Publications

pdfRead the Publication (PDF)
An alliance under tension, NATO today faces the challenges of burden sharing, a multipolar world full of old adversaries and emerging challengers. In “Collective Defense of Human Dignity: The Vision for NATO’s Future in Cyberspace,” Christopher Porter, a nonresident senior fellow in the Cyber Statecraft Initiative at the Atlantic Council analyzes member states struggling with diverging stances on cyber defense policy and planning—especially on the issue of Chinese investment and deployment of high-speed 5G cellular networks. In these challenging times, dialogue on these issues often devolves into allies talking past one another, without a shared basis of facts with which to frame the debate.
pdfRead the Publication (PDF)
The current model of cybersecurity is outdated. Adversaries continue to grow more sophisticated and outpace advancements in defense technologies, processes, and education. As nation states enter into a new period of great power competition, the deficiencies in current cybersecurity practice, evidenced by the growing number of successful cyber-attacks from Russia, China, North Korea, and others, pose a greater threat.
The need to update the cybersecurity model is clear. An enhanced public-private model – based on coordinated, advanced protection and resilience – is necessary to protect key critical infrastructure sectors. In addition, enhanced action from the federal government, coupled with increased formal cooperation with international allies, are necessary to ensure comprehensive cybersecurity resilience.


pdfRead the Publication (PDF)
pdfRead the Publication (PDF)

With our modern-day reliance on digital technology, software and system vulnerabilities have become increasingly hard to avoid. Thoroughly eliminating all these vulnerabilities can be a challenge, but through a coordinated vulnerability disclosure (CVD) program, governments and private companies can mitigate them with the help of independent security researchers. When instituted and followed, a CVD program allows companies to manage the process of disclosure and handling of vulnerabilities in a controlled fashion by working with security researchers to coordinate a set of common terms and a timeline.
pdfRead the Publication (PDF)

Of all the political ideas to defend themselves before the court of human history, few have proven as potent and as compelling as that of electoral democracy. Yet in recent years, electoral democracy has once more come under challenge, facing off against popular discontent, revisionist governments, and—most significantly—the rise of new media and digital technologies. These technologies have at times demonstrated exhilarating promise, but they have also created new vulnerabilities that malicious actors have proven able and willing to exploit. This Issue Brief aims to provide a taxonomy of different forms and levels of state involvement in election interference, giving states a common lexicon to respond to cyber threats. It is not enough to simply speak of “hacking the vote”—and hopefully, by providing these initial terms, this report will spur a wider discussion on defining actions and sponsorship in this domain.
pdfRead the Publication (PDF)

As the energy sector has become more globalized and increasingly complex in its reliance on software components, the supply-chain risk has evolved and expanded. One such risk that stands out is unintended taint, namely flaws in software components unintentionally built into products in design or implementation. Unintended taint may lead to unintended supply-chain subversion, and represents a significant and credible threat to the uninterrupted functionality of critical infrastructure within the energy sector. In this issue brief, we outline a taxonomy for understanding certain energy sector risks and provide concrete recommendations for policy makers and the private sector.
pdfRead the Publication (PDF)

In cybersecurity, it is time to go beyond sharing and ad hoc cooperation, to collaboration at scale across borders, stakeholders, and sectors. This effort should begin with a determined study of the responses to past incidents and how to improve them, then proceed to new, action-oriented Cyber Incident Collaboration Organizations (CICO) to streamline response. The goal of a CICO must be to streamline the current response process for an incident type, to provide an umbrella to make such work easier or to upscale it. In this issue brief, Jason Healey presents the next generation of innovations that will simplify agile, scalable response to incidents—across borders, stakeholders, and sectors.
pdfRead the Publication (PDF)

The aviation industry is faced with a complex and critical challenge to carefully balance costs with evolving business imperatives, customer demands, and safety standards. The increasing use of new technologies in the movement towards automation has yielded efficiencies and enhanced the customer experience. Yet, it has also inadvertently created vulnerabilities for exploitation. As a central component of commerce, trade, and transportation infrastructure, the aviation industry is indispensable to the global economy. The consequences of failure would carry direct public safety and national security implications.

 
pdfRead the Publication
In 2016, a series of highly impactful and publicized disruptions provided a wake-up call to societies on both sides of the Atlantic making obvious their dependence on inherently unpredictable technology. Just before the year began, a targeted attack disrupted the Ukrainian energy grid, forcing its operators to fall back on decades-old manual processes, and a similar attack followed late in the year. The Hollywood Presbyterian Hospital in Los Angeles was forced to shut down for weeks as a critical patient-care system was unintentionally disrupted by ransomware—a common plague that impacted many other parts of societal infrastructure through the year, including San Francisco’s Bay Area Rapid Transit (BART), US electricity providers, and hospitals in the United States and across Europe. At the same time, a botnet of poorly secured devices disrupted large portions of the US Internet and knocked more than one million German households offline. And while the Russian breach of the Democratic National Committee (DNC) and the associated influence campaign continue to shock many in the United States and beyond, the specter of hackable voting computers also cast doubt on the US electoral system in the lead-up to and aftermath of the presidential election.

 
pdfRead the Publication (PDF)
Last year, the Barack Obama administration issued PPD-41, “Cyber Incident Protection,” setting forth cyber security incident roles and missions for federal agencies but with no explicit reference to the Department of Defense (DoD). By contrast, the DoD Cyber Strategy provides that DoD will be prepared to “defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyberattacks of significant consequence.” Certainly, in a conflict where an adversary will utilize cyber as part of an overall military attack, the DoD will necessarily play a major operational role. This paper discusses what that role should entail.

 
pdfRead the Publication (PDF)

The Internet of Things (IoT) is the next step in the evolution of wireless networks. Analysts predict the IoT will double in size to nearly 50 billion devices by 2020, comprising a $1.7 trillion market. One of the greatest opportunities still lies ahead in the form of the “smart home.”

 



    

RELATED CONTENT