https://hdl.handle.net/1721.1/104841 ECIR is a collaborative and interdisciplinary research program that seeks to create a field of international cyber relations for the 21st century. 2026-04-07T12:49:31Z https://hdl.handle.net/1721.1/141777 Lost in cyberspace: Harnessing the Internet, international relations, and global security Choucri, Nazli; Goldsmith, Daniel Early in the twenty-first century, new, cyber-based threats to the well-being of individuals, economies, and societies added a new dimension to the well-understood threats of the twentieth century. For the first time in human history, advances in information and communications technologies are potentially accessible to much of the world’s population. These Internet based advances allow almost anyone to disseminate messages, meaning that a wide range of actors, state and nonstate, have the potential to disrupt networks and commerce with relatively little fear of discovery. In cyberspace, it is hard to know with certainty what is behind a particular action—and actions in one place can have effects around the world. A powerful example of how advances in cyberspace have changed the national security environment is the deployment of Stuxnet, a complex piece of malicious software that reportedly damaged the uranium enrichment facilities of Iran’s nuclear program (Broad and Sanger, 2010). Both Israel and the United States have been blamed as creators of the virus, but in part because of the nature of cyberspace, the origin of the software remains in dispute.1 Another apparent case of international relations conducted in cyberspace were the 2007 cyber attacks that overwhelmed the websites of prominent Estonian organizations, including public-sector agencies, banks, and media firms. Some Estonian officials blamed Russia for the attacks, but responsibility was never proved. Similarly, in 2010 Google announced that it and a variety of high-tech, security, and defense firms had been targeted in an attempt, apparently originating in China, to gain access to and steal valuable digitized information. The episode resulted in a temporary shutdown of Google’s China site. 2012-03-01T00:00:00Z https://hdl.handle.net/1721.1/141775 Cyber 9/12 student challenge Wolff, Josephine; Young, William E.; Smith, Evann On June 15, 2013, the Atlantic Council’s Cyber Statecraft Initiative, with Science Applications International Corporation (SAIC), held the first student competition devoted to high-level policy recommendations for day-after responses to a major cyber attack. Held at American University’s School of International Service, the competition brought together more than sixty-five students—from undergraduates to PhD candidates—organized into nineteen teams and representing seventeen universities. In addition, twenty-one experts drawn from the top ranks of the US Department of Defense, US Department of State, White House, and leading cyber security firms participated as judges. Congratulations to ECIR’s very own, Colonel William E. Young, Jr., Josephine Wolff and Evann Smith for winning the “Best Written Brief.” 2013-06-15T00:00:00Z https://hdl.handle.net/1721.1/141774 Cyber international relations as an integrated system Vaishnav, Chintan; Choucri, Nazli; Clark, David D International Relations (IR) – whether in pursuit of wealth or power – have been traditionally predicated upon the dominance of the State and the effectiveness of geographical boundaries. The Internet has shattered these assumptions. Consequently, the properties of information goods such as information security, control, or freedom, or those of international activities such as trade, or diplomacy must be framed in the context of emergent behaviors of a system where the Cyberspace interacts with traditional IR. The purpose of this paper is to conceptualize the hitherto separate domains of Cyberspace and International Relations into an integrated socio-technical system that we jointly call Cyber International Relations (Cyber-IR) System, and to identify and analyze its emergent properties utilizing the methods of engineering systems. Our work is an exploration in both theory and methodology. We begin by identifying important actors in Cyberspace and IR, and the core functions they perform for their respective systems. In doing so, we disambiguate important questions of system boundary. We then create a domain structure matrix (DSM) of the interdependencies among the core functions of the various actors. This method enables us to integrate the domains of Cyberspace and IR that we then examine in two ways. First, we qualitatively analyze DSM to show how Cyber-IR is characterized by the activities of multiple actors who are interdependent in various ways, and who are highly heterogeneous in their roles and capabilities. Second, we perform quantitative analysis using several matrix-based techniques to illustrate and verify how certain core functions are more important than others, and why attributes such as geographical location, economic status, etc., of the actor shape their influence in Cyber- IR. This work forms a baseline for further understanding of the nature of the heterogeneous influences of the various actors, and the various outcomes that could result from it. 2012-06-18T00:00:00Z https://hdl.handle.net/1721.1/141773 Experiences and challenges with using CERT data to analyze international cyber security. Madnick, Stuart E.; Li, Xitong; Choucri, Nazli With the increasing interconnection of computer networks and sophistication of cyber attacks, it is important to understand the dynamics of such situations, especially in regards to cyber international relations. The Explorations in Cyber International Relations (ECIR) Data Dashboard Project is an initiative to gather worldwide cybersecurity data publicly provided by nation-level Computer Emergency Response Teams (CERTs) and to provide a set of tools to analyze the cybersecurity data. The unique contributions of this paper are: (1) an evaluation of the current state of the diverse nation-level CERT cybersecurity data sources, (2) a description of the Data Dashboard tool developed and some interesting analyses from using our tool, and (3) a summary of some challenges with the CERT data availability and usability uncovered in our research. 