Reports & Papers

National security structures envisioned in the 20th century are inadequate for the cyber threats that America faces in the 21st century. These structures, created to address strategic, external threats on one end, and homeland security emergencies on the other, cannot protect us from ambient cyber conflict, because they were designed for different times and threats. Our nation—comprising the federal government, private sector companies, critical infrastructure operators, state and local governments, nonprofits and universities, and even private citizens—are constantly under attack by a myriad of cyber actors with ever-increasing capabilities. 

Adversarial Internet robots (botnets) represent a growing threat to the safe use and stability of the Internet. Botnets can play a role in launching adversary reconnaissance (scanning and phishing), influence operations (upvoting), and financing operations (ransomware, market manipulation, denial of service, spamming, and ad click fraud) while obfuscating tailored tactical operations. Reducing the presence of botnets on the Internet, with the aspirational target of zero, is a powerful vision for galvanizing policy action. Setting a global goal, encouraging international cooperation, creating incentives for improving networks, and supporting entities for botnet takedowns are among several policies that could advance this goal.

Many are looking to digital contact tracing to assist reopening efforts, especially in light of reports that the U.S. could expect as many as 100,000 more deaths due to the virus by this Fall. This report focuses on how the U.S. might consider various proposed solutions.

We believe there are real benefits, challenges, and even potential harms in using digital solutions in the fight against COVID-19, but we must also acknowledge that the promise of any technology and associated systems to assist manual contact tracing efforts is largely hypothetical in the United States. There is not one catch-all answer; the truth is that technology is not a panacea, but it may be able to assist official efforts at an unprecedented time. However, no technological solution can succeed without two specific factors: public trust and buy-in, and rapid, widespread testing for everyone living in the U.S. To achieve the first, a number of factors must be addressed by officials in the states looking to implement digital solutions, and by technology developers.
 

"When government agencies discover or purchase zero day vulnerabilities, they confront a dilemma: should the government disclose such vulnerabilities, and thus allow them to be fixed, or should the government retain them for national security purposes?"