Harms arising from cybersecurity flaws.

Everyone agrees on the need for more and better cybersecurity. But what exactly does that look like, and how can industry and government get there? Answering these questions requires examining both what behaviors technology designers and operators—such as companies that make software or hold and process sensitive data—should emulate and how government can incentivize or require this behavior. This issue area covers cyber standards and policy and regulatory structures to advance their adoption such as software liability.

Projects


The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

Cybersecurity Standards and Requirements

Wed, Nov 13, 2024

The Role of Data in Improving Cyber Insurance Pricing

In order to improve cybersecurity through cyber insurance, the private sector should aggregate cyber incident data to inform risk models and in turn, more accurately price cyber premiums.

by Alphaeus Hanson

Cybersecurity Standards and Requirements Resilience
CSI_ 5X5_CISOs and senior cybersecurity executives

Wed, Oct 23, 2024

The 5×5—The evolving role of CISOs and senior cybersecurity executives

For the Cybersecurity Awareness Month, senior cybersecurity executives share their insights into the evolution of their roles.

by Nitansha Bansal

Cybersecurity Cybersecurity Standards and Requirements

Mon, Jun 24, 2024

User in the Middle: An Interoperability and Security Guide for Policymakers

When technologies work together, it benefits users and the digital ecosystem. Policymakers can advance interoperability and security in tandem by understanding how each impacts the other.

by Maia Hamin, Alphaeus Hanson

Cybersecurity Cybersecurity Standards and Requirements

Wed, Jun 12, 2024

“Reasonable” Cybersecurity in Forty-Seven Cases: The Federal Trade Commission’s Enforcement Actions Against Unfair and Deceptive Cyber Practices

The FTC has brought 47 cases against companies for unfair or deceptive cybersecurity practices. What can we learn from them?

by Isabella Wright, Maia Hamin

Cybersecurity Cybersecurity Standards and Requirements

Tue, Jan 16, 2024

Design Questions in the Software Liability Debate

Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of insecure software. This report identifies key design questions for such regimes and tracks their discussion through the decades-long history of the debate.

by Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz

Cybersecurity Cybersecurity Standards and Requirements

Wed, Jul 19, 2023

Why Do SBOM Haters Hate? Or Why Trade Associations Say the Darndest Things

SBOMs are an important step forward for software supply chain security, so despite pushback and opposition, industry and government should take a page out of Taylor Swift’s book and just keep cruisin’, don’t let SBOM haters get in the way. 

by John Speed Meyers, Sara Ann Brackett, and Trey Herr

Cybersecurity Cybersecurity Standards and Requirements