2009-09-01T00:00:00Z https://hdl.handle.net/1721.1/141771 Modeling the influence of narratives on collective behavior Houghton, James; Siegel, Michael; Goldsmith, Daniel This paper considers the problem of understanding the influences of narratives or stories on individual and group behavior. Narrative theory describes how stories help people make sense of the world, and is being used to explain behavior in domains such as security, health care, and consumer behavior. We are interested in using narrative theory to develop better predictions of behavior and have developed a multi-methodology approach to combine narrative influence with system dynamics modeling of group behavior. Our model quantifies how individuals use narratives to understand current events and make decisions. We model the time-varying strength of cultural narratives as a degree of belief in the narrative’s explanatory power, updated heuristically in response to observations about similarity between cultural narratives and current events. We use Twitter posts to measure narrative-significant observations in the real world. Using this approach, we investigate a case study of the violent riots in London in 2011 and demonstrate how relevant narratives can be identified, monitored, and included in behavior models to predict violent activity. 2013-07-21T00:00:00Z https://hdl.handle.net/1721.1/141769 Cyber international relations as an integrated system Vaishnav, Chintan; Choucri, Nazli; Clark, David D The purpose of this paper is to conceptualize the hitherto separate domains of Cyberspace and Interna- tional Relations into an integrated socio-technical system that we jointly call the cyber International Relations (Cyber-IR) system and to identify and analyze its emergent properties utilizing the methods common to science and engineering systems adapted here for the social sciences. Our work is an exploration in both theory and methodol- ogy. This paper (a) identifies the actors and functions in the core systems, Cyberspace, and IR, (b) disambiguates sys- tem boundary, (c) creates a design structure matrix (DSM), a matrix of the interdependencies among functions of actors, (d) analyzes DSM qualitatively to show multiple interdependent and heterogeneous Cyber-IR properties, and (e) analyzes quantitatively the differential importance of core functions as well as the impact of actor attributes on influence in Cyber-IR. This work forms a baseline for further understanding of the nature of the heterogeneous influences of the various actors and the various outcomes that could result from it. 2017-11-17T00:00:00Z https://hdl.handle.net/1721.1/141768 Institutions for cyber security: International responses and global imperatives Choucri, Nazli; Madnick, Stuart E.; Ferwerda, Jeremy Almost everyone recognizes the salience of cyberspace as a fact of daily life. Given its ubiquity, scale, and scope, cyberspace has become a fundamental feature of the world we live in and has created a new reality for almost everyone in the developed world and increasingly for people in the developing world. This paper seeks to provide an initial baseline, for representing and tracking institutional responses to a rapidly changing international landscape, real as well as virtual. We shall argue that the current institutional landscape managing security issues in the cyber domain has developed in major ways, but that it is still “under construction.” We also expect institutions for cyber security to support and reinforce the contributions of information technology to the development process. We begin with (a) highlights of international institutional theory and an empirical “census” of the institutions-in-place for cyber security, and then turn to (b) key imperatives of information technology-development linkages and the various cyber processes that enhance developmental processes, (c) major institutional responses to cyber threats and cyber crime as well as select international and national policy postures so critical for industrial countries and increasingly for developing states as well, and (d) the salience of new mechanisms designed specifically in response to cyber threats. 2013-10-22T00:00:00Z https://hdl.handle.net/1721.1/141767 Tight revenue bounds with possibilistic beliefs and level-k rationality Chen, Jing; Micali, Silvio; Pass, Rafael Mechanism design enables a social planner to obtain a desired outcome by leveraging the players’ rationality and their beliefs. It is thus a fundamental, but yet unproven, intuition that the higher the level of rationality of the players, the better the set of obtainable outcomes. In this paper, we prove this fundamental intuition for players with possibilistic beliefs, a model long considered in epistemic game theory. Specifically, • We define a sequence of monotonically increasing revenue benchmarks for single- good auctions, G0 ≤ G1 ≤ G2 ≤ · · ·, where each Gi is defined over the players’ beliefs and G0 is the second-highest valuation (i.e., the revenue benchmark achieved by the second-price mechanism). • We (1) construct a single, interim individually rational, auction mechanism that, without any clue about the rationality level of the players, guarantees revenue Gk if all players have rationality levels ≥ k + 1, and (2) prove that no such mechanism can guarantee revenue even close to Gk when at least two players are at most level-k rational. 2015-07-01T00:00:00Z https://hdl.handle.net/1721.1/141765 What is cybersecurity? Explorations in automated knowledge generation Choucri, Nazli; Elbait, Gihan Daw; Madnick, Stuart E. This paper addresses a serious impediment to theory and policy for cybersecurity: Trivial as it might appear on the surface, there is no agreed upon understanding of the issue, no formal definition, and not even a consensus on the mere spelling of the terms –– so that efforts to develop policies and postures, or capture relevant knowledge are seriously hampered. In this context, we present a “proof of concept” for a new research strategy based on a close examination of a large corpus of scholarly knowledge, and the extent to which it enables us to generate new knowledge about cybersecurity of relevance to international relations and to national security relevant to the nation’s security and to international relations. Given the new cyber realities, this paper is also a “proof” of how to create new knowledge through automated investigations of the record to date. 2012-11-06T00:00:00Z https://hdl.handle.net/1721.1/141764 Knightian auctions Chiesa, Alessandro; Micali, Silvio; Zhu, Zeyuan Allen We study single-good auctions in a setting where each player knows his own valuation only within a constant multiplicative factor δ ∈ (0, 1), and the mech- anism designer knows δ. The classical notions of implementation in dominant strategies and implementation in undominated strategies are naturally extended to this setting, but their power is vastly different. On the negative side, we prove that no dominant-strategy mechanism can guarantee social welfare that is significantly better than that achievable by as- signing the good to a random player. On the positive side, we provide tight upper and lower bounds for the fraction of the maximum social welfare achievable in undominated strategies, whether deterministically or probabilistically. 