Harvard University Distinguished Service Professor and former Harvard Kennedy School Dean Joseph S. Nye was honored  by the Center’s Cyber Security Project in April for his leadership and contributions to cybersecurity through the Belfer Center’s cybersecurity initiatives. Nye has announced his retirement at the end of the semester.

The case is designed to support a discussion of the costs and benefits associated with competing models of vulnerability disclosure. The trade in zero-days is a growing area of policy concern. The case can be used in courses on cyber policy, science and technology policy, or national security. It can be used to explore the concepts of public goods, dual-use technologies, and externalities.

On 22 November 2013, the Federal Energy Regulatory Commission approved the latest version of mandatory cybersecurity regulations for the bulk electric system—known as Critical Infrastructure Protection (CIP) Reliability Standards. The CIP standards are relatively unique: they are developed through an unusual model of industry-led regulation that places industry, and not federal regulators, at the center of regulatory design and enforcement. The CIP regulations have received a significant amount of criticism. Critics argue that the regulations are incomplete at best and irreparably flawed at worst. The author examines the lessons we can learn from the CIP standards and poses a provocative question: Are the regulations actually a secret success?

The author critically examines the creation and implementation of new security standards within the postal network after the 2001 anthrax attack. Drawing on research conducted at the Smithsonian Institution and documents obtained under the Freedom of Information Act (FOIA), the article traces the politics inscribed within the architecture of new security technologies. The article sets debates about postal security within a broader account of political economy. The article emphasizes the possibilities and limitations of disasters to create moments of disruption and undergird new political interventions.

Industrial control systems might be the most important technology that you have never heard of. They’re computer systems used to monitor and control a range of physical processes within critical infrastructures, such as opening valves or closing circuit breakers. It is no exaggeration to say that industrial control systems are essential to modern life: they help keep our lights on, our water clean, and our trains running on time. But control systems—and the critical infrastructures within which they operate—are increasingly vulnerable to malicious cyber-intrusions.

"...[T]he Department of Homeland Security's Industrial Control System Cyber Emergency Response Team (ICS-CERT) recently canceled two long-planned conferences and a number of training sessions. The cancellations are likely an effect of sequestration—no funds."

Dr. Ellis raises an interesting question: Does the pursuit of offensive cyber capabilities undermine domestic security? The conversation highlights a growing area of concern and ongoing debate.

In the late-1970s, the United States Postal Service (USPS) launched an innovative electronic mail service, "E-COM," that sought to integrate networked computing and the postal system. Postal management envisioned E-COM as a path-breaking program that would carve out a key place for postal service in the coming information age. The following examination of the ultimate failure of E-COM contributes to the history of networked computing and communications, while additionally providing a unique perspective on the current precarious state of postal service in the United States.

Toxic inhalation hazard (TIH) chemicals such as chlorine gas and anhydrous ammonia are among the most dangerous of hazardous materials. Rail transportation of TIH creates risk that is not adequately reflected in the costs, creating a TIH safety and security externality. This paper describes and evaluates policy alternatives that might effectively mitigate the dangers of TIH transportation by rail. After describing the nature of TIH risk and defining the TIH externality, general policy approaches to externalities from other arenas are examined. Potential risk reduction strategies and approaches for each segment of the supply chain are reviewed. The paper concludes by summarizing policy options and assessing some of the most promising means to reduce the risks of transportation of toxic inhalation hazards. Four policy approaches are recommended: internalizing external costs through creation of a fund for liability and claims, improving supply chain operations, enhancing emergency response and focusing regulatory authority. It is further suggested that the Department of Transportation convene a discussion among stakeholder representatives to evaluate policy alternatives.