What is cyber statecraft?

Cyber statecraft is the use of technology to achieve strategic ends. Cyber statecraft is in a government’s design of data governance regulations to punish foreign firms, in a technology company’s decision to unmask a national intelligence operation, and in the military’s use of cyber effects to support forces on a kinetic battlefield. As private firms expand their authority over internet infrastructure, content, and activities they too become influential geopolitical players. As states assimilate technology into new domains of conventional warfare, surveillance, and security regulation, they fuse choices in technology design to political debate. 

This is the conduct of cyber statecraft, at the nexus of technology and geopolitics.  

The insecurity of widely used technology systems, from planes, to routers, to automobiles presents a marked danger to economic and social health. Adversaries present novel threats to well-established policy processes and demand action in new domains and in new forms from policymakers. The Cyber Statecraft Initiative presents substantive analysis from those closest to the issues, leveraging the Scowcroft Center’s innate expertise and a network of fellows to shift attention from singular incidents to the slow but tectonic nature of strategic change. 

Our pillars

Cyber operations and defense policy

Cyber capabilities are an increasingly common feature on modern battlefields and shape the conduct of statecraft. The development of these capabilities must now factor into debates about doctrine, force structure, and innovation. Our work looks at the broad policy landscape around cyber capabilities including the secure acquisition and operation of software intensive defense systems, modern security assistance, the proliferation of cyber capabilities, and network exploitation on the boundaries of electronic warfare. 

Internet and systems security

An interconnected system of global networks, the internet provides a massive platform for conducting commerce and linking people across international community. Organizations of all shapes and sizes depend on the internet. We work to support and advise governments and the private sector working to secure the internet from degradation, malign influence, and direct harm. We advocate for US global leadership and empowered user communities by convening practitioners to ensure a free, secure, and open internet. 

Communities of cyberspace

Cybersecurity continues to expand and with it the need for a trained and talented workforce in nations of all sizes. The size of this workforce continues to lag demand, particularly for those who can translate between policy and technology. Through our Cyber 9/12 Strategy Challenge, we seek to tackle the global cyber skills shortage with iterated crisis simulation, policy analysis, and mentorship. Part interactive learning experience, part competitive scenario exercise, Cyber 9/12 challenges student teams from a range of academic disciplines to respond to a realistic and evolving scenario. Teams analyze threats and develop responses to manage an escalating crisis, with built in feedback loops from expert judges.

Cyber safety

The convergence of the digital and physical worlds through embedded computing and the Internet of Things impacts the technology marketplace and geopolitical dynamics through systems people interact with every day. We seek to identify and influence key policy debates on the security of operational technologies across the United States, European Union, and Asia, driving collaborative efforts to focus on healthcare devices, maritime systems, and aerospace technologies.

Analysis and in-depth research

Our articles, issue briefs, and reports consist of notes from the field and analysis from our team—insights to give you practical leverage on the complex challenges of cybersecurity. A synthesis of technical systems and policy dynamics, cybersecurity demands detailed understanding to create meaningful change. These analyses dig deep into the concepts and assumptions that shape the geopolitics of cybersecurity. 

Featured content series

Events and convening

Leadership

Fellows

Experts

Content

Wed, Jul 29, 2020

Jun interviewed on NK News about North Korea’s cyber activity

In the News

Cybersecurity Korea

Wed, Jul 29, 2020

Fighting COVID-19 with surveillance: Perspectives from across the globe

As more countries rely on digital tools to contain the spread of COVID-19, how will enhanced surveillance challenge privacy norms in the future? According to the World Health Organization, public health surveillance is critical to containing the pandemic. However, can enhanced surveillance during a public health crisis set precedents for digital surveillance in the future?

New Atlanticist by Simon Handler and Lily Liu

Africa Coronavirus

Sun, Jul 26, 2020

Breaking trust: The dataset

Want to dive deeper into the Breaking Trust database? You have come to the right place.

Resources by Trey Herr, Nancy Messiah, June Lee, Will Loomis, and Stewart Scott

Cybersecurity Technology & Innovation

Sun, Jul 26, 2020

App stores in focus

App stores and hubs are a popular target for software supply chain attacks on large numbers of users, exploiting trust in proprietary app ecosystems and the security of storefronts like Play Store and App Store.

Feature by Trey Herr, June Lee, Will Loomis, and Stewart Scott

Cybersecurity Technology & Innovation
breaking trust_header

Sun, Jul 26, 2020

Breaking trust: Shades of crisis across an insecure software supply chain

Software supply chain security remains an under-appreciated domain of national security policymaking. Working to improve the security of software supporting private sector enterprise as well as sensitive Defense and Intelligence organizations requires more coherent policy response together industry and open source communities.

In-Depth Research & Reports by Dr. Trey Herr, William Loomis, Stewart Scott, June Lee

Cybersecurity Defense Technologies

Sun, Jul 26, 2020

Deep impact: States and software supply chain attacks

States have used software supply chain attacks to great effect. Hijacked updates have routinely delivered the most crippling state-backed attacks, thanks in part to a continued failure to secure the code-signing process.

Feature by Trey Herr, June Lee, Will Loomis, and Stewart Scott

China Cybersecurity

Wed, Jul 22, 2020

Troubled vision: Understanding recent Israeli–Iranian offensive cyber exchanges

Reported Iranian intrusions against Israeli critical infrastructure networks and alleged Israeli actions against Iranian proliferation-associated targets pose substantial new challenges to understanding ongoing competition and conflict in the Middle East.

Issue Brief by JD Work and Richard Harknett

Cybersecurity Iran

Mon, Jul 20, 2020

Sherman interviewed on Cornell Law School’s “A Law in Common” podcast on the US-India tech relationship

In the News

Cybersecurity Defense Technologies

Mon, Jul 20, 2020

Nine cyberattacks that will remind you of your ex

Just as you should be wary of reconnecting with someone who should probably be left in the past, keep an eye out for an increase in cyber incidents. In preparation for the very real possibility of exes coming out of the woodwork and cyber incidents making the news, we’ve identified nine cyberattacks that will remind you of your ex.

New Atlanticist by Safa Shahwan Edwards

Cybersecurity

Fri, Jul 17, 2020

Sherman quoted in WIRED about the Trump administration’s discussed ban on TikTok

In the News

Cybersecurity Internet