Policy Papers

National CSIRTs and Their Role in Computer Security Incident Response

As national CSIRTs are folded under government agencies, what are the equities and implications for operations and trust?

The Industrial Control System Cyber Kill Chain

New America Cybersecurity Fellow Robert M. Lee and Michael J. Assante introduce the concept of the ICS Cyber Kill Chain to help defenders...

Smart Cyber-Legislation

Congress has failed to pass a comprehensive bill with broad authorities or requirements that would strengthen private sector cybersecurity.

Cybersecurity and Asia

A policy-brief overview of the status of cybersecurity and Asia.

The Sliding Scale of Cyber Security

A model for nuanced discussion of the categories of actions and investments that contribute to cybersecurity.

The Declining Half-Life of Secrets

Peter Swire provides an explanation of how the nature of secrets, and keeping them, is changing in the digital age.

Doomed to Repeat History? Lessons from the Crypto Wars of the 1990s

An overview of lessons from the Crypto Wars of the 1990s for current policy-makers.

CSIRT Basics for Policy-Makers

In this paper, we examine the history, types, and culture of Computer Security Incident Response Teams (CSIRTs).

Technological Sovereignty: Missing the Point?

Will proposals for European technological sovereignty actually increase cybersecurity on the continent?

Compilation of Existing Cybersecurity and Information Security Related Definitions

OTI releases a study to contribute to greater clarity and an understanding regarding terminology related to cyberspace and cybersecurity.

Visualizing Swing States in the Global Internet Governance Debate

This interactive map provides an overview of "swing states" in Internet governance and cybersecurity policy.