Issue briefs and reports Jul 26, 2020
Breaking trust: Shades of crisis across an insecure software supply chain
By Dr. Trey Herr, William Loomis, Stewart Scott, June Lee
Software supply chain security remains an under-appreciated domain of national security policymaking. Working to improve the security of software supporting private sector enterprise as well as sensitive Defense and Intelligence organizations requires more coherent policy response together industry and open source communities.
NATO 20/2020 Oct 14, 2020
By Safa Shahwan Edwards, Will Loomis, Simon Handler
NATO should adopt a digital .2 percent policy whereby member states commit to spend .2 percent of their gross domestic product on cybersecurity and digital defense modernization.
In the News Jan 22, 2021
Loomis and Scott in Lawfare: A role for the vulnerabilities equities process in securing software supply chains
By Nicole Meir
On Jan. 14, something unusual happened—the National Security Agency (NSA) publicly announced that it had discovered a critical vulnerability (CVE 2020-0601) deep within Windows 10 and reported it to Microsoft for patching. The disclosure was lauded because of the bug’s severity; buried in a cryptographic library, it would have allowed opportunistic attackers to decipher encrypted […]
Blog PostSep 15, 2022
Policy hackers take Vegas
By Will Loomis, Safa Shahwan Edwards, Trey Herr, Stewart Scott, and Sarah Powazek
Every year, in the early August heat, thousands of hackers from around the world head to Las Vegas, Nevada for a series of cybersecurity conferences known as Hacker Summer Camp. This year, the Cyber Statecraft Initiative – and a few friends – decided to ship out to see what all the hype is about.
In the NewsFeb 8, 2022
Loomis in Lawfare: Defending fire a need for policy to protect the security of open source
Open-source software has served as an important catalyst for much of modern digital technology, scaling small innovations into widely used features in weeks instead of years. Yet the past few years have shown that open source is at risk. One of the most consequential cybersecurity incidents in recent memory, Log4j, exploited a vulnerability in a […]
In-Depth Research & ReportsOct 4, 2021
Introduction: Cooperation on maritime cybersecurity
By William Loomis, Virpratap Vikram Singh, Dr. Gary C. Kessler, Dr. Xavier Bellekens
It is imperative to establish at the outset that there is no silver bullet for maritime cybersecurity. This report is intended to deliver a more complete and operational plan to better protect the MTS by focusing on building upon, broadening, and deepening the priorities put forward by the National Maritime Cyber Plan by focusing on three key principles: risks and standards, information and intelligence sharing, and creating a maritime cybersecurity workforce.
Will Loomis is an associate director with the Atlantic Council’s Cyber Statecraft Initiative under the Digital Forensic Research Lab (DFRLab). In this role, he manages a wide range of projects at the nexus of geopolitics and national security with cyberspace. Prior to joining the Atlantic Council, he worked on market research and strategy at an emerging technology start-up in Madrid, Spain.
Originally from New York, he holds a BA in Political Science, with a focus on International Relations and Securities Studies from Colgate University. Will is also a Certified Bourbon Steward.