Private Power and the Future of Cyber Conflict

Image Source: Getty Images

Currently, only states are recognised as legitimate actors permitted to undertake countermeasures against their adversaries in the cyber domain. Under international law, states can launch targeted cyber operations, unlike other actors such as private firms and hacktivists (albeit with strict conditions). However, this status quo will probably change in light of recent events involving non-state actors, especially those in the private sector, including technology and cyber firms. Given the changing threat landscape and the rise in cyber attacks against non-state actors, private sector players have a larger role and aim to carry out tasks previously reserved for state actors, such as cyber operations.

IT Firms’ Entry into Cyber Geopolitics

In August 2025, Google announced its decision to start a special cyber unit, the disruption unit, responsible for disruption, by adopting new offensive measures. Sandra Joyche, Vice President of Google’s threat intelligence group, said “intelligence-led proactive identification of opportunities where we can actually take down some type of campaign or operation.” Emphasising the need to shift strategy, she underlined the need to change course. She added, “We have to get from a reactive position to a proactive one … if we’re going to make a difference right now.”

This decision comes in the backdrop of increasing cyber attacks against big tech in the West, from a constellation of cyber firms based in China and Russia. While the targeted attacks against private sector players in the West are not a new phenomenon, the involvement of foreign private sector players has reinvigorated cyber contests.

The non-state actors—especially cyber firms and big tech, taking responsibility as the quasi-state players on both sides—will have profound implications on how cyber warfare is played. How the private cyber actors engage with each other in cyberspace will alter the game’s rules in the domain. This creates the need for new rules of engagement, which would make this domain safer and more trustworthy.

Chinese Private Companies and Russian Cyber Firms: New Actors in Cyberspace 

In the Chinese case, the role of private cyber firms, which has remained an open secret for a long time, is becoming even more accentuated. Recently, it was revealed that three Chinese companies—Sichuan Zhixin Ruijie Network Technology Co., Ltd, Beijing Juanyu Tianqiong Information Technology Co., Ltd, and Sichuan Juxinhe Network Technology Co., Ltd—were involved in Salt Typhoon’s cyber operations, supporting the Chinese intelligence and the Ministry of State Security (MSS) with cyber-related products and services. For instance, Sichuan Networks, sanctioned earlier in 2025, is accused of targeting the United States’ (US) critical infrastructure, including telecommunication and telecom service providers. Other companies involved are Integrity Technology Group Inc., Sichuan Silence Information Technology Company Ltd., and Wuhan Xiaoruizhi Science and Technology Company, Ltd (Wuhan XRZ).

While some of these companies operate as a front for the MSS, others are either directly involved in Chinese malicious cyber operations as government contractors, providing their services directly, such as lending cyber infrastructure for probing and exploiting network routers, or indirectly through moonlighting workers. An example is Guan Tainfeng, an employee of Sichuan Silence, who was accused of using his employer’s pre-positioning device for the 2020 firewall compromise.

Similarly, in Russia, Private firms operating within information security play a critical role in state-sponsored cyber operations. Russian cyber firms such as Pozitiv Teknolodzhiz, AO (named Positive Technologies), security code, and Kaspersky are aiding and abetting the state’s cyber network operations. The US has accused Positive Technologies of providing Russian Intelligence, such as the Federal Security Service (FSB), with technical support, such as offensive hacking tools and knowledge. Other services shared include supporting operational activities, lending cyber infrastructure, and assisting in the development of tools. Kaspersky, an antivirus firm, was banned in the US, citing national security risks, given its software business, which poses huge cyber espionage risks.

 In all these cases, these private counterintelligence actors increasingly align with the state’s geopolitical goals, working as contractors for their military and intelligence agencies.

For a long time, the US response to Chinese and Russian cyber operations against its public and private sectors has incentivised the government to forge a close cybersecurity partnership with businesses, particularly the big tech. However, with increasing threats in cyberspace due to private sector participation from enemy states, a rethinking is underway in the US. Some cybersecurity experts and policymakers have welcomed Google’s decision in this context. Furthermore, with the increasing economic interest of big tech companies, they are likely to become more involved in cybersecurity measures, including offensive operations.

Private Sector and Counter Cyber Operations: East’s Expansion and West’s Recalibration 

Through Google’s recent announcement, increasing economic costs and lack of state support have forced the private sector to step up. This development can alter the US cyber strategy, moving towards active cyber defence, allowing hack back, and enabling private companies to strike against foreign threat actors. One example of this change was recently observed in Sophos, a cybersecurity firm. The firm undertook a defensive and counter-offensive operation focused on removing malicious code in firewalls installed by Chinese-based threat actors. Others have also undertaken targeted operations directed by court-authorised action, avoiding the Computer Fraud and Abuse Act (CFAA), which restricts access to computers outside their networks without permission.

Given the expanding presence of Chinese and Russian non-state actors in cyberspace, the US is also pondering allowing offensive measures to be normalised. The Trump administration’s 2018 Cyber Strategy, and the announcement of persistent engagement and defending forward during his first term, signalled a move in this direction. In his second tenure, the administration is discussing letters of marque by allowing cyber privateering contracts and enabling the private sector to play a prominent role. Alexei Bulazel, the Senior Director for cyber at White House’s National Security Council, said “we can work with the private sector … [to] proactively patch those vulnerabilities… and maybe conduct an operation against the adversary.” The Scams Farms Act, which aims to amend CFAA, allowing companies to strike back, is also part of the response.

Between Scylla and Charybdis: Initiative or State Reliance

Nonetheless, challenges persist. If such instances are institutionalised through laws and policies, new problems will emerge. Any legal backing for cyber firms to undertake limited offensive operations, even under government supervision, would make them a legitimate target, blurring the line between what is permissible and what isn’t. Besides, cases of cyber vigilantism remain a possibility. Considering these issues, cyber defence experts have cautioned against the ‘hack back’ model, especially due to its legal and ethical issues. Questions also arise about states’ responsibility and sovereign control over external offensive operations, apart from concerns related to attribution, escalation, deconfliction, and the success of cyber hack back.

Conversely, recognising the cyber reality, sticking with the status quo is also not pragmatic. Therefore, some measures will likely emerge within the existing framework. Some have advocated for delegating the response to the state, if necessary. On the other hand, some have recommended following the framework shown in Sophos’ Operation case (limiting the scope to intelligence function—data collection), which follows responsible behaviour and promotes accountability.

The intensifying cyber competition and growing participation of big tech and cyber firms are ushering in a new phase in global cyber politics. As part of this new arrangement, the private sector’s role in cyber contests will grow, moving out of the shadows and becoming mainstream, including future cyber warfare. Therefore, considering their upcoming quasi-status, they would no longer have immunity, making them an essential stakeholder and a target. While all of this is inevitable, the change will take time. The increasing participation of private cyber firms presents both opportunities and challenges. However, the roles, responsibilities, and regulations the government prescribes for the private sector will determine which aspect (offence vs defence) will become dominant and which way (limited participation vs greater autonomy) the needle will point.

Abhishek Sharma is a Junior Fellow with the Strategic Studies Programme, Observer Research Foundation.

The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.