Friday, October 3, 2025
Friday, October 3, 2025
Aspen Digital’s offensive cyber project will explore putting in place legal protections for the private sector and the creation of an economic statecraft toolkit, as part of an effort to tackle complex issues in a priority area for the Trump administration.
The focus of the project is to think through new contexts of where offensive cyber can “be beneficial, what is permissible legally and where they may be better suited than they have been in the past,” Yameen Huq told Inside Cybersecurity. Huq is Aspen Digital’s director for cybersecurity programs.
Aspen Digital announced the project on Sept. 24, with two blog posts addressing different aspects of offensive cyber. The project came out of Aspen’s U.S. Cybersecurity Group, which has put together an Offensive Cyber Working Group.
Moving to offensive cyber is an area of interest for the Trump administration but finding a path forward to reach consensus on next steps is an evolving topic of conversation.
The first Aspen Digital post, authored by former Acting National Cyber Director Kemba Walden, proposes a taxonomy for understanding offensive cyber activities.
The second blog post emphasizes the need for continuing “cyber fundamentals,” as the focus shifts to offensive cyber. It was written by Sean Joyce, head of global and U.S. cybersecurity at PwC.
Huq said Aspen Digital will be publishing four additional articles as part of the offensive cyber project.
One of the pieces will explore “the legal implications of offensive cyber operations, specifically also the private sector version of what which is often colloquially called hacking back,” Huq said, in terms of “what is permissible, what is constrained and also some implications what might be some policy reforms based on the goals you want for those kinds of efforts.”
“A lot of that will revolve around who the private actors are, what the initial targets might be and how to think about whether or not it is a good policy position to engage on those types of activities depending on that context,” Huq said.
Another post will look at the organizational structure “for a model of what offensive cyber actions could look like,” Huq said. “There is a lot of discussions around building a new uniformed service, a Cyber Force. We want to lay out some ideas on how to think about that. What the purposes of that Force could be and how it ought to be structured and how it could potentially be beneficial for this line of work.”
Aspen Digital will look to broaden the scope of offensive cyber in a third article on “using cyber tools to potentially deter cyber behavior,” Huq said, with a focus “economic tools.”
Huq said, “The economic statecraft toolkit could be deployed for the purposes of deterring or degrading cyber behavior so we want to explore what the other options are in addition to the offensive cyber suite.”
The last article will explore “the inter-operational piece,” Huq said, “looking through the national cyber strategy as it stands and how to better structure policy efforts around offensive actions within the context of that strategy.”
Huq said, “We think it is an operationalized piece looking at the history of how these actions have been conducted and using that to align better with national efforts.”
Aspen Digital is also launching a new project exploring “what would a Bureau of Cyber Statistics look like,” according to Huq. The creation of a bureau is a recommendation from the Cyberspace Solarium Commission’s 2020 landmark report.
Huq said, “There are so many different examples you can draw from in the federal government about building, maintaining and operationalizing data for the purposes of public policy and thinking through some of those case studies and what we can learn from them in terms of implementing a BCS is something that we’ve been talking about.”