Countering cyber proliferation: Zeroing in on Access-as-a-Se

Countering cyber proliferation: Zeroing in on Access-as-a-Service
Report
by
Winnona DeSombre, James Shires, JD Work, Robert Morgus, Patrick Howell O’Neill, Luca Allodi, and Trey Herr
Executive summary
The proliferation of offensive cyber capabilities (OCC)—the combination of tools; vulnerabilities; and skills, including technical, organizational, and individual capacities used to conduct offensive cyber operations—presents an expanding set of risks to states and challenges commitments to protect openness, security, and stability in cyberspace. As these capabilities become more prolific, their regulation through formal international norms and export controls is increasingly ineffective. Countering the spread of dangerous capabilities is not a new policy challenge, but its specific application to the cyber domain remains uncertain both in theory and in practice. Left unchecked, the continued proliferation of offensive capabilities could significantly damage the global economy, international security, and the values that the United States and its allies hold dear. Thus, it is imperative that governments reevaluate their approach to countering the proliferation of OCC. This report profiles the “Access-as-a-Service” (AaaS) industry, a significant vector for the proliferation of OCC, as a means of both illustrating the character of this proliferation and investigating policies to counter it.

Related Keywords

Afghanistan , United States , Paris , France General , France , United Kingdom , China , California , Russia , Weizhen , Fujian , Mexico , Stockholm , Sweden , Massachusetts , Italy , Tallinn , Harjumaa , Estonia , Cambridge , Cambridgeshire , Los Angeles , Spain , Greece , New York , Hamburg , Germany , Texas , Washington , Sipri , Diyarbakir , Turkey , United Arab Emirates , Canada , Toronto , Ontario , Boente , Galicia , Guangzhou , Guangdong , Iraq , Chatham , Medway , Israel , Harvard University , Tufts University , Saudi Arabia , North Korea , Italian , America , Saudi , Canadian , Chinese , Mexican , Russian , North Korean , Russian Federation , Gulf States , Israeli , American , Edin Omanovic , Andreaa Golay , Luca Allodi , Anna Shubina , Christopher Bing , Shayanne Gal , Matt Schroeder , Reportbywinnona Desombre , Michael Sexton , Winnona Desombre , Lorenzo Franceschi Bicchierai , Max Smeets , Sarah Mckune , Fionas Cunningham , Kimberly Zenz , Nima Elbagir , Noura Al Jizawi , Siddharth Prakash Rao , Robert Morgus , Mark Mazzetti , Eliza Campbell , Trey Herr , Juliane Barnes , Sean Gallagher , Catalin Cimpanu , Ben Hawkes , Ken Silverstein , Leo Varela , Ryan Ellis , Maggie Haberman , Taha Karim , Jenna Mclaughlin , Gil Baram , Ben Wagner , Ben Buchanan , Bahr Abdul Razzak , Jack Stubbs , Herb Lin , Richard Clarke , Richardm Harrison , Sam Jones , Abu Dhabi , Molly Moore , Oded Yaron , Josh Rogin , Andy Bogart , Ronen Bergman , Jamal Khashoggi , Ron Deibert , John Scott Railton , Becky Peterson , Joseph Nye , Laura Smith , Michael Locasto , Alexander Cornwell , Adam Goldman , Tim Maurer , Joseph Cox , Philippe Langlois , Siena Anstis , Masashi Crete Nishihata , Patrick Howell Oneill , Salma Abdelaziz , Jon Gambrell , James Shires , Chaim Levinson , Christopher Morris , Joel Schectman , Kenneth Geers , Joelp Trachtman , Ahmed Mansoor , Google , Information Security Center , Group Hacking , Council On Foreign Relations , Shibolet Co , Etexas National Security , Ministry Of Defense Mo , University Of Toronto , Cambridge University Press , Russian Ministry Of Defense , Washington Post , Facebook , Whatsapp Inc , Technology Institute , International Conference On Cyber , European Parliament , Rand Corporation , International Export Controls To Bolster Cyber Defenses , Stockholm International Peace Research Institute , Baffling Arrests Shakes Cyber Division , Group Pegasus Spyware To Operations , Harvard University Press , Hacking Team , Darkmatter Group , Misuse Of Its Technology , Linkedin , Clients Of Cyberespionage Firm , Nuclear Lessons For Cyber Security , Microsoft , Infighting Among Russian Security Services , Amnesty International , Law Firm , Service Sector , Cyberpeace Institute Calls For Accountability Of Intrusion , Malware Payload Development , Cnn , Dartmouth University , Ministry Of Defense , Why Wassenaar Arrangement Definitions Of Intrusion Software , New York Times , Intelligence Agency , Later Citizen Lab , National Security Agency , America Foundation , Chinese Ministry Of State Security , Internet For Civil Society Toronto , International Law , Privacy International , Darkmatter Group Calls For Improved Vigilance , Lench It Solutions , International Visa System , Abuse Of Software , Cambridge University , Department Of Justice , Nso Group , Network Working Group , Reuters , Cyber Weapons Convention , Internet Engineering Task , Group Technologies , Cyber Firm , Chaos Communication Congress , Al Jazeera , Belfer Center Cyber Security , Los Angeles Times , Symantec , Financials Show Israeli Spyware Company , European Union , Citizen Lab , Hacking Team Of American Mercenaries ,