wORK
tEAM
fELLOWS
eVENTS
pUBLICATIONS

The Cyber Statecraft Initiative works at the nexus of geopolitics, technology, and security to craft strategies to help shape the conduct of statecraft and to better inform and secure users. This work extends through the competition of state and non-state actors, the security of the internet and computing systems, the safety of operational technology and physical systems, and the communities of cyberspace. The Initiative convenes a diverse network of passionate and knowledgeable contributors, bridging the gap among technical, policy, and user communities.

To keep up to date with our latest work, check us out on:

Our Work

Our Team

Cyber Statecraft Fellows

Events and programs

CSI is dedicated to convening a diverse network of passionate and knowledgeable contributors, bridging the gap among technical, policy, and user communities. Check out our past events here and make sure to keep an eye out for our future events by following us on Twitter and LinkedIn.

CSI Events

Recent Publications

December 2024

In It to Win It: Understanding Cyber Policy through a Simulated Crisis 

by Safa Shahwan Edwards, Emerson Johnston

Competitors and judges from the Cape Town Cyber 9/12 Strategy Challenge share their perspectives on the competition’s impact on the African cybersecurity landscape.
Read More
December 2024

The Eight Body Problem: Exploring the Implications of Salt Typhoon 

by Cyber Statecraft Team

The Cyber Statecraft community and friends offer their thoughts on the implications of the Salt Typhoon campaign based on what is known to date, what the campaign says about the last four years of cybersecurity policy, and where policymakers should focus in the months ahead.
Read More
November 2024

Seizing the Win: Navigating Competition and Hands-on Learning through Cyber 9/12 

by Safa Shahwan Edwards, Emerson Johnston

Competitors and judges from the inaugural Cyber 9/12 Strategy Challenge in Costa Rica share their perspectives on how to leverage teamwork and interdisciplinary skills to address tomorrow’s cyber challenges.
Read More
November 2024

The Role of Data in Improving Cyber Insurance Pricing

by Alphaeus Hanson

In order to improve cybersecurity through cyber insurance, the private sector should aggregate cyber incident data to inform risk models and in turn, more accurately price cyber premiums.
Read More
November 2024

Take the Bribe but Watch Your Back: Why Russia Imprisoned a Security Officer for Taking Cybercriminal Payoffs 

by Justin Sherman

Russia imprisoned a security service officer for taking bribes from cybercriminals—showing not a willingness to crack down on cybercrime, but instead just how much the Kremlin wants to maintain its cybercrime protection racket.
Read More
October 2024

The 5×5—The evolving role of CISOs and senior cybersecurity executives

by Nitansha Bansal

For this Cybersecurity Awareness Month, senior cybersecurity executives share their insights into the evolution of their roles.
Read More
September 2024

Mythical Beasts and Where to Find Them

by Jen Roberts, Trey Herr, Nitansha Bansal, and Nancy Messieh, with Emma Taylor, Jean Le Roux, and Sopo Gelava

Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and its Threats to National Security and Human Rights is concerned with the commercial market for spyware and provides data on market participants.
Read More
September 2024

Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and its Threats to National Security and Human Rights

by Jen Roberts, Trey Herr, Nitansha Bansal, and Nancy Messieh, with Emma Taylor, Jean Le Roux, and Sopo Gelava

The Mythical Beasts project pulls back the curtain on the connections between 435 entities across forty-two countries in the global spyware market.
Read More
September 2024

Mythical Beasts and Where to Find Them: Data and Methodology

by Jen Roberts, Trey Herr, Nitansha Bansal, and Nancy Messieh, with Emma Taylor, Jean Le Roux, and Sopo Gelava

Learn more about the methodology and dataset behind Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and its Threats to National Security and Human Rights
Read More
August 2024

AI in Cyber and Software Security:  What’s Driving Opportunities and Risks?

by Maia Hamin, Jennifer Lin, Trey Herr

This issue brief discusses the drivers of evolving risks and opportunities presented by generative artificial intelligence (GAI), particularly in cybersecurity, while acknowledging the broader implications for policymakers and for national security.
Read More

LICENSING CSI GRAPHICS

All original graphics created by the Cyber Statecraft Initiative (CSI) are available for re-use under the following conditions:

  • Written permission must be granted by CSI.
  • Graphics may be copied and distributed in any medium or format in unadapted form only, for noncommerical purposes, and only so long as attribution is given.*
  • The attribution must reference the Cyber Statecraft Initiative and include a link to the content.

