to offensive very quickly; and that cybersecurity services are often exported for the purpose of (or with the knowledge they will be) violating human rights. This section will also integrate perspectives of international law. Finally, the paper lays out suggestions for policy options in relation to international law and existing international normative frameworks. In conclusion, the paper offers a framework and way forward as food for thought in order to address cybersecurity operations in relation to PMSCs.
This analysis was originally published by the Geneva Centre for Security Sector Governance.
Tim Maurer
Former Senior Fellow, Technology and International Affairs Program
Dr. Tim Maurer was a senior fellow in Carnegie’s Technology and International Affairs program.
Wyatt Hoffman
Former Senior Research Analyst, Cyber Policy Initiative
Wyatt Hoffman was a senior research analyst with the Nuclear Policy Program and the Cyber Policy Initiative at the Carnegie Endowment for International Peace.
Carnegie does not take institutional positions on public policy issues; the views represented herein are those of the author(s) and do not necessarily reflect the views of Carnegie, its staff, or its trustees.
This collection of essays by scholars from Carnegie India’s Technology and Society program traces the evolution of the AI summit series and examines India’s framing around the three sutras of people, planet, and progress. Scholars have catalogued and assessed the concrete deliverables that emerged and assessed what the precedent of a Global South country hosting means for the future of the multilateral conversation.
Nidhi Singh, Tejas Bharadwaj, Shruti Mittal, …
Following Ursula von der Leyen’s gaffe equating Turkey to Russia and China, relations with Ankara risk deteriorating even further. Without better, more consistent diplomatic messaging, how can the EU pretend to be a geopolitical power?
Sinan Ülgen
For Lukashenko, abandoning Western internet services and embracing Russian equivalents would mean tying himself even closer to Moscow.
Artyom Shraibman
On March 10, 2026, India’s Union Cabinet approved amendments to Press Note 3, a regulation that mandated government approval on all foreign direct investment (FDI) from countries sharing a land border with India. This amendment raises questions primarily about whether its stated benefits will materialize and if the risks have been adequately weighed. This piece will address the same.
Konark Bhandari
Here’s why—and what the next president needs to do to fix the process.
Daniel C. Kurtzer, Aaron David Miller