The Cyber Statecraft Initiative works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology. This work extends through the competition of state and non-state actors, the security of the internet and computing systems, the safety of operational technology and physical systems, and the communities of cyberspace. The Initiative convenes a diverse network of passionate and knowledgeable contributors, bridging the gap among technical, policy, and user communities.

We’re Hiring!

Assistant Director, Trainings & Competitions, Digital Forensic Research Lab

Associate Director, Capacity Building, Digital Forensic Research Lab

Congressional program

Cyber Statecraft Initiative

01 12 2024

Congressional Cyber and Digital Policy Program

By DFRLab

Our Work

Our Team

Cyber Statecraft Fellows

Events

CSI is dedicated to convening a diverse network of passionate and knowledgeable contributors, bridging the gap among technical, policy, and user communities. Check out our past events here and make sure to keep an eye out for our future events by following us on Twitter and LinkedIn.

CSI Events

Recent Publications

February 2024

The 5×5—Alumni perspectives on Cyber 9/12 Strategy Challenge

by Nitansha Bansal, Isabella Wright

Alumni of Cyber 9/12 Strategy Challenge share their experiences, and discuss the impact of such simulated exercises to prepare for real life cyber attacks.
Read More
February 2024

Hacking with AI

by Maia Hamin, Stewart Scott

Can generative AI help hackers? By deconstructing the question into attack phases and actor profiles, this report analyzes the risks, the realities, and their implications for policy.
Read More
February 2024

Future-Proofing the Cyber Safety Review Board

by Maia Hamin, Alphaeus Hanson, Trey Herr, Stewart Scott

The Cyber Safety Review Board seeks to examine and learn from complex failures in cyberspace. As Congress considers how to design its next iteration, there are ways to make it more effective and adaptable for the increasing challenges to come.
Read More
January 2024

The Great Despiser: The BSA, Memory Safety, and How to Make a Good Argument Badly

by Stewart Scott

Memory-safe programming languages are in the cyber policy mainstream, but some hesitation remains. Looking at the arguments around memory safety is informative for larger cyber policy debates too.
Read More
January 2024

The 5×5—Forewarned is forearmed: Cybersecurity policy in 2024

by Nitansha Bansal, Trey Herr

Members of the Cyber Statecraft Initiative team discuss the regulatory requirements and emerging technology they are closely following in 2024, and forewarn of the year ahead.
Read More
January 2024

Design Questions in the Software Liability Debate

by Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz

Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of insecure software. This report identifies key design questions for such regimes and tracks their discussion through the decades-long history of the debate.
Read More
November 2023

This Job Post Will Get You Kidnapped: A Deadly Cycle of Crime, Cyberscams, and Civil War in Myanmar

by Emily Ferguson and Emma Schroeder

In Myanmar, cybercrime has become an effective vehicle through which nonstate actors can fund and perpetuate conflict.
Read More
October 2023

Homogeneity and Concentration in the Browser

by Justin Sherman and Jessica Edelson

Web browsers are the gateway to the internet. As browser developers replicate design features and concentrate around shared underlying technologies, they create cybersecurity risks with the potential to impact many internet users at once.
Read More
October 2023

The 5×5—The Cybersecurity Implications of Artificial Intelligence

by Maia Hamin and Simon Handler

A group of experts with diverse perspectives discusses the intersection of cybersecurity and artificial intelligence.
Read More
October 2023

Driving Software Recalls: Manufacturing Supply Chain Best Practices for Open Source Consumption

by Jeff Wayman, Brian Fox

Product recalls require practices that can help software vendors move toward better component selection and tracking and better relationships with customers, all while making software vendors responsible for OSS security instead of maintainers.
Read More