Reports & Papers

Citizens voluntarily carry Big Brother and his relatives in their pockets. Along with big data and artificial intelligence, technology has made the problem of defending democracy from information warfare far more complicated than foreseen two decades ago. And while rule of law, trust, truth and openness make democracies asymmetrically vulnerable, they are also critical values to defend.  Any policy to defend against cyber information war must start with the Hippocratic oath: first, do no harm.

This paper addresses a growing concern to one of the most fundamental components of our democracy: how cybersecurity risks can influence the integrity of our elections.

While the issue of cyber operations beyond NATO’s own networks is a politically difficult one given the complex mosaic of national, transnational (EU), and international law; the role of national intelligence efforts in certain types of operations; and ever-present disputes over burden-sharing, the Alliance already has invaluable experience in developing policies and procedures for contentious and sensitive tools in the form of the Nuclear Planning Group (NPG). This article begins with a brief overview of actions NATO has already taken to address cyberthreats. It will then explore why these, while important, are insufficient for the present and any imaginable future geopolitical threat environment. Next, it will address the history of the NPG, highlighting some parallels with the present situation regarding cyber and drawing out the challenges faced by, and activities and mechanisms of, the NPG. Finally, it will make the case that a group modeled on the NPG can not only significantly enhance the Alliance’s posture in cyberspace, but can serve as an invaluable space for fostering entente and reconciling differences on key aspects of cyber policy. It concludes that the Alliance needs to consider offensive cyber capabilities and planning, and it needs a Cyber Planning Group to do it.

"Building on CRI 1.0, Cyber Readiness Index 2.0 examines one hundred twenty-five countries that have embraced, or are starting to embrace, ICT and the Internet and then applies an objective methodology to evaluate each country's maturity and commitment to cyber security across seven essential elements."

In 1992, there were only a million users on the Internet; today, there are nearly three billion, and the Internet has become a substrate of modern economic, social and political life. And the volatility continues. Analysts are now trying to understand the implications of ubiquitous mobility, the "Internet of everything" and analysis of "big data." Over the past 15 years, the advances in technology have far outstripped the ability of institutions of governance to respond, as well as our thinking about governance.

The Cyber Readiness Index (CRI) examines thirty-five countries that have embraced ICT and the Internet and compares their maturity and commitment to protecting those investments using an initial objective assessment of where countries stand in cyber security in five areas.

What will be the shape of the internet in 20 years? The authors explore possible futures in global cyber security governance and recommend a robust set of actions that pave a path forward towards establishing an environment in which a more cooperative form of global cyber security governance could evolve.