2012-01-10T00:00:00Z https://hdl.handle.net/1721.1/141763 Possibilistic beliefs and higher-level rationality Chen, Jing; Micali, Silvio; Pass, Rafael We consider rationality and rationalizability for normal-form games of incomplete information in which the players have possibilistic beliefs about their opponents. In this setting, we prove that the strategies compatible with the players being level-k rational coincide with the strategies surviving a natural k-step iterated elimination procedure. We view the latter strategies as the (level-k) rationalizable ones in our possibilistic setting. Rationalizability was defined by Pearce [23] and Bernheim [12] for complete-information settings. Our iterated elimination procedure is similar to that proposed by Dekel, Fuden- berg, and Morris [14] in a Bayesian setting. For other iterated elimination procedures and corresponding notions of rationalizability in Bayesian settings, see Brandenburger and Dekel [9], Tan and Werlang [24], Battigalli and Siniscalchi [8], Ely and Peski [15], Weinstein and Yildiz [25], and Halpern and Pass [19]. 2014-06-09T00:00:00Z https://hdl.handle.net/1721.1/141762 Resilient and virtually perfect revenue from perfectly informed players Chen, Jing; Hassidim, Avinatan; Micali, Silvio We put forward a new extensive-form mechanism that, in a general context with perfectly informed players and quasi-linear utilities, • Virtually achieves optimal revenue at a unique subgame-perfect equilibrium; • Is perfectly resilient to the problems of collusion, complexity, and privacy; and • Works for any number of players n > 1. 2010-01-13T00:00:00Z https://hdl.handle.net/1721.1/141761 Simulation modeling for cyber resilience Siegel, Michael; Goldsmith, Daniel Identifying high-leverage intervention points to increase cyber resiliency—the ability to provide and maintain acceptable service levels in the face of challenges— requires identifying, integrating, and framing a diverse set of strategies that cut across boundaries of governments, corporation, non-profits, and individuals. Drawing on a preliminary framework developed by Jonathan Zittrain, we identify several sources of corporate interventions and suggest possible trajectories for intervention effectiveness over time by utilizing simulation modeling. The overall goal of this research is to develop innovative management and operational approaches using experts, emerging data sets, policy analysis, and relevant theory, along with simulation-modeling, to enable real-world implementation of high-leverage opportunities to promote corporate resiliency to cyber threats. 2010-10-01T00:00:00Z https://hdl.handle.net/1721.1/141760 Understanding cyber complexity: Systems modeling and the financial services sector Goldsmith, Daniel; Siegel, Michael Recent developments within the financial services sector have demonstrated that as the diffusion of cyber enabled technologies increases, so too does dependency on a cyber infrastructure susceptible to failure, outages, and attacks. While current efforts are underway to introduce new methodologies and techniques to manage risks, particularly localized risks (such as those at a particular firm), developing resiliency at the system level requires transformative thinking to increase collaborative situational awareness, improve our understanding of risk, foster strategic coordination, and define actionable plans at the sector level to address pervasive sector-wide risk. The overall goal of this research is to develop innovative management and operational approaches using experts and emerging data sets available from the financial services industry along with simulation-driven technologies to enable real-world implementation of high- leverage opportunities to promote financial services resiliency. 2010-02-01T00:00:00Z https://hdl.handle.net/1721.1/141759 Systematic approaches to cyber insecurity Goldsmith, Daniel; Siegel, Michael Recent developments have demonstrated that as the diffusion of cyber enabled technologies increases, so too does dependency on a cyber infrastructure susceptible to failure, outages, and attacks. While current efforts are underway to introduce new methodologies and techniques to manage risks, particularly localized risks (such as those at a particular firm), developing resiliency at the system level requires transformative thinking to increase collaborative situational awareness, improve our understanding of risk, foster strategic coordination, and define actionable plans at the sector level to address pervasive sector-wide risk. The overall goal of this research is to develop innovative management and operational approaches using experts, emerging data sets, policy analysis, and relevant theory, along with simulation- modeling, to enable real-world implementation of high-leverage opportunities to promote corporate resiliency to cyber threats. 2012-01-01T00:00:00Z https://hdl.handle.net/1721.1/141758 Perspectives on cybersecurity: A collaborative study Choucri, Nazli; Jackson, Chrisma 1. Cybersecurity – Problems, Premises, Perspectives 2 An Abbreviated Technical Perspective on Cybersecurity 3 The Conceptual Underpinning of Cyber Security Studies 4 Cyberspace as the Domain of Content 5 DoD Perspective on Cyberspace 6 China’s Perspective on Cyber Security 7 Pursuing Deterrence Internationally in Cyberspace 8 Is Deterrence Possible in Cyber Warfare? 9 A Theoretical Framework for Analyzing Interactions between Contemporary Transnational Activism and Digital Communication 2015-01-01T00:00:00Z https://hdl.handle.net/1721.1/141757 Integrating cyberspace and international relations: The co-evolution dilemma Choucri, Nazli; Clark, David D Cyberspace is a fact of daily life. Until recently cyberspace was considered largely a matter of low politics – the term used to denote background conditions and routine decisions and processes. By contrast high politics is about national security, core institutions, and decision systems that are critical to the state, its interests, and its underlying values. We now see cyberspace shaping the domain of high politics, and high politics shaping the future of cyberspace. The field of international relations, rooted in 20th century issues and theories, has not kept pace with the emerging significance of cyberspace. This paper addresses what we call the co-evolution dilemma: as cyberspace and international politics now start to shape each other, we have few conceptual anchors to fully identify, let alone model, the potential collision of law, policy and practice in the cyber arena with shared norms, common practices, and modes of interactions in international relations that have evolved over time. At a minimum, we need to develop a map of the joint domain of cyberspace and international relations. Our purpose here is to (1) develop an alignment strategy to connect the Internet, the core of cyberspace, and international relations (2) introduce the control point analysis, a method we have developed to explicate dynamics among cyber-actors, in terms of their relative power and influence, and (3) highlight critical co-evolution parameters embedded in the fabric of world politics. 