What is cyber statecraft?

Cyber statecraft is the use of technology to achieve strategic ends. Cyber statecraft is in a government’s design of data governance regulations to punish foreign firms, in a technology company’s decision to unmask a national intelligence operation, and in the military’s use of cyber effects to support forces on a kinetic battlefield. As private firms expand their authority over internet infrastructure, content, and activities they too become influential geopolitical players. As states assimilate technology into new domains of conventional warfare, surveillance, and security regulation, they fuse choices in technology design to political debate. 

This is the conduct of cyber statecraft, at the nexus of technology and geopolitics.  

The insecurity of widely used technology systems, from planes, to routers, to automobiles presents a marked danger to economic and social health. Adversaries present novel threats to well-established policy processes and demand action in new domains and in new forms from policymakers. The Cyber Statecraft Initiative presents substantive analysis from those closest to the issues, leveraging the Scowcroft Center’s innate expertise and a network of fellows to shift attention from singular incidents to the slow but tectonic nature of strategic change. 

Our pillars

Cyber operations and defense policy

Cyber capabilities are an increasingly common feature on modern battlefields and shape the conduct of statecraft. The development of these capabilities must now factor into debates about doctrine, force structure, and innovation. Our work looks at the broad policy landscape around cyber capabilities including the secure acquisition and operation of software intensive defense systems, modern security assistance, the proliferation of cyber capabilities, and network exploitation on the boundaries of electronic warfare. 

Internet and systems security

An interconnected system of global networks, the internet provides a massive platform for conducting commerce and linking people across international community. Organizations of all shapes and sizes depend on the internet. We work to support and advise governments and the private sector working to secure the internet from degradation, malign influence, and direct harm. We advocate for US global leadership and empowered user communities by convening practitioners to ensure a free, secure, and open internet. 

Communities of cyberspace

Cybersecurity continues to expand and with it the need for a trained and talented workforce in nations of all sizes. The size of this workforce continues to lag demand, particularly for those who can translate between policy and technology. Through our Cyber 9/12 Strategy Challenge, we seek to tackle the global cyber skills shortage with iterated crisis simulation, policy analysis, and mentorship. Part interactive learning experience, part competitive scenario exercise, Cyber 9/12 challenges student teams from a range of academic disciplines to respond to a realistic and evolving scenario. Teams analyze threats and develop responses to manage an escalating crisis, with built in feedback loops from expert judges.

Cyber safety

The convergence of the digital and physical worlds through embedded computing and the Internet of Things impacts the technology marketplace and geopolitical dynamics through systems people interact with every day. We seek to identify and influence key policy debates on the security of operational technologies across the United States, European Union, and Asia, driving collaborative efforts to focus on healthcare devices, maritime systems, and aerospace technologies.

Analysis and in-depth research

Our articles, issue briefs, and reports consist of notes from the field and analysis from our team—insights to give you practical leverage on the complex challenges of cybersecurity. A synthesis of technical systems and policy dynamics, cybersecurity demands detailed understanding to create meaningful change. These analyses dig deep into the concepts and assumptions that shape the geopolitics of cybersecurity. 

Featured content series

Events and convening

Leadership

Fellows

Experts

Content

Tue, May 26, 2020

Is it a game or is it real? Simulations and wargaming in cyber

Greater insight into risk and response allow public and private sector organizations to better prepare for crisis before it happens and rerun history to stave off defeat in future. Wargames can be complex live events or low-cost simulations. They can even be the basis for major reforms to policy and doctrine, giving us much to understand about them. Shall we play a game?

New Atlanticist by Simon Handler

Cybersecurity

Tue, May 19, 2020

Seven perspectives on securing the global IoT supply chain

Many IoT devices are manufactured abroad and many of these are extremely low cost with little consideration made for security. There is nothing inherently untrustworthy or insecure about foreign manufacturing, and individual firm and product lines are much more fruitful levels of analysis in establishing good security practices from bad. Importantly however—the United States has limited means to enforce its standards in foreign jurisdictions, like China, where the bulk of IoT products are manufactured.

New Atlanticist by Trey Herr

Cybersecurity Internet

Thu, May 14, 2020

Sherman in Lawfare: What’s in a New Bill to ‘Warn’ Americans Downloading Foreign Apps?

In the News

Cybersecurity Internet

Tue, May 12, 2020

Cyber crises need strong collaboration: Reflections from Cyber 9/12

Cyber 9/12 sharpened our ability to analyze an evolving situation and identify its key issues, adapt to unexpected changes, and recommend effective responses to manage the crisis.

New Atlanticist by Alexis Montouris Ciambotti, Manuel Hepfer, Matthew Rogers, and Yashovardhan Sharma.

Cybersecurity United Kingdom

Thu, May 7, 2020

Sherman quoted in Defense One on Putin’s response to coronavirus

In the News by Atlantic Council

Europe & Eurasia Russia

Tue, May 5, 2020

Handler in the Austin American-Statesman: Militarize the COVID-19 response at our own peril

Not only has the coronavirus pandemic been compared to war, it is being treated as one. The problem: That’s not only inaccurate, it’s also detrimental to the public health, safety, and response. On April 17, Texas Governor Greg Abbott issued an executive order creating the Governor’s Strike Force to Open Texas. The term strike force, most commonly […]

In the News by Atlantic Council

Coronavirus

Fri, May 1, 2020

Sherman in WIRED: The Russian Doll of Putin’s Internet Clampdown

In the News by Atlantic Council

Internet Politics & Diplomacy

Thu, Apr 30, 2020

Loose cobras: DPRK regime succession and uncertain control over offensive cyber capabilities

Unconfirmed rumors surfaced in mid April 2020 regarding the potential incapacitation of North Korean leader Kim Jong Un, leading to speculation about the ramifications of a sudden transition of leadership in Pyongyang. These rumors raise serious concerns over the stability of the Democratic People’s Republic of Korea’s (DPRK) control of offensive cyber operations capabilities.

Issue Brief by JD Work

Cybersecurity East Asia

Mon, Apr 27, 2020

Infrastructure interdependence a threat to upcoming elections

Recent developments indicate that Russia could exploit the interdependent nature of our critical infrastructure to disrupt our elections via well-timed cyberattacks. How prepared are we to address election interference that goes beyond information operations?

New Atlanticist by Nicholas Cunningham

Cybersecurity Elections

Tue, Apr 21, 2020

On viral infections online and in the real world

Cybersecurity often gets reduced to breaches and hacking, but the world has witnessed multiple pandemics in cyberspace and could learn more about response to exponential events.

New Atlanticist by Simon Handler

Coronavirus Cybersecurity