Cybersecurity
Wed, Jan 24, 2024
The 5×5—Forewarned is forearmed: Cybersecurity policy in 2024
Members of the Cyber Statecraft Initiative team discuss the regulatory requirements and emerging technology they are closely following in 2024, and forewarn of the year ahead.
Tue, Jan 16, 2024
Design Questions in the Software Liability Debate
Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of insecure software. This report identifies key design questions for such regimes and tracks their discussion through the decades-long history of the debate.
by Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz
Thu, Nov 30, 2023
The Kremlin and its proxies attempted to deflect the “spy antennas” scandal in Moldova
Pro-Russian entities attempted to divert attention away from the growing volume of potential intel-gathering equipment on its embassy roof
Wed, Nov 1, 2023
Hacker collectives take sides in the Mideast crisis
Telegram feeds of hacker groups document alleged attacks targeting Israel
by Ruslan Trad
Mon, Oct 30, 2023
Homogeneity and Concentration in the Browser
Web browsers are the gateway to the internet. As browser developers replicate design features and concentrate around shared underlying technologies, they create cybersecurity risks with the potential to impact many internet users at once.
by Justin Sherman and Jessica Edelson
Thu, Oct 12, 2023
Driving Software Recalls: Manufacturing Supply Chain Best Practices for Open Source Consumption
Product recalls require practices that can help software vendors move toward better component selection and tracking and better relationships with customers, all while making software vendors responsible for OSS security instead of maintainers.
by Jeff Wayman, Brian Fox
Wed, Sep 27, 2023
Kink in the Chain: Eight Perspectives on Software Supply Chain Risk Management
Software supply chain attacks are popular, impactful, and are used to great effect by malicious actors. To dive deeper on this topic, we asked eight experts about these threats and how policymakers can help protect against them.
by Cyber Statecraft Initiative
Wed, Sep 27, 2023
Software Supply Chain Security: The Dataset
Want to dive deeper into the Breaking Trust database? You have come to the right place.
by Will Loomis, Stewart Scott, Trey Herr, Sara Ann Brackett, Nancy Messieh, and June Lee
Wed, Jul 19, 2023
Why Do SBOM Haters Hate? Or Why Trade Associations Say the Darndest Things
SBOMs are an important step forward for software supply chain security, so despite pushback and opposition, industry and government should take a page out of Taylor Swift’s book and just keep cruisin’, don’t let SBOM haters get in the way.
by John Speed Meyers, Sara Ann Brackett, and Trey Herr
Tue, Jul 18, 2023
The National Cybersecurity Strategy Implementation Plan: A CSI Markup
On July 13, the White House released the Implementation Plan for the 2023 US National Cybersecurity Strategy. Read along with CSI staff, fellows, and experts for commentary and what the NCSIP means for the Strategy.
by Trey Herr, Stewart Scott, Maia Hamin, Will Loomis, Sara Ann Brackett, Jennifer Lin
Mon, Jul 10, 2023
Critical Infrastructure and the Cloud: Policy for Emerging Risk
Critical infrastructure increasingly depends upon cloud computing. Policy must adapt its approach to risk management accordingly.
by Tianjiu Zuo, Justin Sherman, Maia Hamin, and Stewart Scott
Wed, Jun 28, 2023
Shaping the global spyware market: Opportunities for transatlantic cooperation
The United States and its allies can do more to improve their position on spyware. Further policy action should, through greater collaboration with marketplace operators and allies and partners, work on furthering the development of norms and common understanding of what spyware can and cannot be used for.
by Jen Roberts and Emmeline Nettles
