Reports & Papers

Russian cyber operations against the United States aim to both collect information and develop offensive capabilities against future targets. Washington must strengthen its defenses in response.

This paper addresses a growing concern to one of the most fundamental components of our democracy: how cybersecurity risks can influence the integrity of our elections.

Internet penetration and the wider adoption of information communications technologies (ICTs) are reshaping many aspects of the world's economies, governments, and societies. Everything from the way goods and services are produced, distributed, and consumed, to how governments deliver services and disseminate information, to how businesses, and citizens interact and participate in the social contract are affected. The opportunities associated with becoming connected and participating in the Internet economy and the potential economic impact cannot be ignored.

The case is designed to support a discussion of the costs and benefits associated with competing models of vulnerability disclosure. The trade in zero-days is a growing area of policy concern. The case can be used in courses on cyber policy, science and technology policy, or national security. It can be used to explore the concepts of public goods, dual-use technologies, and externalities.

In 1992, there were only a million users on the Internet; today, there are nearly three billion, and the Internet has become a substrate of modern economic, social and political life. And the volatility continues. Analysts are now trying to understand the implications of ubiquitous mobility, the "Internet of everything" and analysis of "big data." Over the past 15 years, the advances in technology have far outstripped the ability of institutions of governance to respond, as well as our thinking about governance.

The following report presents a consensus view of the members of a bipartisan study group on the U.S.-Japan alliance. The report specifically addresses energy, economics and global trade, relations with neighbors, and security-related issues. Within these areas, the study group offers policy recommendations for Japan and the United States, which span near- and long-term time frames. These recommendations are intended to bolster the alliance as a force for peace, stability, and prosperity in the Asia-Pacific region and beyond.

This paper offers analysis and policy recommendations for use and response to various forms of cyber action for Offensive Military Cyber Policy. It establishes a pragmatic policy-relevant, effects-based ontology for categorizing cyber capabilities, and develops a comprehensive framework for cyber policy analysis. Furthermore, it demonstrates the utility of the cyber policy analysis framework by analyzing six key categories of external cyber actions identified by our ontology, which range the entire spectrum of cyber activity. Lastly, this work develops actionable policy recommendations from our analysis for cyber policy makers while identifying critical meta-questions.

In today's interconnected world, the Internet is no longer a tool. Rather, it is a service that helps generate income and employment, provides access to business and information, enables e-learning, and facilitates government activities. It is an essential service that has been integrated into every part of our society. Our experience begins when an Internet Service Provider (ISP) uses fixed telephony (plain old telephone service), mobile-cellular telephony, or fixed fiber-optic or broadband service to connect us to the global network. From that moment on, the ISP shoulders the responsibility for the instantaneous, reliable, and secure movement of our data over the Internet.

This paper explores the vulnerabilities to cyber attacks of infrastructure that today carries nearly all the world's data and voice traffic: undersea communications cables. Long-standing physical vulnerabilities in cable infrastructure have been compounded by new risk found in the network management systems that monitor and control cable operations. Unlike an attack on a water treatment plant's control systems, however, an attack on the cables' control systems could devastate the world's economies — presenting a different kind of Internet "kill switch" altogether — shutting down world commerce, and doing it all with the click of a mouse.