We have put almost everything out there in cyberspace—personal data, intellectual property, even access to the controls of critical infrastructure. And we have been woefully deficient in defending it. With each passing day, our nation faces an onslaught of cyber threats from various adversaries, including nation states.

The good news is that the White House and the Department of Defense (DoD) both have released closely aligned cyber strategies that stress the importance of tackling these threats head-on through partnerships with our allies, the private sector, and between agencies, to “defend forward, shape the day-to-day competition, and prepare for war.”

The Cyber 9/12 Strategy Challenge—the brainchild of the Atlantic Council’s Cyber Statecraft Initiative—got underway in London on February 11. The two-day event is a unique and innovative cyber crisis and policy response simulation. The UK edition is part of a wider Atlantic Council effort to foster the next generation of multidisciplinary cyber professionals.

“The UK government’s National Cyber Security Strategy is clear that more must be done for the UK to meet the future national demand. Much like the NCSC’s CyberFirst courses, Cyber 9/12 is an effective way to nurture the next generation of cyber security experts,” said Paul Chichester, director for operations at the National Cyber Security Centre in London.

Polish Prime Minister Mateusz Morawiecki on January 16 called for a collective Western response to cyber threats while urging allies to increase spending on cybersecurity.

“I call on you today and encourage your leaders and governments to spend more money on cyber warfare, as we do, on cyber soldiers to protect our Internet frontier,” Morawiecki said on the opening day of a two-day conference jointly hosted by PKO Bank Polski and the Atlantic Council in Warsaw, Poland.

“Our enemies will not wait,” Morawiecki said, adding, “They are arming up as we speak. Only a collective response will keep he threat at bay, and only a decisive one.”

The conference, “A New Initiative for Poland: A Future Global Leader in Securing the 4th Industrial Revolution,” seeks to deepen US-Polish ties by developing cybersecurity as a key pillar in the relationship.

British ‘Code of Practice for Consumer IoT Security’ draws on Atlantic Council report

Consumer Internet of Things (IoT) products are notoriously insecure. In October 2016, the Mirai botnet amassed a massive botnet army of IoT-connected devices, eventually used in a distributed denial of service (DDoS) attack that overwhelmed the capabilities of some of the largest Internet providers in the world and took down the Internet across the US East Coast. Mirai’s authors began building their tool as teenagers, amassing an IoT zombie horde using techniques known (and easily preventable) for decades. Unfortunately, the norm for IoT devices is lax security—simple, hardcoded (unchangeable) passwords, and operating systems that can’t be patched or updated with security protection.
French President Emmanuel Macron on November 12 launched the “Paris Call for Trust and Security in Cyberspace”—the first state-supported initiative that brings together a set of principles that both the public and the non-governmental sector can implement and endorse to increase trust and stability in cyberspace.

Macron introduced the Paris Call at the Internet Governance Forum in Paris. The event was part of Paris Digital Week, which has brought together thinkers, innovators, decision-makers and investors for a discussion on current and future digital issues from November 11 to November 14.

In his speech, Macron called on all actors to work together toward building trust and security in cyberspace. Many states, as well as private companies and civil society organizations, have already thrown their support behind the declaration on developing common principles for securing cyberspace. The Atlantic Council’s Cyber Statecraft Initiative is proud to be one of the early supporters of the Call.
Critical infrastructure—from the electric grid to public transportation—is under assault as cyber attackers gain a foothold in the United States.

When the US Department of Homeland Security (DHS) released its cybersecurity strategy in May, it laid out seven goals to help the government better defend the United States and its infrastructure against the constant onslaught of sophisticated cyber threats.
Despite US Congressional efforts to modernize and secure election system infrastructure across the country, beginning in 2002 with the Help America Vote Act (HAVA) and emergence of the Election Assistance Commission (EAC), Russian government hackers have gained access to systems that represent America’s most cherished institution – the democratic vote. Within a campaign of disinformation, fake social media accounts, and state-run media narratives, Russia continues to target the US electoral process, according to US intelligence officials during a press conference at the beginning of August. These stark warnings come just after the Justice Department’s indictment of twelve officers of Russia’s military intelligence apparatus, the Glavnoe Razvedyvatelnoe Upravlenie (GRU), who hacked the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC), and election voter registration databases beginning in April of 2016.

How can lawmakers better secure the US election system as the 2018 midterms loom? Though progress has been made in election funding and assistance to states, the keys to election security are mandatory cybersecurity standards for election system vendors and for state and local election sites, in tandem with adequate state funding.

How do you respond to a cyberattack on a European airport, manipulation of UK aviation financial markets, and two emerging botnets? Team CDT had the winning response.

Our approach included confirming attribution for the attacks, collating intelligence research, employing law enforcement in digital control towers, and utilizing an apolitical spokesperson from the National Cyber Security Center (NCSC) to disseminate information about the evolving scenario.
The United States should strengthen cooperation with its allies and partners while recognizing that cybersecurity is inextricably linked to tackling shared threats, according to recommendations made in two recent State Department reports.

The reports, published by the State Department on May 31, come in response to US President Donald J. Trump’s May 2017 Executive Order 13800 on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”
After testifying to lawmakers in the US House of Representatives and the Senate for more than ten hours on April 10 and 11, Facebook Chief Executive Officer Mark Zuckerberg appears to have weathered the worst of storm over news that consulting firm Cambridge Analytica harvested data of 87 million Facebook users.

Here are some issues that came up in Zuckerberg’s testimony—and some that did not.