@CyberStatecraft profile picture
Cyber Statecraft @CyberStatecraft

Official account of the @AtlanticCouncil's Cyber Statecraft Initiative. Working at the nexus of geopolitics & nat sec with cyber. RT≠Endorsement

Joined January 2018
  • Tweets 6,060
  • Following 171
  • Followers 9,032
1,211 Photos and videos
Pinned Tweet
Cyber Statecraft@CyberStatecraft
Mar 31
🚨 NEW BRIEF: AI is both a target and a tool for attackers. The cloud infrastructure it runs on doesn’t have the vulnerability management regime to match. New CSI brief on what needs to change. atlanticcouncil.org/in-depth…

Securing cloud infrastructure for AI

With AI raising the stakes of cloud security and key cybersecurity institutions weakened or dissolved, this brief outlines needed policy steps to promote transparency and accountability across the...

atlanticcouncil.org
1
3
5
754
Russian cybercrime may seem untouchable, but even FSB officers can fall. CSI Fellow Justin Sherman examines the arrest that reveals Moscow's cyber strategy. Full analysis here: 🔗atlanticcouncil.org/content-…

Take the bribe but watch your back: Why Russia imprisoned a security officer for taking cybercrim...

Russia imprisoned a security service officer for taking bribes from cybercriminals—showing not a willingness to crack down on cybercrime, but instead just how much the Kremlin wants to maintain its...

atlanticcouncil.org
1
1
135
We asked teams about their experience competing in the 2025 Washington, DC #Cyber912 competition and developing policy recommendations in response to a cyber crisis with implications for rural healthcare infrastructure. Check out their reflections here: atlanticcouncil.org/content-…

Cyber policy in action: A glimpse into the 2025 DC Cyber 9/12 Strategy Challenge

Competitors and judges from the 2025 Washington, DC Cyber 9/12 Strategy Challenge share their perspectives on the competition's role in cyber workforce development.

atlanticcouncil.org
66
Have you or someone you love been impacted by unencrypted data, unaddressed commonly known vulnerabilities, a failure to monitor and control networks, or unpatched software? You may be entitled to... check our paper about the FTC! ➡️ atlanticcouncil.org/in-depth…

“Reasonable” cybersecurity in forty-seven cases: The Federal Trade Commission’s enforcement actions...

The FTC has brought 47 cases against companies for unfair or deceptive cybersecurity practices. What can we learn from them?

atlanticcouncil.org
2
75
Software supply chain attacks continue to demonstrate that the trust intrinsic to and necessary for software supply chains is easily broken. Unfortunately, future fragmentation of that trust is all but guaranteed. Read our Broken Trust report for more: atlanticcouncil.org/programs…

Breaking Trust

The Breaking Trust project seeks to catalog software supply chain intrusions and identify major trends and implications from their execution.

atlanticcouncil.org
2
3
145
Current critical infrastructure cybersecurity policy does not address cyber-physical security in a systemic way, failing to reflect the interconnected and interdependent nature of critical infrastructure. Find out why here: atlanticcouncil.org/in-depth…

OT cyber policy: The Titanic or the iceberg

Current policy does not address the issue of cyber-physical security with a systemic approach, instead focusing with tunnel vision on specific events. This analysis uses the iceberg model for systems...

atlanticcouncil.org
1
62
US venture capital is fueling the spyware industry. Companies backed by American dollars have enabled surveillance on US officials and allies. More about how the Trump administration can combat this issue in: nationalinterest.org/blog/te…

Tackling the Spyware Crisis

Domestic investment in spyware is undermining national security at all levels of society.

nationalinterest.org
1
154
Cloud myth #2: Cloud computing is not a supply chain risk. Fact: Cloud computing, like telecommunications and other software, has its own complex hardware and software supply chains, which face (and create) their own risks. Learn more here: atlanticcouncil.org/in-depth…

Four myths about the cloud: The geopolitics of cloud computing

In competition and cooperation, cloud computing is the canvas on which states conduct significant political, security, and economic activity.

atlanticcouncil.org
1
75
Digital isolationism is now a reality in Russia. Western sanctions & 100k tech professionals leaving the country fuel the Kremlin’s push for domestic tech solutions and the implications for global tech engagement are vast. Read more here: atlanticcouncil.org/in-depth…

Russia’s digital tech isolationism: Domestic innovation, digital fragmentation, and the Kremlin’s...

