Cyber Statecraft Initiative
Mon, Nov 13, 2023
In Myanmar, cybercrime has become an effective vehicle through which nonstate actors can fund and perpetuate conflict.
by Emily Ferguson and Emma Schroeder
Mon, Oct 30, 2023
Web browsers are the gateway to the internet. As browser developers replicate design features and concentrate around shared underlying technologies, they create cybersecurity risks with the potential to impact many internet users at once.
by Justin Sherman and Jessica Edelson
Fri, Oct 27, 2023
A group of experts with diverse perspectives discusses the intersection of cybersecurity and artificial intelligence.
by Maia Hamin and Simon Handler
Thu, Oct 12, 2023
Product recalls require practices that can help software vendors move toward better component selection and tracking and better relationships with customers, all while making software vendors responsible for OSS security instead of maintainers.
by Jeff Wayman, Brian Fox
Wed, Sep 27, 2023
Software supply chain attacks are popular, impactful, and are used to great effect by malicious actors. To dive deeper on this topic, we asked eight experts about these threats and how policymakers can help protect against them.
by Cyber Statecraft Initiative
Wed, Jul 19, 2023
SBOMs are an important step forward for software supply chain security, so despite pushback and opposition, industry and government should take a page out of Taylor Swift’s book and just keep cruisin’, don’t let SBOM haters get in the way.
by John Speed Meyers, Sara Ann Brackett, and Trey Herr
Tue, Jul 18, 2023
On July 13, the White House released the Implementation Plan for the 2023 US National Cybersecurity Strategy. Read along with CSI staff, fellows, and experts for commentary and what the NCSIP means for the Strategy.
Mon, Jul 10, 2023
Critical infrastructure increasingly depends upon cloud computing. Policy must adapt its approach to risk management accordingly.
by Tianjiu Zuo, Justin Sherman, Maia Hamin, and Stewart Scott
Wed, Jun 28, 2023
The United States and its allies can do more to improve their position on spyware. Further policy action should, through greater collaboration with marketplace operators and allies and partners, work on furthering the development of norms and common understanding of what spyware can and cannot be used for.
by Jen Roberts and Emmeline Nettles
Wed, Jun 14, 2023
The SEC wants to require fast, public disclosure of cybersecurity incidents. These rules could benefit investors—and the cyber ecosystem.
Mon, May 15, 2023
When examining the proliferation of Chinese surveillance systems and cyber capabilities in Africa, research disproportionately focuses on the motivations and ambitions of the supplier. This perspective, while it highlights Chinese diplomatic ambitions and corporate opportunities, ignores local features that drive the adoption of Chinese surveillance tools.
by Bulelani Jili