{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiawuqcepdkrg7iby4gegrxsw6zhjlyk7ke3bkx6zab25mv4rmfntq",
    "uri": "at://did:plc:kyxdufbi5qaljy7bxivztuhy/app.bsky.feed.post/3miio65pdrbo2"
  },
  "path": "/blog/archives/2026/04/is-hackback-official-us-cybersecurity-strategy.html",
  "publishedAt": "2026-04-01T16:57:35.000Z",
  "site": "https://www.schneier.com",
  "tags": [
    "Uncategorized",
    "cybersecurity",
    "hackback",
    "hacking",
    "national security policy",
    "Cyber Strategy for America",
    "noticed",
    "link",
    "incredibly dumb idea"
  ],
  "textContent": "The 2026 US “Cyber Strategy for America” document is mostly the same thing we’ve seen out of the White House for over a decade, but with a more aggressive tone.\n\nBut one sentence stood out: “We will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities.” This sounds like a call for hackback: giving private companies permission to conduct offensive cyber operations.\n\n_The Economist_ noticed (alternate link) this, too.\n\nI think this is an incredibly dumb idea:\n\n> In warfare, the notion of counterattack is extremely powerful. Going after the enemy­—its positions, its supply lines, its factories, its infrastructure—­is an age-old military tactic. But in peacetime, we call it revenge, and consider it dangerous. Anyone accused of a crime deserves a fair trial. The accused has the right to defend himself, to face his accuser, to an attorney, and to be presumed innocent until proven guilty...",
  "title": "Is “Hackback” Official US Cybersecurity Strategy?"
}