Highlighted content

All in-depth research & reports

Mon, Feb 1, 2021

Pathologies of obfuscation: Nobody understands cyber operations or wargaming

National security and defense professionals have long utilized wargames to better understand hypothetical conflict scenarios. With conflict in the cyber domain becoming a more prominent piece in wargames in the national security community, this issue brief seeks to identify the common pathologies, or potential pitfalls, of cyber wargaming.

In-Depth Research & Reports by Nina Kollars and Benjamin Schechter

Cybersecurity National Security

Mon, Dec 14, 2020

How do you fix a flying computer? Seeking resilience in software-intensive mission systems

Defense organizations, by nature, confront unanticipated and highly impactful disruptions. They must adapt complex mission systems to withstand these disruptions and accomplish defined objectives. To ensure mission systems like the F-35 remain available, capable, and lethal in conflicts to come demands the United States and its allies prioritize the resilience of these systems.

Report by Trey Herr, Reed Porada, Simon Handler, Orton Huang, Stewart Scott, Robert Lychev, and Jeremy Mineweaser

Cybersecurity Defense Industry

Mon, Oct 5, 2020

The politics of internet security: Private industry and the future of the web

The private sector plays a crucial role in defining the changing shape of the Internet, especially its security. This report examines two protocols as examples of private sector influence over presently vulnerable systems key to the Internet’s function: the Border Gateway Protocol (BGP), used to route Internet traffic, and the Domain Name System (DNS), used to address Internet traffic.

Report by Justin Sherman

Cybersecurity Internet

Mon, Sep 28, 2020

Dude, where’s my cloud? A guide for wonks and users

Cloud computing is transforming society, from interactions between people to the ways by which companies do business, and even how militaries operate. If you have ever been curious about what exactly “the cloud” meant; if you are a policy wonk not a technologist, a user not an admin, then this report is for you.

Report by Simon Handler, Lily Liu, and Trey Herr

Cybersecurity Internet

Mon, Aug 31, 2020

Four myths about the cloud: The geopolitics of cloud computing

Cloud computing providers are more than companies—they govern vast utility infrastructure, play host to digital battlefields, and are magnificent engines of complexity. Cloud computing is embedded in contemporary geopolitics; the choices providers make are influenced by, and influential on, the behavior of states. In competition and cooperation, cloud computing is the canvas on which states conduct significant political, security, and economic activity.

Report by Trey Herr

Cybersecurity Internet

Tue, Aug 4, 2020

Alliance power for cybersecurity

There is only one internet, and cybersecurity is therefore an inherently international challenge that countries cannot tackle alone. Alliances like NATO and the EU give democratic countries a cyber edge over their authoritarian challengers.

In-Depth Research & Reports by Kenneth Geers

Cybersecurity Europe & Eurasia
breaking trust_header

Sun, Jul 26, 2020

Breaking trust: Shades of crisis across an insecure software supply chain

Software supply chain security remains an under-appreciated domain of national security policymaking. Working to improve the security of software supporting private sector enterprise as well as sensitive Defense and Intelligence organizations requires more coherent policy response together industry and open source communities.

In-Depth Research & Reports by Dr. Trey Herr, William Loomis, Stewart Scott, June Lee

Cybersecurity Defense Technologies

Wed, Jul 22, 2020

Troubled vision: Understanding recent Israeli–Iranian offensive cyber exchanges

Reported Iranian intrusions against Israeli critical infrastructure networks and alleged Israeli actions against Iranian proliferation-associated targets pose substantial new challenges to understanding ongoing competition and conflict in the Middle East.

Issue Brief by JD Work and Richard Harknett

Cybersecurity Iran

Mon, Jun 15, 2020

The reverse cascade: Enforcing security on the global IoT supply chain

The Internet of Things (IoT) refers to the increasing convergence of the physical and digital worlds and it affects us all. Hundreds of “things” are being connected to the Internet and each other, with more than fifty billion devices expected to be connected by 2030. Many IoT devices are manufactured abroad at low cost with little consideration for security. How can we secure these devices, especially those manufactured outside the United States?

In-Depth Research & Reports by Nathaniel Kim, Trey Herr, and Bruce Schneier

Cybersecurity Internet of Things

Thu, Apr 30, 2020

Loose cobras: DPRK regime succession and uncertain control over offensive cyber capabilities

Unconfirmed rumors surfaced in mid April 2020 regarding the potential incapacitation of North Korean leader Kim Jong Un, leading to speculation about the ramifications of a sudden transition of leadership in Pyongyang. These rumors raise serious concerns over the stability of the Democratic People’s Republic of Korea’s (DPRK) control of offensive cyber operations capabilities.

Issue Brief by JD Work

Cybersecurity East Asia

Cyber Statecraft Initiative

Working at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

Read More