Highlighted content

In-Depth Research & Reports

In-Depth Research & Reports Oct 4, 2021

A system of systems: Cooperation on maritime cybersecurity

By William Loomis, Virpratap Vikram Singh, Dr. Gary C. Kessler, Dr. Xavier Bellekens

The MTS is not monolithic; it is a markedly complex “system of systems.” This section segments the MTS into three discrete systems—ships, ports, and cargo—each with its own life cycle, in order to highlight areas of risk and leverage for policy makers and the industry.
Cybersecurity Maritime Security
In-Depth Research & Reports

Report Mar 29, 2021

Broken trust: Lessons from Sunburst

By Trey Herr, Will Loomis, Emma Schroeder, Stewart Scott, Simon Handler, and Tianjiu Zuo

The story of trust is an old one, but the Sunburst cyber-espionage campaign was a startling reminder of the United States’ collective cyber insecurity and the inadequacy of current US strategy to compete in a dynamic intelligence contest in cyberspace.
Cybersecurity Intelligence
In-Depth Research & Reports

Report Aug 31, 2020

Four myths about the cloud: The geopolitics of cloud computing

By Trey Herr

Cloud computing providers are more than companies—they govern vast utility infrastructure, play host to digital battlefields, and are magnificent engines of complexity. Cloud computing is embedded in contemporary geopolitics; the choices providers make are influenced by, and influential on, the behavior of states. In competition and cooperation, cloud computing is the canvas on which states conduct significant political, security, and economic activity.
Cybersecurity Internet

All in-depth research & reports

Issue Brief

Oct 12, 2023

Driving software recalls: Manufacturing supply chain best practices for open source consumption

By Jeff Wayman, Brian Fox

Product recalls require practices that can help software vendors move toward better component selection and tracking and better relationships with customers, all while making software vendors responsible for OSS security instead of maintainers.

Cybersecurity

Report

Sep 6, 2023

Sleight of hand: How China weaponizes software vulnerabilities

By Dakota Cary and Kristin Del Rosso

China’s new vulnerability management system mandates reporting to MIIT within 48 hours, restricting pre-patch publication and POC code. This centralized approach contrasts with the US voluntary system, potentially aiding Chinese intelligence. MIIT shares data with the MSS, affecting voluntary databases as well. MSS also fund firms to provide vulnerabilities for their offensive potential.

China Cybersecurity

Report

Jul 10, 2023

Critical infrastructure and the cloud: Policy for emerging risk

By Tianjiu Zuo, Justin Sherman, Maia Hamin, and Stewart Scott

Critical infrastructure increasingly depends upon cloud computing. Policy must adapt its approach to risk management accordingly.

Cybersecurity Resilience

Issue Brief

Jun 14, 2023

Who’s afraid of the SEC

By Maia Hamin

The SEC wants to require fast, public disclosure of cybersecurity incidents. These rules could benefit investors—and the cyber ecosystem.

Cybersecurity Internet

Issue Brief

May 15, 2023

What is driving the adoption of Chinese surveillance technology in Africa?

By Bulelani Jili

When examining the proliferation of Chinese surveillance systems and cyber capabilities in Africa, research disproportionately focuses on the motivations and ambitions of the supplier. This perspective, while it highlights Chinese diplomatic ambitions and corporate opportunities, ignores local features that drive the adoption of Chinese surveillance tools.

Africa China

Issue Brief

Apr 19, 2023

Critical infrastructure cybersecurity prioritization: A cross-sector methodology for ranking operational technology cyber scenarios and critical entities

By Danielle Jablanski

As critical infrastructure becomes increasingly targeted by malicious adversaries, how can we effectively prioritize criticality?

Cybersecurity
Russian bombardment of telecommunications antennas in Kiev

Report

Feb 27, 2023

A parallel terrain: Public-private defense of the Ukrainian information environment

By Emma Schroeder with Sean Dack

The report analyzes Russia’s continuous assaults against the Ukrainian information environment, and examines how Russian offensives and Ukrainian defense both move through this largely privately owned and operated environment. The report highlights key questions that must emerge around the growing role that private companies play in conflict.

Conflict Cybersecurity

Report

Feb 8, 2023

Avoiding the success trap: Toward policy for open-source software as infrastructure

By Stewart Scott, Sara Ann Brackett, Trey Herr, Maia Hamin with the Open Source Policy Network

Open-source software (OSS) sits at the center of almost every digital technology moving the world since the early 1980s—laptops, cellphones, widespread internet connectivity, cloud computing, social media, automation, all the rainbow flavors of e-commerce, and even secure communications and anti-censorship tools.

Cybersecurity

Issue Brief

Dec 12, 2022

Wargaming to find a safe port in a cyber storm

By Daniel Grobarcik, William Loomis, Michael Poznansky, Frank Smith

With the Maritime Transportation System increasingly reliant on cyberspace, how can cybersecurity be improved within key nodes of this critical infrastructure, particularly cargo ports?

Cybersecurity Maritime Security

Issue Brief

Nov 22, 2022

The cases for using the SBOMs we build

By Amelie Koran, Wendy Nather, Stewart Scott, and Sara Ann Brackett

Software bills of materials (SBOMs) provide key data suit for many uses. Industry and government can continue to sharpen their demand signals, shape implementation, and continue driving development and adoption.

Cybersecurity Technology & Innovation
Load More

The Atlantic Council’s Cyber Statecraft Initiative, part of the Atlantic Council Technology Programs, works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

learn more