Cyber Project

More than 120 election officials from 38 states gathered in Cambridge, Massachusetts, this week to participate in role-playing exercises that provided them with tips, tools, and training to fortify their election systems against cyber attacks and information operations. Organized by the Defending Digital Democracy Project (D3P) at Harvard Kennedy School’s Belfer Center for Science and International Affairs, the two-day event featured a tabletop exercise (TTX) scenario for officials that simulated attacks on election systems ranging from hacks and social media misinformation to  manipulation of voter information and trust. The state and local election officials learned how to better prepare, defend, and respond to a range of attacks on the integrity of American elections and how to empower their colleagues back home with this knowledge as they prepare for the 2018 and 2020 elections.   

Building effective cyber defenses is a major challenge for defense planners, just as missile defense has been since the original Strategic Defense Initiative. In both realms the offense has the advantage, making effective defense difficult. Missile defense, however, now has several decades of experience producing and fielding new technologies. The Project on Military and Diplomatic History hosted a panel discussion of CSIS experts and Michael Sulmeyer of the Belfer Center on the history of missile defense, its experience in developing new technologies, and what these tell us about the prospects for building effective cyber defenses.

The focus on cyber-deterrence is understandable but misplaced. Deterrence aims to change the calculations of adversaries by persuading them that the risks of an attack outweigh the rewards or that they will be denied the benefits they seek. But in seeking merely to deter enemies, the United States finds itself constantly on the back foot. Instead, the United States should be pursuing a more active cyberpolicy, one aimed not at deterring enemies but at disrupting their capabilities. In cyberwarfare, Washington should recognize that the best defense is a good offense.

Eric Rosenbach, Co-Director of Harvard Kennedy School's Belfer Center for Science and International Affairs, and former Chief of Staff to the Secretary of Defense and Assistant Secretary of Defense for Homeland Defense and Global Security, testified to the U.S. Senate Select Committee on Intelligence on March 21, 2018, on Russian Interference in the 2016 U.S. Elections.

In keeping with the Belfer Center’s mandate on science and international affairs, the Cyber Security Project has launched a new research initiative on Artificial Intelligence (AI) and Machine Learning (ML) and their implications for cybersecurity. Led by Michael Sulmeyer, the Cyber Security Project seeks to explore themes of conflict in cyberspace and both AI and ML will play a growing role in national defense and security. Cyber Security Project fellow Ben Buchanan began the focus on AI and ML with his June 2017 Belfer Center Report, “Machine Learning for Policy Makers.”

Many observers have called for laws and norms to secure this new environment. But developing such standards in the cyber domain faces a number of difficult hurdles. Although Moore's law about the doubling of computing power every two years means that cyber time moves quickly, human habits, norms, and state practices change more slowly.

The rise of fake news highlights the erosion of long-standing institutional bulwarks against misinformation in the internet age. Concern over the problem is global. However, much remains unknown regarding the vulnerabilities of individuals, institutions, and society to manipulations by malicious actors. A new system of safeguards is needed.

The Cybersecurity Project at the Belfer Center for Science and International Affairs is looking for a junior or mid-career practitioner or academic with a strong background or interest in cybersecurity and the Middle East to address these issues. The topic of cybersecurity should be construed broadly and does not require professional-level technical competency. 

In our latest episode, Usha Sahay and Ryan Evans were joined by Thomas Rid, Michael Sulmeyer, and a mystery guest (ok, ok, it’s Corinna Fehst) to talk about cyber-security, election meddling, reports about U.S. intel agencies buying back pilfered hacking tools, going dark, legislatures as the vulnerable soft cyber underbelly of democracies, and the different threats posed by Russia and China.

Also, “Password1” is not a good password according to our guests. So you should probably change that.

In November 2016, the U.K. government launched its Active Cyber Defence (ACD) program with the intention of tackling “in a relatively automated [and transparent] way, a significant proportion of the cyber attacks that hit the U.K.” True to their word, a little over a year on, last week the U.K.’s National Cyber Security Centre (NCSC) published a full and frank account (over 60 pages long) of their progress to date. The report itself is full of technical implementation details. But it’s useful to cut through the specifics to explain exactly what ACD is and highlight its successes—how the program could benefit the United States as well.