About the Cyber Statecraft Initiative
Pillars of Work
- Harnessing the Fourth Industrial Revolution by providing predictive and strategic dialogue on the ongoing growth of the Internet of Things (IoT), the challenges, standards, and policies relating to artificial intelligence, and augmented and virtual reality.
- Navigate Great Power Conflict by ensuring policymakers and tech experts understand the underlying factors and motivations impacting the field of cybersecurity, informing policy so that it is developed with foresight and strategy in mind, and shifting the focus from single cyber incidents to better understanding larger campaigns, motivations, tools and intents.
- Foster the Next Generation of Global Leaders by exposing the next generation to multidisciplinary approaches to cyber policy that integrate geopolitics, policy, technology, law, and behavioral elements of cyber problems and solutions.
- Advocate for US Global Leadership by convening communities to ensure a free, secure, and open internet, as there is no internationally-accepted understanding of the rule of law in cyberspace and the norms of acceptable behavior in cyberspace
Annually, the Initiative holds over than fifty events, including a regular “Cyber Risk Wednesday” series, which features topics such as financial sector cybersecurity, cyber statecraft, cyber vulnerabilities in connected medicine, and election cybersecurity. It also holds a dinner at the Munich Security Conference convening heads of states and governments, ministers, and executives for a high-level discussion on pressing cybersecurity issues. The Initiative also hosted the launch of the Tallinn Manual in 2013 and its relaunch as the Tallinn Manual 2.0 in 2017, laying the groundwork for the application of international law to the domain of cyberspace.
One signature project of the Initiative is the Cyber 9/12 Student Challenge, a one-of-a-kind student policy and strategy competition that forces teams to critically analyze and develop actionable policy options in response to a realistic, evolving cyberattack. Part interactive learning experience and part competitive scenario exercise, it demands a broad grasp of policy and strategy and cultivates the next generation of cyber policy leaders. Founded in 2012, the competition has grown into a global institution, engaging over 1,000 students with offshoots in Geneva, London, Sydney, and several regional competitions in the United States. The 2018 DC competition alone attracted nearly forty teams from across the country, and drew 3.5 million impressions on Twitter.
Another flagship project of the Initiative is the International Conference on Cyber Engagement (ICCE). Under the leadership of Dr. Catherine Lotrionte, ICCE draws on the experience of government practitioners, industry representatives, and academic scholars, bringing a multidisciplinary and global approach to challenges in cyberspace from technical, corporate, legal, and policy perspectives in the United States and abroad. In past years, ICCE has attracted over 800 participants from nearly 400 organizations—corporate, government, nonprofit, and academic—representing 43 nations.
Through its history, CSI has tackled a broad range of topics at the cutting edge of international cyber policy, ranging from bolstering elections against cyber-enabled incidents to hardening aviation systems against potential cyberattack. CSI’s focus on interagency, intersectoral, and international collaboration stands out from initiatives as wide-ranging as its work with Polish partners to explore how countries can maximize the benefits of the fourth industrial revolution while keeping their societies secure, and its senior fellows’ call for an International Cyber Stability Board that would coordinate actions by like-minded governments in cyberspace. Here are some of the highlights of CSI’s work in recent years:
In 2014, CSI focused its efforts on promoting the idea of “Saving Cyberspace,” aiming to convince governments to put the private sector at the center of their cybersecurity efforts. In partnership with Zurich Insurance, CSI published the report “Beyond Data Breaches: Global Interconnections of Cyber Risk,” which examined the similarities between financial risk and cyber risk. In Abu Dhabi, it held a conference, “Stability and Security in the Gulf,” which tackled topics ranging from information sharing to protecting critical infrastructure. At the NATO Summit in Wales, CSI shaped the debate around cybersecurity by convening high-level transatlantic stakeholders to formulate policy recommendations for developing NATO cyber defenses.
In 2015, the Initiative and its partners continued to study best and worst-case scenarios in the path towards a sustainable cyberspace. In light of mounting risks, Zurich Insurance, University of Denver, and CSI launched the report “Overcome by Cyber Risks? Economic Benefits and Costs of Alternate Cyber Futures,” using economic modeling to assess the impact of cyber activity on the global economy. In Abu Dhabi, CSI hosted a two-hour cyber simulation laboratory, aimed at developing a common understanding between the United States and United Arab Emirates of cyber threats in the Gulf area. Following the data breach at the Office of Personnel Management, CSI organized a moderated question and answer session with John P. Carlin, assistant attorney general for national security at the US Department of Justice on National Security and the Cyber Threat Landscape.
2016 brought an expanded CSI outlook, which included cyber safety as a complement for the security dimension. The initiative partnered with PwC for a dinner in Singapore, bringing together high-level attendees to discuss how senior corporate executives could protect their assets through effective risk management. CSI senior fellows published the report “A Nonstate Strategy for Saving Cyberspace,” exploring alternatives for maintaining the resilience, freedom, and security of the Internet. A moderated panel discussion, “Unsure and Insecure in the Internet of Things,” looked at new policy solutions to securing connected devices and public safety.
In 2017, CSI, with its now well-established convening power, continued to bring diverse stakeholders together to implement policy outcomes. It informed the bipartisan Internet of Things (IoT) Cybersecurity Improvement Act of 2017, and its senior fellows proposed an International Stability Board for consideration by senior government officials. CSI engaged policymakers in innovative ways, including its DEF CON Cyber Caucus program, bringing sitting congressional members—Congressman Will Hurd (R-TX) and Congressman Jim Langevin (D-RI)—to the world’s largest hacker conference, DEF CON 25. On the international front, the initiative exposed new risks for the aviation industry with its path-breaking report, “Aviation Cybersecurity—Finding Lift, Minimizing Drag,” refocusing the work of Paris-based Thales Group and drawing the attention of the Department of Defense, Federal Aviation Administration, and International Civil Aviation Organization.
Through 2018, the initiative forged ahead with more international partnerships, connecting its dialogue on cyber safety and cybersecurity to international policy debates. It partnered with PKO Bank Polski, the largest bank in Poland, to develop an agenda for a conference, “Securing the Fourth Industrial Revolution,” to be held in 2019, and continued to amplify its findings on risks to the aviation industry both in the United States and in international forums. On the sidelines of the Munich Security Conference, it convened a private dinner discussion on election cybersecurity and integrity, assembling a cohort of foreign government officials, journalists, and business leaders in search of ways to ensure secure elections in the future and ultimately launching an issue brief on “Defining Russian Election Interference: An Analysis of Select 2014 to 2018 Cyber Enabled Incidents.” With the launch of an issue brief, “Supply Chain Vulnerabilities in the Software Era,” the initiative called attention to cyber threats to the energy sector’s supply chain, using a real-time hacking demonstration from ICS Village to showcase a remote access ransomware attack on an industrial control systems model of an oil refinery.
For a full list of the Initiative’s publications, click here. For a list of the Initiative’s experts and fellows, click here.