2012-11-06T00:00:00Z https://hdl.handle.net/1721.1/141756 Rational robustness for mechanism design Chen, Jing; Micali, Silvio The currently prevailing equilibrium-based approach to mechanism design suffers from a plurality of fundamental problems, and new conceptual frameworks are needed to solve or sufficiently alleviate them. In this paper, we put forward rational robustness, a new solution concept implementation notion that is not equilibrium-based; prove its fundamental structural theorems; and compare it with prior notions. Our notion of implementation is specifically built so as to be robust against the problem of equilibrium selection. We prove it robust against other fundamental problems as well in different papers. First Draft. 2009-11-10T00:00:00Z https://hdl.handle.net/1721.1/141755 Resilient mechanism design foundations for governance of cyberspace: Exploration in theory, strategy, and policy Micali, Silvio; Choucri, Nazli; Chen, Jing; Williams, Cindy Three related trends in world politics – shifting in power relations, increased diversity of actors and entities, and the growing mobilization and politicization of global constituencies are contributing to a global “tussle” which threatens to erupt in a full-fledged international confrontation. Such contests may well reinforce the potentially powerful cleavages, such as those that became evident before, during, and after the World Conference on Information Technology, WCIT-2012. If present trends continue, it is unlikely that WCIT-2013 will reduce the cleavages and resolve the contentions. We would like to thank Professor Lucas Stanczyk, Department of Political Science, MIT, for comments on an earlier version. 2013-09-01T00:00:00Z https://hdl.handle.net/1721.1/141754 Exploring terms and taxonomies relating to the cyber international relations research field: Or are "cyberspace" and "cyber space" the same? Camiña, Steven; Madnick, Stuart E.; Choucri, Nazli; Woon, Wei Lee This project has at least two facets to it: (1) advancing the algorithms in the sub-field of bibliometrics often referred to as "text mining" whereby hundreds of thousands of documents (such as journal articles) are scanned and relationships amongst words and phrases are established and (2) applying these tools in support of the Explorations in Cyber International Relations (ECIR) research effort. In international relations, it is important that all the parties understand each other. Although dictionaries, glossaries, and other sources tell you what words/phrases are supposed to mean (somewhat complicated by the fact that they often contradict each other), they do not tell you how people are actually using them. As an example, when we started, we assumed that "cyberspace" and "cyber space" were essentially the same word with just a minor variation in punctuation (i.e., the space, or lack thereof, between "cyber" and "space") and that the choice of the punctuation was a rather random occurrence. With that assumption in mind, we would expect that the taxonomies that would be constructed by our algorithms using "cyberspace" and "cyber space" as seed terms would be basically the same. As it turned out, they were quite different, both in overall shape and groupings within the taxonomy. Since the overall field of cyber international relations is so new, understanding the field and how people think about (as evidenced by their actual usage of terminology, and how usage changes over time) is an important goal as part of the overall ECIR project. 2011-08-01T00:00:00Z https://hdl.handle.net/1721.1/141753 The dynamics of undersea cables: Emerging opportunities and pitfalls Sechrist, Michael; Vaishnav, Chintan; Goldsmith, Daniel; Choucri, Nazli Cyberspace is built on physical foundations that support the “virtual” manifestations we know of and use in everyday computing. Physical infrastructure can include wired, fiber optic, satellite and microwave links, as well as routing equipment. An often overlooked but critical part of the Internet infrastructure is undersea communication cable links. Undersea cables are the technology of choice to move large amounts of data around the world quickly. In the U.S., approximately 95% of all international Internet and phone traffic travel via undersea cables. Nearly all government traffic, including sensitive diplomatic and military orders, travels these cables to reach officials in the field. The problem, however, is that the undersea cable infrastructure is susceptible to several types of vulnerability, including: rising capacity constraints, increased exposure to disruption from both natural and mad-made sources, and emerging security risks from cable concentration in dense geographical networks (such as New York and New Jersey, and places like Egypt/Suez Canal.) Moreover, even under normal working conditions, there is a concern whether governance-as-usual can keep up with the future growth of Internet traffic. In this paper, we explore the impact of these problems on the dynamics of managing undersea cable infrastructure. 2012-07-26T00:00:00Z https://hdl.handle.net/1721.1/141752 Comparative analysis of cybersecurity metrics to develop new hypotheses Madnick, Stuart E.; Choucri, Nazli; Li, Xitong; Ferwerda, Jeremy Few Internet security organizations provide comprehensive, detailed, and reliable quantitative metrics, especially in the international perspective across multiple countries, multiple years, and multiple categories. As common refrain to justify this situation, organizations ask why they should spend valuable time and resources collecting and standardizing data. This report aims to provide an encouraging answer to this question by demonstrating the value that even limited metrics can provide in a comparative perspective. We present some findings generated through the use of a research tool, the Explorations in Cyber Internet Relations (ECIR) Data Dashboard. In essence, this dashboard consists of a simple graphing and analysis tool, coupled with a database consisting of data from disparate national-level cyber data sources provided by governments, Computer Emergency Response Teams (CERTs), and international organizations. Users of the dashboard can select relevant security variables, compare various countries, and scale information as needed. In this paper, using this tool, we present an example of observations concerning the fight against cybercrime, along with several hypotheses attempting to explain the findings. We believe that these preliminary results suggest valuable ways in which such data could be used and we hope this research will help provide the incentives for organizations to increase the quality and quantity of standardized quantitative data available. 