The Cyber Statecraft Initiative works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology. This work extends through the competition of state and non-state actors, the security of the internet and computing systems, the safety of operational technology and physical systems, and the communities of cyberspace. The Initiative convenes a diverse network of passionate and knowledgeable contributors, bridging the gap among technical, policy, and user communities.

Our Work

Our Team

Cyber Statecraft Fellows

Events and programs

CSI is dedicated to convening a diverse network of passionate and knowledgeable contributors, bridging the gap among technical, policy, and user communities. Check out our past events here and make sure to keep an eye out for our future events by following us on Twitter and LinkedIn.

Recent Publications

May 2024

International Cyberspace & Digital Policy Strategy: AC Tech Programs Markup

by Emma Schroeder, Graham Brookie, Raul Brens Jr., Emerson Brooking, Safa Shahwan Edwards, Trey Herr, Rose Jackson

On May 6, the Department of State released the United States International Cyberspace & Digital Policy Strategy. Read along with AC Tech Programs staff, fellows, and experts for commentary and analysis.
Read More
May 2024

The 5×5—The XZ Backdoor: Trust and Open Source Software

by Nitansha Bansal, Stewart Scott

Open source software security experts share their insights into the XZ backdoor, and what it means for open source software security.
Read More
April 2024

Markets Matter: A Glance into the Spyware Industry

by Jen Roberts, Trey Herr, Emma Taylor, Nitansha Bansal

The Intellexa Consortium is a complex web of holding companies and vendors for spyware and related services. The Consortium represents a compelling example of spyware vendors in the context of the market in which they operate—one which helps facilitate the commercial sale of software driving both human rights and national security risk.
Read More
April 2024

O$$ Security: Does More Money for Open Source Software Mean Better Security? A Proof of Concept

by Sara Ann Brackett, John Speed Meyers, Stewart Scott

A proof-of-concept study looking for correlation between open source software project funding and security practices at scale.
Read More
February 2024

The 5×5—Alumni perspectives on Cyber 9/12 Strategy Challenge

by Nitansha Bansal, Isabella Wright

Alumni of Cyber 9/12 Strategy Challenge share their experiences, and discuss the impact of such simulated exercises to prepare for real life cyber attacks.
Read More
February 2024

Hacking with AI

by Maia Hamin, Stewart Scott

Can generative AI help hackers? By deconstructing the question into attack phases and actor profiles, this report analyzes the risks, the realities, and their implications for policy.
Read More
February 2024

Future-Proofing the Cyber Safety Review Board

by Maia Hamin, Alphaeus Hanson, Trey Herr, Stewart Scott

The Cyber Safety Review Board seeks to examine and learn from complex failures in cyberspace. As Congress considers how to design its next iteration, there are ways to make it more effective and adaptable for the increasing challenges to come.
Read More
January 2024

The Great Despiser: The BSA, Memory Safety, and How to Make a Good Argument Badly

by Stewart Scott

Memory-safe programming languages are in the cyber policy mainstream, but some hesitation remains. Looking at the arguments around memory safety is informative for larger cyber policy debates too.
Read More
January 2024

The 5×5—Forewarned is forearmed: Cybersecurity policy in 2024

by Nitansha Bansal, Trey Herr

Members of the Cyber Statecraft Initiative team discuss the regulatory requirements and emerging technology they are closely following in 2024, and forewarn of the year ahead.
Read More
January 2024

Design Questions in the Software Liability Debate

by Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz

Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of insecure software. This report identifies key design questions for such regimes and tracks their discussion through the decades-long history of the debate.
Read More

Cyber Statecraft Initiative

Mon, May 13, 2024

International Cyberspace & Digital Policy Strategy: AC Tech Programs Markup

On May 6, the Department of State released the United States International Cyberspace & Digital Policy Strategy. Read along with AC Tech Programs staff, fellows, and experts for commentary and analysis.

by Emma Schroeder, Graham Brookie, Raul Brens Jr., Emerson Brooking, Safa Shahwan Edwards, Trey Herr, Rose Jackson

