Forty years ago, an interdisciplinary group of Harvard scholars – professors, researchers and practitioners – came together to tackle the greatest threat of the Cold War: the fear of a nuclear exchange between the Soviet Union and the United States.  Today, we seek to recreate that interdisciplinary approach to tackle a new threat: the risk of conflict in cyberspace.

The problems that confront today’s leaders are substantial and diverse: how to protect a nation’s most critical infrastructure from cyber attack; how to organize, train, and equip a military force to prevail in the event of future conflict in cyberspace; how to deter nation-state and terrorist adversaries from conducting attacks in cyberspace; how to control escalation in the event of a conflict in cyberspace; and how to leverage legal and policy instruments to reduce the national attack surface without stifling innovation.  These are just a sample of the motivating questions that drive our work.

The aim of the Belfer Center's Cyber Project is to become the premier home for rigorous and policy-relevant study of these and related questions.  We will pursue this effort through three lines of effort:

  • A fellows program comprised of traditional academics (pre-doctoral and post-doctoral students, as well as visiting researchers and faculty), as well as rotating representatives from government agencies and private-sector companies.
  • A research agenda of policy-relevant scholarship that offers solutions to pressing national security challenges posed by developments in cybersecurity.
  • A teaching curriculum to train tomorrow’s leaders with skills to make informed decisions about technology and cybersecurity throughout their careers in public policy.

To be successful, it will be imperative for our effort to convene experts and academics from a diverse set of backgrounds: no one discipline or skill set is sufficient to address the complexity and diversity of the challenges we face in cyberspace.  To that end, we welcome the participation of technologists, journalists, programmers, members of the armed forces, psychologists, political scientists, business leaders, and more.

China’s capabilities and intentions in cyberspace have and will increasingly have a significant impact on the various interests in the international community. However, the study of the intersection between China policy scholarship and cyber policy scholarship is relatively recent, and rapidly evolving. There is limited understanding and analysis on what has happened, what is happening, and what China’s capabilities and intentions may be now and in decades to come.

The China Cyber Policy Initiative, which was active from 2019 to 2020, sought to tackle those questions and offer thoughtful, in-depth, evidence-based analysis to inform public discourse on Chinese cyber issues and assess and communicate both the positive and more challenging consequences for the international community. 

The aim of this initiative was to be a leading resource for, and convener of, international policy practitioners, academia, business, technologists, and civil society on China's Cyber policy and the broader question of cyber power and global politics.

We pursued our research through:

  • the creation of new frameworks for considering and measuring cyber power in the form of Belfer's National Cyber Power Index.  
  • the promotion of U.S.-China Track II dialogue on cyber-related issues.

 The CCPI team endeavored to communicate our perspective in national and international fora to ensure that evidence-based analysis and nuanced perspectives inform thinking around one of today’s most important, sometimes misunderstood, and complex issues.

National Cyber Power Index report cover

Belfer’s National Cyber Power Index

The Belfer National Cyber Power Index (NCPI) measures 30 countries cyber capabilities in the context of seven national objectives, using 32 intent indicators and 27 capability indicators with evidence collected from publicly available data.  

In contrast to existing cyber related indices, we believe there is no single measure of cyber power. Cyber Power is made up of multiple components and should be considered in the context of a country’s national objectives. We take an all-of-country approach to measuring cyber power. By considering “all-of-country” we include all aspects under the control of a government where possible. Within the NCPI we measure government strategies, capabilities for defense and offense, resource allocation, the private sector, workforce, and innovation. Our assessment is both a measurement of proven power and potential, where the final score assumes that the government of that country can wield these capabilities effectively.   

The overall NCPI assessment measures the “comprehensiveness” of a country as a cyber actor. Comprehensiveness, in the context of NCPI, refers to a country’s use of cyber to achieve multiple objectives as opposed to a few. The most comprehensive cyber power is the country that has (1) the intent to pursue multiple national objectives using cyber means and (2) the capabilities to achieves those objective(s). 

We present three different indices. The NCPI, the Cyber Intent Index (CII), and the Cyber Capability Index (CCI). Both the CII and CCI are stand-alone measures. The NCPI is a combination of CII and CCI. 

Researchers and practitioners should use the NCPI to gain a more comprehensive understanding of the components that comprise cyber power and how cyber means can be employed to achieve a range of objectives. Users who are interested in a specific national objective can analyze the NCPI by both intent and capabilities by objective to better understand their country of interest.

(Left to Right) China Cyber Policy Initiative Research Director Julia Voo, Belfer Center Co-Director Eric Rosenbach, and General Hao Yeli discuss cybersecurity practices at the most recent working group meeting.

(Left to Right) China Cyber Policy Initiative Research Director Julia Voo, Belfer Center Co-Director Eric Rosenbach, and General Hao Yeli discuss cybersecurity practices at the most recent working group meeting. 

Track II U.S.-China Cyber Security

The Belfer Center for Science and International Affairs has established a Track II Dialogue with the China Institute for International Strategic Studies (CIISS), to facilitate discussions between the U.S. and China, as well as representatives from both countries’ tech sectors, on the risks of cyber conflict. The Track II will explore existing and new tools for mitigating these risks and possible areas for collaboration. 

This Track II Dialogue is made possible through a grant from the Harvard Global Institute (HGI) and the Harvard President’s Office. 

Learning from Cyber Incidents

The Belfer Center's Cyber Project is pursuing work on how lessons can be learned from cyber incidents to better inform defense measures. The focus of this work is on expanding the concept of a “Cyber NTSB” and creating a “Near Misses” reporting system, both modeled on how safety improvements are made following an aviation incident. With support from the National Science Foundation and the Hewlett Foundation, the Belfer Center is hosting a series of workshops in 2021.

The page for this iniatiative and all related research, including the final report is linked here:


Thank you for subscribing.



Harvard Kennedy School is committed to protecting your personal information. By completing this form, you agree to receive communications and to allow HKS to store your data. HKS will never sell your email address or other information to a third party. All communications will include the opportunity to unsubscribe.

The Belfer Center's Cyber Project and the R Strett Institute's Cybersecurity and Emerging Threats Team have been working together to identify roadblocks to a federal data security and privacy law, drawing upon research and engagement with stakeholders to identify and recommend appropriate courses of action to find compromise on federal legislation. Ongoing research also includes topics like civil rights in privacy, arbitration and covered entities and data.  

This one-pager is an overview and precursor to a series of policy recommendations for a federal data privacy and security law, which answer and expand on the concepts of preemption, private right of action, and the role of the FTC.  You can find the Explainer here:…