All Content

Mon, Mar 1, 2021

A primer on the proliferation of offensive cyber capabilities

Offensive cyber capabilities run the gamut from sophisticated, long-term disruptions of physical infrastructure to malware used to target human rights journalists. As these capabilities continue to proliferate with increasing complexity and to new types of actors, the imperative to slow and counter their spread only strengthens.

Issue Brief by Winnona DeSombre, Michele Campobasso, Dr. Luca Allodi, Dr. James Shires, JD Work, Robert Morgus, Patrick Howell O’Neill, and Dr. Trey Herr

Arms Control Conflict

Mon, Mar 1, 2021

Countering cyber proliferation: Zeroing in on Access-as-a-Service

The proliferation of offensive cyber capabilities (OCC) presents an expanding set of risks to states and challenges commitments to protect openness, security, and stability in cyberspace. Access as a Service firms offer various forms of “access” to target data or systems, and through these business practices are creating and selling OCC at an alarming rate. It is imperative that governments reevaluate their approach to countering the proliferation of OCC.

Report by Winnona DeSombre, James Shires, JD Work, Robert Morgus, Patrick Howell O’Neill, Luca Allodi, and Trey Herr

Arms Control Cybersecurity

Winnona DeSombre is a security engineer at Google’s Threat Analysis Group, tracking targeted threats against Google users. In recent years, Winnona co-authored the Harvard Belfer Center’s National Cyber Power Index, constructed risk rule calculation software to combat social media influence campaigns, spoke at the Forbes 30 under 30 Summit and presented original research at DEFCON.

Her research has also been featured in publications including Foreign Policy, VICE’s Motherboard, and CyberScoop. Winnona is a vocal advocate for women in cyber security: when not ruminating on cyber policy, she spends her time volunteering for Women in Security and Privacy, and has taught courses on cyber security, ethical hacking and personal security through the nonprofit GirlSecurity.