The Cyber Statecraft Initiative works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology. This work extends through the competition of state and non-state actors, the security of the internet and computing systems, the safety of operational technology and physical systems, and the communities of cyberspace. The Initiative convenes a diverse network of passionate and knowledgeable contributors, bridging the gap among technical, policy, and user communities.

Our Work

Our Team

Cyber Statecraft Fellows

Past Events

The National Cyber Workforce and Education Strategy: Unleashing America’s Cyber Talent

MON, JULY 31, 2023

An in-depth discussion on the opportunities, goals, and anticipated challenges with the National Cyber Workforce and Education Strategy. The event featured a keynote address from Kemba Walden, Acting National Cyber Director, and opening remarks from Rob Shriver, Deputy Director of the U.S. Office of Personnel Management, followed by a panel discussion with Dr. Diana Burley, Vice Provost for Research and Innovation and Professor at American University; Dr. Kathi Hiyane-Brown, President of Whatcom Community College; Camille Stewart Gloster, Deputy National Cyber Director for Technology and Ecosystem Security, with more speakers to be announced.

Watch here

Getting to Fault Tolerant: Policy for Secure and Resilient Cloud Computing

MON, JULY 17, 2023

As cloud computing becomes a critical dependency for finance, defense, and healthcare infrastructure, its security and resilience are a question of US national security. How can policymakers keep pace with a novel set of risks emerging from the widening adoption, size, and complexity of cloud infrastructure?

Watch Here

On Breaking Things: Melding Cyber and Kinetic in Conflict

THU, APRIL 20, 2023

A panel discussion on lethal outcomes of cyber operations, coordination between cyber and kinetic forces, and integration of cyber options in future warfare within the context of larger intelligence and military behaviors.

Watch here

Rebalancing responsibility: Implementing the National Cybersecurity Strategy

THU, APRIL 6, 2023

Top United States government leaders discuss and answer questions on the latest US cyber strategy, what the National Cybersecurity Strategy offers to the public, and how it will be implemented in a panel discussion.

Watch here

Protecting the Global Marine Transportation System Against Cyber Threats

FRI, APRIL 1, 2022

A panel discussion on lethal outcomes of cyber operations, coordination between cyber and kinetic forces, and integration of cyber options in future warfare within the context of larger intelligence and military behaviors.

Watch here

Building the Picture Bit-by-Bit: Why the US Needs a Bureau of Cyber Statistics

MON, AUGUST 2, 2021

As attacks on US critical infrastructure and government agencies are on the rise, a standardized dataset on America’s cybersecurity would be invaluable to protecting both networks and citizens.

Watch here

Recent Publications

September 2023

Kink in the Chain: Eight Perspectives on Software Supply Chain Risk Management

by Cyber Statecraft Initiative

Software supply chain attacks are popular, impactful, and are used to great effect by malicious actors. To dive deeper on this topic, we asked eight experts about these threats and how policymakers can help protect against them.
Read More
September 2023

Software supply chain security: The dataset

by Will Loomis, Stewart Scott, Trey Herr, Sara Ann Brackett, Nancy Messieh, and June Lee

Want to dive deeper into the Breaking Trust database? You have come to the right place.
Read More
July 2023

Why Do SBOM Haters Hate? Or Why Trade Associations Say the Darndest Things

by John Speed Meyers, Sara Ann Brackett, and Trey Herr

SBOMs are an important step forward for software supply chain security, so despite pushback and opposition, industry and government should take a page out of Taylor Swift’s book and just keep cruisin’, don’t let SBOM haters get in the way. 
Read More
July 2023

The National Cybersecurity Strategy Implementation Plan: A CSI Markup

by Trey Herr, Stewart Scott, Maia Hamin, Will Loomis, Sara Ann Brackett, Jennifer Lin

On July 13, the White House released the Implementation Plan for the 2023 US National Cybersecurity Strategy. Read along with CSI staff, fellows, and experts for commentary and what the NCSIP means for the Strategy.
Read More
July 2023

Critical Infrastructure and the Cloud: Policy for Emerging Risk

by Tianjiu Zuo, Justin Sherman, Maia Hamin, and Stewart Scott

Critical infrastructure increasingly depends upon cloud computing. Policy must adapt its approach to risk management accordingly.
Read More
June 2023

Shaping the global spyware market: Opportunities for transatlantic cooperation

by Jen Roberts and Emmeline Nettles

The United States and its allies can do more to improve their position on spyware. Further policy action should, through greater collaboration with marketplace operators and allies and partners, work on furthering the development of norms and common understanding of what spyware can and cannot be used for.
Read More
June 2023

Who’s Afraid of the SEC?

by Maia Hamin

The SEC wants to require fast, public disclosure of cybersecurity incidents. These rules could benefit investors—and the cyber ecosystem.
Read More
May 2023

What is driving the adoption of Chinese surveillance technology in Africa?

by Bulelani Jili

When examining the proliferation of Chinese surveillance systems and cyber capabilities in Africa, research disproportionately focuses on the motivations and ambitions of the supplier. This perspective, while it highlights Chinese diplomatic ambitions and corporate opportunities, ignores local features that drive the adoption of Chinese surveillance tools.
Read More
February 2023

A Parallel Terrain: Public-Private Defense of the Ukrainian Information Environment

by Emma Schroeder and Sean Dack

The information environment is a key domain through which the war in Ukraine is being contested. By better understanding the key role that private tech companies play in this domain, the USs and Ukraine can better prepare for future threats.
Read More