Reports & Papers

In an interconnected world, cyberattacks are becoming more frequent and sophisticated. Building resilience against this asymmetric threat is critical for countries to protect their economies, critical infrastructure, and democratic institutions. However, cyberattacks do not respect borders, and no country can address this threat alone. The strength and longevity of the transatlantic partnership between the EU and the U.S. presents a unique opportunity to address this strategic threat through international cooperation. Through an analysis of cyberwarfare in the ongoing war in Ukraine, this paper proposes policy recommendations to enhance transatlantic coordination and cooperation against current and future adversaries in a new era of strategic competition. Ultimately, a stronger transatlantic partnership is critical for protecting international democratic norms, building resilience against cyber threats, and strengthening global security and stability.

In this student research paper, Harvard Kennedy School student Coen Williams finds that  The Department of Defense should implement an “effects-driven” acquisitions system rather than “capabilities-based” to effectively acquire and utilize commercially developed capabilities. An effects-driven acquisitions system will increase the diversity of solutions, and by appropriating money to effects-driven portfolios, Congress can still maintain control of the purse while the Department of Defense can more effectively allocate its appropriated funds.

National security structures envisioned in the 20th century are inadequate for the cyber threats that America faces in the 21st century. These structures, created to address strategic, external threats on one end, and homeland security emergencies on the other, cannot protect us from ambient cyber conflict, because they were designed for different times and threats. Our nation—comprising the federal government, private sector companies, critical infrastructure operators, state and local governments, nonprofits and universities, and even private citizens—are constantly under attack by a myriad of cyber actors with ever-increasing capabilities. 

Adversarial Internet robots (botnets) represent a growing threat to the safe use and stability of the Internet. Botnets can play a role in launching adversary reconnaissance (scanning and phishing), influence operations (upvoting), and financing operations (ransomware, market manipulation, denial of service, spamming, and ad click fraud) while obfuscating tailored tactical operations. Reducing the presence of botnets on the Internet, with the aspirational target of zero, is a powerful vision for galvanizing policy action. Setting a global goal, encouraging international cooperation, creating incentives for improving networks, and supporting entities for botnet takedowns are among several policies that could advance this goal.

The 2020 election presents a paradox. Despite dramatic changes to the election process due to the COVID-19 pandemic and increasingly complex threats since the 2016 election, 2020 is widely regarded as “the most secure [election] in American history.” Operationally, it was also one of the smoothest. State and local election officials overcame unprecedented challenges and scarce resources to administer an election with fewer incidents of cyber compromises, technical failures or long lines than anticipated. After Election Day, recount procedures functioned as designed. Yet, amidst these successes, officials from both parties faced a barrage of mis- and disinformation about the election process that served to undermine confidence in the result.

Though the election security ecosystem survived the triple threat of cybersecurity, physical security, and mis- and disinformation in 2020, this success will prove to be hard to replicate in future election cycles without proper investment and reinforcement.

Harvard Kennedy School (HKS) and the German Council on Foreign Relations (DGAP) convened a strategy group of experts and former government officials from the United States and Europe over the past year to discuss the crisis in the transatlantic relationship and to propose a strategy to revive and strengthen it.

For nearly 60 years, attempts at finding a lasting political solution to the conflict in Cyprus have created an environment known as the “graveyard of diplomats” for practitioners of international relations.¹ Hastily constructed by the British Royal Air Force in December 1963 because of intercommunal fighting between Greek Cypriots and Turkish Cypriots, a demilitarized buffer zone, or “Green Line,” partitioned the two communities and has separated the island and its inhabitants ever since. Now, Cyprus hosts an amalgamation of different powers: two British sovereign bases which cover 98 square miles, the “Green Line” patrolled by the United Nations Peacekeeping Force in Cyprus (UNFICYP) spanning 134 square miles, a de facto state only recognized by Turkey called the “Turkish Republic of Northern Cyprus” (TRNC) occupying one-third of the island, and the Republic of Cyprus which has de jure sovereignty over the entire island but is located in the southern two-thirds.

Influence Operations (IO), also known as Information Operations, are a series of warfare tactics historically used to collect information, influence, or disrupt the decision making of an adversary. IO strategies intentionally disseminate information to manipulate public opinion and/or influence behavior. IO can involve a number of tactics, including spreading false information intentionally. This is known as “disinformation.”   

Skilled influence operations often deliberately spread disinformation in highly public places like social media. This is done in the hope that people who have no connection to the operation will mistakenly share this disinformation. Inaccurate information spread in error without malicious intent is known as “misinformation.” 

This playbook explores mis- and disinformation incidents that specifically focus on elections operations and infrastructure. Election officials may not often see or know what the motivation is behind the incidents encountered or whether they are mis- or disinformation. Throughout these guides we refer to mis/disinformation incidents together, as the strategies for countering or responding to them are the same.  

This section of the Playbook includes recommendations and materials focused on the response process. It will help election officials respond to election-related mis and disinformation incidents quickly and in a coordinated fashion. 

In this playbook, we refer to mis/disinformation throughout as one concept. Instances of both misinformation and disinformation in the elections process provide incorrect information to voters. Incorrect information can be conveyed intentionally or unintentionally. For election officials, any incorrect information, regardless of source or intention, presented to voters can pose a threat to elections, because it can undermine voters’ understanding of and trust in the election.

Many are looking to digital contact tracing to assist reopening efforts, especially in light of reports that the U.S. could expect as many as 100,000 more deaths due to the virus by this Fall. This report focuses on how the U.S. might consider various proposed solutions.

We believe there are real benefits, challenges, and even potential harms in using digital solutions in the fight against COVID-19, but we must also acknowledge that the promise of any technology and associated systems to assist manual contact tracing efforts is largely hypothetical in the United States. There is not one catch-all answer; the truth is that technology is not a panacea, but it may be able to assist official efforts at an unprecedented time. However, no technological solution can succeed without two specific factors: public trust and buy-in, and rapid, widespread testing for everyone living in the U.S. To achieve the first, a number of factors must be addressed by officials in the states looking to implement digital solutions, and by technology developers.