Assumptions and hypotheticals series
When academics, policymakers, and practitioners discuss security and conflict within the cyber domain, they are often hampered by a series of ongoing debates, some more commonly agreed upon than others, upon which the nevertheless must engage in order to better understand the domain.
We have brought together members of these communities to discuss why these debates are important to the shaping of cybersecurity and strategic plans, and how hypothetical answers to these debates might impact the way that actors’ – across both the public and private sectors – strategies, operations, and tactics might impact the domain, their adversaries, and their own goals.
Related projects and papers
Issue BriefJun 14, 2022
Victory reimagined: Toward a more cohesive US cyber strategy
By Emma Schroeder, Stewart Scott, Trey Herr
US policy is on two potentially divergent paths: one that prioritizes the protection of American infrastructure through the pursuit of US cyber superiority, and one that seeks an open, secure cyber ecosystem.
Issue BriefMar 30, 2022
Preparing the next phase of US cyber strategy
By Jenny Jun
This paper considers tensions in the current US cyber strategy for the Defense Department and the broader cyber policy community in the Biden-Harris administration as they form the next phase of the strategy and determine how, when, and under what conditions Defend Forward can best serve as a means to the goal of achieving superiority in cyberspace.
Issue BriefJan 31, 2022
What do we know about cyber operations during militarized crises?
By Michael Fischerkeller
This essay focuses on how cyber operations employed during militarized crises are likely to impact escalation management. Cyber operations intended as offramps in a crisis could have an outcome opposite than that intended. Given the absence of direct experience, policymakers must critically examine assumptions and claims that cyber operations can serve as de-escalatory crisis offramps.
Tech at the Leading EdgeMar 22, 2023
Modernizing critical infrastructure protection policy: Seven perspectives on rewriting PPD21
By Will Loomis
In February of 2013, then President Obama signed a landmark executive order - Presidential Policy Directive 21 (PPD 21) - that defined how U.S. Departments and Agencies would provide a unity of government effort to strengthen and maintain US critical infrastructure. Almost a decade later, evolutions in both the threat landscape and the interagency community invite the US government to revise this critical policy.
Tech at the Leading EdgeMar 16, 2023
Building a shared lexicon for the National Cybersecurity Strategy
By the Cyber Statecraft Initiative
The 2023 National Cybersecurity Strategy, released on March 3, represents the ambitions of the Biden Administration to chart a course within and through the cyber domain, staking out a critical set of questions and themes. These ambitions are reflected within the strategy’s pillars and titled sections, but also key words and phrases scattered throughout the […]
Tech at the Leading EdgeMar 3, 2023
How will the US counter cyber threats? Our experts mark up the National Cybersecurity Strategy
By Maia Hamin, Trey Herr, Will Loomis, Emma Schroeder, and Stewart Scott
On March 2, the White House released the 2023 US National Cybersecurity Strategy. Read along with CSI staff, fellows, and experts for commentary on the document and its relationship with larger cybersecurity policy issues.
Tech at the Leading EdgeMar 1, 2023
Makings of the Market: Seven perspectives on offensive cyber capability proliferation
By Jen Roberts and Emma Schroeder
The marketplace for offensive cyber capabilities continues to grow globally. Their proliferation poses an expanding set of risks to national security and human rights, these capabilities also have legitimate use in state security and defense. To dive deeper on this topic, we asked seven experts to offer their perspectives.
Tech at the Leading EdgeNov 18, 2022
GRU 26165: The Russian cyber unit that hacks targets on-site
By Justin Sherman
Russian hackers are not always breaching targets from afar, typing on their keyboards in Moscow bunkers or St. Petersburg apartment buildings. Enter GRU Unit 26165, a military cyber unit with hackers operating remotely and on-site. Going forward, Western intelligence and law enforcement personnel, as well as multinational organizations, would be wise to pay attention.
Tech at the Leading EdgeSep 29, 2022
The ITU election pitted the United States and Russia against each other for the future of the internet
By Konstantinos Komaitis and Justin Sherman
Earlier this morning, the International Telecommunication Union (ITU) elected American candidate Doreen Bogdan-Martin as the agency's Secretary-General. Even with her election, the future role of the ITU in internet governance remains uncertain, and the organization will face challenges in the future debate over respecting extant internet processes while trying to drive genuine progress—and Beijing and Moscow will certainly not sit on the sidelines.
ArticleSep 22, 2022
Assumptions and hypotheticals: Second edition
By Emma Schroeder
In the second "Assumptions and Hypotheticals," we explore various topics, including the cyber sovereignty debate, the question of an attribution threshold, and the utility of cyber tools in crisis escalation.