pdfRead the Publication (PDF)

The aviation industry is faced with a complex and critical challenge to carefully balance costs with evolving business imperatives, customer demands, and safety standards. The increasing use of new technologies in the movement towards automation has yielded efficiencies and enhanced the customer experience. Yet, it has also inadvertently created vulnerabilities for exploitation. As a central component of commerce, trade, and transportation infrastructure, the aviation industry is indispensable to the global economy. The consequences of failure would carry direct public safety and national security implications.

pdfRead the Publication
In 2016, a series of highly impactful and publicized disruptions provided a wake-up call to societies on both sides of the Atlantic making obvious their dependence on inherently unpredictable technology. Just before the year began, a targeted attack disrupted the Ukrainian energy grid, forcing its operators to fall back on decades-old manual processes, and a similar attack followed late in the year. The Hollywood Presbyterian Hospital in Los Angeles was forced to shut down for weeks as a critical patient-care system was unintentionally disrupted by ransomware—a common plague that impacted many other parts of societal infrastructure through the year, including San Francisco’s Bay Area Rapid Transit (BART), US electricity providers, and hospitals in the United States and across Europe. At the same time, a botnet of poorly secured devices disrupted large portions of the US Internet and knocked more than one million German households offline. And while the Russian breach of the Democratic National Committee (DNC) and the associated influence campaign continue to shock many in the United States and beyond, the specter of hackable voting computers also cast doubt on the US electoral system in the lead-up to and aftermath of the presidential election.

pdfRead the Publication (PDF)
Last year, the Barack Obama administration issued PPD-41, “Cyber Incident Protection,” setting forth cyber security incident roles and missions for federal agencies but with no explicit reference to the Department of Defense (DoD). By contrast, the DoD Cyber Strategy provides that DoD will be prepared to “defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyberattacks of significant consequence.” Certainly, in a conflict where an adversary will utilize cyber as part of an overall military attack, the DoD will necessarily play a major operational role. This paper discusses what that role should entail.

pdfRead the Publication (PDF)

The Internet of Things (IoT) is the next step in the evolution of wireless networks. Analysts predict the IoT will double in size to nearly 50 billion devices by 2020, comprising a $1.7 trillion market. One of the greatest opportunities still lies ahead in the form of the “smart home.”


Read the Report Online

pdfRead the Report (PDF)
pdfRead the FAQ's (PDF)

In 2030, will the Internet and related information and communications technologies (ICTs) continue to drive global innovation and prosperity? Or will that bright promise be swamped by an unstable and insecure Internet, so overwhelmed by non-stop attacks that it has become an increasing drag on economic growth? The answers, as far as we can predict, are not promising and mean the difference in tens of trillions of dollars in global economic growth over the next fifteen years.
The Internet of Things of digital, networked technology is quickly moving to the forefront of society, the global economy, and the human experience.

Individuals wear networked devices to learn more about themselves, their diet, their exercise regimen, and their vital signs. Doctors can adjust and optimize implanted medical devices, such as pacemakers, quickly and accurately—and often with no need for intrusive medical procedures. The rewards of networked healthcare come with overlapping areas of concern that have to address to fully unlock the potential of these technologies.
The Internet makes everyone neighbors in cyberspace, connected by a digital infrastructure that serves as the bedrock of their communities. But despite pockets of excellence, the neighborhood-watch system is broken. Not all kinds of sharing are equal, as many organizations involved in cyber defense are net consumers—not suppliers—of shareable cybersecurity information.
pdfRead the Report (PDF)
Confidence-building measures (CBMs) are an instrument of interstate relations aimed to strengthen international peace and security by reducing and eliminating the causes of mistrust, fear, misunderstanding, and miscalculations that states have about the military activities of other states.

The anonymous and complex nature of the Internet and the potency, low cost, and deniability of cyber operations make them potentially counterproductive to building trust. CBMs, as confidence and trust-building concepts, are particularly suitable for cyberspace. However, the application of these measures have yet to be extensively applied in cyberspace. Because cyberspace is predominantly dominated not by the actions of states but nonstate actors, CBMs for cyberspace must thus be inclusive of all stakeholders active in cyberspace. They must reduce risk and support trust by either building on preexisting concepts and mechanisms from other domains of international relations or by creating unique bottom-up approaches.

Confidence-Building Measures in Cyberspace: A Multistakeholder Approach for Stability and Security, a new Cyber Statecraft Initiative report from the Atlantic Council's Brent Scowcroft Center on International Security, analyzes different ways to involve private-sector actors and build confidence without extensive legal or political action by states. Authors Jason Healey, John C. Mallery, Klara Tothova Jordan, and Nathaniel V. Youd recommend four types of CBMs--collaboration, crisis management, restraint, and engagement measures--which can be established to mitigate potentially escalatory effects of activities in cyberspace. The measures proposed in this report suggest a multistakeholder-centric approach to leverage all possible stakeholders to improve overall Internet resilience and decrease the chances of miscalculation, mistrust, and misunderstanding.
When it comes to elections, the vast majority of the world still votes on paper. Yet given the universal connectivity of services where almost every task can be completed online or electronically, this illustrates a curious anomaly. Why are those technologies that have revolutionized our daily lives not being used to bring the electoral process into the twenty-first century?

Online voting and  e-voting could become a larger part of the political process in the United States and in other participatory democracies with the right security to back it up, according to Online Voting: Rewards and Risks, a new Atlantic Council study by Brent Scowcroft Center on International Security Nonresident Senior Fellow Peter Haynes conducted in collaboration with McAfee, part of Intel Secutity.

pdfRead the Report (PDF)

This Week’s Internet Conference in Istanbul Follows an Historic Debate at Brazil’s NETmundial

“History,” John W. Gardner reputedly said, “never looks like history when you are living through it.” Maybe that is why one of the recent years’ biggest events in shaping the future of the Internet got so little attention recently. Global news media largely ignored the conference, called NETmundial, which took place in April in Sao Paulo, Brazil. Yet some potentially historic developments took place there. In true Internet form, the results were slightly ambiguous.

NETmundial was one of a series of conferences and debates that gradually are shaping the future model of governance for the Internet. Its biggest impact may have been to reverse the momentum in that debate away from those (led by Russia) who favor an internet run mainly by governments – and toward pluralists (mostly from liberal democracies) who want to keep civil society and the private sector involved. Still, this battle will continue, leading up to what is seen as a potentially critical conference to be held in fall 2015 in New York. And the discussions at NETmundial suggest that the pluralist, or “multi-stakeholder” vision for the Internet may need a little help if it is to survive.