CSI cannot grant permission for the use of images or graphics licensed from third parties.

Contact us for licensing requests

*Language based on Creative Commons CC BY-NC-ND 4.0

Cyber Statecraft Initiative

Thu, Oct 12, 2023

Driving Software Recalls: Manufacturing Supply Chain Best Practices for Open Source Consumption

Product recalls require practices that can help software vendors move toward better component selection and tracking and better relationships with customers, all while making software vendors responsible for OSS security instead of maintainers.

by Jeff Wayman, Brian Fox

Cybersecurity Open Source Software

Wed, Sep 27, 2023

Kink in the Chain: Eight Perspectives on Software Supply Chain Risk Management

Software supply chain attacks are popular, impactful, and are used to great effect by malicious actors. To dive deeper on this topic, we asked eight experts about these threats and how policymakers can help protect against them.

by Cyber Statecraft Initiative

Cybersecurity Software Supply Chains

Wed, Sep 27, 2023

Software Supply Chain Security: The Dataset

Want to dive deeper into the Breaking Trust database? You have come to the right place.

by Will Loomis, Stewart Scott, Trey Herr, Sara Ann Brackett, Nancy Messieh, and June Lee

Cybersecurity Software Supply Chains

Wed, Jul 19, 2023

Why Do SBOM Haters Hate? Or Why Trade Associations Say the Darndest Things

SBOMs are an important step forward for software supply chain security, so despite pushback and opposition, industry and government should take a page out of Taylor Swift’s book and just keep cruisin’, don’t let SBOM haters get in the way. 

by John Speed Meyers, Sara Ann Brackett, and Trey Herr

Cybersecurity Cybersecurity Standards and Requirements

Tue, Jul 18, 2023

The National Cybersecurity Strategy Implementation Plan: A CSI Markup

On July 13, the White House released the Implementation Plan for the 2023 US National Cybersecurity Strategy. Read along with CSI staff, fellows, and experts for commentary and what the NCSIP means for the Strategy.

by Trey Herr, Stewart Scott, Maia Hamin, Will Loomis, Sara Ann Brackett, Jennifer Lin

Cyber Strategy Cybersecurity

Mon, Jul 10, 2023

Critical Infrastructure and the Cloud: Policy for Emerging Risk

Critical infrastructure increasingly depends upon cloud computing. Policy must adapt its approach to risk management accordingly.

by Tianjiu Zuo, Justin Sherman, Maia Hamin, and Stewart Scott

Cloud Computing Cybersecurity

Wed, Jun 28, 2023

Shaping the global spyware market: Opportunities for transatlantic cooperation

The United States and its allies can do more to improve their position on spyware. Further policy action should, through greater collaboration with marketplace operators and allies and partners, work on furthering the development of norms and common understanding of what spyware can and cannot be used for.

by Jen Roberts and Emmeline Nettles

Cyber Strategy Cybersecurity

Wed, Jun 14, 2023

Who’s Afraid of the SEC?

The SEC wants to require fast, public disclosure of cybersecurity incidents. These rules could benefit investors—and the cyber ecosystem.

by Maia Hamin

Cybersecurity Incidents, Vulnerabilities, and Information Sharing

Mon, May 15, 2023

What is driving the adoption of Chinese surveillance technology in Africa?

When examining the proliferation of Chinese surveillance systems and cyber capabilities in Africa, research disproportionately focuses on the motivations and ambitions of the supplier. This perspective, while it highlights Chinese diplomatic ambitions and corporate opportunities, ignores local features that drive the adoption of Chinese surveillance tools.

by Bulelani Jili

Africa China

Mon, Feb 27, 2023

A Parallel Terrain: Public-Private Defense of the Ukrainian Information Environment

The information environment is a key domain through which the war in Ukraine is being contested. By better understanding the key role that private tech companies play in this domain, the USs and Ukraine can better prepare for future threats.

by Emma Schroeder* and Sean Dack

Conflict Conflict in and through the Cyber Domain