Reports & Papers

In this student research paper, Harvard Kennedy School student Coen Williams finds that  The Department of Defense should implement an “effects-driven” acquisitions system rather than “capabilities-based” to effectively acquire and utilize commercially developed capabilities. An effects-driven acquisitions system will increase the diversity of solutions, and by appropriating money to effects-driven portfolios, Congress can still maintain control of the purse while the Department of Defense can more effectively allocate its appropriated funds.

National security structures envisioned in the 20th century are inadequate for the cyber threats that America faces in the 21st century. These structures, created to address strategic, external threats on one end, and homeland security emergencies on the other, cannot protect us from ambient cyber conflict, because they were designed for different times and threats. Our nation—comprising the federal government, private sector companies, critical infrastructure operators, state and local governments, nonprofits and universities, and even private citizens—are constantly under attack by a myriad of cyber actors with ever-increasing capabilities. 

Adversarial Internet robots (botnets) represent a growing threat to the safe use and stability of the Internet. Botnets can play a role in launching adversary reconnaissance (scanning and phishing), influence operations (upvoting), and financing operations (ransomware, market manipulation, denial of service, spamming, and ad click fraud) while obfuscating tailored tactical operations. Reducing the presence of botnets on the Internet, with the aspirational target of zero, is a powerful vision for galvanizing policy action. Setting a global goal, encouraging international cooperation, creating incentives for improving networks, and supporting entities for botnet takedowns are among several policies that could advance this goal.

Many are looking to digital contact tracing to assist reopening efforts, especially in light of reports that the U.S. could expect as many as 100,000 more deaths due to the virus by this Fall. This report focuses on how the U.S. might consider various proposed solutions.

We believe there are real benefits, challenges, and even potential harms in using digital solutions in the fight against COVID-19, but we must also acknowledge that the promise of any technology and associated systems to assist manual contact tracing efforts is largely hypothetical in the United States. There is not one catch-all answer; the truth is that technology is not a panacea, but it may be able to assist official efforts at an unprecedented time. However, no technological solution can succeed without two specific factors: public trust and buy-in, and rapid, widespread testing for everyone living in the U.S. To achieve the first, a number of factors must be addressed by officials in the states looking to implement digital solutions, and by technology developers.
 

Our intention is to provide the best possible understanding of cyber power capabilities to inform public debate. The Belfer approach proposes eight objectives that countries pursue using cyber means; provides a list of capabilities required to achieve those objectives that demonstrates the breadth of sources of cyber power; and compares countries based on their capability to achieve those objectives. Our work builds on existing cyber indices such as the Economist Intelligence Unit and Booz Allen Hamilton’s 2011 Cyber Power Ranking, by, for example, including a policy dimension and recognizing that cyber capabilities enhance military strength.