Defense contractors play a vital role in U.S. national security, including in cyber operations. But that role does not currently extend to the “hands-on-keyboard” work of hacking our adversaries. That authority is reserved for uniformed military personnel, even if they are using contractor-provided exploits.
That might be about to change. The Senate-reported National Defense Authorization Act for Fiscal Year 2027 contains a new authority for contractors to directly conduct offensive operations for the purposes of access development and maintenance. As the Senate gears up for floor consideration of this must-pass bill, policy questions are swirling. What are the implications for such a dramatic shift in doctrine? What’s driving the demand for this new authority? What are its potential benefits… and drawbacks? Are the guardrails in the legislative text sufficient? And how does it affect broader U.S. policy on offensive cyber?
Join Institute for Security and Technology adjuncts and friends for a spirited conversation on this very timely topic, and bring your questions, complaints, and hot takes!
