Harms arising from cybersecurity flaws.

Everyone agrees on the need for more and better cybersecurity. But what exactly does that look like, and how can industry and government get there? Answering these questions requires examining both what behaviors technology designers and operators—such as companies that make software or hold and process sensitive data—should emulate and how government can incentivize or require this behavior. This issue area covers cyber standards and policy and regulatory structures to advance their adoption such as software liability.

Projects

User in the Middle: An Interoperability and Security Guide for Policymakers

06 12 2024

“Reasonable” Cybersecurity in Forty-Seven Cases: The Federal Trade Commission’s Enforcement Actions Against Unfair and Deceptive Cyber Practices

by Isabella Wright, Maia Hamin

The FTC has brought 47 cases against companies for unfair or deceptive cybersecurity practices. What can we learn from them?

Cybersecurity Cybersecurity Standards and Requirements
User in the Middle: An Interoperability and Security Guide for Policymakers

01 16 2024

Design Questions in the Software Liability Debate

by Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz

Cybersecurity Cybersecurity Standards and Requirements
User in the Middle: An Interoperability and Security Guide for Policymakers

07 19 2023

Why Do SBOM Haters Hate? Or Why Trade Associations Say the Darndest Things

by John Speed Meyers, Sara Ann Brackett, and Trey Herr

Cybersecurity Cybersecurity Standards and Requirements

Building a shared lexicon for the National Cybersecurity Strategy

Experts react: The hits and misses in Biden’s new National Security Strategy

Buying down risk: Cyber liability

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

learn more

Cybersecurity Standards and Requirements

Mon, Jun 24, 2024

User in the Middle: An Interoperability and Security Guide for Policymakers

When technologies work together, it benefits users and the digital ecosystem. Policymakers can advance interoperability and security in tandem by understanding how each impacts the other.

by Maia Hamin, Alphaeus Hanson

Cybersecurity Cybersecurity Standards and Requirements

Wed, Jun 12, 2024

“Reasonable” Cybersecurity in Forty-Seven Cases: The Federal Trade Commission’s Enforcement Actions Against Unfair and Deceptive Cyber Practices

The FTC has brought 47 cases against companies for unfair or deceptive cybersecurity practices. What can we learn from them?

by Isabella Wright, Maia Hamin

Cybersecurity Cybersecurity Standards and Requirements

Tue, Jan 16, 2024

Design Questions in the Software Liability Debate

Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of insecure software. This report identifies key design questions for such regimes and tracks their discussion through the decades-long history of the debate.

by Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz

Cybersecurity Cybersecurity Standards and Requirements

Wed, Jul 19, 2023

Why Do SBOM Haters Hate? Or Why Trade Associations Say the Darndest Things

SBOMs are an important step forward for software supply chain security, so despite pushback and opposition, industry and government should take a page out of Taylor Swift’s book and just keep cruisin’, don’t let SBOM haters get in the way. 

by John Speed Meyers, Sara Ann Brackett, and Trey Herr

Cybersecurity Cybersecurity Standards and Requirements