Highlighted content

In-Depth Research & Reports

In-Depth Research & Reports Oct 4, 2021

A system of systems: Cooperation on maritime cybersecurity

By William Loomis, Virpratap Vikram Singh, Dr. Gary C. Kessler, Dr. Xavier Bellekens

The MTS is not monolithic; it is a markedly complex “system of systems.” This section segments the MTS into three discrete systems—ships, ports, and cargo—each with its own life cycle, in order to highlight areas of risk and leverage for policy makers and the industry.
Cybersecurity Maritime Security
In-Depth Research & Reports

Report Mar 29, 2021

Broken trust: Lessons from Sunburst

By Trey Herr, Will Loomis, Emma Schroeder, Stewart Scott, Simon Handler, and Tianjiu Zuo

The story of trust is an old one, but the Sunburst cyber-espionage campaign was a startling reminder of the United States’ collective cyber insecurity and the inadequacy of current US strategy to compete in a dynamic intelligence contest in cyberspace.
Cybersecurity Intelligence
In-Depth Research & Reports

Report Aug 31, 2020

Four myths about the cloud: The geopolitics of cloud computing

By Trey Herr

Cloud computing providers are more than companies—they govern vast utility infrastructure, play host to digital battlefields, and are magnificent engines of complexity. Cloud computing is embedded in contemporary geopolitics; the choices providers make are influenced by, and influential on, the behavior of states. In competition and cooperation, cloud computing is the canvas on which states conduct significant political, security, and economic activity.
Cybersecurity Internet

All in-depth research & reports

Report

Apr 22, 2024

Markets matter: A glance into the spyware industry

By Jen Roberts, Trey Herr, Emma Taylor, Nitansha Bansal

The Intellexa Consortium is a complex web of holding companies and vendors for spyware and related services. The Consortium represents a compelling example of spyware vendors in the context of the market in which they operate—one which helps facilitate the commercial sale of software driving both human rights and national security risk.

Civil Society Cybersecurity

Issue Brief

Apr 18, 2024

O$$ security: Does more money for open source software mean better security? A proof of concept

By Sara Ann Brackett, John Speed Meyers, Stewart Scott

A proof-of-concept study looking for correlation between open source software project funding and security practices at scale.

Cybersecurity

Report

Feb 15, 2024

Hacking with AI

By Maia Hamin, Stewart Scott

Can generative AI help hackers? By deconstructing the question into attack phases and actor profiles, this report analyzes the risks, the realities, and their implications for policy.

Artificial Intelligence Cybersecurity

Issue Brief

Feb 8, 2024

Future-proofing the Cyber Safety Review Board

By Maia Hamin, Trey Herr, Stewart Scott, Alphaeus Hanson

The Cyber Safety Review Board seeks to examine and learn from complex failures in cyberspace. As Congress considers how to design its next iteration, there are ways to make it more effective and adaptable for the increasing challenges to come.

Cybersecurity

Report

Jan 16, 2024

Design questions in the software liability debate

By Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz

Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of insecure software. This report identifies key design questions for such regimes and tracks their discussion through the decades-long history of the debate.

Cybersecurity

Report

Nov 13, 2023

This job post will get you kidnapped: A deadly cycle of crime, cyberscams, and civil war in Myanmar

By Emily Ferguson and Emma Schroeder

In Myanmar, cybercrime has become an effective vehicle through which nonstate actors can fund and perpetuate conflict.

Cybersecurity Indo-Pacific

Issue Brief

Oct 12, 2023

Driving software recalls: Manufacturing supply chain best practices for open source consumption

By Jeff Wayman, Brian Fox

Product recalls require practices that can help software vendors move toward better component selection and tracking and better relationships with customers, all while making software vendors responsible for OSS security instead of maintainers.

Cybersecurity

Report

Sep 6, 2023

Sleight of hand: How China weaponizes software vulnerabilities

By Dakota Cary and Kristin Del Rosso

China’s new vulnerability management system mandates reporting to MIIT within 48 hours, restricting pre-patch publication and POC code. This centralized approach contrasts with the US voluntary system, potentially aiding Chinese intelligence. MIIT shares data with the MSS, affecting voluntary databases as well. MSS also fund firms to provide vulnerabilities for their offensive potential.

China Cybersecurity

Report

Jul 10, 2023

Critical infrastructure and the cloud: Policy for emerging risk

By Tianjiu Zuo, Justin Sherman, Maia Hamin, and Stewart Scott

Critical infrastructure increasingly depends upon cloud computing. Policy must adapt its approach to risk management accordingly.

Cybersecurity Resilience

Issue Brief

Jun 14, 2023

Who’s afraid of the SEC

By Maia Hamin

The SEC wants to require fast, public disclosure of cybersecurity incidents. These rules could benefit investors—and the cyber ecosystem.

Cybersecurity Internet
Load More

The Atlantic Council’s Cyber Statecraft Initiative, part of the Atlantic Council Technology Programs, works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

learn more