wORK
tEAM
fELLOWS
eVENTS
pUBLICATIONS

The Cyber Statecraft Initiative works at the nexus of geopolitics, technology, and security to craft strategies to help shape the conduct of statecraft and to better inform and secure users. This work extends through the competition of state and non-state actors, the security of the internet and computing systems, the safety of operational technology and physical systems, and the communities of cyberspace. The Initiative convenes a diverse network of passionate and knowledgeable contributors, bridging the gap among technical, policy, and user communities.

To keep up to date with our latest work, check us out on:

Our Work

Our Team

Cyber Statecraft Fellows

Events and programs

CSI is dedicated to convening a diverse network of passionate and knowledgeable contributors, bridging the gap among technical, policy, and user communities. Check out our past events here and make sure to keep an eye out for our future events by following us on Twitter and LinkedIn.

CSI Events

Recent Publications

December 2024

In It to Win It: Understanding Cyber Policy through a Simulated Crisis 

by Safa Shahwan Edwards, Emerson Johnston

Competitors and judges from the Cape Town Cyber 9/12 Strategy Challenge share their perspectives on the competition’s impact on the African cybersecurity landscape.
Read More
December 2024

The Eight Body Problem: Exploring the Implications of Salt Typhoon 

by Cyber Statecraft Team

The Cyber Statecraft community and friends offer their thoughts on the implications of the Salt Typhoon campaign based on what is known to date, what the campaign says about the last four years of cybersecurity policy, and where policymakers should focus in the months ahead.
Read More
November 2024

Seizing the Win: Navigating Competition and Hands-on Learning through Cyber 9/12 

by Safa Shahwan Edwards, Emerson Johnston

Competitors and judges from the inaugural Cyber 9/12 Strategy Challenge in Costa Rica share their perspectives on how to leverage teamwork and interdisciplinary skills to address tomorrow’s cyber challenges.
Read More
November 2024

The Role of Data in Improving Cyber Insurance Pricing

by Alphaeus Hanson

In order to improve cybersecurity through cyber insurance, the private sector should aggregate cyber incident data to inform risk models and in turn, more accurately price cyber premiums.
Read More
November 2024

Take the Bribe but Watch Your Back: Why Russia Imprisoned a Security Officer for Taking Cybercriminal Payoffs 

by Justin Sherman

Russia imprisoned a security service officer for taking bribes from cybercriminals—showing not a willingness to crack down on cybercrime, but instead just how much the Kremlin wants to maintain its cybercrime protection racket.
Read More
October 2024

The 5×5—The evolving role of CISOs and senior cybersecurity executives

by Nitansha Bansal

For this Cybersecurity Awareness Month, senior cybersecurity executives share their insights into the evolution of their roles.
Read More
September 2024

Mythical Beasts and Where to Find Them

by Jen Roberts, Trey Herr, Nitansha Bansal, and Nancy Messieh, with Emma Taylor, Jean Le Roux, and Sopo Gelava

Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and its Threats to National Security and Human Rights is concerned with the commercial market for spyware and provides data on market participants.
Read More
September 2024

Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and its Threats to National Security and Human Rights

by Jen Roberts, Trey Herr, Nitansha Bansal, and Nancy Messieh, with Emma Taylor, Jean Le Roux, and Sopo Gelava

The Mythical Beasts project pulls back the curtain on the connections between 435 entities across forty-two countries in the global spyware market.
Read More
September 2024

Mythical Beasts and Where to Find Them: Data and Methodology

by Jen Roberts, Trey Herr, Nitansha Bansal, and Nancy Messieh, with Emma Taylor, Jean Le Roux, and Sopo Gelava

Learn more about the methodology and dataset behind Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and its Threats to National Security and Human Rights
Read More
August 2024

AI in Cyber and Software Security:  What’s Driving Opportunities and Risks?

by Maia Hamin, Jennifer Lin, Trey Herr

This issue brief discusses the drivers of evolving risks and opportunities presented by generative artificial intelligence (GAI), particularly in cybersecurity, while acknowledging the broader implications for policymakers and for national security.
Read More

LICENSING CSI GRAPHICS

All original graphics created by the Cyber Statecraft Initiative (CSI) are available for re-use under the following conditions:

  • Written permission must be granted by CSI.
  • Graphics may be copied and distributed in any medium or format in unadapted form only, for noncommerical purposes, and only so long as attribution is given.*
  • The attribution must reference the Cyber Statecraft Initiative and include a link to the content.

CSI cannot grant permission for the use of images or graphics licensed from third parties.

