Keep up with our work!

Follow us on Twitter for to keep up with the latest cybersecurity developments

Follow us on Spotify for the latest and greatest in cyber-themed music playlists

Follow the Atlantic Council on LinkedIn for the the latest geopolitical analysis

Events

Online Event Mon, July 17, 2023 • 11:30 am ET

Getting to fault tolerant: Policy for secure and resilient cloud computing

A panel discussion on cloud computing, its emerging criticality, and what role policy can play in helping ensure its secure and resilient adoption.

Cybersecurity Internet
Public Event Thu, April 20, 2023 • 1:45 pm ET

On Breaking Things: Melding Cyber and Kinetic in Conflict

A panel discussion on lethal outcomes of cyber operations, coordination between cyber and kinetic forces, and integration of cyber options in future warfare within the context of larger intelligence and military behaviors.
Conflict Cybersecurity Security & Defense
Public Event Thu, April 6, 2023 • 10:15 am ET

Rebalancing responsibility: Implementing the National Cybersecurity Strategy

Top United States government leaders discuss and answer questions on the latest US cyber strategy, what the NCS offers to the public, and how it will be implemented in a panel discussion.
Cybersecurity National Security Technology & Innovation United States and Canada

Cyber Statecraft projects

Cloud security & policy

Cloud computing is more than technology and engineering minutia—it has real social and political consequences. Cloud providers influence the pace and direction of economic growth, shape international security competition, and mediate access to technologies which today inform changes in the global balance of power.

Cyber 9/12 Strategy Challenge

The Cyber 9/12 Strategy Challenge is an annual cyber policy and strategy competition where students from across the globe compete in developing policy recommendations tackling a fictional cyber catastrophe.

Breaking Trust: Software Supply Chain Insecurity

The Breaking Trust project seeks to catalog software supply chain intrusions and identify major trends and implications from their execution. This project remains ongoing to highlight the need for a more coherent policy response together with action from industry and open-source communities.

The Proliferation of offensive cyber capabilities

The proliferation of offensive cyber capabilities (OCC) presents an expanding set of risks to states and challenges commitments to protect openness, security, and stability in cyberspace. As these capabilities continue to proliferate with increasing complexity and to new types of actors, the imperative to slow and counter their spread only strengthens.

Open source software

Open source software underlies much of the modern digital world, enabling massive productivity and remarkable creation. That criticality, born of OSS’s success, creates challenges for resourcing, security, and long-terms sustainability. The future of the open-source ecosystem will depend on improved policy conversations, public funding, and bolstered industry support. This project remains ongoing to highlight the need for improved policy together with action from industry and open-source communities to support this critical digital infrastructure.

Cyber safety and control systems security

Operational technology (OT) cybersecurity encompasses the software, hardware, policies, personnel, and services deployed to protect physical systems. These systems comprise the backbone of national critical infrastructure and represent tangible links between society and its digital tools and data.

Seeking resilience in cyberspace

Mission resilience is the ability of a mission system to prevent, respond to, and/or adapt to both anticipated and unanticipated disruptions, optimizing efficacy and long-term value. Resilient mission systems should have the capacity to continue mission essential operations while contested, gracefully degrading through disruption rather than collapsing all at once.

The 5×5 series

The 5×5 series by the Cyber Statecraft Initiative features five experts answering five questions on a common theme, trend, or current event in the world of cyber.

The Cyber Moonshot

The Cyber Statecraft Initiative has established a new project to communicate core themes and concepts in cybersecurity through a series of short stories in a way that is fun and approachable to a broader audience than conventional policy analysis/publication.

Cyber Statecraft team

Staff

Trey Herr

Senior Director

Cyber Statecraft Initiative Digital Forensic Research Lab

Cybersecurity Digital Policy

Staff

Safa Shahwan Edwards

Director, Capacity Building & Communities

Cyber Statecraft Initiative Digital Forensic Research Lab

Cybersecurity Spanish

Fellow

Will Loomis

Nonresident Fellow

Cyber Statecraft Initiative

Cybersecurity

Staff

Emma Schroeder

Associate Director

Cyber Statecraft Initiative Digital Forensic Research Lab

Conflict Cybersecurity

Staff

Stewart Scott

Associate Director

Cyber Statecraft Initiative Digital Forensic Research Lab

Cybersecurity Disinformation

Staff

Maia Hamin

Associate Director

Cyber Statecraft Initiative Digital Forensic Research Lab

Cybersecurity Technology & Innovation

Staff

Jen Roberts

Assistant Director

Cyber Statecraft Initiative Digital Forensic Research Lab

Cybersecurity French

Staff

Alexander Beatty

Assistant Director

Cyber Statecraft Initiative Digital Forensic Research Lab

Cyber Statecraft fellows

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

The Atlantic Council’s Digital Forensic Research Lab is building the world’s leading hub of digital forensic analysts (#DigitalSherlocks).

The DFRLab

At the Atlantic Council’s DFRLab, our mission is:

To identify, expose, and explain disinformation where and when it occurs using open source research; to promote objective truth as a foundation of government for and by people; to protect democratic institutions and norms from those who would seek to undermine them in the digital engagement space.

To create a new model of expertise adapted for impact and real-world results.

