The Harvard National Security Journal has just posted a very interesting essay by Steven Bradbury entitled The Developing Legal Framework for Defensive and Offensive Cyber Operations. (Steve was my successor in running the Office of Legal Counsel for the last four and a half years of the Bush administration.) Steve says he is “not a noted expert on cybersecurity,” but then adds that he “did have occasion to advise on cybersecurity issues” while in OLC. As the head of OLC he wrote an important opinion on the legality of the EINSTEIN 2.0 intrusion detection system for government networks (a decision affirmed and elaborated upon by my colleague David Barron when he was running OLC for the Obama administration.) Part of Steve’s essay tracks his OLC opinion in explaining why EINSTEIN 2.0 is consistent with the Fourth Amendment and relevant statutes. But Steve goes beyond that opinion and addresses several further issues. He emphasizes that he is “speaking only for [himself] — not for my law firm and not for any current or former client.” Nonetheless, the issues he addresses, and the tentative answers he gives, shed more light on the cybersecurity legal issues facing the government, and how the government might be thinking about them, than any source I know.