Michael Sulmeyer

msulmeyer's picture

Dr. Michael Sulmeyer is the Belfer Center's Cyber Security Project director at the Harvard Kennedy School. He recently concluded several years in the Office of the Secretary of Defense, serving most recently as the Director for Plans and Operations for Cyber Policy. He was also Senior Policy Advisor to the Deputy Assistant Secretary of Defense for Cyber Policy. In these jobs, he worked closely with the Joint Staff and Cyber Command on a variety of efforts to counter malicious cyber activity against U.S. and DoD interests. Previously, he worked on arms control and the maintenance of strategic stability between the United States, Russia, and China. As a Marshall Scholar, Sulmeyer received his doctorate in Politics from Oxford University, and his dissertation, "Money for Nothing: Understanding the Termination of U.S. Major Defense Acquisition Programs," won the Sir Walter Bagehot Prize for best dissertation in government and public administration. He received his B.A. and J.D. from Stanford University and his M.A. in War Studies from King's College London.

Subscribe to this Lawfare contributor via RSS.

Cybersecurity: Legislation

Assessing the Bipartisan Secure Elections Act

On Dec. 21, all eyes were on the Republican bill to cut taxes. Yet a bipartisan group of six senators also had their eyes on the far less sexy (but still important!) topic of election hacking. They quietly introduced a bill called the Secure Elections Act that, if passed, would be a good down payment on improving the confidence we can have in the integrity of our elections.


Cybersecurity in the 2017 National Security Strategy

Today, the Trump administration released its National Security Strategy. This piece will address one narrow element of the document: cybersecurity. It’s a hot topic, but compared to North Korea’s nuclear-tipped missile program, Iran’s destabilizing activities in the Middle East, China’s muscle-flexing across almost all domains of statecraft, and Russia’s growing role as a spoiler around the world, I thought the National Security Strategy wouldn’t have much to say about cybersecurity. I was wrong.


The Real Lesson from the WannaCry Ransomware

Lawfare and others have spent an enormous amount of time discussing the intricacies of the Vulnerabilities Equities Process (VEP). Many policy conferences have been dedicated to the matter, and an even greater number of Twitter debates. The topic, in its own way, serves as a proxy for what one thinks of broader issues in information security and signals intelligence.

Today’s so-called WannaCry ransomware attack reveals the stakes, but more importantly the limits, of that debate.

Cybersecurity: Crime and Espionage

The Department of Justice Makes the Next Move in the U.S.-Russia Espionage Drama

Yesterday, the U.S. Department of Justice (DoJ) released an indictment against four Russians in one of the most significant hacking-related law enforcement actions to date. According to the indictment, two criminals working at the behest of two officers of Russia’s Federal Security Service (FSB) hacked into Yahoo’s internal networks, compromised Yahoo user accounts, and used those compromises to pivot into accounts with other online services, including Google.