To forge digital resilience at a time when humans are more interconnected than at any point in history, by building the world’s leading hub of digital forensic analysts tracking events in governance, technology, security, and where each intersect as they occur, as well as a network of #DigitalSherlocks.

Visit DigitalSherlocks.org Check out the DFRLab on Medium Sign up for The Source newsletter
Cyber Statecraft Initiative

Report Feb 16, 2022

Financing & genocide: Development finance and the crisis in the Uyghur Region

A joint report that reveals how the World Bank’s International Finance Corporation (IFC) has significant investments in China’s Xinjiang Uyghur Autonomous Region, where indigenous peoples have been subjected to what international legislators, legal scholars, and advocates have determined to be a genocide.

Read More
Cyber Statecraft Initiative

Report Jan 4, 2022

After the insurrection: How domestic extremists adapted and evolved after the January 6 US Capitol attack

By Jared Holt

This report by the Digital Forensic Research Lab (DFRLab) provides an overview and analysis of the shifts observed in domestic extremist movements since the 2021 Capitol attack.
Elections Rule of Law
Cyber Statecraft Initiative

In-Depth Research & Reports Jul 22, 2021

Information defense: Policy measures taken against foreign information manipulation

By Jean-Baptiste Jeangène Vilmer

A joint report from the Atlantic Council’s Digital Forensic Research Lab and Europe Center on the policy measures government and private sector can take against foreign information manipulation.
Cybersecurity Digital Policy

Content

Report

Nov 7, 2022

The cyber strategy and operations of Hamas: Green flags and green hats

By Simon Handler

This report seeks to highlight Hamas as an emerging and capable cyber actor, and help the policy community understand how similar non-state groups may leverage the cyber domain in the future.

Conflict Cybersecurity

The 5×5

Oct 26, 2022

The 5×5—Non-state armed groups in cyber conflict

By Simon Handler

Five experts from various backgrounds assess the emerging threats posed by non-state armed groups in cyber conflict.

Conflict Cybersecurity

Issue Brief

Oct 17, 2022

China’s surveillance ecosystem and the global spread of its tools

By Bulelani Jili

This paper seeks to offer insights into how China’s domestic surveillance market and cyber capability ecosystem operate, especially given the limited number of systematic studies that have analyzed its industry objectives.

Cybersecurity

New Atlanticist

Oct 12, 2022

Experts react: The hits and misses in Biden’s new National Security Strategy

By Atlantic Council experts

We put the call out to our experts from across the Atlantic Council: Does this document deliver? What does it get right and what’s missing?

Middle East National Security

The 5×5

Sep 28, 2022

The 5×5—The Internet of Things and national security

By Simon Handler

Five experts from various backgrounds assess the national security challenges posed by IoT and discuss potential solutions.

Cybersecurity Digital Policy

Report

Sep 26, 2022

Security in the billions: Toward a multinational strategy to better secure the IoT ecosystem

By Patrick Mitchell, Liv Rowley, and Justin Sherman with Nima Agah, Gabrielle Young, and Tianjiu Zuo

The explosion of Internet of Things (IoT) devices and services worldwide has amplified a range of cybersecurity risks to individuals’ data, company networks, critical infrastructure, and the internet ecosystem writ large. In light of this systemic risk, this report offers a multinational strategy to enhance the security of the IoT ecosystem. It provides a framework for a clearer understanding of the IoT security landscape and its needs, looks to reduce fragmentation between policy approaches, and seeks to better situate technical and process guidance into cybersecurity policy.

Cybersecurity Internet of Things

Article

Sep 22, 2022

Assumptions and hypotheticals: Second edition

By Emma Schroeder

In the second "Assumptions and Hypotheticals," we explore various topics, including the cyber sovereignty debate, the question of an attribution threshold, and the utility of cyber tools in crisis escalation.

Cybersecurity

Issue Brief

Sep 19, 2022

Untangling the Russian web: Spies, proxies, and spectrums of Russian cyber behavior 

By Justin Sherman

This issue brief analyzes the range of Russian government’s involvement with different actors in the large, complex, and often opaque cyber web, as well as the risks and benefits the Kremlin perceives or gets from leveraging actors in this group. The issue brief concludes with three takeaways and actions for policymakers in the United States, as well as in allied and partner countries.

Cybersecurity Russia

Blog Post

Sep 15, 2022

Policy hackers take Vegas

By Will Loomis, Safa Shahwan Edwards, Trey Herr, Stewart Scott, and Sarah Powazek

Every year, in the early August heat, thousands of hackers from around the world head to Las Vegas, Nevada for a series of cybersecurity conferences known as Hacker Summer Camp. This year, the Cyber Statecraft Initiative – and a few friends – decided to ship out to see what all the hype is about.

Cybersecurity

Report

Sep 14, 2022

Dragon tails: Preserving international cybersecurity research

By Stewart Scott, Sara Ann Brackett, Yumi Gambrill, Emmeline Nettles, Trey Herr

A quantitative study on whether legal context can impact the supply of vulnerability research with detrimental effects for cybersecurity writ large through the coordinated vulnerability disclosure process (CVD), using recent regulations in China as a case study.

China Cybersecurity
Load More