Cybersecurity is one of the most significant technology challenges that we will face in the coming decade. This is particularly true 1) in the relation to Internet of Things (IoT) devices, where connectivity is outpacing security, 2) in enterprise environments, where legacy cyberdefenses are being outmatched by the extremely sophisticated, rapidly evolving tools available to cyberattackers, and 3) in critical infrastructure, where we are increasingly reliant on systems with cyber-vulnerabilities that we are ill-equipped to find.

I am working on multiple aspects of cybersecurity. I have long been interested in the role of the supply chain, which is an increasingly important source of cybersecurity exposures. I am also very interested in the cybersecurity challenges raised by increasing vehicle automation, and more broadly by IoT devices and the associated networks. In addition, at Stanford I led a Department of Homeland Security-supported project aimed at improving cybersecurity in U.S. critical infrastructure.

Broader Interest Articles and Commentary

John Villasenor, “How the White House’s AI Executive Order could increase U.S. cyber vulnerabilities,The Brookings Institution, November 22, 2023

John Villasenor, “The problems with a moratorium on training large AI systems,The Brookings Institution, April 11, 2023

John Villasenor, “Regulating AI: Four key questions to ask,Fortune, via The Conversation, April 3, 2023

John Villasenor, “How a global website outage underscores the importance of creating a more robust internet,The Brookings Institution, June 10, 2021

John Villasenor, “Reining in overly broad interpretations of the Computer Fraud and Abuse Act,The Brookings Institution, June 7, 2021

John Villasenor, “No, the Laws of Australia Don’t Override the Laws of Mathematics,Lawfare / The Brookings Institution, July 17, 2017

John Villasenor, “Brookings roundtable readout: Advancing cybersecurity and inclusivity within the global financial ecosystem,The Brookings Institution, April 19, 2017

John Villasenor, “Ensuring Cybersecurity In Fintech: Key Trends And Solutions,Forbes, August 25, 2016

John Villasenor, “How Cybersecurity Principles Could Improve Emergency Response To Campus Shootings,Forbes, June 3, 2016

John Villasenor, “5 keys to ensure that the IoT is an Internet of secure things,Forbes Mexico, May 10, 2016 (in Spanish)

John Villasenor, “Some Key Issues In The Apple iPhone Decryption Matter,Forbes, February 21, 2016

John Villasenor, “If Apple Can Create A Backdoor To The iPhone, Could Someone Else?,Forbes, February 17, 2016

John Villasenor, “Designed To Deceive? The Volkswagen Emissions Scandal And The Future Of Cyber Trust,Forbes, September 21, 2015

John Villasenor, “If a Cyberattack Causes a Car Crash, Who Is Liable?,Slate, August 11, 2015

John Villasenor, “Five Lessons On The ‘Security Of Things’ From The Jeep Cherokee Hack,Forbes, July 27, 2015

John Villasenor, “Who Is at Fault When a Driverless Car Gets in an Accident?The Atlantic,, April 25, 2014

John Villasenor, “Could ‘Multisig’ Help Bring Consumer Protection To Bitcoin Transactions?,Forbes, March 28, 2014

John Villasenor and Mohammad Tehranipoor, “The Hidden Dangers of Chop-Shop Electronics: Clever counterfeiters sell old components as new, threatening both military and commercial systems,IEEE Spectrum, September 20, 2013

John Villasenor, “Researchers Discover Hacker-Ready Computer Chips,,” Scientific American, May 29, 2012

John Villasenor, “Securing an Infrastructure Too Complex to Understand,” The Brookings Institution, September 23, 2011

John Villasenor, “The Hacker in Your Hardware,” Scientific American, pages 82-87, August 2010

Policy Papers

John Villasenor, “Artificial Intelligence, Geopolitics, and Information Integrity,The Brookings Institution and ISPI, January 2020

John Villasenor, “Products Liability and Driverless Cars: Issues and Guiding Principles for LegislationThe Brookings Institution, April 2014

John Villasenor, “Compromised By Design? Securing the Defense Electronics Supply ChainThe Brookings Institution, November 2013

John D. Villasenor, Cody Monk, and Christopher Bronk, “Shadowy Figures: Tracking Illicit Financial Transactions,” The Brookings Institution and the James A. Baker III Institute for Public Policy, August 2011

John Villasenor, “Addressing Export Control in the Age of Cloud Computing,” The Brookings Institution, July 25, 2011

John Villasenor, “Ensuring Hardware Cybersecurity,” The Brookings Institution, Issues in Technology Innovation No. 9, May 2011

Law Journal Publication

John Villasenor, “Corporate Cybersecurity Realism: Managing Trade Secrets in a World Where Breaches Occur,” American Intellectual Property Law Association Quarterly Journal, Volume 43, Numbers 2/3, pages 329-357, Spring/Summer 2015. Available through SSRN at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2488756

Technical Papers

Jason Jaskolka and John Villasenor, “An Approach for Identifying and Analyzing Implicit
Interactions in Distributed Systems,” IEEE Transactions on Reliability, March 2017

Jason Jaskolka and John Villasenor, “Identifying Implicit Component Interactions in Distributed Cyber-Physical Systems,” Proceedings of HICSS-50 (Hawaii International Conference on System Sciences), Honolulu, HI, Jan. 2017.

Lok-Won Kim and John Villasenor, “Dynamic Function Verification for System-on-Chip Security against Hardware-Based Attacks,” IEEE Transactions on Reliability, Vol. 64, No. 4, pp. 1229-1242, November 2015.

Lok-Won Kim and John Villasenor, “Dynamic Function Replacement for System-on-Chip Security in the Presence of Hardware-Based Attacks,” IEEE Transactions on Reliability, Vol. 63, No. 2, pp. 661-675, June 2014.

Lok-Won Kim, and John D. Villasenor, “A System-On-Chip Bus Architecture for Thwarting Integrated Circuit Trojan Horses,” IEEE Transactions on VLSI Systems, Vol. 19, No. 10, pp. 1921-1926, October 2011.

Lok-Won Kim, John D. Villasenor and Cetin K. Koc, “A Trojan-resistant system-on-chip bus architecture,” Proceedings of IEEE Military Communication (MILCOM) 2009, Boston, Oct. 2009.