Contact us for licensing requests

*Language based on Creative Commons CC BY-NC-ND 4.0

Cyber Statecraft Initiative

Thu, Apr 18, 2024

O$$ Security: Does More Money for Open Source Software Mean Better Security? A Proof of Concept

A proof-of-concept study looking for correlation between open source software project funding and security practices at scale.

by Sara Ann Brackett, John Speed Meyers, Stewart Scott

Cybersecurity Open Source Software

Wed, Feb 28, 2024

The 5×5—Alumni perspectives on Cyber 9/12 Strategy Challenge

Alumni of Cyber 9/12 Strategy Challenge share their experiences, and discuss the impact of such simulated exercises to prepare for real life cyber attacks.

by Nitansha Bansal, Isabella Wright

Cyber 9/12 Strategy Challenge Cybersecurity

Thu, Feb 8, 2024

Future-Proofing the Cyber Safety Review Board

The Cyber Safety Review Board seeks to examine and learn from complex failures in cyberspace. As Congress considers how to design its next iteration, there are ways to make it more effective and adaptable for the increasing challenges to come.

by Maia Hamin, Alphaeus Hanson, Trey Herr, Stewart Scott

Cybersecurity Incidents, Vulnerabilities, and Information Sharing

Fri, Jan 26, 2024

The Great Despiser: The BSA, Memory Safety, and How to Make a Good Argument Badly

Memory-safe programming languages are in the cyber policy mainstream, but some hesitation remains. Looking at the arguments around memory safety is informative for larger cyber policy debates too.

by Stewart Scott

Cybersecurity Software Supply Chains

Wed, Jan 24, 2024

The 5×5—Forewarned is forearmed: Cybersecurity policy in 2024

Members of the Cyber Statecraft Initiative team discuss the regulatory requirements and emerging technology they are closely following in 2024, and forewarn of the year ahead.

by Nitansha Bansal, Trey Herr

Artificial Intelligence Conflict in and through the Cyber Domain

Tue, Jan 16, 2024

Design Questions in the Software Liability Debate

Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of insecure software. This report identifies key design questions for such regimes and tracks their discussion through the decades-long history of the debate.

by Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz

Cybersecurity Cybersecurity Standards and Requirements
#AtlanticDebrief - How will the OSA be implemented? | A Debrief from Melanie Dawes

Fri, Dec 1, 2023

#AtlanticDebrief – How will the OSA be implemented? | A Debrief from Melanie Dawes

An #AtlanticDebrief with Ofcom Chief Executive Dame Melanie Dawes covering the Online Safety Act and regulatory guidance on illegal harms. In partnership with the Atlantic Council's Europe Center.

by Digital Forensic Research Lab

Cyber Strategy Digital Policy

Mon, Nov 13, 2023

This Job Post Will Get You Kidnapped: A Deadly Cycle of Crime, Cyberscams, and Civil War in Myanmar

In Myanmar, cybercrime has become an effective vehicle through which nonstate actors can fund and perpetuate conflict.

by Emily Ferguson and Emma Schroeder

Combating Cybercrime Security & Defense
A wounded woman uses a phone at Nasser Hospital after an airstrike in the city of Khan Yunis, amid the continuing conflict between Israel and the Palestinian Hamas movement.

Fri, Nov 3, 2023

How information travels during Gaza’s communications blackouts

People in Gaza turn to eSIMS and other solutions amid cellular and internet outages

by Layla Mashkoor

Critical Infrastructure Policy Gaza
A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, hackers staged a cyber assault with a self-spreading malware that has infected tens of thousands of computers in nearly 100 countries. REUTERS/Kacper Pempel/Illustration TPX IMAGES OF THE DAY

Wed, Nov 1, 2023

Hacker collectives take sides in the Mideast crisis

Telegram feeds of hacker groups document alleged attacks targeting Israel

by Ruslan Trad

Conflict in and through the Cyber Domain Cybersecurity
An image of browser icons for Edge, Firefox, Chrome, Opera, and Brave browsers

Mon, Oct 30, 2023

Homogeneity and Concentration in the Browser

Web browsers are the gateway to the internet. As browser developers replicate design features and concentrate around shared underlying technologies, they create cybersecurity risks with the potential to impact many internet users at once.

by Justin Sherman and Jessica Edelson

Cybersecurity Telecomms and the Internet

Fri, Oct 27, 2023

The 5×5—The Cybersecurity Implications of Artificial Intelligence

A group of experts with diverse perspectives discusses the intersection of cybersecurity and artificial intelligence.

by Maia Hamin and Simon Handler

Artificial Intelligence Series and Response
Load More