Reports & Papers

Alarmed by Russia’s brazen interference in the 2016 US Election, Sweden began preparing for its September 2018 election in earnest. Over the past year and a half, Sweden has created a comprehensive strategy based on a clear understanding of the threat; it has learned lessons from other targeted elections; and it has developed a whole-of-society defense—mobilizing not just the government, but also the Swedish media and Swedish citizens.

The Potomac Institute for Policy Studies (PIPS) and the Dutch Government are pleased to announce the release of The Netherlands Cyber Readiness at a Glance, the latest study in a series of country reports assessing national-level preparedness for cyber risks based on the Cyber Readiness Index (CRI) 2.0 methodology. This report provides the most in-depth analysis to date of the Netherlands' current cyber security posture and its efforts to strengthen the country's security and resilience in the face of emerging ICT threats.

A Senior Iranian Islamic Revolutionary Guard Corps (IRGC) official described a war in cyberspace as "more dangerous than a physical war." This statement was likely made in 2012, in response to a wave of publicly reported cyber operations against Iran, including Stuxnet, Duqu, and Flame. Since these operations, Iran has expanded the role of cyber capabilities in its broader national security strategy. Cyber Security Project Director Michael Sulmeyer assesses the role of cyber tools in Iran's broader strategy.

While the issue of cyber operations beyond NATO’s own networks is a politically difficult one given the complex mosaic of national, transnational (EU), and international law; the role of national intelligence efforts in certain types of operations; and ever-present disputes over burden-sharing, the Alliance already has invaluable experience in developing policies and procedures for contentious and sensitive tools in the form of the Nuclear Planning Group (NPG). This article begins with a brief overview of actions NATO has already taken to address cyberthreats. It will then explore why these, while important, are insufficient for the present and any imaginable future geopolitical threat environment. Next, it will address the history of the NPG, highlighting some parallels with the present situation regarding cyber and drawing out the challenges faced by, and activities and mechanisms of, the NPG. Finally, it will make the case that a group modeled on the NPG can not only significantly enhance the Alliance’s posture in cyberspace, but can serve as an invaluable space for fostering entente and reconciling differences on key aspects of cyber policy. It concludes that the Alliance needs to consider offensive cyber capabilities and planning, and it needs a Cyber Planning Group to do it.

In today's interconnected world, the Internet is no longer a tool. Rather, it is a service that helps generate income and employment, provides access to business and information, enables e-learning, and facilitates government activities. It is an essential service that has been integrated into every part of our society. Our experience begins when an Internet Service Provider (ISP) uses fixed telephony (plain old telephone service), mobile-cellular telephony, or fixed fiber-optic or broadband service to connect us to the global network. From that moment on, the ISP shoulders the responsibility for the instantaneous, reliable, and secure movement of our data over the Internet.

"Cybersecurity is a means to enable social stability and promote digital democracy; a method by which to govern the Internet; and a process by which to secure critical infrastructure from cybercrime, cyberespionage, cyberterrorism and cyberwar. As nations and corporations recognize their dependence on ICT, policymakers must find the proper balance in protecting their investments without strangling future growth."

The recent publications on WikiLeaks reveal a story about money, fame, sex, underground hackers, and betrayal. But it also involves fundamental questions regarding cyber-security and foreign policy. This paper argues WikiLeaks is only the symptom of a new, larger problem which is the result of technological advances that allow a large quantity of data to be 'stolen' at low or no cost by one or more individuals and to be potentially made public and to go 'viral', spreading exponentially online.