Cyber Project

While the most recent leaked NSA document isn't much of a smoking gun, it's yet more evidence of widespread Russian attempts to interfere last year.

Bruce Schneier discusses WannaCry, the National Security Agency, and the Vulnerabilities Equities Process and asks what the government's responsibility is when it discovers a vulnerability in a piece of software: alert the software vendor or keep it secret to use offensively.

When Ben Buchanan received his first computer 17 years ago, he could not have known that the technical skills he acquired would prove vital to understanding today's cybersecurity dilemma.

For two hours on a March afternoon, Harvard Kennedy School’s Bell Hall buzzed as Kennedy School students huddled for 15-minute one-on-one sessions with Belfer Center fellows and project directors to get career advice and to ask questions about the others’ career trajectories, research, and methods.

Harvard University Distinguished Service Professor and former Harvard Kennedy School Dean Joseph S. Nye was honored  by the Center’s Cyber Security Project in April for his leadership and contributions to cybersecurity through the Belfer Center’s cybersecurity initiatives. Nye has announced his retirement at the end of the semester.

After the WannaCry outbreak, the Shadow Brokers threatened to release more NSA secrets every month, giving cybercriminals and other governments worldwide even more exploits and hacking tools. Who are these guys? And how did they steal this information? The short answer is: We don't know. But we can make some educated guesses based on the material they've published.

This paper argues that threats to core internet infrastructure and services can, in fact, rise to the level of a serious national security threat to the United States and will explore scenarios where this may be the case. The paper will discuss several kinds of core internet services and infrastructure and explore the challenges with understanding interdependencies between the internet and critical infrastructure; review recent attack techniques that can cause systemic risk to the internet; discuss various nation state capabilities, intentions and recent activities in this area; and describe how these attacks could be used against the United States to deter the U.S., control escalation, or potentially degrade U.S. warfighting capabilities in a conflict. Finally, the paper concludes with recommendations for what the United States and other governments can do to build defenses and resiliency against systemic threats to the internet.

Bruce Schneier advocates for stricter government regulation to improve security on "Internet of Things" (IoT) devices.  Without that, he argues, we are going to see hackers attacking our cars, digital video recorders, web cameras, refrigerators, and so much more as our dependency on IoT devices grows.  

Authors discuss several key ideas in the recently introduced bill that would formalize the Vulnerability Equities Process (VEP) into law. 

As more and more of our everyday devices connect to the Internet, they become vulnerable to ransomware and other computer threats. Bruce Schneier advocates for minimum security standards for critical IoT devices.