2011-11-01T00:00:00Z https://hdl.handle.net/1721.1/141751 Towards better understanding cybersecurity: Or are "cyberspace" and "cyber space" the same? Madnick, Stuart E.; Camiña, Steven; Choucri, Nazli; Woon, Wei Lee Although there are many technology challenges and approaches to attaining cybersecurity, human actions (or inactions) also often pose large risks. There are many reasons, but one problem is whether we all “see the world” the same way. That is, what does “cybersecurity” actually mean – as well as the many related concepts, such as “cyberthreat,” “cybercrime,” etc. Although dictionaries, glossaries, and other sources tell you what words/phrases are supposed to mean (somewhat complicated by the fact that they often contradict each other), they do not tell you how people are actually using them. If we are to have an effective solution, it is important that all the parties understand each other – or, at least, understand that there are different perspectives. For the purpose of this poster and to demonstrate our methodology, we consider the case of the words, “cyberspace” and “cyber space.” We had developed techniques and algorithms for the automated generation of taxonomies for chosen “seed terms” (such as “cyberspace” and “cyber space”) based on the co-occurrence of those words in the list of keywords of documents in large document repositories, such as Compendex and Inspec. The system that we had developed and used in this experiment employed the Heymann algorithm, closeness centrality, cosine similarity metric (which we refer to as H-CC). When we started, we assumed that “cyberspace” and “cyber space” were essentially the same word with just a minor variation in punctuation (i.e., the space, or lack thereof, between “cyber” and “space”) and that the choice of the punctuation was a rather random occurrence. With that assumption in mind, we would expect that the usage of these words would be basically the same and would produce roughly similar taxonomies. As it turned out, the taxonomies generated were quite different, both in overall shape and groupings within the taxonomy. Since the overall field of cybersecurity is so new, understanding the field and how people think about it (as evidenced by their actual usage of terminology, and how usage changes over time) is an important goal. Our approach helps to illuminate these understandings. 2012-12-15T00:00:00Z https://hdl.handle.net/1721.1/141750 Explorations in cyber international relations (ECIR)—data dashboard report #1: CERT data sources and prototype dashboard system Madnick, Stuart E.; Choucri, Nazli; Camiña, Steven; Fogg, Erik; Li, Xitong; Woon, Wei Lee Growing global interconnection and interdependency of computer networks, in combination with increased sophistication of cyber attacks over time, demonstrate the need for better understanding of the collective and cooperative security measures needed to prevent and respond to cybersecurity emergencies. The Exploring Cyber International Relations (ECIR) Data Dashboard project is an initial effort to gather and analyze such data within and between countries. This report describes the prototype ECIR Data Dashboard and the initial data sources used. In 1988, the United States Department of Defense and Carnegie Mellon University formed the Computer Emergency Response Team (CERT) to lead and coordinate national and international efforts to combat cybsersecurity threats. Since then, the number of CERTs worldwide has grown dramatically, leading to the potential for a sophisticated and coordinated global cybersecurity response network. This report focuses primarily on the current state of the worldwide CERTs, including the data publicly available, the extent of coordination, and the maturity of data management and responses. The report summarizes, analyses, and critiques the worldwide CERT network. Additionally, the report describes the ECIR team's Data Dashboard project, designed to provide scholars, policymakers, IT professionals, and other stakeholders with a comprehensive set of data on national-level cybersecurity, information technology, and demographic data. The Dashboard allows these stakeholders to observe chronological trends and multivariate correlations that can lead to insight into the current state, potential future trends, and approximate causes of global cybersecurity issues. This report summarizes the purpose, state, progress, and challenges of developing the Data Dashboard project. Disclaimer: This report relies on publicly available information, especially from the CERTs’ pubic web sites. They have not yet been contacted to confirm our understanding of their data. That will be done in subsequent phases of this effort. 2009-08-10T00:00:00Z https://hdl.handle.net/1721.1/141749 System dynamics modeling for pro-active intelligence Anderson, Ed; Choucri, Nazli; Goldsmith, Daniel; Madnick, Stuart E.; Siegel, Michael; Sturtevant, Dan The Pro-Active Intelligence (PAINT) program, sponsored by the Intelligence Advanced Research Projects Activity (IARPA), was formed to address the challenges1 posed by distributed human networks, including terrorists and insurgencies, both independent and state-sponsored. In particular, certain threats (including emerging dual-use technologies) are difficult to detect using traditional intelligence means because: (a) indicators are difficult to discern and may give little warning time, (b) there is usually limited relevant data collection and integration capability, and (c) expertise is generally diverse and disconnected. Over the course of 18 months from September 2007 to February 2009, an effort, led by researchers from MIT, was initiated to develop computational social science models to study and understand the dynamics of complex intelligence targets for nefarious technology activities (broadly defined as activities outside U.S. national interest). System dynamics models were developed because they offered great opportunities to (a) understand and represent determinants of nefarious technology development, (b) to identify aspects of critical pathways, such as resource