Featured commentary & analysis
Notes from the field and analysis from our team—insights to give you practical leverage on the complex challenges of cybersecurity.
Wed, Jan 8, 2020
Atlantic Council press call: What will follow the US strike on Major General Soleimani?
This development will influence US engagement with Iran and partners in the region and its knock-on effects may very well manifest in the cyber domain. What type of de-escalatory engagement should we expect between the US and Iran following the assassination of Soleimani? What types of responses, both kinetic and cyber, can we expect from Iran, a country in need of appearing powerful to its allies and adversaries?
Press and Members Call by
Tue, Jan 7, 2020
US-Iran in crisis: Strategic ambiguity and loud weapons in cyberspace
Iran’s government will feel the need to retaliate against the United States, but it does not wish to ignite a prolonged war with the United States. The regime’s near-term aim is to demonstrate to its domestic and regional constituencies that it has the capability and the resolve to avenge Soleimani’s killing and, more strategically, to drum up support for hardliners ahead of legislative elections next month. While Iran has a number of options available, its cyber toolkit not one to be overlooked.
New Atlanticist by
Mon, Oct 28, 2019
The zero-day war? How cyber is reshaping the future of the most combustible conflicts
Conventional wisdom would suggest that scaled-up capabilities, growing competition, and the proliferation of malware across cyberspace presents a legitimate risk of escalation in state conflict, transcending the cyber domain toward the kinetic. However, recent history has shown that states have more often availed themselves of their offensive cyber arsenals to achieve surprisingly de-escalatory effects.
New Atlanticist by
Featured in-depth research & reports
A synthesis of technical systems and policy dynamics, cybersecurity demands detailed understanding to create meaningful change. These reports dig deep into the concepts and assumptions that shape the geopolitics of cybersecurity.
Wed, Dec 11, 2019
Aviation cybersecurity: Scoping the challenge
The digital attack surface the aviation sector presents to its adversaries continues to grow in such a way that both managing risk and gaining insight on it remain difficult. With emerging technologies like machine learning and fifth-generation (5G) telecommunications seeing wider adoption—alongside electric vertical takeoff and landing (eVTOL), autonomous aircraft, and increased use of space—aviation-cybersecurity risk management is on the cusp of becoming more complex.
Report by
Fri, Nov 22, 2019
What do we know about cyber escalation? Observations from simulations and surveys
Do cyber operations alter how states respond to international crises in a way that creates incentives for decision makers to cross the Rubicon and use military force to settle disputes? This question is central to current cyber strategy debates and the idea of persistent engagement and defending forward in cyberspace. The answer is surprising: no. Based on the evidence, cyber operations offer a valuable escalatory offramp.
Issue Brief by
Fri, Sep 6, 2019
Alternate cybersecurity futures
If the national security community continues to focus on immediate threats and managing current emergencies, it will never escape a cycle of crises, nor manage to impose a strategy to shape tomorrow’s environment.
Report by
Featured event series
Cyber 9/12 Strategy Challenge
The Cyber 9/12 Strategy Challenge is a one-of-a-kind cyber competition designed to provide students from across academic disciplines with a deeper understanding of the policy and strategy challenges associated with management of tradeoffs during a cyber crisis.
Cyber Risk Wednesdays
The Cyber Risk Wednesday event series, underwritten by Raytheon, provides the cognitive and physical space to help policymakers, corporate leaders, and the public navigate technology and policy interrelationships in a language that resonates with them, and to inject foresight-driven and multidisciplinary analyses into core cyber debates.
Leadership
Employment opportunities
Join our cause with the Cyber Statecraft Initiative of the Scowcroft Center for Strategy and Security.
Digital Statecraft, Digital Streetcraft Podcasts
Nowadays, information technology is an essential part of any nation-state’s toolkit. And yet, in the digital space, nation-states are just a few of many actors. A mastery of cyber operations can give nation-states the advantage they need to pursue their economic, national security or foreign policy goals. But without private sector and civil society cooperation, that mastery can be difficult to achieve. Hosted by the Atlantic Council’s Cyber Statecraft Initiative, Digital Statecraft Digital Streetcraft features diverse perspectives from thinkers in academia, industry and government. By bridging the worlds of statecraft and streetcraft, it examines questions at the nexus of information and communications technologies, geopolitics and national security, searching for cooperation to make cyberspace safer, more stable and more secure for all.
Episode 6: Securing the Software Supply Chain
November 4, 2019
The sheer magnitude and volume of code in software is always expanding. With many open source contributors and the opaque cloud operation of most software, there are just as many vulnerabilities as technological capabilities. In this episode, hear Michael Daly, the CTO of Raytheon, talk about this increasingly important topic: supply chain software security.
Episode 5: Digital Defenders
August 28, 2019
In this episode of Digital Statecraft, Digital Streetcraft, we are joined by Dr. Trey Herr, Director of the Atlantic Council’s Cyber Statecraft Initiative; Mariah Kenny, a recent Graduate from the University of Virginia and NCCDC UVA team captain; and Caroline Linkous, freshman and Echols Scholar at the University of Virginia. Together they discuss the importance of training and educating the next generation of cyber defenders in order to remain at the forefront of the cybersecurity field.
Episode 4: Supply Chain Security in the 21st Century
April 15, 2019
Supply chain attacks have caused some of the most damaging cyber incidents in history, including the 2017 NotPetya malware incident, and they are on the rise. The proliferation of internet-connected devices and the increased reliance of foreign manufacturing increases the attack surface for organizations and makes maintaining visibility into an entire supply chain challenging. The Atlantic Council and Raytheon facilitate a dynamic and solution-oriented discussion on mitigating supply chain risks in an increasingly-connected world.
Episode 3: Operationalizing Cyber Strategies
March 15, 2019
Early 2019 saw the biggest inflection point in US cyber strategy since 1998, with the White House, Department of Defense, and Cyber Command all publicizing new strategies. These new strategies adhering to persistent engagement will have second and third-order effects in the interconnected cyber world. The Atlantic Council and Raytheon facilitate a discussion covering whether these new strategies are the right strategies and how the US can make them work.
Episode 2: The Human Element of Cybersecurity
January 31, 2019
Humans are on the front lines of cybersecurity. As companies grow weary of disappointing “silver bullet” technical cybersecurity solutions, they need to turn to their workforce and the cyber community. Employees are more than just a weakness in the cyber perimeter; they can also be a valuable resource once equipped and educated. Employers should also be open to potential security professionals with unconventional backgrounds who can provide invaluable non-technical perspectives.
Episode 1: Protecting US Critical Infrastructure
December 21, 2018
The security of US critical infrastructure is vital to the nation’s security, prosperity, and well-being. We live in an era of constant advances in the sophistication of attack technology and the emergence of more destructive attacks and bolder nation-state actions, resulting in unprecedented access to power grid operations. Despite renewed concerns about the threat and the risks associated with potential disruptions, threats clearly outpace our ability to secure the infrastructure.
