Authors: Ari Schwartz and Robert K. Knake Belfer Center for Science and International Affairs John F. Kennedy School of Government Harvard University
In this June 2016 discussion paper, Knake and his coauthor examine the Obama administration’s Vulnerability Equities Process guidelines. They argue that the administration ought to formalize and publicize these guidelines and offer policy recommendations to improve the VEP while maintaining a bias toward public disclosure of zero day vulnerabilities.
In spite of significant differences in views, Beijing and Washington appear committed to not letting cyber issues derail the U.S.-China relationship or interfere with cooperation on other high-profile issues. Among the wide range of issues raised at their recent meeting on the sidelines of the Nuclear Security Summit, Presidents Barack Obama and Xi Jinping reiterated their commitment to last September’s breakthrough cybersecurity agreement.
Authors: Adam Segal and Tang Lan The National Bureau of Asian Research
While there continue to be significant differences between the perspectives of the U.S. and Chinese governments on issues in cyberspace, recent progress to overcome these challenges suggests a path forward, writes Adam Segal. Substantive cooperation on cybersecurity, cybercrime, and Internet governance can help both countries avoid a conflict over cyberspace.
In this January 2016 article, Knake argues that the United States needs to improve its cyber hygiene and “clean up” its cyberspace in order to reduce the number of malware infections and botnet attacks launched from domestic computers.
Recent terrorist attacks and resulting questions about the limits of surveillance have rekindled debate about how governments should deal with the challenges of powerful, commercially available encryption. With active debate in the United States and Western Europe surrounding this issue, it is instructive to note that Israel has been regulating encryption for decades.
When does a cyber-attack (or threat of cyber-attack) give rise to a right of self-defense – including armed self-defense – and when should it? This essay examines these questions through three lenses: (1) a legal perspective, to examine the range of reasonable interpretations of self-defense rights as applied to cyber-attacks, and the relative merits of interpretations within that range; (2) a strategic perspective, to link a purported right of armed self-defense to long-term policy interests including security and stability; and (3) a political perspective, to consider the situational context in which government decision-makers will face these issues and predictive judgments about the reactions to cyber-crises of influential actors in the international system.
Adam Segal says the recent Chinese cyberattacks on Bloomberg and the New York Timeshighlights both the willingness of Beijing to shape the narrative about China, as well as the vulnerability the top leadership feels about how they are portrayed.
Learn more about CFR’s mission and its work over the past year in the 2016 Annual Report. The Annual Report spotlights new initiatives, high-profile events, and authoritative scholarship from CFR experts, and includes a message from CFR President Richard N. Haass. Read and download »