Herbert Lin

Hank J. Holland Fellow in Cyber Policy and Security, Hoover Institution

Herb Lin is a senior research scholar for cyber policy and security at the Center for International Security and Cooperation and the Hank J. Holland Fellow in cyber policy and security at the Hoover Institution, both at Stanford University.  His research interests concern the policy-related dimensions of cybersecurity and cyberspace; he is particularly interested in and knowledgeable about the use of offensive operations in cyberspace, especially as instruments of national policy.  In addition to his positions at Stanford University, he is chief scientist emeritus for the Computer Science and Telecommunications Board, at the National Research Council (NRC) of the National Academies, where he served from 1990 through 2014 as study director of major projects on public policy and information technology, and adjunct senior research scholar and senior fellow in cybersecurity (not in residence) at the Saltzman Institute for War and Peace Studies in the School for International and Public Affairs at Columbia University. Before his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986–90), where his portfolio included defense policy and arms control issues. He received his doctorate in physics from the Massachusetts Institute of Technology.

To read more about Herb Lin's interests, see "An Evolving Research Agenda in Cyber Policy and Security."

He is also a longtime folk and swing dancer and a poor magician. Apart from his work on cyberspace and cybersecurity, he has published on cognitive science, science education, biophysics, and arms control and defense policy. He also consults on K–12 math and science education.

Filter By:



Recent Commentary

Analysis and Commentary

A Notification Requirement For Using Cyber Weapons Or For Unauthorized Disclosure Of A Cyber Weapon

by Herbert Linvia Lawfare
Saturday, June 10, 2017

The chairman and ranking minority member (RMM) of the House Armed Services Committee and the chairman and RMM of the its emerging threats and capabilities subcommittee are proposing legislation that would require the Defense Department to notify congressional defense committees within 48 hours of the conduct of “any sensitive military cyber operation.”

Analysis and Commentary

Microsoft’s Response To WannaCrypt

by Herbert Linvia Lawfare
Monday, May 15, 2017

In a recent blog post, Microsoft argued that the use of a vulnerability for Windows XP stolen from the NSA and released by the Shadow Brokers has caused widespread damage in the public domain, and the lesson that governments should learn from this incident is that government stockpiling of vulnerabilities that might be inadvertently revealed presents a hazard to safe computing around the world.


The Promises And Perils Of Emerging Technologies For Cybersecurity

by Herbert Linvia Lawfare
Monday, May 1, 2017

In late March 2017, I was invited to submit for the record my views on “the Promises and Perils of Emerging Technologies for Cybersecurity" before the Senate Committee on Commerce, Science, and Transportation. What follows below is what I submitted for the hearing record held on March 22, slightly modified to include some references.  I invite comment from Lawfare readers.

Analysis and Commentary

More On The Active Defense Certainty Act

by Herbert Linvia Lawfare
Friday, March 24, 2017

Bobby Chesney raised a number of issues regarding the Active Defense Certainty Act, and I’m just getting into it now. I think Bobby’s comments are spot on, but I want to amplify some of his concerns.

Analysis and Commentary

What Is Julian Assange's Game? Helping Putin, It Seems

by Herbert Linvia Newsweek
Friday, March 17, 2017

The hypocrisy of WikiLeaks should now be transparent to all, even those who initially supported them. Earlier this month, WikiLeaks posted a trove of documents, allegedly from the CIA, describing various hacking tools that the CIA has in its possession. Many of these tools are based on vulnerabilities in existing computer systems and computer-driven devices, such as televisions.


A Few Observations On Wikileaks And Vault7: Hacking At The CIA

by Herbert Linvia Lawfare
Wednesday, March 8, 2017

First, I echo Nick’s observation that it’s hardly a surprise that the CIA has a bunch of its own hacking tools. Indeed, if they didn’t, I’d say someone ought to be fired.

Analysis and Commentary

What Would Be A Sufficiently Strong Response To Russian Hacking Of The U.S. Election?

by Herbert Linvia Lawfare
Saturday, December 31, 2016

A variety of recent reports have noted complaints that the sanctions on Russia for its meddling in the November election are insufficient.

Analysis and Commentary

The Invisible Costs Of Cyber Weapons

by Herbert Linvia Defense One
Wednesday, December 14, 2016

For kinetic weapons like tanks, production costs generally outweigh research and development. For cyber weapons, R&D is almost everything.


Regarding the Report of the Presidential Commission on Enhancing National Cybersecurity…

by Herbert Linvia Lawfare
Tuesday, December 6, 2016

As many Lawfare readers know, I was honored to be one of 12 members of President Obama’s Commission on Enhancing National Cybersecurity. We turned in our final report to the White House on Thursday, December 1, and it was released to the public the next day.

Analysis and Commentary

A Two-Person Rule For Ordering The Use Of Nuclear Weapons, Even For POTUS?

by Herbert Linvia Lawfare
Wednesday, November 9, 2016

The election has made me contemplate the following question: should even the President of the United States, regardless of party or the individual involved, have the unilateral authority to order the use of nuclear weapons under all possible circumstances?