Herbert Lin

Hank J. Holland Fellow in Cyber Policy and Security, Hoover Institution

Herb Lin is a senior research scholar for cyber policy and security at the Center for International Security and Cooperation and the Hank J. Holland Fellow in cyber policy and security at the Hoover Institution, both at Stanford University.  His research interests concern the policy-related dimensions of cybersecurity and cyberspace; he is particularly interested in and knowledgeable about the use of offensive operations in cyberspace, especially as instruments of national policy.  In addition to his positions at Stanford University, he is chief scientist emeritus for the Computer Science and Telecommunications Board, at the National Research Council (NRC) of the National Academies, where he served from 1990 through 2014 as study director of major projects on public policy and information technology, and adjunct senior research scholar and senior fellow in cybersecurity (not in residence) at the Saltzman Institute for War and Peace Studies in the School for International and Public Affairs at Columbia University. Before his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986–90), where his portfolio included defense policy and arms control issues. He received his doctorate in physics from the Massachusetts Institute of Technology.

To read more about Herb Lin's interests, see "An Evolving Research Agenda in Cyber Policy and Security."

He is also a longtime folk and swing dancer and a poor magician. Apart from his work on cyberspace and cybersecurity, he has published on cognitive science, science education, biophysics, and arms control and defense policy. He also consults on K–12 math and science education.

Filter By:



Recent Commentary

Analysis and Commentary

A Continuing Need For Stealth With Loud Cyber Weapons

by Herbert Linvia Lawfare
Tuesday, July 18, 2017

C4ISRNET recently published an interesting and useful four-part series exploring what U.S. Cyber Command will need to operate on its own, separate from the National Security Agency.


On Cooperating With Bad Actors In Cyberspace

by Herbert Linvia Lawfare
Monday, July 17, 2017

In a July 11 posting, Paul Rosenzweig argued that cyber cooperation with bad actors is always a bad idea, specifically referring to the President’s incomprehensible idea to form with Russia “an impenetrable Cyber Security unit [with Russia] so that election hacking, & many other negative things, will be guarded.”

In the News

Lawmakers Sound Alarm About Russian Cybersecurity Firm

by Herbert Linvia The Hill
Thursday, July 6, 2017

Senators have moved to bar the Pentagon from using software produced by a Russian-origin cybersecurity firm, underscoring suspicions of its ties to the Russian government.

Analysis and Commentary

On The Inspection Of Anti-Virus Source Code To Demonstrate The Lack Of Offensive Cyber Capabilities

by Herbert Linvia Lawfare
Monday, July 3, 2017

A recent AP story notes that senior U.S. intelligence officials have advised Congress to steer well clear of Kaspersky's products. In response to such U.S. government concerns, Eugene Kaspersky has offered to allow the inspection of the source code of his anti-virus products.

Analysis and Commentary

A Notification Requirement For Using Cyber Weapons Or For Unauthorized Disclosure Of A Cyber Weapon

by Herbert Linvia Lawfare
Saturday, June 10, 2017

The chairman and ranking minority member (RMM) of the House Armed Services Committee and the chairman and RMM of the its emerging threats and capabilities subcommittee are proposing legislation that would require the Defense Department to notify congressional defense committees within 48 hours of the conduct of “any sensitive military cyber operation.”

Analysis and Commentary

Microsoft’s Response To WannaCrypt

by Herbert Linvia Lawfare
Monday, May 15, 2017

In a recent blog post, Microsoft argued that the use of a vulnerability for Windows XP stolen from the NSA and released by the Shadow Brokers has caused widespread damage in the public domain, and the lesson that governments should learn from this incident is that government stockpiling of vulnerabilities that might be inadvertently revealed presents a hazard to safe computing around the world.


The Promises And Perils Of Emerging Technologies For Cybersecurity

by Herbert Linvia Lawfare
Monday, May 1, 2017

In late March 2017, I was invited to submit for the record my views on “the Promises and Perils of Emerging Technologies for Cybersecurity" before the Senate Committee on Commerce, Science, and Transportation. What follows below is what I submitted for the hearing record held on March 22, slightly modified to include some references.  I invite comment from Lawfare readers.

Analysis and Commentary

More On The Active Defense Certainty Act

by Herbert Linvia Lawfare
Friday, March 24, 2017

Bobby Chesney raised a number of issues regarding the Active Defense Certainty Act, and I’m just getting into it now. I think Bobby’s comments are spot on, but I want to amplify some of his concerns.

Analysis and Commentary

What Is Julian Assange's Game? Helping Putin, It Seems

by Herbert Linvia Newsweek
Friday, March 17, 2017

The hypocrisy of WikiLeaks should now be transparent to all, even those who initially supported them. Earlier this month, WikiLeaks posted a trove of documents, allegedly from the CIA, describing various hacking tools that the CIA has in its possession. Many of these tools are based on vulnerabilities in existing computer systems and computer-driven devices, such as televisions.


A Few Observations On Wikileaks And Vault7: Hacking At The CIA

by Herbert Linvia Lawfare
Wednesday, March 8, 2017

First, I echo Nick’s observation that it’s hardly a surprise that the CIA has a bunch of its own hacking tools. Indeed, if they didn’t, I’d say someone ought to be fired.