Reports & Papers

29 Items

A computer code is seen on displays in the office of Global Cyber Security Company Group-IB in Moscow, Russia, Wednesday, Oct. 25, 2017. A new strain of malicious software has paralyzed computers at a Ukrainian airport, the Ukrainian capital's subway and at some independent Russian media. Moscow-based Global Cyber Security Company Group-IB said in a statement Wednesday the ransomware called BadRabbit also tried to penetrate the computers of major Russian banks but failed.

AP Photo/Pavel Golovkin

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Addressing Russian and Chinese Cyber Threats: A Transatlantic Perspective on Threats to Ukraine and Beyond

| May 2023

In an interconnected world, cyberattacks are becoming more frequent and sophisticated. Building resilience against this asymmetric threat is critical for countries to protect their economies, critical infrastructure, and democratic institutions. However, cyberattacks do not respect borders, and no country can address this threat alone. The strength and longevity of the transatlantic partnership between the EU and the U.S. presents a unique opportunity to address this strategic threat through international cooperation. Through an analysis of cyberwarfare in the ongoing war in Ukraine, this paper proposes policy recommendations to enhance transatlantic coordination and cooperation against current and future adversaries in a new era of strategic competition. Ultimately, a stronger transatlantic partnership is critical for protecting international democratic norms, building resilience against cyber threats, and strengthening global security and stability.

A person on the left bends to take pictures of a drone showcased on a platform on the right.

AP Photo/Joe Buglewicz

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Buying What Works: An Acquisitions Strategy for the Reality of Dual-Use Technologies

| October 2022

In this student research paper, Harvard Kennedy School student Coen Williams finds that  The Department of Defense should implement an “effects-driven” acquisitions system rather than “capabilities-based” to effectively acquire and utilize commercially developed capabilities. An effects-driven acquisitions system will increase the diversity of solutions, and by appropriating money to effects-driven portfolios, Congress can still maintain control of the purse while the Department of Defense can more effectively allocate its appropriated funds.

A miniature of “The War Room” as depicted in the 1964 classic film Dr. Strangelove

Courtesy Eric Chan  and the Los Angeles County Museum of Art, CC-BY 2.0

Paper

Toward a Collaborative Cyber Defense and Enhanced Threat Intelligence Structure

| August 2021

National security structures envisioned in the 20th century are inadequate for the cyber threats that America faces in the 21st century. These structures, created to address strategic, external threats on one end, and homeland security emergencies on the other, cannot protect us from ambient cyber conflict, because they were designed for different times and threats. Our nation—comprising the federal government, private sector companies, critical infrastructure operators, state and local governments, nonprofits and universities, and even private citizens—are constantly under attack by a myriad of cyber actors with ever-increasing capabilities. 

A representative image of a digital "map"

Adobe Stock

Report

Reconceptualizing Cyber Power

Our intention is to provide the best possible understanding of cyber power capabilities to inform public debate. The Belfer approach proposes eight objectives that countries pursue using cyber means; provides a list of capabilities required to achieve those objectives that demonstrates the breadth of sources of cyber power; and compares countries based on their capability to achieve those objectives. Our work builds on existing cyber indices such as the Economist Intelligence Unit and Booz Allen Hamilton’s 2011 Cyber Power Ranking, by, for example, including a policy dimension and recognizing that cyber capabilities enhance military strength.

Job One for Space Force

NASA

Report - Cyber Security Project, Belfer Center

Job One for Space Force: Space Asset Cybersecurity

| July 12, 2018

When we think about critical infrastructure, the first assets that come to mind include the electric grid, water networks and transportation systems. Further unpacking the definition of critical infrastructure, we consider industries such as agriculture, defense or the financial sector. However, we rarely think about where the underlying systems that enable technology functionality across these sectors physically reside, who developed the technology, and who can access and manage that technology.

Paper - Cyber Security Project, Belfer Center

A Legislator's Guide to Reauthorizing Section 702

    Author:
  • Anne Boustead
| Aug. 20, 2017

Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments Act of 2008, a powerful surveillance tool that allows U.S. government agencies to spy on foreign persons to collect counter-terrorism intelligence, will expire on December 31, 2017 without Congressional reauthorization. This paper has two goals: to concisely describe how agencies obtain information under Section 702, and to provide guidance to legislators and their staffers by examining the core issues they will confront as they consider reauthorizing this legislation.

Paper - Cyber Security Project, Belfer Center

Too Connected to Fail

| May 2017

This paper argues that threats to core internet infrastructure and services can, in fact, rise to the level of a serious national security threat to the United States and will explore scenarios where this may be the case. The paper will discuss several kinds of core internet services and infrastructure and explore the challenges with understanding interdependencies between the internet and critical infrastructure; review recent attack techniques that can cause systemic risk to the internet; discuss various nation state capabilities, intentions and recent activities in this area; and describe how these attacks could be used against the United States to deter the U.S., control escalation, or potentially degrade U.S. warfighting capabilities in a conflict. Finally, the paper concludes with recommendations for what the United States and other governments can do to build defenses and resiliency against systemic threats to the internet.

Paper - Centre for International Governance Innovation

Getting beyond Norms: When Violating the Agreement Becomes Customary Practice

| Apr. 20, 2017

This paper offers five standards of care that can be used to test individual states' true commitment to the international norms of behaviour. Only with a concerted and coordinated effort across the global community will it be possible to change the new normal of "anything goes" and move forward to ensure the future safety and security of the Internet and Internet-based infrastructures.

Paper - Carnegie Endowment for International Peace

Russia and Cyber Operations: Challenges and Opportunities for the Next U.S. Administration

| December 13, 2016

Russian cyber operations against the United States aim to both collect information and develop offensive capabilities against future targets. Washington must strengthen its defenses in response.