Highlighted content

In-Depth Research & Reports

In-Depth Research & Reports Oct 4, 2021

A system of systems: Cooperation on maritime cybersecurity

By William Loomis, Virpratap Vikram Singh, Dr. Gary C. Kessler, Dr. Xavier Bellekens

The MTS is not monolithic; it is a markedly complex “system of systems.” This section segments the MTS into three discrete systems—ships, ports, and cargo—each with its own life cycle, in order to highlight areas of risk and leverage for policy makers and the industry.
Cybersecurity Maritime Security
In-Depth Research & Reports

Report Mar 29, 2021

Broken trust: Lessons from Sunburst

By Trey Herr, Will Loomis, Emma Schroeder, Stewart Scott, Simon Handler, and Tianjiu Zuo

The story of trust is an old one, but the Sunburst cyber-espionage campaign was a startling reminder of the United States’ collective cyber insecurity and the inadequacy of current US strategy to compete in a dynamic intelligence contest in cyberspace.
Cybersecurity Intelligence
In-Depth Research & Reports

Report Aug 31, 2020

Four myths about the cloud: The geopolitics of cloud computing

By Trey Herr

Cloud computing providers are more than companies—they govern vast utility infrastructure, play host to digital battlefields, and are magnificent engines of complexity. Cloud computing is embedded in contemporary geopolitics; the choices providers make are influenced by, and influential on, the behavior of states. In competition and cooperation, cloud computing is the canvas on which states conduct significant political, security, and economic activity.
Cybersecurity Internet

All in-depth research & reports

Report

Jul 26, 2020

Breaking trust: Shades of crisis across an insecure software supply chain

By Dr. Trey Herr, William Loomis, Stewart Scott, June Lee

Software supply chain security remains an under-appreciated domain of national security policymaking. Working to improve the security of software supporting private sector enterprise as well as sensitive Defense and Intelligence organizations requires more coherent policy response together industry and open source communities.

Cybersecurity Defense Technologies

Conflict, Risk, and Tech

Jul 22, 2020

Troubled vision: Understanding recent Israeli–Iranian offensive cyber exchanges

By JD Work and Richard Harknett

Reported Iranian intrusions against Israeli critical infrastructure networks and alleged Israeli actions against Iranian proliferation-associated targets pose substantial new challenges to understanding ongoing competition and conflict in the Middle East.

Cybersecurity Iran

Report

Jun 15, 2020

The reverse cascade: Enforcing security on the global IoT supply chain

By Nathaniel Kim, Trey Herr, and Bruce Schneier

The Internet of Things (IoT) refers to the increasing convergence of the physical and digital worlds and it affects us all. Hundreds of “things” are being connected to the Internet and each other, with more than fifty billion devices expected to be connected by 2030. Many IoT devices are manufactured abroad at low cost with little consideration for security. How can we secure these devices, especially those manufactured outside the United States?

Cybersecurity Internet of Things

Conflict, Risk, and Tech

Apr 30, 2020

Loose cobras: DPRK regime succession and uncertain control over offensive cyber capabilities

By JD Work

Unconfirmed rumors surfaced in mid April 2020 regarding the potential incapacitation of North Korean leader Kim Jong Un, leading to speculation about the ramifications of a sudden transition of leadership in Pyongyang. These rumors raise serious concerns over the stability of the Democratic People’s Republic of Korea’s (DPRK) control of offensive cyber operations capabilities.

Cybersecurity East Asia

Report

Dec 11, 2019

Aviation cybersecurity: Scoping the challenge

By Pete Cooper, Simon Handler, Safa Shahwan Edwards

The digital attack surface the aviation sector presents to its adversaries continues to grow in such a way that both managing risk and gaining insight on it remain difficult. With emerging technologies like machine learning and fifth-generation (5G) telecommunications seeing wider adoption—alongside electric vertical takeoff and landing (eVTOL), autonomous aircraft, and increased use of space—aviation-cybersecurity risk management is on the cusp of becoming more complex.

Cybersecurity Infrastructure Protection

Issue Brief

Nov 22, 2019

What do we know about cyber escalation? Observations from simulations and surveys

By Benjamin Jensen and Brandon Valeriano

Do cyber operations alter how states respond to international crises in a way that creates incentives for decision makers to cross the Rubicon and use military force to settle disputes? This question is central to current cyber strategy debates and the idea of persistent engagement and defending forward in cyberspace. The answer is surprising: no. Based on the evidence, cyber operations offer a valuable escalatory offramp.

Cybersecurity

Issue Brief

Jul 16, 2019

Collective defense of human dignity: the vision for NATO’s future in cyberspace

By Christopher B. Porter

An alliance under tension, NATO today faces the challenges of burden sharing, a multipolar world full of old adversaries and emerging challengers. In “Collective Defense of Human Dignity: The Vision for NATO’s Future in Cyberspace,” Christopher Porter, a nonresident senior fellow in the Cyber Statecraft Initiative at the Atlantic Council analyzes member states struggling with […]

Report

Apr 24, 2019

Cybersecurity: Changing the model

By Franklin D. Kramer and Robert J. Butler

The need to update the cybersecurity model is clear. An enhanced public-private model – based on coordinated, advanced protection and resilience – is necessary to protect key critical infrastructure sectors

Cybersecurity English

Report

Sep 17, 2018

It takes a village: How hacktivity can save your company

By Shaun Ee

With our modern-day reliance on digital technology, software and system vulnerabilities have become increasingly hard to avoid. Thoroughly eliminating all these vulnerabilities can be a challenge, but through a coordinated vulnerability disclosure (CVD) program, governments and private companies can mitigate them with the help of independent security researchers.

Cybersecurity English

Issue Brief

Sep 11, 2018

Defining Russian election interference: An analysis of select 2014 to 2018 cyber enabled incidents

By Laura Galante, Shaun Ee

This Issue Brief aims to provide a taxonomy of different forms and levels of state involvement in election interference, giving states a common lexicon to respond to cyber threats. It is not enough to simply speak of “hacking the vote”—and hopefully, by providing these initial terms, this report will spur a wider discussion on defining actions and sponsorship in this domain.

Cybersecurity Elections
Load More

The Atlantic Council’s Cyber Statecraft Initiative, part of the Atlantic Council Technology Programs, works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

learn more