Highlighted content

In-Depth Research & Reports

In-Depth Research & Reports Oct 4, 2021

A system of systems: Cooperation on maritime cybersecurity

By William Loomis, Virpratap Vikram Singh, Dr. Gary C. Kessler, Dr. Xavier Bellekens

The MTS is not monolithic; it is a markedly complex “system of systems.” This section segments the MTS into three discrete systems—ships, ports, and cargo—each with its own life cycle, in order to highlight areas of risk and leverage for policy makers and the industry.
Cybersecurity Maritime Security
In-Depth Research & Reports

Report Mar 29, 2021

Broken trust: Lessons from Sunburst

By Trey Herr, Will Loomis, Emma Schroeder, Stewart Scott, Simon Handler, and Tianjiu Zuo

The story of trust is an old one, but the Sunburst cyber-espionage campaign was a startling reminder of the United States’ collective cyber insecurity and the inadequacy of current US strategy to compete in a dynamic intelligence contest in cyberspace.
Cybersecurity Intelligence
In-Depth Research & Reports

Report Aug 31, 2020

Four myths about the cloud: The geopolitics of cloud computing

By Trey Herr

Cloud computing providers are more than companies—they govern vast utility infrastructure, play host to digital battlefields, and are magnificent engines of complexity. Cloud computing is embedded in contemporary geopolitics; the choices providers make are influenced by, and influential on, the behavior of states. In competition and cooperation, cloud computing is the canvas on which states conduct significant political, security, and economic activity.
Cybersecurity Internet

All in-depth research & reports

Issue Brief

Aug 26, 2021

Countering ransomware: Lessons from aircraft hijacking

By Simon Handler, Emma Schroeder, Frances Schroeder, and Trey Herr

Ransomware has plagued organizations for more than a decade, but the last three years have experienced a surge in both the number of incidents and the ransoms demanded. To more effectively counter ransomware, the US government should develop a strategy that draws on lessons learned from addressing a surge in aircraft hijackings through the late 1960s and early 1970s.

Cybersecurity
Terrorism

Issue Brief

Jul 12, 2021

Reassessing RuNet: Russian internet isolation and implications for Russian cyber behavior

By Justin Sherman

This issue brief examines recent “RuNet” developments and explores how they could elevate national security risks for the United States and Europe by changing the internet landscape in Russia and potentially shifting Russian cyber behavior.

Cybersecurity
Europe & Eurasia

Report

Jun 28, 2021

Collective cybersecurity for the Three Seas

By Safa Shahwan Edwards, Simon Handler, Trey Herr, Adam Marczyński, and Jakub Teska

In Central and Eastern Europe’s Three Seas region, twelve countries have joined together to invest in critical infrastructure projects and increase interconnectivity on energy, infrastructure, and digitization efforts along the way. To strengthen the resilience of these technical investments and better bind together the defensive cybersecurity operations of these societies, Three Seas member states should establish a regional hub for cybersecurity together with key private sector partners.

Central Europe
Cybersecurity

Issue Brief

May 10, 2021

What would Winston do? Cooperative approaches toward securing the Five Eyes information environment

By Daniel Dobrowolski, David V. Gioe, and Trey Herr

Given the global prevalence of English, the countries comprising the Five Eyes intelligence alliance should build upon existing proven frameworks to cooperate to secure their shared information environment.

Cybersecurity
Disinformation

Report

May 10, 2021

Mission resilience: Adapting defense aerospace to evolving cybersecurity challenges

By Simon Handler, Trey Herr, Steve Luczynski, and Reed Porada

While aerospace presents inherently distinct challenges from other spaces, defense organizations could look to the private sector and adapt commercial practices to implement the principles of resilience.

Cybersecurity
Defense Industry

Report

Mar 29, 2021

Broken trust: Lessons from Sunburst

By Trey Herr, Will Loomis, Emma Schroeder, Stewart Scott, Simon Handler, and Tianjiu Zuo

The story of trust is an old one, but the Sunburst cyber-espionage campaign was a startling reminder of the United States’ collective cyber insecurity and the inadequacy of current US strategy to compete in a dynamic intelligence contest in cyberspace.

Cybersecurity
Intelligence

Issue Brief

Mar 1, 2021

A primer on the proliferation of offensive cyber capabilities

By Winnona DeSombre, Michele Campobasso, Dr. Luca Allodi, Dr. James Shires, JD Work, Robert Morgus, Patrick Howell O’Neill, and Dr. Trey Herr

Offensive cyber capabilities run the gamut from sophisticated, long-term disruptions of physical infrastructure to malware used to target human rights journalists. As these capabilities continue to proliferate with increasing complexity and to new types of actors, the imperative to slow and counter their spread only strengthens.

Arms Control
Conflict

Report

Mar 1, 2021

Countering cyber proliferation: Zeroing in on Access-as-a-Service

By Winnona DeSombre, James Shires, JD Work, Robert Morgus, Patrick Howell O’Neill, Luca Allodi, and Trey Herr

The proliferation of offensive cyber capabilities (OCC) presents an expanding set of risks to states and challenges commitments to protect openness, security, and stability in cyberspace. Access as a Service firms offer various forms of “access” to target data or systems, and through these business practices are creating and selling OCC at an alarming rate. It is imperative that governments reevaluate their approach to countering the proliferation of OCC.

Arms Control
Cybersecurity

Issue Brief

Feb 1, 2021

Pathologies of obfuscation: Nobody understands cyber operations or wargaming

By Nina Kollars and Benjamin Schechter

National security and defense professionals have long utilized wargames to better understand hypothetical conflict scenarios. With conflict in the cyber domain becoming a more prominent piece in wargames in the national security community, this issue brief seeks to identify the common pathologies, or potential pitfalls, of cyber wargaming.

Cybersecurity
National Security

Report

Dec 14, 2020

How do you fix a flying computer? Seeking resilience in software-intensive mission systems

By Trey Herr, Reed Porada, Simon Handler, Orton Huang, Stewart Scott, Robert Lychev, and Jeremy Mineweaser

Defense organizations, by nature, confront unanticipated and highly impactful disruptions. They must adapt complex mission systems to withstand these disruptions and accomplish defined objectives. To ensure mission systems like the F-35 remain available, capable, and lethal in conflicts to come demands the United States and its allies prioritize the resilience of these systems.

Cybersecurity
Defense Industry
Load More

The Atlantic Council’s Cyber Statecraft Initiative, part of the Atlantic Council Technology Programs, works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

learn more