PRAGUE — The Trump administration is not considering cyber “letters of marque” or allowing private companies to carry out cyberattacks on behalf of the U.S. government, senior White House officials said this week, pushing back on growing speculation about the role of industry in U.S. cyber operations.

Thomas Lind, a senior adviser at the Office of the National Cyber Director, acknowledged at the Prague Cyber Security Conference on Tuesday that the administration’s four-page national cyber strategy, unveiled earlier this month, called for a more aggressive approach against criminal networks and adversarial governments.

The strategy reflects a broader shift inside the administration toward more routine use of offensive cyber capabilities. A senior National Security Council official previously told Recorded Future News the U.S. would work at “destigmatizing and normalizing” offensive cyber capabilities for the sake of changing the calculus for threat actors.

Responding to questions from European officials, Lind rejected suggestions that this meant the government would rely on private companies to conduct offensive operations.

“We have to impose heavy costs. We need to do it more often, and we need to do it in a more routine and coordinated fashion,” Lind said. He added that those responses will not necessarily mirror the attacks themselves: “We don’t have to cyber them because they’ve cybered us.”

Imposing such costs means the U.S. needs “to bring in the private sector,” said Lind, before stressing: “That does not mean hack back, that does not mean letters of marque,” he said. “We’re not interested in fighting pirates with pirates.”

National Cyber Director Sean Cairncross also addressed the issue Tuesday at the McCrary Cyber Summit in Washington, D.C., where he called for closer cooperation with industry while specifying that “private sector, industry or companies engaging in cyber offensive campaigns — that's not what we're talking about.”  

“What I'm talking about are the technical capabilities, the ability of our private sector to illuminate the battlefield from what they're seeing,” he said. “There's an enormous amount of capability on the private sector side, and now we have a steer from the United States government that we are looking for real partnership."

Earlier national security strategy documents reported on by Recorded Future News highlighted the importance of the U.S. government’s partnerships with the private sector to enable “real-time discovery, attribution, and response” to various threats.

The officials’ remarks follow weeks of speculation, fueled by reporting and policy proposals in Washington, that the administration could seek to expand the operational role of private companies in disrupting adversary networks — mirroring the use of non-state actors in countries such as China, Russia and Iran to achieve state objectives.

Many companies do have existing processes for coordinating with U.S. law enforcement to disrupt hostile actors. Businesses including Microsoft recently collaborated with the Department of Justice to tackle the Lumma infostealer’s infrastructure.

Lind described a similar model for collaboration centered on coordination and scale, with the private sector helping to identify threats and providing support for government-led actions, although the specifics of what these actions would look like remains unclear.

“We need to aggressively engage and leverage the private sector at scale in a way that we haven’t done already,” said Lind.

Additional reporting by Suzanne Smalley.