banner
LightNews
cyberstatecraft.bsky.social
Cyber Statecraft Initiative
@cyberstatecraft.bsky.social
77 followers 9 following 180 posts
The Cyber Statecraft Initiative works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.
Posts Media Videos Starter Packs
Pinned
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 15d
The deadline to sign up your team for the inaugural Monterey #Cyber912 Strategy Challenge has been extended to Monday, October 13 at 11:59PM ET.

If you were thinking about organizing your dream team... consider this your sign! 🔮✨
 
Register here: form.jotform.com/Cyber_Statec...
a man speaking into a microphone with the words " this is your moment " above him
ALT: a man speaking into a microphone with the words " this is your moment " above him
media.tenor.com
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 1d
For the 10th annual New York City #Cyber912 with @SIPAcyber, we were joined by 21 teams from 10 states...but only 11 can advance to the semifinal round.

Check out which teams made the cut and good luck to all our semifinalists! ⬇️
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 2d
The story gets even more complicated when you look at scorecard subchecks, where most funders see a strong correlation with better scores. Read more in the full report ⬇️ www.atlanticcouncil.org/content-seri...
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 2d
According to our O$$ report, funding with statistically significant increases in average Scorecard scores by ecosystem: 1️⃣ Python: GitHub Organizational, GitHub Individual, Tidelift, and Open Collective 2️⃣ npm: GitHub Organizational and Open Collective.
1
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 2d
Are improvements in the security posture of open source software projects different among sources of general funding? Our initial analysis of about 2000 open-source software packages suggests the answer might be vary across software ecosystems. 🚨🔐
1
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 11d
Wondering what could prevent another incident like the XZ backdoor? Aeva Black suggests “A healthy dose of caution–particularly for maintainers of low-level system libraries in widespread use–is needed.” Check out the 5x5 to read more:
The 5x5—The XZ backdoor: Trust and open source software
Open source software security experts share their insights into the XZ backdoor, and what it means for open source software security.
www.atlanticcouncil.org
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 12d
@jshermcyber.bsky.social report "The Politics of Internet Security" dives into the geopolitics of the Internet, examines how governments exert influence to warp its shape, and argues why the US needs to be more active in building a safer, more secure Internet.
The politics of internet security: Private industry and the future of the web
The private sector plays a crucial role in defining the changing shape of the Internet, especially its security. This report examines two protocols as examples of private sector influence over…
www.atlanticcouncil.org
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 15d
And for some OSS funding and security history, check out this article from CSI nonresident senior fellow John Speed Meyers and his coauthor, Jacqueline Kazil, in @bindinghook.bsky.social: bindinghook.com/articles-bin...
How to ‘harden’ open-source software - Binding Hook
Much of today's critical infrastructure and military systems rely on open-source software
bindinghook.com
1
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 15d
Does more money for open source software lead to better OSS security? Causality is always hard to show, but correlation is easy! Check out our issue brief here: www.atlanticcouncil.org/content-seri...
1 1
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 15d
The deadline to sign up your team for the inaugural Monterey #Cyber912 Strategy Challenge has been extended to Monday, October 13 at 11:59PM ET.

If you were thinking about organizing your dream team... consider this your sign! 🔮✨
 
Register here: form.jotform.com/Cyber_Statec...
a man speaking into a microphone with the words " this is your moment " above him
ALT: a man speaking into a microphone with the words " this is your moment " above him
media.tenor.com
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 15d
Securing AI means securing all of its data supply chain. This new framework helps policymakers & technologists see the full picture. Read the issue brief here: www.atlanticcouncil.org/in-depth-res...
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 16d
Our report, Design Questions in the Software Liability Debate, asks, "what do we agree about in software liability?" and "what do we still have left to figure out?" (Sneak peek: not much, and a lot!)
Design questions in the software liability debate
Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of…
www.atlanticcouncil.org
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 16d
“There's still a disconnect in recognizing that cybersecurity is a foundational business risk and not a one-time, niche issue,” says Ayan Islam.

When it comes to workforce development, it takes investment at all levels!

See what other experts thought:
The 5×5—Strengthening the cyber workforce
Experts provide insights into ways for the United States and its allies to bolster the cyber workforce.
www.atlanticcouncil.org
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 17d
The global spyware market is evolving 🌎 The second edition of the Mythical Beasts project details a resilient and expanding ecosystem of surveillance actors. Read more in: www.atlanticcouncil.org/in-depth-res...
Mythical Beasts: Diving into the depths of the global spyware market
The second edition of the Mythical Beasts project assess how the global spyware market has developed and changed over the past year.
www.atlanticcouncil.org
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 17d
Shoring up open source software security is essential for advancing a more secure software ecosystem--it's open source all the way down!

