Keep up with our work!

Follow us on Twitter for to keep up with the latest cybersecurity developments

Follow the Atlantic Council on LinkedIn for the the latest geopolitical analysis

Follow us on Spotify for the latest and greatest in cyber-themed music playlists

Projects

Cyber Statecraft team

Cyber Statecraft fellows

Keep up with our work!

Follow us on Twitter for to keep up with the latest developments

Content

Buying Down Risk

May 3, 2022

Buying down risk: Open source software

By Trey Herr, Robert Morgus, Stewart Scott, and Tianjiu Zuo

Open-source software underpins most modern code, and the unique incentives and constraints its developers face pose a tricky set of challenges for the cybersecurity ecosystem.

Cybersecurity Technology & Innovation

Buying Down Risk

May 3, 2022

Buying down risk: Complexity management

By Trey Herr, Robert Morgus, Stewart Scott, and Tianjiu Zuo

The ever-increasing complexity of software programs and services can become a security and operational challenge in and of itself, increasing ecosystem-wide risk.

Cybersecurity Technology & Innovation

Buying Down Risk

May 3, 2022

Buying down risk: Software provenance and composition

By Trey Herr, Robert Morgus, Stewart Scott, and Tianjiu Zuo

SBoM adoption is picking up pace, aiming to provide better insight into and contractual leverage for software components—increased investment, standardization, and coordination can help fully develop SBoM use.

Cybersecurity Technology & Innovation

Buying Down Risk

May 3, 2022

Buying down risk: Cyber poverty line

By Trey Herr, Robert Morgus, Stewart Scott, and Tianjiu Zuo

Many enterprises face systemic challenges to their cybersecurity posture, from resource shortages to suboptimal risk attitudes, all of which weaken an ecosystem only as secure as its weakest links.

Cybersecurity Technology & Innovation

Buying Down Risk

May 3, 2022

Buying down risk: Cyber liability

By Trey Herr, Robert Morgus, Stewart Scott, and Tianjiu Zuo

Despite software's ubiquity and omnipresent vulnerability, conventions around liability for software producers are still informal and rarely enforced.

Cybersecurity Technology & Innovation

Buying Down Risk

May 3, 2022

Buying down risk: Memory safety

By Trey Herr, Robert Morgus, Stewart Scott, and Tianjiu Zuo

Some coding languages, like C and C++, allow for a common, exceptionally dangerous bug called a memory safety error, comprising up to 70 percent of industry vulnerabilities.

Cybersecurity Technology & Innovation

Buying Down Risk

May 3, 2022

Buying down risk in the cyber ecosystem: Arguments for the national cybersecurity strategy

By Trey Herr, Robert Morgus, Stewart Scott, and Tianjiu Zuo

The private sector has enormous influence over the cybersecurity ecosystem. Security investments stemming from enterprise and prioritizing a more resilient environment over reacting to emerging incidents can have massive impact at scale.

Cybersecurity Technology & Innovation

The 5×5

Apr 29, 2022

The 5×5—Addressing the global market for offensive cyber capabilities

By Simon Handler

Five experts unpack the global market for offensive cyber capabilities and the implications associated with the proliferation of hacking tools.

Conflict Cybersecurity

In-Depth Research & Reports

Apr 18, 2022

America the Unready: Viking Age lessons for ransomware

By Emma Schroeder

"America the Unready: Viking Age lessons for ransomware" explores the rising tide of ransomware and presents three lessons that the US Government can learn from the English Viking Age about combating persistent, distributed threats through strengthening collective resilience and defense.

Cybersecurity

Issue Brief

Mar 30, 2022

Preparing the next phase of US cyber strategy

By Jenny Jun

This paper considers tensions in the current US cyber strategy for the Defense Department and the broader cyber policy community in the Biden-Harris administration as they form the next phase of the strategy and determine how, when, and under what conditions Defend Forward can best serve as a means to the goal of achieving superiority in cyberspace.

Cybersecurity