Skip to:

Cybersecurity represents one of the most pressing challenges the world will face in the coming decades. Ensuring continued economic prosperity and defense readiness requires improving the security of the computing devices, systems and networks that have become essential to the nation’s commerce and defense. The United States and many nations have powerful offensive capabilities in cyberspace. But how, when, and under what circumstances should these capabilities be used?


These and other cyber issues are important, complex – and here to stay.


While technological capabilities are moving ahead at lightning speed, policy and legal frameworks in dealing with cyber are lagging behind. Governments have historically safeguarded citizens and national interests from external threats. In cyber, however, traditional boundaries are fuzzy. What constitutes an internal threat? What about an external one? How do we know a threat when we see it? The roles and missions in cyberspace of various government agencies are also unclear.


What is clear is that the government cannot go it alone: The private sector develops and holds key capabilities and owns vital assets that make public and private cooperation essential, demanding, and often problematic.

In the policy world, current priorities leave little time for longer-term thinking. In the academic world, research on cyber policy and security is siloed and embryonic. Cyber threats involve political, legal, organizational, economic and psychological factors that technical experts often do not fully understand or appreciate. Conversely, these conflicts in cyberspace may also involve technologies that social scientists and policymakers often do not fully grasp.


Jane Holl Lute, Amy Zegart and Herb Lin at the cybersecurity boot camp, Aug. 18, 2014.


Against this backdrop, there is surprisingly little consensus on the appropriate strategy, doctrine, tactics, theory, or data that might be brought to bear to understand the relevant issues, even though most observers agree that cyberspace is important from the standpoint of international security. In fact, there is little consensus even about which issues constitute the most important ones deserving attention.


Breaking out of intellectual stovepipes is crucial to developing a better understanding of cyber challenges and how to address them. Stanford University’s Center for International Security and Cooperation (CISAC) and the Hoover Institution are natural partners for doing just that – tackling cyber policy and security challenges across sectors and academic disciplines. The world’s growing interconnectedness and the “Internet of things” raise key questions about privacy, individual liberty, the appropriate role of government, international peace and national security, and economic freedom – issues that lie at the heart of Hoover’s mission to develop “ideas defining a free society.”


CISAC has a unique and successful model of bringing together scientists and social scientists to address pressing international security issues through rigorous scholarship, policy outreach and Track II diplomacy.


Both institutions are dedicated to developing policy-relevant knowledge by bridging academic divides, convening leading thinkers across sectors, and training the next generation.


To illustrate the scope of the CISAC-Hoover effort, one needs to look no further than the Stanford University Cyber Boot Camp for congressional staffers, held in Palo Alto in August 2014. The boot camp sought to integrate multiple perspectives and disciplines to provide a fuller understanding of the underpinnings of cybersecurity, the nature of cyber threats, various approaches to address them, and the use of offensive cyber capabilities to advance national interests.



The cyber boot camp is one in a number of educational activities in the works. CISAC and Hoover expect to conduct regular follow-up sessions on cyber issues with boot camp alumni. In addition, we hope to adapt the boot camp for other audiences, such as scholars of political science and international relations, and senior policymakers from other nations.


Along the scholarship dimension, one key element of the Hoover-CISAC program is a robust CISAC-based fellowship program for pre- and postdoctoral students focused on cybersecurity; several CISAC honors students focus on cyber issues as well.


Stanford University in November announced a Cyber Initiative to apply broad campus expertise to the the research of cybersecurity. With a $15 million grant from the William and Flora Hewlett Foundation, the initiative will be highly interdisciplinary in building a new policy framework for cyber issues. It will draw on the campus' experience with university-wide initiatives to focus on the core themes of trustworthiness, governance and the emergence of unexpected impacts of technological change over time.


Herb Lin, currently chief scientist at the Computer Science and Telecommunications Board, National Research Council of the National Academies, will oversee Stanford’s push into cybersecurity. Already affiliated with CISAC as a consulting scholar, Herb will join the program full time in January 2015 as a CISAC Senior Research Scholar and Hoover Research Fellow to guide the program’s expansion of research into cyber policy and security. Lin co-authored the recent primer by the National Academies on cybersecurity and public policy, “At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues,” which was used as the basic text of the boot camp.


The CISAC-Hoover program has a broad research agenda within the cyber policy and security universe. “An Evolving Research Agenda in Cyber Policy and Security," known as "Herb's list," tries to strike a balance between breadth and depth. A program that tries to do everything is likely to fail because the program’s efforts are diffused and the benefits of cross-fertilization between researchers working on similar problems are lost. A program that is focused too tightly is likely to fail because important, but related problems will be missed.


Given more than 30 years of involvement in issues related to international security and cooperation, the primary center of gravity of CISAC-Hoover’s activities on cyber policy and security will most closely be connected to such issues. Nevertheless, we recognize the importance and value of making progress across the entire agenda, and we do encourage work on problems across the entire spectrum of issues.


The CISAC program is expanding the scope of its scholarship through a number of consulting scholars, faculty, fellows and affiliates who pursue research interests in cyber policy and security. These include:

  1. Jane Holl Lute, deputy secretary for the Department of Homeland Security from 2009 to 2013 and president and CEO of the Council on CyberSecurity, and consulting professor at CISAC
  2. John Villasenor, professor of electrical engineering and public policy at UCLA and vice chair of the World Economic Forum’s Global Agenda Council on the Intellectual Property System, and CISAC affiliate and Hoover national fellow
  3. Rebecca Slayton, assistant professor in the Science & Technology Studies Department and the Judith Reppy Institute for Peace and Conflict Studies at Cornell, and a CISAC affiliate
  4. Tim Junio, a cybersecurity fellow at Hoover and a CISAC affiliat
  5. Jonathan Meyer, a former CISAC cybersecurity fellow and Stanford Ph.D. candidate in computer science
  6. Tom Berson, a cryptographer and founder of Anagram Laboratories and CISAC affiliate
  7. David Elliott, author of the book, “The Transnational Dimension of Cyber Crime and Terrorism, and a CISAC affiliate
  8. Whitfield Diffie, co-inventor of public key cryptography and a CISAC consulting professor
  9. Marty Hellman, co-inventor of public key cryptography and a CISAC affiliated faculty member
  10. Edward Feigenbaum, a professor emeritus of computer science at Stanford and artificial intelligence expert who founded the Knowledge Systems Laboratory
  11. Abraham Sofaer, the George P. Shultz senior fellow in foreign policy and national security affairs at Hoover
  12. Dan Boneh, a Stanford professor of computer science and electrical engineering, and a CISAC affiliated faculty member
  13. John Mitchell, a professor of computer science (by courtesy) and electrical engineering and CISAC affiliated faculty member


CISAC is now offering fellowships in cybersecurity studies. Click here to learn more.

Cyber Policy and Security