management, towards the development of nefarious technologies, and (c) support a modeling based strategy for the identification of new sources of intelligence. This report describes the “System Dynamics Modeling for Pro-Active Intelligence” effort and its two thrusts: (a) development of a comprehensive holistic system dynamics model to represent, understand, and differentiate nefarious and benign activities and (b) the development of a detailed system dynamics resource model that can be used as a component of a multi-method federation of models. In both cases, simulations were conducted to illustrate the effectiveness of these models in demonstrating system behavior and, on occasion, highlighting potentially counter-intuitive behaviors. Final Report: Proactive Intelligence (PAINT) CONTRACT FA8750-07-C-0101 ISSUED BY AFRL/IFKE CODE FA8750 6. ADMINISTERED BY CODE N62879 USAF, AFMC AIR FORCE RESEARCH LABORATORY 26 ELECTRONIC PARKWAY ROME NY 13441-4514 2009-11-04T00:00:00Z https://hdl.handle.net/1721.1/141748 A survey of methods for data inclusion in system dynamics models: Methods, tools and applications Houghton, James; Siegel, Michael; Wirsch, Anton; Moulton, Allen; Madnick, Stuart E.; Goldsmith, Daniel Numerical data is experiencing a renaissance because 1) traditional data such as census and economic surveys are more readily accessible 2) new sensors are measuring things that have never been measured before, and 3) previously 'unstructured' data - such as raw text, audio, images, and videos - is becoming more amenable to quantification. Because of this explosion and the popular buzz surrounding ‘Big Data’, clients expect to see strong incorporation of data methods into dynamic models, and it is imperative that System Dynamics Modelers are fully versed in the techniques for doing so. The SD literature contains surveys that explain methods for including data in system dynamics modeling, but techniques have continued to develop. This paper attempts to bring these surveys up to date, and serve as a menu of modern techniques. 2014-07-20T00:00:00Z https://hdl.handle.net/1721.1/141747 The cultivation of global norms as part of a cyber security strategy Hurwitz, Roger 2013-01-01T00:00:00Z https://hdl.handle.net/1721.1/141724 The role of cyberspace in international relations: A view of the literature Reardon, Robert; Choucri, Nazli This paper reviews the literature on cyber international relations of the previous decade. The review covers all journal articles on the role of cyberspace and information technology that appeared in 26 major policy, scholarly IR, and political science journals between the years 2001- 2010. The search yielded 49 articles, mostly from policy journals. The articles are sorted into five distinct issue areas: global civil society, governance, economic development, the effects on authoritarian regimes, and security. The review identifies, and discusses the significance of three unifying themes throughout all of the articles: efforts to define the relevant subject of analysis; cyberspace’s qualitatively transformative effects on international politics, particularly the empowerment of previously marginalized actors; and, at the highest analytic level, efforts to theoretically capture the mutually embedded relationship between technology and politics. These themes can help guide future research on cyber international relations, and focus attention on ways that debates within each of the five distinct issue areas are interconnected, and can be usefully approached using a unified conceptual framework. 2012-04-01T00:00:00Z https://hdl.handle.net/1721.1/141723 Story retrieval and comparison using concept patterns Krakauer, Caryn E.; Winston, Patrick Henry Traditional story comparison uses key words to determine similarity. However, the use of key words misses much of what makes two stories alike. The method we have developed use high level concept patterns, which are comprised of multiple events, and compares them across stories. Comparison based on concept patterns can note that two stories are similar because both contain, for example, revenge and betrayal concept patterns, even though the words revenge and betrayal do not appear in either story, and one may be about kings and kingdoms while the other is about presidents and countries. Using a small corpus of 15 conflict stories, we have shown that similarity measurement using concept patterns does, in fact, differ substantially from similarity measurement using key words. The Goldilocks principle states that features should be of intermediate size; they should be not too big, and they should not too small. Our work can be viewed as adhering to the Goldilocks principle because concept patterns are features of intermediate size, hence not so large as an entire story, because no story will be exactly like another story, and not so small as individual words, because individual words tend to be common in all stories taken from the same domain. While our goal is to develop a human competence model, we note application potential in retrieval, prediction, explanation, and grouping. 2012-05-26T00:00:00Z https://hdl.handle.net/1721.1/141721 Computational representations of high profile international cyber incidents Hurwitz, Roger; Winston, Patrick Henry Several high profile incidents have shaped both popular and government understanding of international cyber conflicts. One of the most iconic is the distributed denial of service attack (DDoS) on Estonian government, media and financial sites in April-May, 2007. The attack by “hacktivists” in Russia, perhaps supported by the Russian government, was a response to symbolic and legal moves by the Estonian government to expunge traces of Estonia’s subjugation to the Soviet Union. The disruptions from the DDoS, though temporary, were severe because Estonia by its own choice was one of the most wired countries in Europe. The shock of the attack was also felt elsewhere. NATO had to weigh a response to a cyber attack on one of its members; many governments, including the Bush administration, more sharply saw cyber vulnerability as a threat to national security. 2011-03-16T00:00:00Z https://hdl.handle.net/1721.1/141720 The prevalence of descriptive referring expressions in news and narrative Hervaś, Raquel; Finlayson, Mark Alan Generating referring expressions is a key step in Natural Language Generation. Researchers have focused almost exclusively on generating distinctive referring expressions, that is, referring expressions that uniquely identify their intended referent. While undoubtedly one of their most important functions, referring expressions can be more than distinctive. In particular, descriptive referring expressions – those that provide additional information not required for distinction – are critical to flu- ent, efficient, well-written text. We present a corpus analysis in which approximately one-fifth of 7,207 referring expressions in 24,422 words of news and narrative are descriptive. These data show that if we are ever to fully master natural language generation, especially for the genres of news and narrative, researchers will need to de- vote more attention to understanding how to generate descriptive, and not just distinctive, referring expressions. 