Highlighted content

In-Depth Research & Reports

In-Depth Research & Reports Oct 4, 2021

A system of systems: Cooperation on maritime cybersecurity

By William Loomis, Virpratap Vikram Singh, Dr. Gary C. Kessler, Dr. Xavier Bellekens

The MTS is not monolithic; it is a markedly complex “system of systems.” This section segments the MTS into three discrete systems—ships, ports, and cargo—each with its own life cycle, in order to highlight areas of risk and leverage for policy makers and the industry.
Cybersecurity Maritime Security
In-Depth Research & Reports

Report Mar 29, 2021

Broken trust: Lessons from Sunburst

By Trey Herr, Will Loomis, Emma Schroeder, Stewart Scott, Simon Handler, and Tianjiu Zuo

The story of trust is an old one, but the Sunburst cyber-espionage campaign was a startling reminder of the United States’ collective cyber insecurity and the inadequacy of current US strategy to compete in a dynamic intelligence contest in cyberspace.
Cybersecurity Intelligence
In-Depth Research & Reports

Report Aug 31, 2020

Four myths about the cloud: The geopolitics of cloud computing

By Trey Herr

Cloud computing providers are more than companies—they govern vast utility infrastructure, play host to digital battlefields, and are magnificent engines of complexity. Cloud computing is embedded in contemporary geopolitics; the choices providers make are influenced by, and influential on, the behavior of states. In competition and cooperation, cloud computing is the canvas on which states conduct significant political, security, and economic activity.
Cybersecurity Internet

All in-depth research & reports

Report

Jun 24, 2024

User in the middle: An interoperability and security guide for policymakers

By Maia Hamin, Alphaeus Hanson

When technologies work together, it benefits users and the digital ecosystem. Policymakers can advance interoperability and security in tandem by understanding how each impacts the other.

Report

Jun 12, 2024

“Reasonable” cybersecurity in forty-seven cases: The Federal Trade Commission’s enforcement actions against unfair and deceptive cyber Practices

By Isabella Wright and Maia Hamin

The FTC has brought 47 cases against companies for unfair or deceptive cybersecurity practices. What can we learn from them?

Cybersecurity

Report

Apr 22, 2024

Markets matter: A glance into the spyware industry

By Jen Roberts, Trey Herr, Emma Taylor, Nitansha Bansal

The Intellexa Consortium is a complex web of holding companies and vendors for spyware and related services. The Consortium represents a compelling example of spyware vendors in the context of the market in which they operate—one which helps facilitate the commercial sale of software driving both human rights and national security risk.

Civil Society
Cybersecurity

Issue Brief

Apr 18, 2024

O$$ security: Does more money for open source software mean better security? A proof of concept

By Sara Ann Brackett, John Speed Meyers, Stewart Scott

A proof-of-concept study looking for correlation between open source software project funding and security practices at scale.

Cybersecurity

Report

Feb 15, 2024

Hacking with AI

By Maia Hamin, Stewart Scott

Can generative AI help hackers? By deconstructing the question into attack phases and actor profiles, this report analyzes the risks, the realities, and their implications for policy.

Artificial Intelligence
Cybersecurity

Issue Brief

Feb 8, 2024

Future-proofing the Cyber Safety Review Board

By Maia Hamin, Trey Herr, Stewart Scott, Alphaeus Hanson

The Cyber Safety Review Board seeks to examine and learn from complex failures in cyberspace. As Congress considers how to design its next iteration, there are ways to make it more effective and adaptable for the increasing challenges to come.

Cybersecurity

Report

Jan 16, 2024

Design questions in the software liability debate

By Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz

Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of insecure software. This report identifies key design questions for such regimes and tracks their discussion through the decades-long history of the debate.

Cybersecurity

Report

Nov 13, 2023

This job post will get you kidnapped: A deadly cycle of crime, cyberscams, and civil war in Myanmar

By Emily Ferguson and Emma Schroeder

In Myanmar, cybercrime has become an effective vehicle through which nonstate actors can fund and perpetuate conflict.

Cybersecurity
Indo-Pacific

Issue Brief

Oct 12, 2023

Driving software recalls: Manufacturing supply chain best practices for open source consumption

By Jeff Wayman, Brian Fox

Product recalls require practices that can help software vendors move toward better component selection and tracking and better relationships with customers, all while making software vendors responsible for OSS security instead of maintainers.

Cybersecurity

Report

Sep 6, 2023

Sleight of hand: How China weaponizes software vulnerabilities

By Dakota Cary and Kristin Del Rosso

China’s new vulnerability management system mandates reporting to MIIT within 48 hours, restricting pre-patch publication and POC code. This centralized approach contrasts with the US voluntary system, potentially aiding Chinese intelligence. MIIT shares data with the MSS, affecting voluntary databases as well. MSS also fund firms to provide vulnerabilities for their offensive potential.

China
Cybersecurity
Load More

The Atlantic Council’s Cyber Statecraft Initiative, part of the Atlantic Council Technology Programs, works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

learn more