Cybersecurity requires technically literate analysis of policymaking, its impact, and alternative approaches. The Cybersecurity Policy and Strategy program works to inform policy that will improve the security of technology systems and their users, covering topics from improved cybersecurity measurement and policy design to building more defensible cloud computing services and crafting more resilient software supply chains.

Featured Content

Artificial Intelligence

Open Source Software

Publications

Cybersecurity Policy and Strategy

Jan 26, 2024

The great despiser: The BSA, memory safety, and how to make a good argument badly

By Stewart Scott

Memory-safe programming languages are in the cyber policy mainstream, but some hesitation remains. Looking at the arguments around memory safety is informative for larger cyber policy debates too.

Cybersecurity

The 5×5

Jan 24, 2024

The 5×5—Forewarned is forearmed: Cybersecurity policy in 2024

By Nitansha Bansal, Trey Herr

Members of the Cyber Statecraft Initiative team discuss the regulatory requirements and emerging technology they are closely following in 2024, and forewarn of the year ahead.

Cybersecurity

Cybersecurity Policy and Strategy

Jan 16, 2024

Design questions in the software liability debate

By Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz

Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of insecure software. This report identifies key design questions for such regimes and tracks their discussion through the decades-long history of the debate.

Cybersecurity

The 5×5

Dec 13, 2023

The 5×5—2023: The cybersecurity year in review

By Simon Handler

A group of Atlantic Council fellows review the past year in cybersecurity, which organizations and initiatives made positive steps, and areas for improvement going forward. 

Cybersecurity National Security

Cybersecurity Policy and Strategy

Oct 30, 2023

Homogeneity and concentration in the browser

By Justin Sherman and Jessica Edelson

Web browsers are the gateway to the internet. As browser developers replicate design features and concentrate around shared underlying technologies, they create cybersecurity risks with the potential to impact many internet users at once.

Cybersecurity Internet

The 5×5

Oct 27, 2023

The 5×5—The cybersecurity implications of artificial intelligence

By Maia Hamin, Simon Handler

A group of experts with diverse perspectives discusses the intersection of cybersecurity and artificial intelligence.

Artificial Intelligence Cybersecurity

Issue Brief

Oct 12, 2023

Driving software recalls: Manufacturing supply chain best practices for open source consumption

By Jeff Wayman, Brian Fox

Product recalls require practices that can help software vendors move toward better component selection and tracking and better relationships with customers, all while making software vendors responsible for OSS security instead of maintainers.

Cybersecurity

Cybersecurity Policy and Strategy

Sep 27, 2023

Kink in the chain: Eight perspectives on software supply chain risk management

By Cyber Statecraft Initiative

Software supply chain attacks are popular, impactful, and are used to great effect by malicious actors. To dive deeper on this topic, we asked eight experts about these threats and how policymakers can help protect against them.

Cybersecurity United States and Canada

Cybersecurity Policy and Strategy

Sep 27, 2023

Software supply chain security: The dataset

By Will Loomis, Stewart Scott, Trey Herr, Sara Ann Brackett, Nancy Messieh, and June Lee

Want to dive deeper into the Breaking Trust database? You have come to the right place.

Cybersecurity United States and Canada

Cybersecurity Policy and Strategy

Jul 19, 2023

Why do SBOM haters hate? Or why trade associations say the darndest things

By John Speed Meyers, Sara Ann Brackett, Trey Herr

SBOMs are an important step forward for software supply chain security, so despite pushback and opposition, industry and government should take a page out of Taylor Swift’s book and just keep cruisin’, don’t let SBOM haters get in the way. 

Cybersecurity

The Atlantic Council’s Cyber Statecraft Initiative, part of the Atlantic Council Technology Programs, works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.