The Cyber Statecraft Initiative works at the nexus of geopolitics, technology, and security to craft strategies to help shape the conduct of statecraft and to better inform and secure users. This work extends through the competition of state and non-state actors, the security of the internet and computing systems, the safety of operational technology and physical systems, and the communities of cyberspace. The Initiative convenes a diverse network of passionate and knowledgeable contributors, bridging the gap among technical, policy, and user communities.

Our work

Cybersecurity, Strategy, and Policy

Bridging technical, policy, and user communities to better secure digital systems around the world. 

Learn more

Tech and Markets

Understanding how competition between multinational companies and states shapes the politics of, and trust in, digital technologies.

Learn more

Conflict, Risk, and Tech

Understanding the actors, behaviors, impact, and risks created by those designing and employing the technology that in turn, shapes conflict today.

Learn more

Capacity Building Initiative

Cybersecurity benefits from a richer set of voices, perspectives and capabilities, in the analysis, at the keyboard, and in the boardroom.

Learn more

The Atlantic Council Technology Programs comprises five existing efforts—the Digital Forensic Research Lab (DFRLab), the GeoTech Center, the Cyber Statecraft Initiative, the Democracy + Tech Initiative, and the Capacity Building Initiative. These operations work together to address the geopolitical implications of technology and provide policymakers and global stakeholders necessary research, insights, and convenings to address challenges around global technology and ensure its responsible advancement.

learn more

Team

Staff

Trey Herr

Senior Director

Cyber Statecraft Initiative

Cybersecurity Digital Policy

Staff

Safa Shahwan Edwards

Director, Capacity Building & Communities

Cyber Statecraft Initiative

Cybersecurity Spanish

Staff

Nikita Shah

Senior Resident Fellow

Cyber Statecraft Initiative

Cybersecurity Intelligence

Staff

Nancy Messieh

Deputy Director, Visual Communications

Cyber Statecraft Initiative

Staff

Stewart Scott

Deputy Director

Cyber Statecraft Initiative

Cybersecurity Disinformation

Staff

Morgan McMurray

Associate Director, Capacity Building

Cyber Statecraft Initiative

Cybersecurity Digital Policy

Staff

Jen Roberts

Associate Director

Cyber Statecraft Initiative

Cybersecurity French

Staff

Emma Schroeder

Associate Director

Cyber Statecraft Initiative

Conflict Cybersecurity

Staff

Nitansha Bansal

Assistant director

Cyber Statecraft Initiative

Artificial Intelligence Cybersecurity

Staff

Sara Ann Brackett

Assistant Director

Cyber Statecraft Initiative

Cybersecurity

Staff

Urmita Chowdhury

Assistant Director, Trainings and Competitions

Cyber Statecraft Initiative

Bengali Cybersecurity

Fellows

Fellow

Winnona DeSombre Bernsen

Nonresident Fellow

Cyber Statecraft Initiative

China Chinese

Fellow

Danielle Jablanski

Nonresident Fellow

Cyber Statecraft Initiative

Cybersecurity Technology & Innovation

Fellow

Will Loomis

Nonresident Fellow

Cyber Statecraft Initiative

Cybersecurity

Fellow

John Speed Meyers

Nonresident Senior Fellow

Cyber Statecraft Initiative

Cybersecurity Technology & Innovation

Fellow

Wendy Nather

Nonresident Senior Fellow

Cyber Statecraft Initiative

Cybersecurity English

Fellow

Katie Nickels

Nonresident Senior Fellow

Cyber Statecraft Initiative Digital Forensic Research Lab

Cybersecurity Technology & Innovation

Fellow

Megan Samford

Nonresident Senior Fellow

Cyber Statecraft Initiative

Cybersecurity Technology & Innovation

Fellow

Chinmayi Sharma

Nonresident Fellow

Cyber Statecraft Initiative

Cybersecurity Digital Policy

Fellow

Justin Sherman

Nonresident Fellow

Cyber Statecraft Initiative

China Cybersecurity

Fellow

Margaret Smith

Nonresident Senior Fellow

Cyber Statecraft Initiative

Cybersecurity Security & Defense

Fellow

Josephine Wolff

Nonresident Senior Fellow

Cyber Statecraft Initiative

Cybersecurity Internet

Publications

Issue Brief

Oct 12, 2023

Driving software recalls: Manufacturing supply chain best practices for open source consumption

By Jeff Wayman, Brian Fox

Product recalls require practices that can help software vendors move toward better component selection and tracking and better relationships with customers, all while making software vendors responsible for OSS security instead of maintainers.

Cybersecurity

Article

Sep 27, 2023

Kink in the chain: Eight perspectives on software supply chain risk management

By Cyber Statecraft Initiative

Software supply chain attacks are popular, impactful, and are used to great effect by malicious actors. To dive deeper on this topic, we asked eight experts about these threats and how policymakers can help protect against them.

