In December 2024, CLTC opened a second Call for Papers (CFP) to support Public Interest Cybersecurity research that will increase the body of empirical knowledge about the cyber defense of under-resourced organizations in the United States, such as nonprofits, state and local governments, small utilities, hospitals, or school districts.
After reviewing a pool of competitive proposals, three researchers were selected to present their findings at the 2025 Cyber Civil Defense Summit and have their research published as CLTC white papers.
Below are brief summaries of the white papers.
Economics of Cyber Policies for Critical Care
Authored by: Aden Klein
Cyberattacks are a pressing threat to hospital operations, patient health data, and, most importantly, patient lives. Cybersecurity insurance has become a key component of resilience for the healthcare sector, yet lower-resourced hospitals face gaps in coverage, and caps (i.e., maximum limits) on losses leave the entire sector vulnerable to catastrophic, large-scale cyberattacks.
The report, Economics of Cyber Policies for Critical Care: Models for Improving the Resilience of the Healthcare Sector, examines a range of issues related to cyber insurance coverage in U.S. health systems, including whether premiums and loss caps vary based on hospital size and resource level; whether insurance coverage has driven cyber investment and maturity in hospitals; and the cost and efficacy of cyber insurance policies often proposed by industry and policymakers.
The report, authored by Aden Klein, a legislative and policy analyst for healthcare supply-chain company Premier Inc.
Building Trust: Quantifying Use of the .gov Domain Below the Federal Level
Authored by: Chris Babcock
Trust in digital government services relies on users’ ability to verify that websites and emails genuinely represent official institutions. The .gov top-level domain (TLD), managed by the Cybersecurity and Infrastructure Security Agency (CISA), serves as a trusted and secure digital identifier.
Yet despite the benefits, adoption of the .gov domain by government entities below the federal level — such as states, cities, counties, school districts, and tribal governments — is uneven and, in many cases, minimal.
This key finding is among those detailed in Building Trust: Quantifying Use of the .gov Domain Below the Federal Level. The report — the first comprehensive analysis of .gov domain adoption across all non-federal U.S. government entities — was authored by Chris Babcock, an Air Force officer who serves as a cyber defense analyst, specializing in cyber incident response, threat mitigation, and resilience planning. (The views in the paper are those of the author and do not reflect the official policy or position of the U.S. government or the Department of Defense.)
Enhancing Cyber Resilience for Equitable Healthcare: Analysis of Cyberattacks Targeting Sexual and Reproductive Facilities and Services
Authored by: Pavlina Pavlova
Healthcare is among the most targeted and vulnerable sectors for cyberattacks. Sexual and reproductive health (SRH) facilities and services in particular face financially motivated ransomware attacks and data breaches, ideologically motivated punitive attacks, and commercialization and misuse of medical and personal data.
This report, Enhancing Cyber Resilience for Equitable Healthcare: Analysis of Cyberattacks Targeting Sexual and Reproductive Facilities and Services, spotlights the SRH sector’s threat landscape through quantitative and qualitative analysis of cyberattacks and their impacts.
The report was authored by Pavlina Pavlova, a policy expert with a cross-cutting perspective on international cybersecurity and transnational cybercrime. Pavlova was formerly a #ShareTheMicInCyber Fellow at New America in Washington, D.C., a public policy advisor at the CyberPeace Institute, and a cybercrime expert at the UN Office on Drugs and Crime (UNODC) in Vienna.
