Alliance Power for Cybersecurity

Alliance Power for Cybersecurity. Atlantic Council.  Kenneth Geers. August 4, 2020.

There is only one internet and only one cyberspace connecting individuals, enterprises, and nations all over the world. Ever more frequently, this shared space is coming under attack from malicious actors, both state and non-state, who are seeking to exploit cyberspace’s shared infrastructure for their own ends. Addressing cybersecurity threats is therefore an international problem that requires an international solution. But given the myriad of threats faced in the cyber domain and the ambiguous borders that exist there, how can states best address these challenges and ensure the safety of their own networks and people?

In this new report from the Scowcroft Center’s Transatlantic Security Initiative, Cyber Statecraft Initiative senior fellow Kenneth Geers argues that the best way for democratic states to defend their own cyber networks is to leverage the multinational strength of political and military alliances like NATO and the European Union. Alliances like NATO give democracies an advantage over their authoritarian rivals by providing already established mechanisms for multinational cooperation. Alliances are therefore better equipped to tackle the inherently international challenges of cybersecurity. 

To illustrate the impact of alliances on cybersecurity, Geers uses events in Ukraine as a case study, comparing the Ukrainian government’s efforts to defend against Russian cyberattacks shortly after the 2014 revolution with measures taken in cooperation with partners to defend the 2019 presidential election. Geers illustrates how collective action in 2019 produced improved security outcomes compared to efforts taken by Ukraine alone. Building on these lessons, Geers argues that the only structures likely to produce tangible results in cybersecurity are those within political and military alliances. Indeed, the only credible cyber superpower is a robust alliance. The report then offers a series of recommendations on how NATO and the EU can promote trust and collaboration among Allies and partners to build a more effective cyber alliance. [Note: contains copyrighted material].

[PDF format, 28 pages].

Countering Threats to Correctional Institution Security: Identifying Innovation Needs to Address Current and Emerging Concerns

Countering Threats to Correctional Institution Security: Identifying Innovation Needs to Address Current and Emerging Concerns. RAND Corporation.  Joe Russo et al. July 30, 2019

Some threats to correctional institutional security — e.g., violence, escape attempts, contraband — are as old as the institutions themselves, while other threats — e.g., computer hacking, synthetic drugs, cell phones, drones — have evolved with societal and technological changes. Many of these threats present risks to public safety as a whole. In light of the ongoing challenges the corrections sector faces in countering these threats, RAND researchers convened an expert workshop to better understand the challenges and identify the high-priority needs associated with threats to institutional security.

Unfortunately, resource and staffing challenges limit the ability of correctional institutions to adapt to shifts in threats and to adjust security and staffing strategies over time. Furthermore, a perpetual lack of empirical data hampers efforts to effectively develop interventions to address threats. Addressing the research needs and developing the tools and resources — as prioritized by the workshop participants — is one route to providing correctional institutions the support needed to confront security threats going forward. [Note: contains copyrighted material].

[PDF format, 28 pages].

Transforming the U.S. and EU Electric Power Sectors: Workshop Report and Recommendations for Transatlantic Cooperation

Transforming the U.S. and EU Electric Power Sectors: Workshop Report and Recommendations for Transatlantic Cooperation. Center for Strategic & International Studies.  Sarah Ladislaw, Stephen J. Naimoli. August 29, 2019

Across Europe and the United States, the electric power sector is undergoing a fairly profound transformation driven by a changing fuel mix, higher penetration of renewable energy resources, changing consumer preferences and interface with the electric power system, and evolving business models. Policy and regulatory frameworks need to be updated to reflect these changes and facilitate future transformation. In both places this transformation is uneven, with some localities moving along faster than others, and complex, driven by a variety of factors. While the transformation is multidimensional, two conversations relating to the long-term vision for the sector are central to navigating a path forward. First, what are the challenges and opportunities associated with higher penetration of renewable energy and distributed energy resources? Second, what are the opportunities and challenges associated with the electrification strategies, particularly for measures to electrify transport and industry? In addition, the increased digitalization of the energy sector writ large, and specifically the electric power sector, raises issues about access to data, cybersecurity, and grid resilience, all areas that have become an integral part of the conversation in the European Union and the United States on the transformation of the electric power sector.

The following brief outlines some of the issues related to these topics that were discussed at a recent U.S./EU stakeholder workshop held at the Center for Strategic and International Studies in June 2019. The information and reflections here do not necessarily represent the views of the participants and are meant to serve as useful background to stimulate further discussion. [Note: contains copyrighted material].

[PDF format, 16 pages].

5G in Five (not so) Easy Pieces

5G in Five (not so) Easy Pieces. Brookings Institution. Tom Wheeler. July 9, 2019

Throughout the world, ink is being spilled and electrons exercised in a frenetic focus on fifth generation wireless technology, or 5G. The 5G discussion, with all its permutations and combinations, has grown to resemble an elementary school soccer game where everyone chases the ball, first in one direction, then another.