Check out our report on policy to advance open source software security to see what policy can do ⬇️
www.atlanticcouncil.org/in-depth-res...
Avoiding the success trap: Toward policy for open-source software as infrastructure
Open-source software (OSS) sits at the center of almost every digital technology moving the world since the early 1980s—laptops, cellphones, widespread internet connectivity, cloud computing, social…
www.atlanticcouncil.org
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 18d
Access-as-a-Service firms bypass arms control agreements like the Wassenaar Arrangement by hiring foreign nationals. Policymakers must understand this industry to shape and limit the spread of offensive cyber capabilities. More here: www.atlanticcouncil.org/in-depth-res...
Countering cyber proliferation: Zeroing in on Access-as-a-Service
It is imperative that governments reevaluate their approach to countering the proliferation of offensive cyber capabilities.
www.atlanticcouncil.org
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 18d
US investment not only funds these companies—it legitimizes them. More money. More talent. More risk to Americans. Overview of this issue set and how to combat it in:
Tackling the Spyware Crisis
Domestic investment in spyware is undermining national security at all levels of society.
nationalinterest.org
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 19d
For the offensive cyber capabilities market there is a "lack of transparency, insight, and monitorability of this global ecosystem when compared to physical equivalents such as small arms, chemical and radiological weapons etc." writes Ollie Whitehouse in
Makings of the Market: Seven perspectives on offensive cyber capability proliferation
The marketplace for offensive cyber capabilities continues to grow globally. Their proliferation poses an expanding set of risks to national security and human rights, these capabilities also have…
www.atlanticcouncil.org
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 19d
Cloud myth #4: Cloud providers do not influence the shape of the internet.

Fact: the availability of cloud computing has fundamentally reshapes where and how data is processed and thus how it flows across the internet.

More here:
Four myths about the cloud: The geopolitics of cloud computing
In competition and cooperation, cloud computing is the canvas on which states conduct significant political, security, and economic activity.
www.atlanticcouncil.org
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 22d
Cyberscam operations emanating from Myanmar create symbiotic benefit for criminal and armed groups, the operations themselves are intensely parasitic to the global cyber domain, the broader Southeast Asian region, and the population of Myanmar. 🔗
This job post will get you kidnapped: A deadly cycle of crime, cyberscams, and civil war in Myanmar
In Myanmar, cybercrime has become an effective vehicle through which nonstate actors can fund and perpetuate conflict.
www.atlanticcouncil.org
1
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 22d
There's no doubt non-state actors play a big role in cybersecurity. But how should policy reflect that? Hear from Simon Handler, Emma Schroeder, and Trey Herr on lessons for cyber policy from counterterrorism .
Cyber Security as Counter-Terrorism: Seeking a Better Debate - War on the Rocks
Earlier this month, a senior Justice Department official referred to ransomware as a potential “cyber weapon of mass destruction.” When hackers
warontherocks.com
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 23d
Market centralization is a cybersecurity issue! Having every internet user dependent on certain shared browser technologies creates risk. Learn more in “Homogeneity and Concentration in the Browser.”
Homogeneity and concentration in the browser
Web browsers are the gateway to the internet. As browser developers replicate design features and concentrate around shared underlying technologies, they create cybersecurity risks with the potential…
www.atlanticcouncil.org
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 23d
Why should policy makers avoid a one size fits all policy approach to OT cybersecurity? Read on to find out:
OT cyber policy: The Titanic or the iceberg
Current policy does not address the issue of cyber-physical security with a systemic approach, instead focusing with tunnel vision on specific events. This analysis uses the iceberg model for systems…
www.atlanticcouncil.org
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 24d
Sneak Peek: In both the Python and npm ecosystems, funding is correlated with improved scores for both the ⚠️Dangerous Workflows⚠️ and 🗝️Token Permissions🗝️ subchecks, as well as others! Want to know more? Read the full report here report ⬇️ www.atlanticcouncil.org/content-seri...
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 24d
CSI's recent O$$ report investigates whether open source software projects with general funding have better security practices on average than similar unfunded projects with @OpenSSF Scorecards. We dove into the subchecks to figure out which ones increased with funding 📈💰🔐
1
cyberstatecraft.bsky.social
Cyber Statecraft Initiative @cyberstatecraft.bsky.social · 24d
Representation matters – if we can’t see, we can’t be.

“We’ve just begun to tap into the capabilities of our full population” says former Acting National Cyber Director Kemba Walden on the National #CyberWorkforce and Education Strategy. See more here:
www.atlanticcouncil.org/event/unleas...