Russia’s technological isolation is both a reality and a desired goal for Moscow. This piece explores the impacts of this phenomenon and offers recommendations for how to deal with that evolving...

atlanticcouncil.org
2
1
370
What is one assumption holding back the cyber workforce? Richard Harris thinks “one problematic assumption is that the market, academia, or government alone can solve the problem of cyber workforce shortages.” Read the full 5x5 on the cyber workforce here: atlanticcouncil.org/content-…

The 5×5—Strengthening the cyber workforce

Experts provide insights into ways for the United States and its allies to bolster the cyber workforce.

atlanticcouncil.org
99
As more and more countries develop national cyber strategies, they must look outside traditional 'cybersecurity' issues areas and, for the first time, says Robert Peacock, identify procurement corruption as a cybersecurity risk. atlanticcouncil.org/in-depth…

The impact of corruption on cybersecurity: Rethinking national strategies across the Global South  

As the Global South prepares for the next stage in ICT development, governments must prioritize policies that reduce corruption in critical network software procurement to protect those countries'...

atlanticcouncil.org
1
99
What is #AviationCybersecurity? The cybersecurity of aircraft operations—the movement of aircraft, passengers, its products, supply chain, and services. Learn more about it here: atlanticcouncil.org/in-depth…

Aviation cybersecurity: Scoping the challenge

The digital attack surface the aviation sector presents to its adversaries continues to grow in such a way that both managing risk and gaining insight on it remain difficult. With emerging technolo...

atlanticcouncil.org
1
122
The US is the largest investor in this sample of the spyware market 💰 The implications for both national security and human rights policy are profound. The report contextualizes this trend: atlanticcouncil.org/in-depth…

Mythical Beasts: Diving into the depths of the global spyware market

The second edition of the Mythical Beasts project assess how the global spyware market has developed and changed over the past year.

atlanticcouncil.org
5
352
Browsers that allow users to store their passwords directly in the browser offer convenience and efficiency, but also expose users to the risks of information-stealing malware. Learn more about design pressures and systemic cyber risk atlanticcouncil.org/content-…

Homogeneity and concentration in the browser

Web browsers are the gateway to the internet. As browser developers replicate design features and concentrate around shared underlying technologies, they create cybersecurity risks with the potential...

atlanticcouncil.org
2
148
When used during times of military crisis, are cyber operations truly de-escalatory crisis offramps, or have they the potential to exacerbate an already accelerated decision making process? Michael Fischerkeller looks at the implications in this piece: atlanticcouncil.org/in-depth…

What do we know about cyber operations during militarized crises?

Policymakers must critically examine assumptions and claims that cyber operations can serve as de-escalatory crisis offramps.

atlanticcouncil.org
1
1
176
Ukraine showed what’s possible: faster data fusion = faster decisions. But NATO’s federated structure needs a different model. This report breaks down how cloud-enabled ISR can balance speed, security, and sovereignty. atlanticcouncil.org/in-depth…

Fusion on paper or in practice? Making the cloud work for ISR and NATO

NATO’s eastern flank is under persistent pressure across multiple domains. The Alliance's core challenge is not sensing capacity

atlanticcouncil.org
1
134
📊 Our report reveals six key trends in the spyware market, including partnerships between spyware and hardware surveillance vendors and cross-border capital flows. Explore our data and policy recommendations to combat these issues. atlanticcouncil.org/in-depth…

Mythical Beasts and where to find them: Mapping the global spyware market and its threats to...

The Mythical Beasts project pulls back the curtain on the connections between 435 entities across forty-two countries in the global spyware market.

atlanticcouncil.org
2
2
270
Deter This! Lessons from counter-terrorism hold more value for US policymakers & public-private cooperation on cybersecurity than thinking shaped around nuclear escalation or conventional warfare. See more from Simon Handler, Emma Schroeder & Trey Herr. warontherocks.com/2021/05/cy…

Cyber Security as Counter-Terrorism: Seeking a Better Debate

Earlier this month, a senior Justice Department official referred to ransomware as a potential “cyber weapon of mass destruction.” When hackers

warontherocks.com
1
175
What do empowering agencies to take up interoperability issues, using procurement to advance interoperable technology, and investing in privacy-preserving digital identity have in common? They're all recs from our interoperability report! atlanticcouncil.org/in-depth…

User in the middle: An interoperability and security guide for policymakers

When technologies work together, it benefits users and the digital ecosystem. Policymakers can advance interoperability and security in tandem by understanding how each impacts the other.

atlanticcouncil.org
171
Cybercrime is so appealing for criminals and criminal groups due in large part to the ability to create mass profit with relatively small resource input. Criminal syndicates in Myanmar have used forced labor to conduct global cyberscam operations atlanticcouncil.org/in-depth…

This job post will get you kidnapped: A deadly cycle of crime, cyberscams, and civil war in Myanmar

In Myanmar, cybercrime has become an effective vehicle through which nonstate actors can fund and perpetuate conflict.

atlanticcouncil.org
2
249
We've only been talking about liability for, oh, a few decades now. Need to wrap your head around what software liability means anyway? Curious what the experts have been saying? Learn more here: atlanticcouncil.org/in-depth…

Design questions in the software liability debate

Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of...

atlanticcouncil.org
82
Load more