The Cyber Statecraft Initiative works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology. This work extends through the competition of state and non-state actors, the security of the internet and computing systems, the safety of operational technology and physical systems, and the communities of cyberspace. The Initiative convenes a diverse network of passionate and knowledgeable contributors, bridging the gap among technical, policy, and user communities.

Our Work

Our Team

Cyber Statecraft Fellows

Past Events

Joining Forces: Veteran Perspectives on Cyber and Tech Workforce Development

FRI, NOVEMBER 3, 2023

The Atlantic Council’s Cyber Statecraft Initiative, within the Digital Forensic Research Lab, has hosted a panel discussion focusing on transitioning veterans who are looking to pursue careers in cyber and cyber policy. The session included a group of veteran speakers from a variety of different services and backgrounds who can talk through their own transition, highlight useful programs and opportunities, best practices, potential challenges, and answer questions from the group questions. 

Before the panel, Craig Newmark, Founder, Craigslist and Craig Newmark Philanthropies and Creator of the Cyber Civil Defense Initiative and Trey Herr, Director, Cyber Statecraft Initiative, Atlantic Council will discuss the importance of integrating veterans into the technical and policy areas of the cybersecurity workforce and broader initiatives focused on transitioning veterans.

The National Cyber Workforce and Education Strategy: Unleashing America’s Cyber Talent

MON, JULY 31, 2023

An in-depth discussion on the opportunities, goals, and anticipated challenges with the National Cyber Workforce and Education Strategy. The event featured a keynote address from Kemba Walden, Acting National Cyber Director, and opening remarks from Rob Shriver, Deputy Director of the U.S. Office of Personnel Management, followed by a panel discussion with Dr. Diana Burley, Vice Provost for Research and Innovation and Professor at American University; Dr. Kathi Hiyane-Brown, President of Whatcom Community College; Camille Stewart Gloster, Deputy National Cyber Director for Technology and Ecosystem Security, with more speakers to be announced.

Getting to Fault Tolerant: Policy for Secure and Resilient Cloud Computing

MON, JULY 17, 2023

As cloud computing becomes a critical dependency for finance, defense, and healthcare infrastructure, its security and resilience are a question of US national security. How can policymakers keep pace with a novel set of risks emerging from the widening adoption, size, and complexity of cloud infrastructure?

On Breaking Things: Melding Cyber and Kinetic in Conflict

THU, APRIL 20, 2023

A panel discussion on lethal outcomes of cyber operations, coordination between cyber and kinetic forces, and integration of cyber options in future warfare within the context of larger intelligence and military behaviors.

Rebalancing responsibility: Implementing the National Cybersecurity Strategy

THU, APRIL 6, 2023

Top United States government leaders discuss and answer questions on the latest US cyber strategy, what the National Cybersecurity Strategy offers to the public, and how it will be implemented in a panel discussion.

Protecting the Global Marine Transportation System Against Cyber Threats

FRI, APRIL 1, 2022

A panel discussion on lethal outcomes of cyber operations, coordination between cyber and kinetic forces, and integration of cyber options in future warfare within the context of larger intelligence and military behaviors.

Building the Picture Bit-by-Bit: Why the US Needs a Bureau of Cyber Statistics

MON, AUGUST 2, 2021

As attacks on US critical infrastructure and government agencies are on the rise, a standardized dataset on America’s cybersecurity would be invaluable to protecting both networks and citizens.

Recent Publications

November 2023

This Job Post Will Get You Kidnapped: A Deadly Cycle of Crime, Cyberscams, and Civil War in Myanmar

by Emily Ferguson and Emma Schroeder

In Myanmar, cybercrime has become an effective vehicle through which nonstate actors can fund and perpetuate conflict.
Read More
October 2023

Homogeneity and Concentration in the Browser

by Justin Sherman and Jessica Edelson

Web browsers are the gateway to the internet. As browser developers replicate design features and concentrate around shared underlying technologies, they create cybersecurity risks with the potential to impact many internet users at once.
Read More
October 2023

Driving Software Recalls: Manufacturing Supply Chain Best Practices for Open Source Consumption

by Jeff Wayman, Brian Fox

Product recalls require practices that can help software vendors move toward better component selection and tracking and better relationships with customers, all while making software vendors responsible for OSS security instead of maintainers.
Read More
September 2023

Kink in the Chain: Eight Perspectives on Software Supply Chain Risk Management

by Cyber Statecraft Initiative

Software supply chain attacks are popular, impactful, and are used to great effect by malicious actors. To dive deeper on this topic, we asked eight experts about these threats and how policymakers can help protect against them.
Read More
September 2023

Software Supply Chain Security: The Dataset

by Will Loomis, Stewart Scott, Trey Herr, Sara Ann Brackett, Nancy Messieh, and June Lee

Want to dive deeper into the Breaking Trust database? You have come to the right place.
Read More
July 2023

Why Do SBOM Haters Hate? Or Why Trade Associations Say the Darndest Things

by John Speed Meyers, Sara Ann Brackett, and Trey Herr

SBOMs are an important step forward for software supply chain security, so despite pushback and opposition, industry and government should take a page out of Taylor Swift’s book and just keep cruisin’, don’t let SBOM haters get in the way. 
Read More
July 2023

The National Cybersecurity Strategy Implementation Plan: A CSI Markup

by Trey Herr, Stewart Scott, Maia Hamin, Will Loomis, Sara Ann Brackett, Jennifer Lin

On July 13, the White House released the Implementation Plan for the 2023 US National Cybersecurity Strategy. Read along with CSI staff, fellows, and experts for commentary and what the NCSIP means for the Strategy.
Read More
July 2023

Critical Infrastructure and the Cloud: Policy for Emerging Risk

by Tianjiu Zuo, Justin Sherman, Maia Hamin, and Stewart Scott

Critical infrastructure increasingly depends upon cloud computing. Policy must adapt its approach to risk management accordingly.
Read More
June 2023

Shaping the global spyware market: Opportunities for transatlantic cooperation

by Jen Roberts and Emmeline Nettles

The United States and its allies can do more to improve their position on spyware. Further policy action should, through greater collaboration with marketplace operators and allies and partners, work on furthering the development of norms and common understanding of what spyware can and cannot be used for.
Read More
June 2023

Who’s Afraid of the SEC?

by Maia Hamin

The SEC wants to require fast, public disclosure of cybersecurity incidents. These rules could benefit investors—and the cyber ecosystem.
Read More