Reports & Papers

Alarmed by Russia’s brazen interference in the 2016 US Election, Sweden began preparing for its September 2018 election in earnest. Over the past year and a half, Sweden has created a comprehensive strategy based on a clear understanding of the threat; it has learned lessons from other targeted elections; and it has developed a whole-of-society defense—mobilizing not just the government, but also the Swedish media and Swedish citizens.

The Potomac Institute for Policy Studies (PIPS) and the Dutch Government are pleased to announce the release of The Netherlands Cyber Readiness at a Glance, the latest study in a series of country reports assessing national-level preparedness for cyber risks based on the Cyber Readiness Index (CRI) 2.0 methodology. This report provides the most in-depth analysis to date of the Netherlands' current cyber security posture and its efforts to strengthen the country's security and resilience in the face of emerging ICT threats.

Russian cyber operations against the United States aim to both collect information and develop offensive capabilities against future targets. Washington must strengthen its defenses in response.

This paper addresses a growing concern to one of the most fundamental components of our democracy: how cybersecurity risks can influence the integrity of our elections.

While the issue of cyber operations beyond NATO’s own networks is a politically difficult one given the complex mosaic of national, transnational (EU), and international law; the role of national intelligence efforts in certain types of operations; and ever-present disputes over burden-sharing, the Alliance already has invaluable experience in developing policies and procedures for contentious and sensitive tools in the form of the Nuclear Planning Group (NPG). This article begins with a brief overview of actions NATO has already taken to address cyberthreats. It will then explore why these, while important, are insufficient for the present and any imaginable future geopolitical threat environment. Next, it will address the history of the NPG, highlighting some parallels with the present situation regarding cyber and drawing out the challenges faced by, and activities and mechanisms of, the NPG. Finally, it will make the case that a group modeled on the NPG can not only significantly enhance the Alliance’s posture in cyberspace, but can serve as an invaluable space for fostering entente and reconciling differences on key aspects of cyber policy. It concludes that the Alliance needs to consider offensive cyber capabilities and planning, and it needs a Cyber Planning Group to do it.

In today's interconnected world, the Internet is no longer a tool. Rather, it is a service that helps generate income and employment, provides access to business and information, enables e-learning, and facilitates government activities. It is an essential service that has been integrated into every part of our society. Our experience begins when an Internet Service Provider (ISP) uses fixed telephony (plain old telephone service), mobile-cellular telephony, or fixed fiber-optic or broadband service to connect us to the global network. From that moment on, the ISP shoulders the responsibility for the instantaneous, reliable, and secure movement of our data over the Internet.

Cyber-warfare is no longer science fiction and the debate among policy-makers on what norms will guide behavior in cyber-space is in full swing. The United Nations (UN) is one of the fora where this debate is taking place exhibiting an astonishing rate of norm emergence in cyber-space. Most recently, Russia together with China proposed an “International code of conduct for information security” in September 2011 after the U.S. reversed its long-standing policy position in 2010.

The recent publications on WikiLeaks reveal a story about money, fame, sex, underground hackers, and betrayal. But it also involves fundamental questions regarding cyber-security and foreign policy. This paper argues WikiLeaks is only the symptom of a new, larger problem which is the result of technological advances that allow a large quantity of data to be 'stolen' at low or no cost by one or more individuals and to be potentially made public and to go 'viral', spreading exponentially online.