The information assembled here is for any campaign in any party. It was designed to give you simple, actionable information that will make your campaign’s information more secure from adversaries trying to attack your organization—and our democracy
This report recommends policies and actions to improve the return on investment the U.S. government makes in sponsoring research and development (R&D) at the Department of Energy's (DOE) seventeen National Laboratories ("Labs"). While the Labs make a unique and significant contribution to all of the Department of Energy's missions, the authors develop the idea that for the Labs to fully support DOE's energy transformation goals, their R&D management practices need to be updated to better reflect current research into innovation systems and management. They also highlight the necessity of Lab interactions with industry in order to impact the nation's energy infrastructure investment, which is, for the most part, privately held.
Xi is now not only the most powerful leader of China since Mao. He is also the most ambitious leader of any country today. In the past five years, he has proved himself the most effective in advancing his nation’s position in the world. And among all of the competitors on the international stage, he is the most likely to leave a lasting mark on history.
In our latest episode, Usha Sahay and Ryan Evans were joined by Thomas Rid, Michael Sulmeyer, and a mystery guest (ok, ok, it’s Corinna Fehst) to talk about cyber-security, election meddling, reports about U.S. intel agencies buying back pilfered hacking tools, going dark, legislatures as the vulnerable soft cyber underbelly of democracies, and the different threats posed by Russia and China.
Also, “Password1” is not a good password according to our guests. So you should probably change that.
In November 2016, the U.K. government launched its Active Cyber Defence (ACD) program with the intention of tackling “in a relatively automated [and transparent] way, a significant proportion of the cyber attacks that hit the U.K.” True to their word, a little over a year on, last week the U.K.’s National Cyber Security Centre (NCSC) published a full and frank account (over 60 pages long) of their progress to date. The report itself is full of technical implementation details. But it’s useful to cut through the specifics to explain exactly what ACD is and highlight its successes—how the program could benefit the United States as well.
Election Security The Senate Armed Services Subcommittee on Cybersecurity held a hearing on the Defense Department’s role in ensuring the U.S. election process is secure from foreign influence. Much of the discussion focused on Russian meddling, which took place in the 2016 presidential election and was expected to continue in future U.S. elections as well as those around the world. Committee members and witnesses agreed that the issue would continue to get worse and that there must be a solution that includes both the government and the private sector, while understanding that each has different interests in terms of national security and profit, respectively.
On Dec. 21, all eyes were on the Republican bill to cut taxes. Yet a bipartisan group of six senators also had their eyes on the far less sexy (but still important!) topic of election hacking. They quietly introduced a bill called the Secure Elections Act that, if passed, would be a good down payment on improving the confidence we can have in the integrity of our elections. This short, stocking-stuffer size review will: review some of the core questions around election security, assess the bill’s provisions to improve information sharing, its grant program, and its bug bounty, and conclude with some tough realism about additional work that needs to be undertaken to protect our elections.
- Georgetown Journal of International Affairs
The military not only plans for operations, it also plans to plan. Yet there is no current plan or process in place to integrate cyber initiatives into campaign planning. The US government must determine how to integrate offensive and defensive cybercapabilities into campaign planning in order to leverage these capabilities and pair them with the military’s broad array of tools.
The administration should be given relatively high marks for the document’s cybersecurity components—especially for recognizing the breadth of the threat and that it’s going to take more than the help desk to fix it. Admittedly, that’s a pretty low bar. But National Security Strategy documents are not known as documents where big policy innovation occurs. Instead, the best you can usually do is articulate the broad contours of the main threats to national security coupled with some rough themes about what the government will do to make things better. Here, the administration does not isolate “the cyber” to the sidelines; instead, by talking about cyber issues throughout the document, the administration shows an understanding that cyberspace is a critical part to practically every aspect of national security.
How many times have you had to watch your company’s latest cybersecurity training video? An entire industry now exists to train us humans to be smarter in how we operate computers, and yet the number of cybersecurity incidents continues to rise. Are the hackers always one step ahead? Are we impossible to train? Or are we being taught the wrong lessons?
- Belfer Center for Science and International Affairs, Harvard Kennedy School
In July, the Belfer Center launched a new, bipartisan initiative called the Defending Digital Democracy Project (D3P). Led by Belfer Center Co-Director Eric Rosenbach, along with the former campaign managers for Hillary Clinton and Mitt Romney, the project aims to identify and recommend strategies, tools, and technology to protect democratic processes and systems from cyber and information attacks.
North Korea’s 3,000 to 6,000 hackers and the 10 to 20 percent of its military budget going toward online operations mean the country’s cyberthreat to the United States stands only behind that of China, Russia and Iran. If the current tensions continue to escalate, could the United States or North Korea use their cyber-capabilities as a “force multiplier” to conventional military systems?