Internet-borne disruptions in 2016 were a wakeup call to society’s dependence on undependable technology. For societal infrastructure, such as transportation, energy, healthcare, and the Internet of Things (IoT) the consequences of cybersecurity failure impact human life, public safety, national security, and economic prosperity. At the same time, capability to disrupt these technological dependencies is increasingly available to high-intent, low-capability adversaries who wish to do harm. In response, the Atlantic Council became a force to catalyze societal resilience through policies for more trustworthy technology dependencies.
About the Cyber Statecraft Initiative
In December 2015, a targeted attack disrupted the Ukrainian energy grid until they could fall back on decades-old manual processes. In January, 2016 Hollywood Presbyterian Hospital shut down for weeks as Ransomware (financially-motivated cybercriminal software) accidentally disrupted a critical patient care system. Since then, this common plague has impacted many other parts of societal infrastructure, including transportation (Bay Area Rapid Transit and German S-Bahn), energy (electric providers and oil & gas), and healthcare (most prominently, twenty per cent of the UK National Health Trusts)around the world. A pseudonymous individual commandeered poorly secured IoT devices to disrupt large portions of the US Internet, then published the tools online for anyone to use. The specter of hackable voting machines threw the U.S. electoral system into chaos, disrupting the normal course of the Presidential election. Meanwhile, political parties and figures were targeted by an information campaign after communications and documents were stolen through low-skill hacking techniques.
In the face of these societal disruptions, the Cyber Statecraft Initiative brought a new resources and focus. The Council invested in a new team, Director Joshua Corman and Deputy Director Beau Woods, who brought new connections and credibility from the grassroots initiative “I Am The Cavalry.” The focus on cybersecurity impacts on public safety, national security, and economic prosperity allowed bold, swift action on a topic where urgency is merited.
Hacking Cyber Literacy: A Knowledge Project: The Cyber Statecraft Initiative will focus on bridging the divide between cybersecurity and policy, specifically between Washington, DC and Silicon Valley, through shared knowledge and the translation of core principles in the cybersecurity field, resulting in a common vocabulary and understanding of the most important cybersecurity and policy issues. To do this, the Cyber Statecraft Initiative will develop technically literate resources to inform policy decision-makers. We intend to generate educational products using illustrations, videos, polling, storytelling, metaphors, psychological marketing, and other techniques. As a result, our products will promote technically literate policy decisions. This process will generate content that can be used and reused in future work and that can catalyze new networks of trusted experts from a diversity of backgrounds and experience.
An economic analysis of cyber supply chain security. An important issue needing attention is understanding the difference between existing liability regimes for public safety and those for software—as it relates to the Internet of Things, they come into conflict. Where accountability for cybersecurity is undefined, manufacturers, business customers, and consumers are all taking on indeterminate risk. This situation is likely to change when a high-profile, high-consequence Internet of Things hack hits media headlines. An abrupt change is likely to be a jarring, disruptive event to markets, prosperity, and trust, unless a thoughtful analysis has been conducted that conveys the benefits of alternative courses of action across the ecosystem. No one has yet tackled the economic, legal, and market tradeoffs of different accountability roles, and how to optimize for that thoughtful transition, with representative experts from these diverse fields.
Entering 2014, and still relatively at the dawn of the Information Age, we face a dilemma with regards to cyberspace and the stakes could not be higher: ensuring the Internet and cyberspace remain at least as free, and as awesome, for future generations as they have been for ours. The Cyber Statecraft Initiative has accordingly made "Saving Cyberspace" the mission to guide its work with many novel concepts and projects to help bring this vision to a practical reality in Washington DC and other national capitals and technology centers.
Download the Saving Cyberspace overview
A Fierce Domain: Conflict in Cyberspace, 1986 to 2012 explores the twenty-six-year history of cyber conflict and analyzes case studies of the most significant cyber incidents. It is the first book of its kind—a comprehensive, accessible history of cyber conflict. A Fierce Domain reaches back to look at the major “wake-up calls,” the major conflicts that have forced the realization that cyberspace is a harsh place where nations and others contest for superiority. The book identifies the key lessons for policymakers, and, most importantly, where these lessons greatly differ from popular myths common in military and political circles.