Harms arising from cybersecurity flaws.

Everyone agrees on the need for more and better cybersecurity. But what exactly does that look like, and how can industry and government get there? Answering these questions requires examining both what behaviors technology designers and operators—such as companies that make software or hold and process sensitive data—should emulate and how government can incentivize or require this behavior. This issue area covers cyber standards and policy and regulatory structures to advance their adoption such as software liability.

Projects

06 12 2024

“Reasonable” Cybersecurity in Forty-Seven Cases: The Federal Trade Commission’s Enforcement Actions Against Unfair and Deceptive Cyber Practices

by Isabella Wright, Maia Hamin

The FTC has brought 47 cases against companies for unfair or deceptive cybersecurity practices. What can we learn from them?

Cybersecurity Cybersecurity Standards and Requirements

01 16 2024

Design Questions in the Software Liability Debate

by Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz

Cybersecurity Cybersecurity Standards and Requirements

07 19 2023

Why Do SBOM Haters Hate? Or Why Trade Associations Say the Darndest Things

by John Speed Meyers, Sara Ann Brackett, and Trey Herr

Cybersecurity Cybersecurity Standards and Requirements

Building a shared lexicon for the National Cybersecurity Strategy

Experts react: The hits and misses in Biden’s new National Security Strategy

Buying down risk: Cyber liability

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

learn more