In classic network engineering terms, the “noise” surrounding 5G is interfering with the “signal” about just what 5G is and what is necessary for its introduction. Consideration of 5G is far more serious than the so-called 5G “race” concocted by those seeking to advantage themselves in the business or political market—especially the political market. [Note: contains copyrighted material].

[HTML format, various paging].

Cybersecurity: Changing the Model

Cybersecurity: Changing the Model. Atlantic Council. Franklin D. Kramer and Robert J. Butler. April 24, 2019

The current model of cybersecurity is outdated. Adversaries continue to grow more sophisticated and outpace advancements in defense technologies, processes, and education. As nation states enter into a new period of great power competition, the deficiencies in current cybersecurity practice, evidenced by the growing number of successful cyber-attacks from Russia, China, North Korea, and others, pose a greater threat.

The need to update the cybersecurity model is clear. An enhanced public-private model – based on coordinated, advanced protection and resilience – is necessary to protect key critical infrastructure sectors. In addition, enhanced action from the federal government, coupled with increased formal cooperation with international allies, are necessary to ensure comprehensive cybersecurity resilience. [Note: contains copyrighted material].

[PDF format, 28 pages].

Climate Change Still Seen as the Top Global Threat, but Cyberattacks a Rising Concern

Climate Change Still Seen as the Top Global Threat, but Cyberattacks a Rising Concern. Pew Research Center. Jacob Poushter and Christine Huang. February 10, 2019

Worries about ISIS and North Korea persist, as fears about American power grow

The Intergovernmental Panel on Climate Change released a report last year expressing serious concerns about the possible impacts of climate change, both in the near and distant future. Broadly speaking, people around the world agree that climate change poses a severe risk to their countries, according to a 26-nation survey conducted in the spring of 2018. In 13 of these countries, people name climate change as the top international threat.
But global warming is just one of many concerns. Terrorism, specifically from the Islamic extremist group known as ISIS, and cyberattacks are also seen by many as major security threats. In eight of the countries surveyed, including Russia, France, Indonesia and Nigeria, ISIS is seen as the top threat. In four nations, including Japan and the United States, people see cyberattacks from other countries as their top international concern. One country, Poland, names Russia’s power and influence as its top threat, but few elsewhere say Russia is a major concern. [Note: contains copyrighted material].

[PDF format, 37 pages].

Economic Impact of Cybercrime – No Slowing Down

Economic Impact of Cybercrime – No Slowing Down. Center for Strategic & International Studies. James Andrew Lewis. February 21, 2018

 The Center for Strategic and International Studies (CSIS), in partnership with McAfee, present Economic Impact of Cybercrime – No Slowing Down, a global report that focuses on the significant impact that cybercrime has on economies worldwide. The report concludes that close to $600 billion, nearly one percent of global GDP, is lost to cybercrime each year, which is up from a 2014 study that put global losses at about $445 billion. The report attributes the growth over three years to cybercriminals quickly adopting new technologies and the ease of cybercrime growing as actors leverage black markets and digital currencies. [Note: contains copyrighted material].

 [PDF format, 28 pages].

Rethinking Cybersecurity: Strategy, Mass Effect, and States

Rethinking Cybersecurity: Strategy, Mass Effect, and States. Center for Strategic & International Studies. James Andrew Lewis. January 9, 2018

 Despite all the attention, cyberspace is far from secure. Why this is so reflects conceptual weaknesses as much as imperfect technologies. Two questions highlight shortcomings in the discussion of cybersecurity. The first is why, after more than two decades, we have not seen anything like a cyber Pearl Harbor, cyber 9/11, or cyber catastrophe, despite constant warnings. The second is why, despite the increasing quantity of recommendations, there has been so little improvement, even when these recommendations are implemented. [Note: contains copyrighted material].

 [PDF format, 50 pages].

From Awareness to Action – A Cybersecurity Agenda for the 45th President

From Awareness to Action – A Cybersecurity Agenda for the 45th President. Center for Strategic & International Studies. Cyber Policy Task Force. January 4, 2017.

CSIS began work in late 2014 with leading experts to develop recommendations on cybersecurity for the next presidential administration. The CSIS Cyber Policy Task Force divided its work among two groups, one in Washington D.C. and the other in Silicon Valley. Each group brought a unique and powerful perspective to the problems of cybersecurity, and their efforts form the basis of our recommendations on policies, organizational improvements, and resources needed for progress in this challenging area. [Note: contains copyrighted material].

[PDF format, 34 pages, 7.76 MB].

Recruiting and Retaining Cybersecurity Ninjas

Recruiting and Retaining Cybersecurity Ninjas. Center for Strategic & International Studies. Franklin S. Reeder and Katrina Timlin. October 19, 2016.

This report identifies the factors that make an organization the employer of choice for what the authors call “cybersecurity ninjas.” Much has been written about the shortage of cybersecurity professionals, but little work has been done on the factors that help high-performing cybersecurity organizations build and keep a critical mass of high-end specialists. This is a first attempt that the authors hope will prompt discussion and drive changes in how organizations attract and retain high-end cybersecurity talent. [Note: contains copyrighted material].

[PDF format, 32 pages, 6.76 MB].