Dr. Michael Sulmeyer, Mr. Christopher Painter, and Mr. John Miller testified to the House Committee on Foreign Affairs. 

On Dec. 21, all eyes were on the Republican bill to cut taxes. Yet a bipartisan group of six senators also had their eyes on the far less sexy (but still important!) topic of election hacking. They quietly introduced a bill called the Secure Elections Act that, if passed, would be a good down payment on improving the confidence we can have in the integrity of our elections. This short, stocking-stuffer size review will: review some of the core questions around election security, assess the bill’s provisions to improve information sharing, its grant program, and its bug bounty, and conclude with some tough realism about additional work that needs to be undertaken to protect our elections.

The military not only plans for operations, it also plans to plan. Yet there is no current plan or process in place to integrate cyber initiatives into campaign planning. The US government must determine how to integrate offensive and defensive cybercapabilities into campaign planning in order to leverage these capabilities and pair them with the military’s broad array of tools.

The administration should be given relatively high marks for the document’s cybersecurity components—especially for recognizing the breadth of the threat and that it’s going to take more than the help desk to fix it. Admittedly, that’s a pretty low bar. But National Security Strategy documents are not known as documents where big policy innovation occurs. Instead, the best you can usually do is articulate the broad contours of the main threats to national security coupled with some rough themes about what the government will do to make things better. Here, the administration does not isolate “the cyber” to the sidelines; instead, by talking about cyber issues throughout the document, the administration shows an understanding that cyberspace is a critical part to practically every aspect of national security.

How many times have you had to watch your company’s latest cybersecurity training video? An entire industry now exists to train us humans to be smarter in how we operate computers, and yet the number of cybersecurity incidents continues to rise. Are the hackers always one step ahead? Are we impossible to train? Or are we being taught the wrong lessons?

In today's podcast, we hear that BadRabbit, still quiet, looks like a TeleBots product. Reaper is still locked and loaded, but is also still quiet. Maritime SATCOM system found to be buggy, and the worse news is that it's beyond its end-of-life. A look back at the annual ICS Cybersecurity Summit that wrapped yesterday in Atlanta. Moscow tells Twitter buying ads is a free speech issue. Justin Harvey from Accenture on monitoring cloud infrastructure. Guest is Michael Sulmeyer, Director of the Cyber Security Project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs. Anonymous is back and poking at the Spanish government.

Scholars have considered many analogies for cyber capabilities, grappling with how these capabilities may shape the future of conflict. One recurring theme in this literature is the comparison of cyber capabilities to powerful, strategic capabilities with the potential to cause significant death and destruction.

In March 2017, CIGI and the Belfer Center for Science and International Affairs at the Harvard Kennedy School brought together 28 academics, diplomats and other specialists for a one-day workshop in Cambridge, Massachusetts, to discuss and search for effective approaches to these and other international cyber security challenges. These essays provide a report on that workshop and the ideas that emerged.

Elevating Cyber Command is only one step on the road to turning it into something else: an institution less intertwined with the intelligence community and better integrated with the other elements of the military.