Reports & Papers

In 1992, there were only a million users on the Internet; today, there are nearly three billion, and the Internet has become a substrate of modern economic, social and political life. And the volatility continues. Analysts are now trying to understand the implications of ubiquitous mobility, the "Internet of everything" and analysis of "big data." Over the past 15 years, the advances in technology have far outstripped the ability of institutions of governance to respond, as well as our thinking about governance.

The Cyber Readiness Index (CRI) examines thirty-five countries that have embraced ICT and the Internet and compares their maturity and commitment to protecting those investments using an initial objective assessment of where countries stand in cyber security in five areas.

What will be the shape of the internet in 20 years? The authors explore possible futures in global cyber security governance and recommend a robust set of actions that pave a path forward towards establishing an environment in which a more cooperative form of global cyber security governance could evolve.

The following report presents a consensus view of the members of a bipartisan study group on the U.S.-Japan alliance. The report specifically addresses energy, economics and global trade, relations with neighbors, and security-related issues. Within these areas, the study group offers policy recommendations for Japan and the United States, which span near- and long-term time frames. These recommendations are intended to bolster the alliance as a force for peace, stability, and prosperity in the Asia-Pacific region and beyond.

This paper offers analysis and policy recommendations for use and response to various forms of cyber action for Offensive Military Cyber Policy. It establishes a pragmatic policy-relevant, effects-based ontology for categorizing cyber capabilities, and develops a comprehensive framework for cyber policy analysis. Furthermore, it demonstrates the utility of the cyber policy analysis framework by analyzing six key categories of external cyber actions identified by our ontology, which range the entire spectrum of cyber activity. Lastly, this work develops actionable policy recommendations from our analysis for cyber policy makers while identifying critical meta-questions.

In today's interconnected world, the Internet is no longer a tool. Rather, it is a service that helps generate income and employment, provides access to business and information, enables e-learning, and facilitates government activities. It is an essential service that has been integrated into every part of our society. Our experience begins when an Internet Service Provider (ISP) uses fixed telephony (plain old telephone service), mobile-cellular telephony, or fixed fiber-optic or broadband service to connect us to the global network. From that moment on, the ISP shoulders the responsibility for the instantaneous, reliable, and secure movement of our data over the Internet.

This paper explores the vulnerabilities to cyber attacks of infrastructure that today carries nearly all the world's data and voice traffic: undersea communications cables. Long-standing physical vulnerabilities in cable infrastructure have been compounded by new risk found in the network management systems that monitor and control cable operations. Unlike an attack on a water treatment plant's control systems, however, an attack on the cables' control systems could devastate the world's economies — presenting a different kind of Internet "kill switch" altogether — shutting down world commerce, and doing it all with the click of a mouse.

Cyber-warfare is no longer science fiction and the debate among policy-makers on what norms will guide behavior in cyber-space is in full swing. The United Nations (UN) is one of the fora where this debate is taking place exhibiting an astonishing rate of norm emergence in cyber-space. Most recently, Russia together with China proposed an “International code of conduct for information security” in September 2011 after the U.S. reversed its long-standing policy position in 2010.

"Cybersecurity is a means to enable social stability and promote digital democracy; a method by which to govern the Internet; and a process by which to secure critical infrastructure from cybercrime, cyberespionage, cyberterrorism and cyberwar. As nations and corporations recognize their dependence on ICT, policymakers must find the proper balance in protecting their investments without strangling future growth."

The recent publications on WikiLeaks reveal a story about money, fame, sex, underground hackers, and betrayal. But it also involves fundamental questions regarding cyber-security and foreign policy. This paper argues WikiLeaks is only the symptom of a new, larger problem which is the result of technological advances that allow a large quantity of data to be 'stolen' at low or no cost by one or more individuals and to be potentially made public and to go 'viral', spreading exponentially online.