Cybersecurity United States and Canada

Trackers and Data Visualizations

Sep 27, 2023

Software supply chain security: The dataset

By Will Loomis, Stewart Scott, Trey Herr, Sara Ann Brackett, Nancy Messieh, and June Lee

Want to dive deeper into the Breaking Trust database? You have come to the right place.

Cybersecurity United States and Canada

The 5×5

Sep 20, 2023

The 5×5—Bridging the divide: Cyber conflict in international relations

By Simon Handler

Researchers discuss the relationship between the cyber policy and academic communities, and share their advice for those interested in breaking into each community.

Cybersecurity National Security

In the News

Sep 6, 2023

Wired picked up a Global China Hub and Cyber Statecraft Initiative report on how China demands tech firms to reveal hackable flaws in their products. The initial report was written by Global China Hub Nonresident fellow Dakota Cary and Kristin Del Rosso

Andy Greenberg at Wired wrote about the recent Atlantic Council report which “investigates the fallout of a Chinese law passed in 2021, designed to reform how companies and security researchers operating in China handle the discovery of security vulnerabilities in tech products.” The original article report was written by Global China Hub nonresident fellow Dakota […]

China Economic Sanctions

Report

Sep 6, 2023

Sleight of hand: How China weaponizes software vulnerabilities

By Dakota Cary and Kristin Del Rosso

China’s new vulnerability management system mandates reporting to MIIT within 48 hours, restricting pre-patch publication and POC code. This centralized approach contrasts with the US voluntary system, potentially aiding Chinese intelligence. MIIT shares data with the MSS, affecting voluntary databases as well. MSS also fund firms to provide vulnerabilities for their offensive potential.

China Cybersecurity

The 5×5

Aug 21, 2023

The 5×5—Cloud risks and critical infrastructure

By Simon Handler

Experts share their perspectives on the challenges facing cloud infrastructure and how policy can encourage better security and risk governance across this critical sector.

Cybersecurity Infrastructure Protection

The 5×5

Aug 3, 2023

The 5×5—Cyber conflict in international relations: A policymaker’s perspective

By Simon Handler

Current and former policymakers address cyber conflict’s fundamental place in international relations, their recommended readings, and ideas for how policymakers and scholars can more effectively engage one another.

Cybersecurity National Security

Cybersecurity, Strategy, and Policy

Jul 19, 2023

Why do SBOM haters hate? Or why trade associations say the darndest things

By John Speed Meyers, Sara Ann Brackett, Trey Herr

SBOMs are an important step forward for software supply chain security, so despite pushback and opposition, industry and government should take a page out of Taylor Swift’s book and just keep cruisin’, don’t let SBOM haters get in the way. 

Cybersecurity

Markup

Jul 18, 2023

The National Cybersecurity Strategy Implementation Plan: A CSI Markup

By Trey Herr, Stewart Scott, Maia Hamin, Will Loomis, Sara Ann Brackett, Jennifer Linn

On July 13, the White House released the Implementation Plan for the 2023 US National Cybersecurity Strategy. Read along with CSI staff, fellows, and experts for commentary and what the NCSIP means for the Strategy.

Cybersecurity United States and Canada
Load More

Events

Public Event Tue, September 23, 2025 • 9:30 am ET

Jacob Helberg on economics and geopolitics in the age of AI
Artificial Intelligence Economy & Business Security & Defense United States and Canada
Online Event Tue, September 9, 2025 • 8:30 am ET

Building cybersecurity capacity in Sub-Saharan Africa
Cybersecurity Digital Policy Internet of Things
Public Event Fri, September 5, 2025 • 10:30 am ET

Truth and trust in the AI supply chain
Artificial Intelligence Cybersecurity Technology & Innovation
Online Event Tue, August 26, 2025 • 10:00 am ET

Accountability now: Liability for spyware harms
Politics & Diplomacy Rule of Law
Public Event Tue, May 20, 2025 • 11:30 am ET

Report launch: Confronting Russia’s cyber power
Cybersecurity Digital Policy Europe & Eurasia Infrastructure Protection
Load More

The Atlantic Council’s Cyber Statecraft Initiative, part of the Atlantic Council Technology Programs, works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

learn more

Licensing CSI Graphics

All original graphics created by the Cyber Statecraft Initiative (CSI) are available for re-use under the following conditions:

  • Written permission must be granted by CSI.
  • Graphics may be copied and distributed in any medium or format in unadapted form only, for noncommerical purposes, and only so long as attribution is given.1Language based on Creative Commons CC BY-NC-ND 4.0
  • The attribution must reference the Cyber Statecraft Initiative and include a link to the content.
  • CSI cannot grant permission for the use of images or graphics licensed from third parties.
CONTACT US FOR LICENSING REQUESTS