2010-07-11T00:00:00Z https://hdl.handle.net/1721.1/141718 Cyber politics: Understanding the use of social media for dissident movements in an integrated state stability framework Goldsmith, Daniel; Siegel, Michael Recent events in North Africa and the Gulf States have highlighted both the fragility of states worldwide and the ability of coordinated dissidents to challenge or topple regimes. The common processes of ‘loads’ generated by dissident activities and the core features of state resilience and its ‘capacity’ to withstand these ‘loads’ have been explored in the traditional “real world” view. More recently, however, there has been increased attention to the “cyber world”—the role of cyber technologies in coordinating and amplifying dissident messages, as well as in aiding regimes in suppressing anti-regime dissidents. As of yet, these two views (real and cyber) have not been integrated into a common framework that seeks to explain overall changes in regime stability over time. Further, emerging uses of social media technologies, such as Twitter have not fully been examined within an overall framework of state stability that represents the nature and dynamics of ‘loads’ generated by dissident activities in the real (i.e. protests) and cyber (i.e. planning and coordination via cyber venues) domains. 2012-08-19T00:00:00Z https://hdl.handle.net/1721.1/141715 Untangling attribution Clark, David D; Landau, Susan In February 2010, former NSA Director Mike McConnell wrote that, “We need to develop an early- warning system to monitor cyberspace, identify intrusions and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options—and we must be able to do this in milliseconds. More specifically, we need to reengineer the Internet to make attribution, geolocation, intelligence analysis and impact assessment—who did it, from where, why and what was the result—more manageable.”2 This statement is part of a recurring theme that a secure Internet must provide better attribution for actions occurring on the network. Although attribution generally means assigning a cause to an action, this meaning refers to identifying the agent responsible for the action (specifically, “determining the identity or location of an attacker or an attacker’s intermediary”3). This links the word to the more general idea of identity, in its various meanings. Attribution is central to deterrence, the idea that one can dissuade attackers from acting through fear of some sort of retaliation. Retaliation requires knowing with full certainty who the attackers are. The Internet was not designed with the goal of deterrence in mind, and perhaps a future Internet should be designed differently. In particular, there have been calls for a stronger form of personal identification that can be observed in the network. A non-technical version of this view was put forward as: “Why don’t packets have license plates?” This is called the attribution problem. There are many types of attribution, and different types are useful in different contexts. We believe that what has been described as the attribution problem is actually a number of problems rolled together. Attribution is certainly not one size fits all. 2010-01-01T00:00:00Z https://hdl.handle.net/1721.1/141711 The problem isn't attribution: It's multi-stage attacks Clark, David D; Landau, Susan As a result of increasing spam, DDoS attacks, cybercrime, and data exfiltration from corporate and government sites, there have been multiple calls for an Internet architecture that enables better network attribution at the packet layer. The intent is for a mechanism that links a packet to some packet level personally identifiable information (PLPII). But cyberattacks and cyberexploitations are more different than they are the same. One result of these distinctions is that packet-level attribution is neither as useful nor as necessary as it would appear. In this paper we discuss why network-level personal attribution is of limited forensic value. We analyze the different types of Internet-based attacks, and observe the role that currently available alternatives to attribution already play in deterrence and prosecution. We focus on the particular character of multi-stage network attacks, in which machine A penetrates and “takes over” machine B, which then does the same to machine C, etc. We consider how these types of attacks might be traced, and observe that any technical contribution can only be contemplated in the larger regulatory context of various legal jurisdictions. Finally we examine the costs of PLPII mechanisms. 2010-11-30T00:00:00Z https://hdl.handle.net/1721.1/141710 Mechanism design with set-theoretic beliefs Chen, Jing; Micali, Silvio In settings of incomplete information, we put forward (1) a very conservative -- indeed, purely set-theoretic -- model of the beliefs (including totally wrong ones) that each player may have about the payoff types of his opponents, and (2) a new and robust solution concept, based on mutual belief of rationality, capable of leveraging such conservative beliefs. We exemplify the applicability of our new approach for single-good auctions, by showing that, under our solution concept, a normal-form, simple, and deterministic mechanism guarantees -- up to an arbitrarily small, additive constant -- a revenue benchmark that is always greater than or equal to the second-highest valuation, and sometimes much greater. By contrast, we also prove that the same benchmark cannot even be approximated within any positive factor, under classical solution concepts. 2011-10-22T00:00:00Z https://hdl.handle.net/1721.1/141709 The evolution of network based cybersecurity norms: An analytical narrative Basuchoudhary, Atin; Choucri, Nazli We examine coordination dilemmas in cybersecurity policy by using an already developed evolutionary game theoretical model [2]. We suggest that norms to encourage network based security systems may not evolve independently of international governance systems. In fact, certain kinds of state action may actually further discourage the evolution of such norms. This paper therefore suggests that specific system-wide cybersecurity systems will be more effective than network-specific security. We build on established analytical frameworks to develop a cumulative understanding of the dynamics at hand. This would allow us, in due course, to extend the contributions of evolutionary game theory to cybersecurity problems. 