Content

Report

Sep 26, 2022

Security in the billions: Toward a multinational strategy to better secure the IoT ecosystem

By Patrick Mitchell, Liv Rowley, and Justin Sherman with Nima Agah, Gabrielle Young, and Tianjiu Zuo

The explosion of Internet of Things (IoT) devices and services worldwide has amplified a range of cybersecurity risks to individuals’ data, company networks, critical infrastructure, and the internet ecosystem writ large. In light of this systemic risk, this report offers a multinational strategy to enhance the security of the IoT ecosystem. It provides a framework for a clearer understanding of the IoT security landscape and its needs, looks to reduce fragmentation between policy approaches, and seeks to better situate technical and process guidance into cybersecurity policy.

Cybersecurity Internet of Things

Feature

Aug 5, 2022

Operational technology: Cloudy, with a chance of data 

By Emma Schroeder

In the second episode of The Cyber Moonshot, we again follow Neymar, Zafira, and Ernest in a quaint little food court on the surface of the moon. Follow along in their journey to understand the operational technology-cloud convergence and track down the path of the malware that has infected their port - before it becomes a permanent winter wonderland!

Issue Brief

Jun 14, 2022

Victory reimagined: Toward a more cohesive US cyber strategy

By Emma Schroeder, Stewart Scott, Trey Herr

US policy is on two potentially divergent paths: one that prioritizes the protection of American infrastructure through the pursuit of US cyber superiority, and one that seeks an open, secure cyber ecosystem.

Cybersecurity Security & Defense

Buying Down Risk

May 3, 2022

Buying down risk: Container security

By Trey Herr, Robert Morgus, Stewart Scott, and Tianjiu Zuo

Industry's move towards container architectures provides great promise for dynamic systems and service provision, but it also brings up new concerns and opportunities for the cybersecurity ecosystem.

Cybersecurity Technology & Innovation

Buying Down Risk

May 3, 2022

Buying down risk: Open source software

By Trey Herr, Robert Morgus, Stewart Scott, and Tianjiu Zuo

Open-source software underpins most modern code, and the unique incentives and constraints its developers face pose a tricky set of challenges for the cybersecurity ecosystem.

Cybersecurity Technology & Innovation

Buying Down Risk

May 3, 2022

Buying down risk: Complexity management

By Trey Herr, Robert Morgus, Stewart Scott, and Tianjiu Zuo

The ever-increasing complexity of software programs and services can become a security and operational challenge in and of itself, increasing ecosystem-wide risk.

Cybersecurity Technology & Innovation

Buying Down Risk

May 3, 2022

Buying down risk: Software provenance and composition

By Trey Herr, Robert Morgus, Stewart Scott, and Tianjiu Zuo

SBoM adoption is picking up pace, aiming to provide better insight into and contractual leverage for software components—increased investment, standardization, and coordination can help fully develop SBoM use.

Cybersecurity Technology & Innovation

Buying Down Risk

May 3, 2022

Buying down risk: Cyber liability

By Trey Herr, Robert Morgus, Stewart Scott, and Tianjiu Zuo

Despite software's ubiquity and omnipresent vulnerability, conventions around liability for software producers are still informal and rarely enforced.

Cybersecurity Technology & Innovation

Buying Down Risk

May 3, 2022

Buying down risk: Memory safety

By Trey Herr, Robert Morgus, Stewart Scott, and Tianjiu Zuo

Some coding languages, like C and C++, allow for a common, exceptionally dangerous bug called a memory safety error, comprising up to 70 percent of industry vulnerabilities.

Cybersecurity Technology & Innovation

Buying Down Risk

May 3, 2022

Buying down risk in the cyber ecosystem: Arguments for the national cybersecurity strategy

By Trey Herr, Robert Morgus, Stewart Scott, and Tianjiu Zuo

The private sector has enormous influence over the cybersecurity ecosystem. Security investments stemming from enterprise and prioritizing a more resilient environment over reacting to emerging incidents can have massive impact at scale.

Cybersecurity Technology & Innovation
Load More