What is cyber statecraft?

Cyber statecraft is the use of technology to achieve strategic ends. Cyber statecraft is in a government’s design of data governance regulations to punish foreign firms, in a technology company’s decision to unmask a national intelligence operation, and in the military’s use of cyber effects to support forces on a kinetic battlefield. As private firms expand their authority over internet infrastructure, content, and activities they too become influential geopolitical players. As states assimilate technology into new domains of conventional warfare, surveillance, and security regulation, they fuse choices in technology design to political debate. 

This is the conduct of cyber statecraft, at the nexus of technology and geopolitics.  

The insecurity of widely used technology systems, from planes, to routers, to automobiles presents a marked danger to economic and social health. Adversaries present novel threats to well-established policy processes and demand action in new domains and in new forms from policymakers. The Cyber Statecraft Initiative presents substantive analysis from those closest to the issues, leveraging the Scowcroft Center’s innate expertise and a network of fellows to shift attention from singular incidents to the slow but tectonic nature of strategic change. 

Our pillars

Cyber operations and defense policy

Cyber capabilities are an increasingly common feature on modern battlefields and shape the conduct of statecraft. The development of these capabilities must now factor into debates about doctrine, force structure, and innovation. Our work looks at the broad policy landscape around cyber capabilities including the secure acquisition and operation of software intensive defense systems, modern security assistance, the proliferation of cyber capabilities, and network exploitation on the boundaries of electronic warfare. 

Internet and systems security

An interconnected system of global networks, the internet provides a massive platform for conducting commerce and linking people across international community. Organizations of all shapes and sizes depend on the internet. We work to support and advise governments and the private sector working to secure the internet from degradation, malign influence, and direct harm. We advocate for US global leadership and empowered user communities by convening practitioners to ensure a free, secure, and open internet. 

Communities of cyberspace

Cybersecurity continues to expand and with it the need for a trained and talented workforce in nations of all sizes. The size of this workforce continues to lag demand, particularly for those who can translate between policy and technology. Through our Cyber 9/12 Strategy Challenge, we seek to tackle the global cyber skills shortage with iterated crisis simulation, policy analysis, and mentorship. Part interactive learning experience, part competitive scenario exercise, Cyber 9/12 challenges student teams from a range of academic disciplines to respond to a realistic and evolving scenario. Teams analyze threats and develop responses to manage an escalating crisis, with built in feedback loops from expert judges.

Cyber safety

The convergence of the digital and physical worlds through embedded computing and the Internet of Things impacts the technology marketplace and geopolitical dynamics through systems people interact with every day. We seek to identify and influence key policy debates on the security of operational technologies across the United States, European Union, and Asia, driving collaborative efforts to focus on healthcare devices, maritime systems, and aerospace technologies.

Analysis and in-depth research

Our articles, issue briefs, and reports consist of notes from the field and analysis from our team—insights to give you practical leverage on the complex challenges of cybersecurity. A synthesis of technical systems and policy dynamics, cybersecurity demands detailed understanding to create meaningful change. These analyses dig deep into the concepts and assumptions that shape the geopolitics of cybersecurity. 

Events and convening

Leadership

Opportunities

Looking for a paid summer internship?

We are now recruiting Young Global Professionals for Summer 2021!

Applications close Friday, March 26, 2021.

Fellows

Experts

Content

Mon, Mar 29, 2021

Broken trust: Lessons from Sunburst

The story of trust is an old one, but the Sunburst cyber-espionage campaign was a startling reminder of the United States’ collective cyber insecurity and the inadequacy of current US strategy to compete in a dynamic intelligence contest in cyberspace.

Report by Trey Herr, Will Loomis, Emma Schroeder, Stewart Scott, Simon Handler, and Tianjiu Zuo

Cybersecurity Intelligence

Wed, Mar 24, 2021

How to reverse three decades of escalating cyber conflict

Cyber conflict has not yet escalated from a fight inside cyberspace to a more traditional armed attack because of cyberspace. In part, this is because countries understand there are some tacit upper limits to escalation above which the response from the offended country will be war. Unfortunately, this happy state may not last.

New Atlanticist by Jason Healey and Robert Jervis

Cybersecurity Technology & Innovation

Tue, Mar 16, 2021

Handler in The Hill: Israel and Palestine must cooperate to combat disinformation

It is in the best interest of both Israel and the Palestinians to confront the challenge of Hamas disinformation together.

In the News by Atlantic Council

Disinformation Israel

Tue, Mar 16, 2021

A mom’s guide to coercion and deterrence

There’s a silver lining to parenting in a pandemic: It’s an education in the core concepts of international relations, as well as a useful reminder that we’re all operating in a condition of anarchy. Here's a mom’s primer on deterrence, coercion, credibility, and reassurance.

New Atlanticist by Emma Ashford, Erica Borghard

Conflict Crisis Management

Tue, Mar 9, 2021

Herr and Handler featured on an episode of the “Acquisition Talk” podcast

Eric Lofgren hosted Trey Herr and Simon Handler from the Cyber Statecraft Initiative on the Acquisition Talk podcast to discuss how the Department of Defense can improve the resilience of its mission systems.

In the News by Atlantic Council

Cybersecurity Defense Industry

Fri, Mar 5, 2021

The 5×5—Questioning basic assumptions in the cyber domain

Challenging assumptions in cyberspace also means challenging assumptions about the theorists and strategists themselves. International Women’s Day, coming up on March 8, serves as a reminder to include female voices as a means of enriching policy discussions, producing more insightful work, and driving impact.

New Atlanticist by Simon Handler, Emma Schroeder

Cybersecurity Internet

Mon, Mar 1, 2021

A primer on the proliferation of offensive cyber capabilities

Offensive cyber capabilities run the gamut from sophisticated, long-term disruptions of physical infrastructure to malware used to target human rights journalists. As these capabilities continue to proliferate with increasing complexity and to new types of actors, the imperative to slow and counter their spread only strengthens.

Issue Brief by Winnona DeSombre, Michele Campobasso, Dr. Luca Allodi, Dr. James Shires, JD Work, Robert Morgus, Patrick Howell O’Neill, and Dr. Trey Herr

Arms Control Conflict

Mon, Mar 1, 2021

Countering cyber proliferation: Zeroing in on Access-as-a-Service

The proliferation of offensive cyber capabilities (OCC) presents an expanding set of risks to states and challenges commitments to protect openness, security, and stability in cyberspace. Access as a Service firms offer various forms of “access” to target data or systems, and through these business practices are creating and selling OCC at an alarming rate. It is imperative that governments reevaluate their approach to countering the proliferation of OCC.

Report by Winnona DeSombre, James Shires, JD Work, Robert Morgus, Patrick Howell O’Neill, Luca Allodi, and Trey Herr

Arms Control Cybersecurity

Thu, Feb 11, 2021

The 5×5—Looking ahead for the Biden administration after a busy year in cybersecurity

It’s been a wild twelve months in the world of cybersecurity since the Atlantic Council’s Cyber Statecraft Initiative launched the 5×5 series. In celebration of the series' one-year anniversary, experts plotted the year ahead.

New Atlanticist by Simon Handler

Cybersecurity Technology & Innovation

Wed, Feb 10, 2021

Atlantic Council’s UK Cyber 9/12 Strategy Challenge returns for its fourth year

BT returns as strategic partner for virtual cybersecurity strategy challenge for UK students

Press Release

Cybersecurity United Kingdom