Issue briefs and reports Jul 26, 2020
Breaking trust: Shades of crisis across an insecure software supply chain
By Dr. Trey Herr, William Loomis, Stewart Scott, June Lee
Software supply chain security remains an under-appreciated domain of national security policymaking. Working to improve the security of software supporting private sector enterprise as well as sensitive Defense and Intelligence organizations requires more coherent policy response together industry and open source communities.
NATO 20/2020 Oct 14, 2020
By Safa Shahwan Edwards, Will Loomis, Simon Handler
NATO should adopt a digital .2 percent policy whereby member states commit to spend .2 percent of their gross domestic product on cybersecurity and digital defense modernization.
In the News Jan 22, 2021
Loomis and Scott in Lawfare: A role for the vulnerabilities equities process in securing software supply chains
By Nicole Meir
On Jan. 14, something unusual happened—the National Security Agency (NSA) publicly announced that it had discovered a critical vulnerability (CVE 2020-0601) deep within Windows 10 and reported it to Microsoft for patching. The disclosure was lauded because of the bug’s severity; buried in a cryptographic library, it would have allowed opportunistic attackers to decipher encrypted […]
Tech at the Leading EdgeMar 22, 2023
Modernizing critical infrastructure protection policy: Seven perspectives on rewriting PPD21
By Will Loomis
In February of 2013, then President Obama signed a landmark executive order - Presidential Policy Directive 21 (PPD 21) - that defined how U.S. Departments and Agencies would provide a unity of government effort to strengthen and maintain US critical infrastructure. Almost a decade later, evolutions in both the threat landscape and the interagency community invite the US government to revise this critical policy.
Tech at the Leading EdgeMar 16, 2023
Building a shared lexicon for the National Cybersecurity Strategy
By the Cyber Statecraft Initiative
The 2023 National Cybersecurity Strategy, released on March 3, represents the ambitions of the Biden Administration to chart a course within and through the cyber domain, staking out a critical set of questions and themes. These ambitions are reflected within the strategy’s pillars and titled sections, but also key words and phrases scattered throughout the […]
Tech at the Leading EdgeMar 3, 2023
How will the US counter cyber threats? Our experts mark up the National Cybersecurity Strategy
By Maia Hamin, Trey Herr, Will Loomis, Emma Schroeder, and Stewart Scott
On March 2, the White House released the 2023 US National Cybersecurity Strategy. Read along with CSI staff, fellows, and experts for commentary on the document and its relationship with larger cybersecurity policy issues.
Will Loomis is a nonresident fellow with the Atlantic Council’s Cyber Statecraft Initiative under the Digital Forensic Research Lab. He previously served as an associate director with the Cyber Statecraft Initiative, where he led the program’s work on critical infrastructure cybersecurity and software supply chain risk management. Loomis is also the chair of Young Professionals in Foreign Policy’s Cybersecurity Policy & Technology Discussion Group and an organizer for Policy at DEF CON.
Originally from New York, he holds a BA in Political Science, with a focus on International Relations and Securities Studies from Colgate University. Will is also a Certified Bourbon Steward.