407 Items

A person on the left bends to take pictures of a drone showcased on a platform on the right.

AP Photo/Joe Buglewicz

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Buying What Works: An Acquisitions Strategy for the Reality of Dual-Use Technologies

| October 2022

In this student research paper, Harvard Kennedy School student Coen Williams finds that  The Department of Defense should implement an “effects-driven” acquisitions system rather than “capabilities-based” to effectively acquire and utilize commercially developed capabilities. An effects-driven acquisitions system will increase the diversity of solutions, and by appropriating money to effects-driven portfolios, Congress can still maintain control of the purse while the Department of Defense can more effectively allocate its appropriated funds.

An abstract image of locks and electronic wires

Adobe Stock

Report - Belfer Center for Science and International Affairs, Harvard Kennedy School

National Cyber Power Index 2022

| September 2022

In his Note to Readers of the 2022 National Cyber Power Index, Eric Rosenbach, Belfer Center Co-Director and former Chief of Staff and Assistant Secretary for the U.S. Department of Defense, writes: "With the challenges in the cyber domain only increasing, it is critical for analytical tools to also be available, presenting the full range of cyber power, and informing critical public debates today. The framework that the NCPI provides is one that allows policymakers to consider a fuller range of challenges and threats from other state actors. The incorporation of both qualitative and quantitative models, with more than 1000 existing sources of data and with 29 indicators to measure a state’s capability, is more comprehensive than any other current measure of cyber power."

The U.S. Homeland Security Department headquarters in northwest Washington is pictured on Feb. 25, 2015

AP Photo/Manuel Balce Ceneta, File

Paper

Continuous Compliance: Enhancing Cybersecurity for Critical Infrastructure by Strengthening Regulation, Oversight, and Monitoring

| August 2022

In this student research paper, Harvard Kennedy School student Julian Baker finds that transition from a point-in-time framework to a method of continuous compliance would raise the level of cybersecurity for critical infrastructure, making these essential services more reliable for the people relying on them. 

A worker is seen in a tugboat at the Port of Los Angeles on Nov. 10, 2021.

AP Photo/Marcio Jose Sanchez, File

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Never Breaking the Chain: The Economics and Politics of Creating an Effective National Supply Chain Strategy

| August 2022

The creation of a national supply chain strategy is crucial to responding to the challenge and merits specific attention from both policy and business leaders. This paper proposes specific government and business policy steps that would progress the US’s position on a more unified, strategic supply chain approach.

Close-up of two hands placed on the laptop keyboards with reflection on the screen.

AP Photo/Damian Dovarganes, File

Journal Article - Journal of International Relations and Sustainable Development

The New Frontier of Democratic Self-Defense

| Winter 2022

The United States nor its allies alone cannot counter adversarial and criminal cyber activity in the digital domain-–the reach, scale, stealth, and danger are simply too great for any one country to bear. As such, calls for international operational collaboration in cybersecurity and emerging technologies are increasing. Former U.S. State Department Cyber Diplomat Chris Painter noted in a December 2020 Foreign Policy article that there must be more leadership and partnership on global cyber cooperation. What follows represents a thinking-through of what this ought to entail.

A close-up of a person scrolling on their smartphone.

AP Photo, File

Analysis & Opinions - Inkstick

Reframing the Debate on Cybersecurity Regulations

| July 17, 2022

In February 2012, the first significant attempt to set mandatory cybersecurity requirements and response plans for critical infrastructure was introduced in Congress. Unfortunately, it was watered down to voluntary standards and failed in the Senate. Opponents of the bill cited fears of overburdening regulations on companies and warnings of over-simplistic box-checking and minimum compliance. Business groups championed the narrative of big government to ensure the bill’s demise — and that narrative persists to this day.

Photo of the inside of a computer is seen on Feb 23, 2019, in Jersey City, N.J.

(AP Photo/Jenny Kane, File)

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

The Geopolitics of Digital Standards

| July 2022

This brief outlines what digital standards are and how the United States, European Union, and China approach standards development. It examines the implications of China’s efforts to advance a new model of cyber sovereignty through its “New IP” proposal to illustrate that overhauls of existing infrastructure-level standards are unlikely, but foreshadow the changing nature of standards from a historically apolitical domain to one of geopolitical importance. Finally, it offers considerations for the development of a long-term strategy that focuses on technology areas of strategic interest to the U.S. at the application layer through targeted regulations that promote a free, open, and democratic internet while maintaining a clear and technically informed understanding of what is likely to change (and what is not) at the infrastructure level.

Map with various borders

Adobe Stock

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Soberanía y localización de datos

    Author:
  • Emily Wu
| Original publication July 2021; translated 2022

Spanish translation (2022) of original English version of "Sovereignty and Data Localization" paper by Emily Wu.  

Las políticas sobre localización de datos les imponen a las empresas la obligación de almacenar y procesar los datos de manera local, en lugar de utilizar servidores ubicados fuera del país. La adopción de leyes sobre localización de datos ha venido aumentando, impulsada por el temor a que la soberanía de los países se vea amenazada debido a su incapacidad para ejercer pleno control sobre la información que almacenan fuera de sus fronteras. Este es un tema particularmente relevante para los Estados Unidos, si tenemos en cuenta su dominio en múltiples áreas del ecosistema digital, entre otras, la inteligencia artificial (IA) y la computación en la nube.