1 - 5 of 5
Number of results to display per page
Search Results
2. Russia’s Wartime Cyber Operations in Ukraine: Military Impacts, Influences, and Implications
- Author:
- Jon Bateman
- Publication Date:
- 12-2022
- Content Type:
- Working Paper
- Institution:
- Carnegie Endowment for International Peace
- Abstract:
- This paper examines the military effectiveness of Russia’s wartime cyber operations in Ukraine,1 the reasons why these operations have not had greater strategic impact, and the lessons applicable to other countries’ military cyber efforts. It builds on previous analyses by taking a more systematic and detailed approach that incorporates a wider range of publicly available data. A major purpose of this paper is to help bridge the divide between cyber-specific and general military analysis of the Russia-Ukraine war. Most analysis of Russian cyber operations in Ukraine has been produced by cyber specialists writing for their own field, with limited integration of non-cyber military sources and concepts. Conversely, leading accounts of the war as a whole include virtually no mention of cyber operations.2 To begin filling the gap, this paper places Russian cyber operations in Ukraine within the larger frame of Moscow’s military objectives, campaigns, and kinetic activities.
- Topic:
- Cybersecurity, Military, and Russia-Ukraine War
- Political Geography:
- Russia, Europe, and Ukraine
3. U.S.-China Technological “Decoupling”: A Strategy and Policy Framework
- Author:
- Jon Bateman
- Publication Date:
- 04-2022
- Content Type:
- Special Report
- Institution:
- Carnegie Endowment for International Peace
- Abstract:
- A partial “decoupling”2 of U.S. and Chinese technology ecosystems is well underway. Beijing plays an active role in this process, as do other governments and private actors around the world. But the U.S. government has been a primary driver in recent years with its increased use of technology restrictions: export controls, divestment orders, licensing denials, visa bans, sanctions, tariffs, and the like. There is bipartisan support for at least some bolstering of U.S. tech controls, particularly for so-called strategic technologies, where Chinese advancement or influence could most threaten America’s national security and economic interests. But what exactly are these strategic technologies, and how hard should the U.S. government push to control them? Where is the responsible stopping point—the line beyond which technology restrictions aimed at China do more harm than good to America? These are vexing questions with few, if any, clear answers. Yet the United States cannot afford simply to muddle through technological decoupling, one of the most consequential global trends of the early twenty-first century. The U.S. technology base—foundational to national well-being and power—is thoroughly enmeshed with China in a larger, globe-spanning technological web. Cutting many strands of this web to reweave them into new patterns will be daunting and dangerous. Without a clear strategy, the U.S. government risks doing too little or—more likely—too much to curb technological interdependence with China. In particular, Washington may accidentally set in motion a chaotic, runaway decoupling that it cannot predict or control. Sharper thinking and more informed debates are needed to develop a coherent, durable strategy. Today, disparate U.S. objectives are frequently lumped together into amorphous constructs like “technology competition.” Familiar terms like “supply chain security” often fail to clarify such basic matters as which U.S. interests must be secured and why. Important decisions are siloed within opaque forums (like the Committee on Foreign Investment in the United States [CFIUS]), narrow specialties (like export control law), or individual industries (like semiconductors), concealing the bigger picture. The traditional concerns of “tech policy” and “China policy” receive outsized attention, while second-order implications in other areas (such as climate policy) get short shrift. And as China discourse in the United States becomes more politically charged, arguments for preserving technology ties are increasingly muted or not voiced at all. This report aims to address these gaps and show how American leaders can navigate the vast, perilous, largely unmapped terrain of technological decoupling. First, it gives an overview of U.S. thinking and policy—describing how U.S. views on Chinese technology have evolved in recent years and explaining the many tools that Washington uses to curb U.S.- China technological interdependence. Second, it frames the major strategic choices facing U.S. leaders—summarizing three proposed strategies for technological decoupling and advocating a middle path that preserves and expands America’s options. Third, it translates this strategy into implementable policies and processes—proposing specific objectives for U.S. federal agencies and identifying the technology areas where government controls are (or are not) warranted. The report also highlights many domestic investments and other self-improvement measures that must go hand in hand with restrictive action.
- Topic:
- National Security, Science and Technology, Intellectual Property/Copyright, Authoritarianism, Economy, Espionage, Military, and Interdependence
- Political Geography:
- China, Asia, North America, and United States of America
4. War, Terrorism, and Catastrophe in Cyber Insurance: Understanding and Reforming Exclusions
- Author:
- Jon Bateman
- Publication Date:
- 10-2020
- Content Type:
- Working Paper
- Institution:
- Carnegie Endowment for International Peace
- Abstract:
- Cyber insurance is a promising way to contain the havoc cyber attacks wreak, but endless lawsuits hamper its effectiveness. Reforms and new solutions are sorely needed. Insurance is one of the most promising tools for addressing pervasive cyber insecurity. A robust market for insuring cyber incidents could, among other things, financially incentivize organizations to adopt better cyber hygiene—thereby reducing cyber risk for society as a whole. But cyber insurance is not yet mature enough to fulfill its potential, partly due to uncertainty about what kinds of cyber risks are, or can be, insured. Uncertainties in cyber insurance came to a head in 2017, when the Russian government conducted a cyber attack of unprecedented scale. Data-destroying malware called NotPetya infected hundreds of organizations in dozens of countries, including major multinational companies, causing an estimated $10 billion in losses.1 NotPetya showed that cyber risk was greater than previously recognized, with higher potential for “aggregation”—the accumulation of losses across many insurance policies from a single incident or several correlated events. NotPetya also exposed a serious ambiguity in how insurance policies treat state-sponsored cyber incidents. Some property and casualty insurers declined to pay NotPetya-related claims, instead invoking their war exclusions—long-standing clauses that deny coverage for “hostile or warlike action in time of peace and war” perpetrated by states or their agents.2 War exclusions date back to the 1700s, but they had never before been applied to cyber incidents. This novel use of the war exclusion, still being litigated, has raised doubts about whether adequate or reliable coverage exists for state-sponsored cyber incidents. Some observers have asked whether such incidents are insurable at all, given the potential for aggregated cyber losses even more catastrophic than those of NotPetya.3 And while the war exclusion has attracted the most attention, another exclusion—for terrorism—presents similar challenges to cyber claims.
- Topic:
- Terrorism, War, Cybersecurity, and Non-Traditional Threats
- Political Geography:
- Global Focus
5. Deepfakes and Synthetic Media in the Financial System: Assessing Threat Scenarios
- Author:
- Jon Bateman
- Publication Date:
- 07-2020
- Content Type:
- Working Paper
- Institution:
- Carnegie Endowment for International Peace
- Abstract:
- Bad actors could use deepfakes—synthetic video or audio—to commit a range of financial crimes. Here are ten feasible scenarios and what the financial sector should do to protect itself. Rapid advances in artificial intelligence (AI) are enabling novel forms of deception. AI algorithms can produce realistic “deepfake” videos, as well as authentic-looking fake photos and writing. Collectively called synthetic media, these tools have triggered widespread concern about their potential in spreading political disinformation. Yet the same technology can also facilitate financial harm. Recent months have seen the first publicly documented cases of deepfakes used for fraud and extortion. Today the financial threat from synthetic media is low, so the key policy question is how much this threat will grow over time. Leading industry experts diverge widely in their assessments. Some believe firms and regulators should act now to head off serious risks. Others believe the threat will likely remain minor and the financial system should focus on more pressing technology challenges. A lack of data has stymied the discussion.
- Topic:
- Security, Cybersecurity, Artificial Intelligence, and Non-Traditional Threats
- Political Geography:
- Global Focus