Reports & Papers

62 Items

German Interior Minister Thomas de Maiziere talks to the media during his visit to the central department of fighting internet criminality (ZIT) in Giessen, Germany, Wednesday, Feb. 8, 2017. In background a map showing the amount of cyber attacks in a30 days.

AP Photo/Michael Probst

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Advancing Cyber Norms Unilaterally: How the U.S. Can Meet its Paris Call Commitments

| January 2023

Establishing norms for state behavior in cyberspace is critical to building a more stable, secure, and safe cyberspace. Norms are defined as “a collective expectation for the proper behavior of actors with a given identity,” and declare what behavior is considered appropriate and when lines have been crossed. Cyberspace is in dire need of such collective expectations. However, despite efforts by the international community and individual states to set boundaries and craft agreements, clear and established cyber norms for state behavior remain elusive. As early as 2005, the UN Group of Governmental Experts (GGE) and UN Open-Ended Working Group (OEWG) both aimed to create shared “rules of the road,” but fundamental disagreements between states and a lack of accountability and enforcement mechanisms have prevented these initiatives from substantively implementing cyber norms. As a result, the international community and individual states are left with no accountability mechanisms or safeguards to protect civilians and critical infrastructure from bad actors in cyberspace.

A person on the left bends to take pictures of a drone showcased on a platform on the right.

AP Photo/Joe Buglewicz

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Buying What Works: An Acquisitions Strategy for the Reality of Dual-Use Technologies

| October 2022

In this student research paper, Harvard Kennedy School student Coen Williams finds that  The Department of Defense should implement an “effects-driven” acquisitions system rather than “capabilities-based” to effectively acquire and utilize commercially developed capabilities. An effects-driven acquisitions system will increase the diversity of solutions, and by appropriating money to effects-driven portfolios, Congress can still maintain control of the purse while the Department of Defense can more effectively allocate its appropriated funds.

An abstract image of locks and electronic wires

Adobe Stock

Report - Belfer Center for Science and International Affairs, Harvard Kennedy School

National Cyber Power Index 2022

| September 2022

In his Note to Readers of the 2022 National Cyber Power Index, Eric Rosenbach, Belfer Center Co-Director and former Chief of Staff and Assistant Secretary for the U.S. Department of Defense, writes: “With the challenges in the cyber domain only increasing, it is critical for analytical tools to also be available, presenting the full range of cyber power, and informing critical public debates today. The framework that the NCPI provides is one that allows policymakers to consider a fuller range of challenges and threats from other state actors. The incorporation of both qualitative and quantitative models, with more than 1000 existing sources of data and with 29 indicators to measure a state’s capability, is more comprehensive than any other current measure of cyber power.”

A worker is seen in a tugboat at the Port of Los Angeles on Nov. 10, 2021.

AP Photo/Marcio Jose Sanchez, File

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Never Breaking the Chain: The Economics and Politics of Creating an Effective National Supply Chain Strategy

| August 2022

The creation of a national supply chain strategy is crucial to responding to the challenge and merits specific attention from both policy and business leaders. This paper proposes specific government and business policy steps that would progress the US’s position on a more unified, strategic supply chain approach.

In this file photo taken Thursday, May 17, 2018, a visitor to the 21st China Beijing International High-tech Expo looks at a computer chip through the microscope displayed by the state-controlled Tsinghua Unigroup project which has emerged as a national champion for Beijing's semiconductor ambitions in Beijing, China.

AP Photo/Ng Han Guan, File

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

The U.S.-China Tech Rivalry: Don't Decouple - Diversify

| Mar. 03, 2022

The U.S. is grappling with increasingly challenging transnational technology, policy, and security issues, which are complicated further by the economic and supply chain relationships with China. As the Biden administration and Congress look at developing policy solutions that will both reduce dependence on China and strengthen the United States’ resilience, it is important that these policies form a larger, holistic strategy that articulates the national security narrative clearly. 

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Rational Not Reactive

| October 2021

The increasing tempo of offensive cyber operations by Iran and its adversaries, including the U.S. and Israel, has led many commentators to label them as “tit-for-tat”: a cyclical action-reaction dynamic where each side seeks to respond appropriately to an earlier violation by the other. However, this interpretation has significant theoretical and empirical deficiencies. Why, then, does a tit-for-tat narrative dominate our understanding of Iranian cyber activity, and what are the consequences? This paper explores that question.

A miniature of “The War Room” as depicted in the 1964 classic film Dr. Strangelove

Courtesy Eric Chan  and the Los Angeles County Museum of Art, CC-BY 2.0

Paper

Toward a Collaborative Cyber Defense and Enhanced Threat Intelligence Structure

| August 2021

National security structures envisioned in the 20th century are inadequate for the cyber threats that America faces in the 21st century. These structures, created to address strategic, external threats on one end, and homeland security emergencies on the other, cannot protect us from ambient cyber conflict, because they were designed for different times and threats. Our nation—comprising the federal government, private sector companies, critical infrastructure operators, state and local governments, nonprofits and universities, and even private citizens—are constantly under attack by a myriad of cyber actors with ever-increasing capabilities. 

Report - Research Institute for Sociotechnical Cyber Security

Remote Working and (In)Security

| June 2021

Remote working during the COVID-19 pandemic has had, and continues to have, a great impact on the workforce. Through interviews with senior cyber security professionals, this research explored how the traditional dynamics between employees and leadership have adapted in such times, responding to a rapidly evolving cyber threat landscape, as well as an unpredictable period for organisations and employees in terms of wellbeing and remote working culture. Focusing on the transition to remote working, cyber security, the psychological contract (relationship between employees and employers) and employee wellbeing, the research highlighted several key themes.