Reports & Papers

51 Items

The U.S. Capitol is seen at sunrise, in Washington, October 10, 2017

AP Photo/J. Scott Applewhite

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Protecting Democracy in an Era of Cyber Information War

| February 2019

Citizens voluntarily carry Big Brother and his relatives in their pockets. Along with big data and artificial intelligence, technology has made the problem of defending democracy from information warfare far more complicated than foreseen two decades ago. And while rule of law, trust, truth and openness make democracies asymmetrically vulnerable, they are also critical values to defend.  Any policy to defend against cyber information war must start with the Hippocratic oath: first, do no harm.

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Ending the Cybersecurity Arms Race

| February 2018

Network security has always been something of balancing act between maximizing sharing and ease of use, and erecting barriers.

When computer networks first emerged, there were few limitations on what could be transmitted over them. However, after the world’s first major network computer security incident—the Morris Worm of 1988—organizations began to retreat behind network-level firewalls and anti-virus software. Some defenders even tried to completely disconnect their networks from the outside world via “air gaps.”

This paper argues that it is time to move beyond the security paradigm of separating networks, as epitomized by the air gap. Instead, network defenders should embrace an approach which allows sharing and connectedness, anticipates that adversaries will penetrate the network, and is able to detect, and ultimately eject those adversaries before they can do harm.

Report - Belfer Center for Science and International Affairs, Harvard Kennedy School

2018 State of Digital Transformation

| October 2018

On June 12-13, 2018, digital HKS welcomed public sector digital services teams from around the world to share stories of success, talk about lessons learned, and discuss the challenges they face in transforming government. The teams convened all agreed on North Star goals of building platform services and putting users at the center; what remains much more difficult is identifying how teams in very different political and technology contexts should think about how to reach that end-state. In this report, digital HKS shares best practices we gleaned from this group, to start a broader conversation for digital services groups around the world about what comes next.

Election Cyber Incident Communications Plan Template: International Edition

Adobe Stock

Report - Belfer Center for Science and International Affairs, Harvard Kennedy School

Election Cyber Incident Communications Plan Template: International Edition

May 2018

This Template is primarily intended for use by political parties or campaigns as a foundation from which they can develop their own tailored communications response plans, which include best practices, recommended external response processes, and scenarios to anticipate an election cyber incident.

Paper - Cyber Security Project, Belfer Center

Countering the Proliferation of Malware

| June 27, 2017

Malicious software is adapted, stolen, bought, and used everyday on a global scale. There are better ways to counter this proliferation than export controls. Policymakers should strengthen incentives for researchers and the private sector to rapidly identify software vulnerabilities, disclose them to developers, patch those vulnerabilities, and adopt those patches. Building on previous debates, this paper makes specific recommendations to shorten the lifecycle of vulnerabilities and improve the short term health of the software security ecosystem.

Paper - Cyber Security Project, Belfer Center

Too Connected to Fail

| May 2017

This paper argues that threats to core internet infrastructure and services can, in fact, rise to the level of a serious national security threat to the United States and will explore scenarios where this may be the case. The paper will discuss several kinds of core internet services and infrastructure and explore the challenges with understanding interdependencies between the internet and critical infrastructure; review recent attack techniques that can cause systemic risk to the internet; discuss various nation state capabilities, intentions and recent activities in this area; and describe how these attacks could be used against the United States to deter the U.S., control escalation, or potentially degrade U.S. warfighting capabilities in a conflict. Finally, the paper concludes with recommendations for what the United States and other governments can do to build defenses and resiliency against systemic threats to the internet.