What is cyber statecraft?

Cyber statecraft is the use of technology to achieve strategic ends. Cyber statecraft is in a government’s design of data governance regulations to punish foreign firms, in a technology company’s decision to unmask a national intelligence operation, and in the military’s use of cyber effects to support forces on a kinetic battlefield. As private firms expand their authority over internet infrastructure, content, and activities they too become influential geopolitical players. As states assimilate technology into new domains of conventional warfare, surveillance, and security regulation, they fuse choices in technology design to political debate. 

This is the conduct of cyber statecraft, at the nexus of technology and geopolitics.  

The insecurity of widely used technology systems, from planes, to routers, to automobiles presents a marked danger to economic and social health. Adversaries present novel threats to well-established policy processes and demand action in new domains and in new forms from policymakers. The Cyber Statecraft Initiative presents substantive analysis from those closest to the issues, leveraging the Scowcroft Center’s innate expertise and a network of fellows to shift attention from singular incidents to the slow but tectonic nature of strategic change. 

Our pillars

Cyber operations and defense policy

Cyber capabilities are an increasingly common feature on modern battlefields and shape the conduct of statecraft. The development of these capabilities must now factor into debates about doctrine, force structure, and innovation. Our work looks at the broad policy landscape around cyber capabilities including the secure acquisition and operation of software intensive defense systems, modern security assistance, the proliferation of cyber capabilities, and network exploitation on the boundaries of electronic warfare. 

Internet and systems security

An interconnected system of global networks, the internet provides a massive platform for conducting commerce and linking people across international community. Organizations of all shapes and sizes depend on the internet. We work to support and advise governments and the private sector working to secure the internet from degradation, malign influence, and direct harm. We advocate for US global leadership and empowered user communities by convening practitioners to ensure a free, secure, and open internet. 

Communities of cyberspace

Cybersecurity continues to expand and with it the need for a trained and talented workforce in nations of all sizes. The size of this workforce continues to lag demand, particularly for those who can translate between policy and technology. Through our Cyber 9/12 Strategy Challenge, we seek to tackle the global cyber skills shortage with iterated crisis simulation, policy analysis, and mentorship. Part interactive learning experience, part competitive scenario exercise, Cyber 9/12 challenges student teams from a range of academic disciplines to respond to a realistic and evolving scenario. Teams analyze threats and develop responses to manage an escalating crisis, with built in feedback loops from expert judges.

Cyber safety

The convergence of the digital and physical worlds through embedded computing and the Internet of Things impacts the technology marketplace and geopolitical dynamics through systems people interact with every day. We seek to identify and influence key policy debates on the security of operational technologies across the United States, European Union, and Asia, driving collaborative efforts to focus on healthcare devices, maritime systems, and aerospace technologies.

Analysis and in-depth research

Our articles, issue briefs, and reports consist of notes from the field and analysis from our team—insights to give you practical leverage on the complex challenges of cybersecurity. A synthesis of technical systems and policy dynamics, cybersecurity demands detailed understanding to create meaningful change. These analyses dig deep into the concepts and assumptions that shape the geopolitics of cybersecurity. 

Featured content series

Events and convening

Leadership

Fellows

Experts

Content

Wed, Jul 1, 2020

India’s China app ban heightens need for multilateral discussion on digital privacy and security

Even with other the political and economic factors at play, the decision may be a small sign of some shared ground between India and the United States when it comes to data policy.

New Atlanticist by Justin Sherman

China Digital Policy

Fri, Jun 26, 2020

What’s behind Russia’s decision to ditch its ban on Telegram?

For years, the Kremlin was involved in cat-and-mouse efforts to block the use of Telegram, the encrypted messaging app, within Russia. Concerns about Telegram stem from the Kremlin’s concerns about the internet in general. The app enables the free flow of information, and especially when that information is encrypted, as Telegram’s is, the Kremlin sees the state’s narratives, its law enforcement surveillance capabilities, and Russia’s culture and public sphere as under threat. On June 18, however, Russia’s internet and media regulator Roskomnadzor said that it’s ending requirements to restrict Telegram access.

New Atlanticist by Justin Sherman

Cybersecurity Internet

Thu, Jun 25, 2020

Sherman quoted in Newsweek on U.S.-China cyber conflict

In the News

China Cybersecurity

Mon, Jun 22, 2020

Baseball and cybersecurity: Stealing insights from America’s pastime

Whether you have played, watched, hated, or never heard of baseball, lessons from the sport can be applied to many things in life—including cybersecurity. Cyber Statecraft Initiative experts go CSI5x5 to draw parallels between America’s pastime and today’s cybersecurity issues.

New Atlanticist by Simon Handler

Cybersecurity Technology & Innovation

Mon, Jun 15, 2020

The reverse cascade: Enforcing security on the global IoT supply chain

The Internet of Things (IoT) refers to the increasing convergence of the physical and digital worlds and it affects us all. Hundreds of “things” are being connected to the Internet and each other, with more than fifty billion devices expected to be connected by 2030. Many IoT devices are manufactured abroad at low cost with little consideration for security. How can we secure these devices, especially those manufactured outside the United States?

In-Depth Research & Reports by Nathaniel Kim, Trey Herr, and Bruce Schneier

Cybersecurity Internet of Things

Thu, Jun 11, 2020

Sherman quoted in Marketplace on Zoom and censorship

In the News

Cybersecurity Technology & Innovation

Thu, Jun 11, 2020

Two Chinese telecoms attempt to mollify FCC’s security concerns

The main claim of the Pacific Networks and ComNet response tot he FCC is that “the Companies are not ‘wholly-owned’ by the Chinese government and operate independently and without ‘exploitation, influence, and control’ of the Chinese government.

New Atlanticist by Justin Sherman

China Cybersecurity

Tue, Jun 2, 2020

The UK is forging a 5G club of democracies to avoid reliance on Huawei

As the need for alternatives to Huawei 5G technology becomes more urgent, democracies must pursue these kinds of diplomatic, coalition solutions. Forming a democratic 5G alliance is a step in that direction.

New Atlanticist by Justin Sherman

China Cybersecurity

Wed, May 27, 2020

The cybersecurity effects of coronavirus

Since COVID-19 began to spread within the United States in January of this year, the United States has been concentrating its efforts on mitigating the crisis at both a state and federal level. However, all efforts at containing the growing cybersecurity problems have been surface level and reactive at best.

New Atlanticist by Derek Bernsen

Coronavirus Cybersecurity

Tue, May 26, 2020

Sherman in Defense News: War rhetoric surrounds COVID surveillance

In the News

Cybersecurity National Security