Artificial Intelligence Cyber Strategy

Tue, May 7, 2024

Lessons Learned from the Cyber 9/12 Strategy Challenge 

Students from Tufts University tell us their greatest lessons learned from competing in the Cyber 9/12 Strategy Challenge.

by Sara Mishra, Hannah Dora Patterson, Ethan Moscot, and Andrew Vu

Cyber 9/12 Strategy Challenge Cybersecurity

Wed, May 1, 2024

The 5×5—The XZ Backdoor: Trust and Open Source Software

Open source software security experts share their insights into the XZ backdoor, and what it means for open source software security.

by Nitansha Bansal, Stewart Scott

Cybersecurity Open Source Software

Mon, Apr 22, 2024

Markets Matter: A Glance into the Spyware Industry

The Intellexa Consortium is a complex web of holding companies and vendors for spyware and related services. The Consortium represents a compelling example of spyware vendors in the context of the market in which they operate—one which helps facilitate the commercial sale of software driving both human rights and national security risk.

by Jen Roberts, Trey Herr, Emma Taylor, Nitansha Bansal

Civil Society Cybersecurity

Thu, Apr 18, 2024

O$$ Security: Does More Money for Open Source Software Mean Better Security? A Proof of Concept

A proof-of-concept study looking for correlation between open source software project funding and security practices at scale.

by Sara Ann Brackett, John Speed Meyers, Stewart Scott

Cybersecurity Open Source Software

Wed, Feb 28, 2024

The 5×5—Alumni perspectives on Cyber 9/12 Strategy Challenge

Alumni of Cyber 9/12 Strategy Challenge share their experiences, and discuss the impact of such simulated exercises to prepare for real life cyber attacks.

by Nitansha Bansal, Isabella Wright

Cyber 9/12 Strategy Challenge Cybersecurity

Thu, Feb 8, 2024

Future-Proofing the Cyber Safety Review Board

The Cyber Safety Review Board seeks to examine and learn from complex failures in cyberspace. As Congress considers how to design its next iteration, there are ways to make it more effective and adaptable for the increasing challenges to come.

by Maia Hamin, Alphaeus Hanson, Trey Herr, Stewart Scott

Cybersecurity Incidents, Vulnerabilities, and Information Sharing

Fri, Jan 26, 2024

The Great Despiser: The BSA, Memory Safety, and How to Make a Good Argument Badly

Memory-safe programming languages are in the cyber policy mainstream, but some hesitation remains. Looking at the arguments around memory safety is informative for larger cyber policy debates too.

by Stewart Scott

Cybersecurity Software Supply Chains

Wed, Jan 24, 2024

The 5×5—Forewarned is forearmed: Cybersecurity policy in 2024

Members of the Cyber Statecraft Initiative team discuss the regulatory requirements and emerging technology they are closely following in 2024, and forewarn of the year ahead.

by Nitansha Bansal, Trey Herr

Artificial Intelligence Conflict in and through the Cyber Domain

Tue, Jan 16, 2024

Design Questions in the Software Liability Debate

Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of insecure software. This report identifies key design questions for such regimes and tracks their discussion through the decades-long history of the debate.

by Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz

Cybersecurity Software Liability
#AtlanticDebrief - How will the OSA be implemented? | A Debrief from Melanie Dawes

Fri, Dec 1, 2023

#AtlanticDebrief – How will the OSA be implemented? | A Debrief from Melanie Dawes

An #AtlanticDebrief with Ofcom Chief Executive Dame Melanie Dawes covering the Online Safety Act and regulatory guidance on illegal harms. In partnership with the Atlantic Council's Europe Center.

by Digital Forensic Research Lab

Cyber Strategy Digital Policy

Mon, Nov 13, 2023

This Job Post Will Get You Kidnapped: A Deadly Cycle of Crime, Cyberscams, and Civil War in Myanmar

In Myanmar, cybercrime has become an effective vehicle through which nonstate actors can fund and perpetuate conflict.

by Emily Ferguson and Emma Schroeder

Combating Cybercrime Security & Defense