Reports & Papers

22 Items

Paper - Cyber Security Project, Belfer Center

A Legislator's Guide to Reauthorizing Section 702

    Author:
  • Anne Boustead
| Aug. 20, 2017

Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments Act of 2008, a powerful surveillance tool that allows U.S. government agencies to spy on foreign persons to collect counter-terrorism intelligence, will expire on December 31, 2017 without Congressional reauthorization. This paper has two goals: to concisely describe how agencies obtain information under Section 702, and to provide guidance to legislators and their staffers by examining the core issues they will confront as they consider reauthorizing this legislation.

Paper - Cyber Security Project, Belfer Center

Too Connected to Fail

| May 2017

This paper argues that threats to core internet infrastructure and services can, in fact, rise to the level of a serious national security threat to the United States and will explore scenarios where this may be the case. The paper will discuss several kinds of core internet services and infrastructure and explore the challenges with understanding interdependencies between the internet and critical infrastructure; review recent attack techniques that can cause systemic risk to the internet; discuss various nation state capabilities, intentions and recent activities in this area; and describe how these attacks could be used against the United States to deter the U.S., control escalation, or potentially degrade U.S. warfighting capabilities in a conflict. Finally, the paper concludes with recommendations for what the United States and other governments can do to build defenses and resiliency against systemic threats to the internet.

Paper - Centre for International Governance Innovation

Getting beyond Norms: When Violating the Agreement Becomes Customary Practice

| Apr. 20, 2017

This paper offers five standards of care that can be used to test individual states' true commitment to the international norms of behaviour. Only with a concerted and coordinated effort across the global community will it be possible to change the new normal of "anything goes" and move forward to ensure the future safety and security of the Internet and Internet-based infrastructures.

Paper - Carnegie Endowment for International Peace

Russia and Cyber Operations: Challenges and Opportunities for the Next U.S. Administration

| December 13, 2016

Russian cyber operations against the United States aim to both collect information and develop offensive capabilities against future targets. Washington must strengthen its defenses in response.

Discussion Paper - Cyber Security Project, Belfer Center

Government's Role in Vulnerability Disclosure: Creating a Permanent and Accountable Vulnerability Equities Process

| June 2016

"When government agencies discover or purchase zero day vulnerabilities, they confront a dilemma: should the government disclose such vulnerabilities, and thus allow them to be fixed, or should the government retain them for national security purposes?"

Report Chapter

Sustainable and Secure Development: A Framework for Resilient Connected Societies

| March 2016

Internet penetration and the wider adoption of information communications technologies (ICTs) are reshaping many aspects of the world's economies, governments, and societies. Everything from the way goods and services are produced, distributed, and consumed, to how governments deliver services and disseminate information, to how businesses, and citizens interact and participate in the social contract are affected. The opportunities associated with becoming connected and participating in the Internet economy and the potential economic impact cannot be ignored.

Paper - Potomac Institute for Policy Studies

Cyber Readiness Index 2.0

    Authors:
  • Chris Demchak
  • Jason Kerben
  • Jennifer McArdle
  • Francesca Spidalieri
| November 30, 2015

"Building on CRI 1.0, Cyber Readiness Index 2.0 examines one hundred twenty-five countries that have embraced, or are starting to embrace, ICT and the Internet and then applies an objective methodology to evaluate each country's maturity and commitment to cyber security across seven essential elements."

Paper - Harvard Business Publishing

The Vulnerability Economy: Zero-Days, Cybersecurity, and Public Policy

| February 2015

The case is designed to support a discussion of the costs and benefits associated with competing models of vulnerability disclosure. The trade in zero-days is a growing area of policy concern. The case can be used in courses on cyber policy, science and technology policy, or national security. It can be used to explore the concepts of public goods, dual-use technologies, and externalities.