All Content

The 5×5

Apr 29, 2022

The 5×5—Addressing the global market for offensive cyber capabilities

By Simon Handler

Five experts unpack the global market for offensive cyber capabilities and the implications associated with the proliferation of hacking tools.

Conflict Cybersecurity

In-Depth Research & Reports

Nov 8, 2021

Surveillance Technology at the Fair: Proliferation of Cyber Capabilities in International Arms Markets

By Winnona DeSombre, Lars Gjesvik, and Johann Ole Willers

Nation-state cyber capabilities are increasingly abiding by the “pay-to-play” model—both US/NATO allies and adversaries can purchase interception and intrusion technologies from private firms for intelligence and surveillance purposes. This paper analyzes active providers of interception/intrusion capabilities, as well as the primary arms fairs at which these players operate. The answers to these questions will allow policymakers to better understand the proliferation of cyber capabilities in the hands of irresponsible corporate actors that presents an urgent challenge to national and global security.

Arms Control Cybersecurity

Issue Brief

Mar 1, 2021

A primer on the proliferation of offensive cyber capabilities

By Winnona DeSombre, Michele Campobasso, Dr. Luca Allodi, Dr. James Shires, JD Work, Robert Morgus, Patrick Howell O’Neill, and Dr. Trey Herr

Offensive cyber capabilities run the gamut from sophisticated, long-term disruptions of physical infrastructure to malware used to target human rights journalists. As these capabilities continue to proliferate with increasing complexity and to new types of actors, the imperative to slow and counter their spread only strengthens.

Arms Control Conflict

Winnona DeSombre is a nonresident fellow with the Atlantic Council’s Cyber Statecraft Initiative in the Scowcroft Center for Strategy and Security and a security engineer at Google’s Threat Analysis Group, tracking targeted threats against Google users. In recent years, Winnona co-authored the Harvard Belfer Center’s National Cyber Power Index, constructed risk rule calculation software to combat social media influence campaigns, spoke at the Forbes 30 under 30 Summit and presented original research at DEFCON.

Her research has also been featured in publications including Foreign Policy, VICE’s Motherboard, and CyberScoop. Winnona is a vocal advocate for women in cyber security: when not ruminating on cyber policy, she spends her time volunteering for Women in Security and Privacy, and has taught courses on cyber security, ethical hacking and personal security through the nonprofit GirlSecurity.