Reports & Papers

26 Items

German Interior Minister Thomas de Maiziere talks to the media during his visit to the central department of fighting internet criminality (ZIT) in Giessen, Germany, Wednesday, Feb. 8, 2017. In background a map showing the amount of cyber attacks in a30 days.

AP Photo/Michael Probst

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Advancing Cyber Norms Unilaterally: How the U.S. Can Meet its Paris Call Commitments

| January 2023

Establishing norms for state behavior in cyberspace is critical to building a more stable, secure, and safe cyberspace. Norms are defined as “a collective expectation for the proper behavior of actors with a given identity,” and declare what behavior is considered appropriate and when lines have been crossed. Cyberspace is in dire need of such collective expectations. However, despite efforts by the international community and individual states to set boundaries and craft agreements, clear and established cyber norms for state behavior remain elusive. As early as 2005, the UN Group of Governmental Experts (GGE) and UN Open-Ended Working Group (OEWG) both aimed to create shared “rules of the road,” but fundamental disagreements between states and a lack of accountability and enforcement mechanisms have prevented these initiatives from substantively implementing cyber norms. As a result, the international community and individual states are left with no accountability mechanisms or safeguards to protect civilians and critical infrastructure from bad actors in cyberspace.

Paper

US-Russian Contention in Cyberspace

| June 2021

The overarching question imparting urgency to this exploration is: Can U.S.-Russian contention in cyberspace cause the two nuclear superpowers to stumble into war? In considering this question we were constantly reminded of recent comments by a prominent U.S. arms control expert: At least as dangerous as the risk of an actual cyberattack, he observed, is cyber operations’ “blurring of the line between peace and war.” Or, as Nye wrote, “in the cyber realm, the difference between a weapon and a non-weapon may come down to a single line of code, or simply the intent of a computer program’s user.”

Donald Trump and Anthony Fauci

AP/Alex Brandon

Paper - Centre for International Governance Innovation

US Intelligence, the Coronavirus and the Age of Globalized Challenges

| Aug. 24, 2020

This essay makes three arguments. First, the US government will need to establish a coronavirus commission, similar to the 9/11 commission, to determine why, since April 2020, the United States has suffered more coronavirus fatalities than any other country in the world. Second, the COVID-19 pandemic represents a watershed for what will be a major national security theme this century: biological threats, both from naturally occurring pathogens and from synthesized biology. Third, intelligence about globalized challenges, such as pandemics, needs to be dramatically reconceptualized, stripping away outmoded levels of secrecy.

Report - Belfer Center for Science and International Affairs, Harvard Kennedy School

Catching Swedish Phish: How Sweden is Protecting its 2018 Elections

    Author:
  • Gabriel Cederberg
| Sep. 07, 2018

Alarmed by Russia’s brazen interference in the 2016 US Election, Sweden began preparing for its September 2018 election in earnest. Over the past year and a half, Sweden has created a comprehensive strategy based on a clear understanding of the threat; it has learned lessons from other targeted elections; and it has developed a whole-of-society defense—mobilizing not just the government, but also the Swedish media and Swedish citizens.

Report - Potomac Institute for Policy Studies

The Netherlands Cyber Readiness at a Glance

| May 2017

The Potomac Institute for Policy Studies (PIPS) and the Dutch Government are pleased to announce the release of The Netherlands Cyber Readiness at a Glance, the latest study in a series of country reports assessing national-level preparedness for cyber risks based on the Cyber Readiness Index (CRI) 2.0 methodology. This report provides the most in-depth analysis to date of the Netherlands' current cyber security posture and its efforts to strengthen the country's security and resilience in the face of emerging ICT threats.

Paper - Carnegie Endowment for International Peace

Russia and Cyber Operations: Challenges and Opportunities for the Next U.S. Administration

| December 13, 2016

Russian cyber operations against the United States aim to both collect information and develop offensive capabilities against future targets. Washington must strengthen its defenses in response.

NATO Road to Cybersecurity

US Department of State

Report - Kosciuszko Institute

NATO Road to Cybersecurity

July 08, 2016

In this report, the Kosciuszko Institute invited authors to take up the most pressing cybersecurity challenges facing the North Atlantic Treaty Organization. The NATO Summit in Warsaw should begin the discussion about these key areas. Everything indicates that in the coming years, the discussions on the direction of the Alliance’s involvement in cyber operations will be dominated by two issues. The first concerns the need for the Alliance to specify exactly the activities carried out in the framework of collective defence and the development of NATO’s capabilities, including offensive, to operate in cyberspace. The second, frequently brought up in the discussion about the cybersecurity of the Alliance, is the need for comprehensive measures to be implemented to counter hybrid threats, including the multi-dimensional use of cyberspace as one of the most critical elements.

Planning for Cyber in the North Atlantic Treaty Organization

US Department of State

Report Chapter - Kosciuszko Institute

Planning for Cyber in the North Atlantic Treaty Organization

| July 08, 2016

While the issue of cyber operations beyond NATO’s own networks is a politically difficult one given the complex mosaic of national, transnational (EU), and international law; the role of national intelligence efforts in certain types of operations; and ever-present disputes over burden-sharing, the Alliance already has invaluable experience in developing policies and procedures for contentious and sensitive tools in the form of the Nuclear Planning Group (NPG). This article begins with a brief overview of actions NATO has already taken to address cyberthreats. It will then explore why these, while important, are insufficient for the present and any imaginable future geopolitical threat environment. Next, it will address the history of the NPG, highlighting some parallels with the present situation regarding cyber and drawing out the challenges faced by, and activities and mechanisms of, the NPG. Finally, it will make the case that a group modeled on the NPG can not only significantly enhance the Alliance’s posture in cyberspace, but can serve as an invaluable space for fostering entente and reconciling differences on key aspects of cyber policy. It concludes that the Alliance needs to consider offensive cyber capabilities and planning, and it needs a Cyber Planning Group to do it.

Discussion Paper - Cyber Security Project, Belfer Center

Government's Role in Vulnerability Disclosure: Creating a Permanent and Accountable Vulnerability Equities Process

| June 2016

"When government agencies discover or purchase zero day vulnerabilities, they confront a dilemma: should the government disclose such vulnerabilities, and thus allow them to be fixed, or should the government retain them for national security purposes?"