Insights & Research

Submarine cables are the essential infrastructure enabling the global economy. This paper recommends enhancing the resilience of the ecosystem through greater route diversity and redundancy, rapid repair capacity, and secure supply chain.

The Center convened the latest in a series of tabletop exercises exploring IT concentration risk within a broader international context with Five Eyes officials and industry reps.

The Center conducted a tabletop exercise exploring the ability of government and private sector to address disruption from a nation state with sophisticated cyber capabilities may cause to critical infrastructure if given extensive freedom of action.

Because the future of the CVE program faces some uncertainty it’s time to start a dialogue about the future of the program. This report is designed to provide that starting point.

The U.S. is facing a new era of digital conflict where cyberattacks are persistent campaigns targeting critical infrastructure. In response, calls to embrace offensive cyber have grown as questions and challenges around these capabilities are raised.

The Center and Australian officials conducted a multi-stakeholder tabletop exercise, with the intent to explore concentration risk within the Australian Government’s IT environments.

Organizations worldwide are developing frameworks to ensure that AI systems are safe and secure but there’s a gap in how they are compared. This analysis seeks to understand the commonalities by using the the NIST AI RMF as a baseline.

The use of AI technologies in federal agencies is ever expanding but governance is necessary to ensure its proper use. This report looks at existing governance structures, the role of the CAIO, and recommendations to make governance more effective.

The ONCD was established to advise the President on cybersecurity and has matured into a key component of cybersecurity policymaking. However, changes are needed to ensure the efficacy of the office, especially as it relates to other agencies.

The Center conducted a multi-stakeholder tabletop exercise in April to explore a form of concentration risk where a single software, configuration, service, or hardware becomes dominant in an ecosystem.