Cyber Project

Belfer Center experts on security, intelligence, and cybersecurity issues were interviewed on the recent leak of classified military intelligence documents allegedly by Airman Jack Teixeira.

Establishing norms for state behavior in cyberspace is critical to building a more stable, secure, and safe cyberspace. Norms are defined as “a collective expectation for the proper behavior of actors with a given identity,” and declare what behavior is considered appropriate and when lines have been crossed. Cyberspace is in dire need of such collective expectations. However, despite efforts by the international community and individual states to set boundaries and craft agreements, clear and established cyber norms for state behavior remain elusive. As early as 2005, the UN Group of Governmental Experts (GGE) and UN Open-Ended Working Group (OEWG) both aimed to create shared “rules of the road,” but fundamental disagreements between states and a lack of accountability and enforcement mechanisms have prevented these initiatives from substantively implementing cyber norms. As a result, the international community and individual states are left with no accountability mechanisms or safeguards to protect civilians and critical infrastructure from bad actors in cyberspace.

Intelligence agencies have struggled to define how open source intelligence fits into its broader work, but the wide breadth of publicly available information about the Ukraine conflict, combined with proactive disclosures of classified information, are providing some clarity about OSINT’s role. Lauren Zabierek and Maria Robson Morrow spoke with the Federal News Network on how the public and private sectors are leveraging open source intelligence, including challenges and opportunities.

Joseph Nye argues hat the major threat to U.S. power comes from its internal divisions. These are serious liabilities but they were not created by the invasion of Ukraine.

Joseph Nye argues that prudence results from the fear of creating unintended consequences in unpredictable systems and can develop into a norm of nonuse or limited use of certain weapons or a norm of limiting targets. Something like this happened with nuclear weapons when the superpowers came close to the brink of nuclear war in 1962, during the Cuban missile crisis. The Limited Test Ban Treaty followed a year later.

Joseph Nye writes that although the United States has long commanded the technological cutting edge, China is mounting a credible challenge in key areas. But, ultimately, the balance of power will be decided not by technological development but by diplomacy and strategic choices, both at home and abroad.

Christopher (Chris) Krebs, former Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), has been named a non-resident Senior Fellow with the Homeland Security Project and the Cyber Project at Harvard Kennedy School’s Belfer Center for Science and International Affairs.

Even if formal cybersecurity treaties are unworkable, it may still be possible to set limits on certain types of civilian targets, and to negotiate rough rules of the road. Whether U.S. President Joe Biden succeeded in launching such a process at his meeting last month with Russian President Vladimir Putin may become clear soon.

The implications of the Schrems II decision have substantial short and long-term repercussions. This paper will seek to briefly explain the history of the Schrems cases, then outline the options available to decision makers seeking to enable transatlantic cooperation. The paper will also argue that short-term solutions such as the ones leveraged up till now will increasingly be unfeasible, and therefore present four proposals for consideration on how a revived data transfer ecosystem could be shaped through national and international tools and mechanisms.

The overarching question imparting urgency to this exploration is: Can U.S.-Russian contention in cyberspace cause the two nuclear superpowers to stumble into war? In considering this question we were constantly reminded of recent comments by a prominent U.S. arms control expert: At least as dangerous as the risk of an actual cyberattack, he observed, is cyber operations’ “blurring of the line between peace and war.” Or, as Nye wrote, “in the cyber realm, the difference between a weapon and a non-weapon may come down to a single line of code, or simply the intent of a computer program’s user.”