Cybersecurity

A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, hackers staged a cyber assault with a self-spreading malware that has infected tens of thousands of computers in nearly 100 countries. REUTERS/Kacper Pempel/Illustration TPX IMAGES OF THE DAY

Wed, Nov 1, 2023

Hacker collectives take sides in the Mideast crisis

Telegram feeds of hacker groups document alleged attacks targeting Israel

by Ruslan Trad

Conflict in and through the Cyber Domain Cybersecurity
An image of browser icons for Edge, Firefox, Chrome, Opera, and Brave browsers

Mon, Oct 30, 2023

Homogeneity and Concentration in the Browser

Web browsers are the gateway to the internet. As browser developers replicate design features and concentrate around shared underlying technologies, they create cybersecurity risks with the potential to impact many internet users at once.

by Justin Sherman and Jessica Edelson

Cybersecurity Telecomms and the Internet

Thu, Oct 12, 2023

Driving Software Recalls: Manufacturing Supply Chain Best Practices for Open Source Consumption

Product recalls require practices that can help software vendors move toward better component selection and tracking and better relationships with customers, all while making software vendors responsible for OSS security instead of maintainers.

by Jeff Wayman, Brian Fox

Cybersecurity Open Source Software

Wed, Sep 27, 2023

Kink in the Chain: Eight Perspectives on Software Supply Chain Risk Management

Software supply chain attacks are popular, impactful, and are used to great effect by malicious actors. To dive deeper on this topic, we asked eight experts about these threats and how policymakers can help protect against them.

by Cyber Statecraft Initiative

Cybersecurity Software Supply Chains

Wed, Sep 27, 2023

Software Supply Chain Security: The Dataset

Want to dive deeper into the Breaking Trust database? You have come to the right place.

by Will Loomis, Stewart Scott, Trey Herr, Sara Ann Brackett, Nancy Messieh, and June Lee

Cybersecurity Software Supply Chains

Wed, Jul 19, 2023

Why Do SBOM Haters Hate? Or Why Trade Associations Say the Darndest Things

SBOMs are an important step forward for software supply chain security, so despite pushback and opposition, industry and government should take a page out of Taylor Swift’s book and just keep cruisin’, don’t let SBOM haters get in the way. 

by John Speed Meyers, Sara Ann Brackett, and Trey Herr

Cybersecurity Cybersecurity Standards and Requirements

Tue, Jul 18, 2023

The National Cybersecurity Strategy Implementation Plan: A CSI Markup

On July 13, the White House released the Implementation Plan for the 2023 US National Cybersecurity Strategy. Read along with CSI staff, fellows, and experts for commentary and what the NCSIP means for the Strategy.

by Trey Herr, Stewart Scott, Maia Hamin, Will Loomis, Sara Ann Brackett, Jennifer Lin

Cyber Strategy Cybersecurity

Mon, Jul 10, 2023

Critical Infrastructure and the Cloud: Policy for Emerging Risk

Critical infrastructure increasingly depends upon cloud computing. Policy must adapt its approach to risk management accordingly.

by Tianjiu Zuo, Justin Sherman, Maia Hamin, and Stewart Scott

Cloud Computing Cybersecurity

Wed, Jun 28, 2023

Shaping the global spyware market: Opportunities for transatlantic cooperation

The United States and its allies can do more to improve their position on spyware. Further policy action should, through greater collaboration with marketplace operators and allies and partners, work on furthering the development of norms and common understanding of what spyware can and cannot be used for.

by Jen Roberts and Emmeline Nettles

Cyber Strategy Cybersecurity
Scaling Trust on the Web

Fri, Jun 16, 2023

Task Force for a Trustworthy Future Web launches final report Scaling Trust on the Web

Press Release: Task Force for a Trustworthy Future Web launches final report Scaling Trust on the Web

Cybersecurity Digital Policy

Wed, Jun 14, 2023

Who’s Afraid of the SEC?

The SEC wants to require fast, public disclosure of cybersecurity incidents. These rules could benefit investors—and the cyber ecosystem.

by Maia Hamin

Cybersecurity Incidents, Vulnerabilities, and Information Sharing

Mon, May 15, 2023

What is driving the adoption of Chinese surveillance technology in Africa?

When examining the proliferation of Chinese surveillance systems and cyber capabilities in Africa, research disproportionately focuses on the motivations and ambitions of the supplier. This perspective, while it highlights Chinese diplomatic ambitions and corporate opportunities, ignores local features that drive the adoption of Chinese surveillance tools.

by Bulelani Jili