Highlighted content

In-Depth Research & Reports

In-Depth Research & Reports Oct 4, 2021

A system of systems: Cooperation on maritime cybersecurity

By William Loomis, Virpratap Vikram Singh, Dr. Gary C. Kessler, Dr. Xavier Bellekens

The MTS is not monolithic; it is a markedly complex “system of systems.” This section segments the MTS into three discrete systems—ships, ports, and cargo—each with its own life cycle, in order to highlight areas of risk and leverage for policy makers and the industry.
Cybersecurity Maritime Security
In-Depth Research & Reports

Report Mar 29, 2021

Broken trust: Lessons from Sunburst

By Trey Herr, Will Loomis, Emma Schroeder, Stewart Scott, Simon Handler, and Tianjiu Zuo

The story of trust is an old one, but the Sunburst cyber-espionage campaign was a startling reminder of the United States’ collective cyber insecurity and the inadequacy of current US strategy to compete in a dynamic intelligence contest in cyberspace.
Cybersecurity Intelligence
In-Depth Research & Reports

Report Aug 31, 2020

Four myths about the cloud: The geopolitics of cloud computing

By Trey Herr

Cloud computing providers are more than companies—they govern vast utility infrastructure, play host to digital battlefields, and are magnificent engines of complexity. Cloud computing is embedded in contemporary geopolitics; the choices providers make are influenced by, and influential on, the behavior of states. In competition and cooperation, cloud computing is the canvas on which states conduct significant political, security, and economic activity.
Cybersecurity Internet

All in-depth research & reports

Report

Sep 26, 2022

Security in the billions: Toward a multinational strategy to better secure the IoT ecosystem

By Patrick Mitchell, Liv Rowley, and Justin Sherman with Nima Agah, Gabrielle Young, and Tianjiu Zuo

The explosion of Internet of Things (IoT) devices and services worldwide has amplified a range of cybersecurity risks to individuals’ data, company networks, critical infrastructure, and the internet ecosystem writ large. In light of this systemic risk, this report offers a multinational strategy to enhance the security of the IoT ecosystem. It provides a framework for a clearer understanding of the IoT security landscape and its needs, looks to reduce fragmentation between policy approaches, and seeks to better situate technical and process guidance into cybersecurity policy.

Cybersecurity
Internet of Things

Conflict, Risk, and Tech

Sep 19, 2022

Untangling the Russian web: Spies, proxies, and spectrums of Russian cyber behavior 

By Justin Sherman

This issue brief analyzes the range of Russian government’s involvement with different actors in the large, complex, and often opaque cyber web, as well as the risks and benefits the Kremlin perceives or gets from leveraging actors in this group. The issue brief concludes with three takeaways and actions for policymakers in the United States, as well as in allied and partner countries.

Cybersecurity
Russia

Report

Sep 14, 2022

Dragon tails: Preserving international cybersecurity research

By Stewart Scott, Sara Ann Brackett, Yumi Gambrill, Emmeline Nettles, Trey Herr

A quantitative study on whether legal context can impact the supply of vulnerability research with detrimental effects for cybersecurity writ large through the coordinated vulnerability disclosure process (CVD), using recent regulations in China as a case study.

China
Cybersecurity

Issue Brief

Aug 2, 2022

Behind the rise of ransomware

By John Sakellariadis

Between 2016 and 2019, cybercriminals shifted from automated ransomware campaigns that emphasized scale to targeted extortion operations against organizations. This adaption made ransomware more disruptive and more profitable, culminating in the 2021 surge in ransomware. Though the US government has devoted more attention to ransomware since 2021, ransomware remains a significant and long-term threat to the US economy.

Cybersecurity

Conflict, Risk, and Tech

Jul 25, 2022

Hackers, Hoodies, and Helmets: Technology and the changing face of Russian private military contractors

By Emma Schroeder, Gavin Wilde, Justin Sherman, and Trey Herr

This issue brief explores the technological capabilities of Russian private military companies and how they are used across various types of missions in support of and in parallel with Russian policy.

Africa
Cybersecurity

Issue Brief

Jun 14, 2022

Victory reimagined: Toward a more cohesive US cyber strategy

By Emma Schroeder, Stewart Scott, Trey Herr

US policy is on two potentially divergent paths: one that prioritizes the protection of American infrastructure through the pursuit of US cyber superiority, and one that seeks an open, secure cyber ecosystem.

Cybersecurity
Security & Defense

In-Depth Research & Reports

Apr 18, 2022

America the Unready: Viking Age lessons for ransomware

By Emma Schroeder

“America the Unready: Viking Age lessons for ransomware” explores the rising tide of ransomware and presents three lessons that the US Government can learn from the English Viking Age about combating persistent, distributed threats through strengthening collective resilience and defense.

Cybersecurity

Issue Brief

Mar 30, 2022

Preparing the next phase of US cyber strategy

By Jenny Jun

This paper considers tensions in the current US cyber strategy for the Defense Department and the broader cyber policy community in the Biden-Harris administration as they form the next phase of the strategy and determine how, when, and under what conditions Defend Forward can best serve as a means to the goal of achieving superiority in cyberspace.

Cybersecurity

In-Depth Research & Reports

Mar 14, 2022

Targeting Ukraine through Washington: Russian election interference, Ukraine, and the 2024 US election 

By Gavin Wilde and Justin Sherman

US officials should recognize that Ukraine’s trajectory has always been a centerpiece of Russian interference in US elections. Doing so should guide US policymakers’ observations of what is happening now in Ukraine—and their preparations for what promises to be a climactic 2024 US election cycle.

Cybersecurity
Disinformation

Issue Brief

Jan 31, 2022

What do we know about cyber operations during militarized crises?

By Michael Fischerkeller

This essay focuses on how cyber operations employed during militarized crises are likely to impact escalation management. Cyber operations intended as offramps in a crisis could have an outcome opposite than that intended. Given the absence of direct experience, policymakers must critically examine assumptions and claims that cyber operations can serve as de-escalatory crisis offramps.

Cybersecurity
Load More

The Atlantic Council’s Cyber Statecraft Initiative, part of the Atlantic Council Technology Programs, works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

learn more