Dr. Michael Sulmeyer is the Belfer Center's Cyber Security Project director at the Harvard Kennedy School. He recently concluded several years in the Office of the Secretary of Defense, serving most recently as the Director for Plans and Operations for Cyber Policy. He was also Senior Policy Advisor to the Deputy Assistant Secretary of Defense for Cyber Policy. In these jobs, he worked closely with the Joint Staff and Cyber Command on a variety of efforts to counter malicious cyber activity against U.S. and DoD interests. Previously, he worked on arms control and the maintenance of strategic stability between the United States, Russia, and China. As a Marshall Scholar, Sulmeyer received his doctorate in Politics from Oxford University, and his dissertation, "Money for Nothing: Understanding the Termination of U.S. Major Defense Acquisition Programs," won the Sir Walter Bagehot Prize for best dissertation in government and public administration. He received his B.A. and J.D. from Stanford University and his M.A. in War Studies from King's College London.
Subscribe to this Lawfare contributor via RSS.
President Trump offered his support last month for the creation of a Space Force within the U.S. military. In a paper released last week, my Harvard colleague Greg Falco argues that one of the first missions for this new force should be to improve the cybersecurity of space assets.
On Dec. 21, all eyes were on the Republican bill to cut taxes. Yet a bipartisan group of six senators also had their eyes on the far less sexy (but still important!) topic of election hacking. They quietly introduced a bill called the Secure Elections Act that, if passed, would be a good down payment on improving the confidence we can have in the integrity of our elections.
Today, the Trump administration released its National Security Strategy. This piece will address one narrow element of the document: cybersecurity. It’s a hot topic, but compared to North Korea’s nuclear-tipped missile program, Iran’s destabilizing activities in the Middle East, China’s muscle-flexing across almost all domains of statecraft, and Russia’s growing role as a spoiler around the world, I thought the National Security Strategy wouldn’t have much to say about cybersecurity. I was wrong.
Lawfare and others have spent an enormous amount of time discussing the intricacies of the Vulnerabilities Equities Process (VEP). Many policy conferences have been dedicated to the matter, and an even greater number of Twitter debates. The topic, in its own way, serves as a proxy for what one thinks of broader issues in information security and signals intelligence.
Today’s so-called WannaCry ransomware attack reveals the stakes, but more importantly the limits, of that debate.
Yesterday, the U.S. Department of Justice (DoJ) released an indictment against four Russians in one of the most significant hacking-related law enforcement actions to date. According to the indictment, two criminals working at the behest of two officers of Russia’s Federal Security Service (FSB) hacked into Yahoo’s internal networks, compromised Yahoo user accounts, and used those compromises to pivot into accounts with other online services, including Google.
On Wednesday, the Deputy Secretary of Defense issued a memo that clarifies how the Department of Defense (DoD) will implement President Trump’s executive order to freeze all civilian hiring across all departments and agencies.
Thanks to the at-times br