2014-08-13T00:00:00Z https://hdl.handle.net/1721.1/141708 Rational proofs Azar, Pablo Daniel; Micali, Silvio We study a new type of proof system, where an unbounded prover and a polynomial time verifier interact, on inputs a string x and a function f , so that the Verifier may learn f (x). The novelty of our setting is that there no longer are “good” or “malicious” provers, but only rational ones. In essence, the Verifier has a budget c and gives the Prover a reward r ∈ [0, c] determined by the transcript of their interaction; the prover wishes to maximize his expected reward; and his reward is maximized only if he the verifier correctly learns f (x). Rational proof systems are as powerful as their classical counterparts for polynomially many rounds of interaction, but are much more powerful when we only allow a constant number of rounds. Indeed, we prove that if f ∈ #P, then f is computable by a one-round rational Merlin-Arthur game, where, on input x, Merlin’s single message actually consists of sending just the value f(x). Further, we prove that CH, the counting hierarchy, coincides with the class of languages computable by a constant-round rational Merlin- Arthur game. Our results rely on a basic and crucial connection between rational proof systems and proper scoring rules, a tool developed to elicit truthful information from experts. 2012-05-19T00:00:00Z https://hdl.handle.net/1721.1/141706 Improving interdisciplinary communication with standardized cyber security terminology: A literature review Ramirez, Robert; Choucri, Nazli The growing demand for computer security, and the cyberization trend, are hallmarks of the 21st century. The rise in cyber-crime, digital currency, and e-governance has been well met by a corresponding recent jump in investment in new technology for securing computers around the globe. Business and government sectors have begun to focus effort on comprehensive cyber security solutions. With this effort has emerged a need for greater collaboration between research and industry fields. Despite much effort, there is still too little cross-disciplinary collaboration in the realm of computer security. This paper reviews the new trends, contributions, and identifiable limitations in cyber security research. We argue that these limitations are due largely to the lack of interdisciplinary cooperation required to address a problem that is clearly multifaceted. We then identify a need for further refinement of standard cyber security terminology to facilitate interdisciplinary cooperation, and propose guidelines for the global Internet multistakeholder community to consider when crafting such standards. We also assess the viability of some specific jargon, including whether cyber should be a separate word when used as a descriptor (e.g. cyber-crime or cybercrime), and conclude with recommendations for terminology use when writing papers on cyber security or the new broader field of all things relating to cyberspace, which has recently been dubbed Cybermatics, a term we also examine and propose alternatives to. By furthering the effort to standardize cyber security terminology, this paper lays groundwork for cross-disciplinary collaboration, interaction between technical and nontechnical stakeholders, and drafting of universal Internet governance laws. 2016-03-21T00:00:00Z https://hdl.handle.net/1721.1/141704 Who controls cyberspace? Choucri, Nazli; Clark, David D When Wikileaks released hundreds of thousands of Iraq War logs and diplomatic cables in 2010, a horrified US government sprang into action—but the classified information the government hoped to keep from public view quickly migrated to overseas servers, ensuring that it would likely never be suppressed. After an anti-Islamic movie trailer was posted on YouTube in 2012, the horrified Pakistani government rushed to block its nation’s access to the Internet video service—and, in the process, temporarily disrupted YouTube access around the world. Toward the beginning of the Egyptian revolution, the government of Hosni Mubarak tried to quell the cyber-based aspect of the protest by turning off the Internet, but that effort did little to alter the course of the revolt. China, however, continued to block searches for the terms “Egypt” and “Arab Spring,” with at least some success. Until recently, cyberspace was considered largely a matter of low politics, the term political scientists use to denote background conditions and routine decisions and processes. Over the last decade, though, cyberspace, with the Internet at its core, has clearly begun to shape the domain of high politics—that is, the national security considerations, core institutions, and decision systems that are critical to national governments. Those governments have long held a monopoly on high politics and are, in turn, trying to control the future of cyberspace, with, at best, very limited success. The field of international relations, rooted in 20th-century issues and theories, has not kept pace with the emerging significance of cyberspace; and as the empowered non-state groups and individuals of cyberspace and international politics now simultaneously shape one another, the potential collisions of law, policy, and practice have barely been identified. Before the international community can begin to minimize the negative consequences of those inevitable collisions, it needs to understand how and where cyberspace and international relations intersect and influence one another, and who controls those intersections. 2013-09-01T00:00:00Z https://hdl.handle.net/1721.1/141703 Leveraging possibilistic beliefs in unrestricted combinatorial auctions Chen, Jing; Micali, Silvio In unrestricted combinatorial auctions, we put forward a mechanism that guarantees a meaningful revenue benchmark based on the possibilistic beliefs that the players have about each other’s valuations. In essence, the mechanism guarantees, within a factor of two, the maximum revenue that the “best informed player” would be sure to obtain if he/she were to sell the goods to his/her opponents via take-it-or-leave-it offers. Our mechanism is probabilistic and of an extensive form. It relies on a new solution concept, for analyzing extensive-form games of incomplete information, which assumes only mutual belief of rationality. Moreover, our mechanism enjoys several novel properties with respect to privacy, computation and collusion. 2016-10-26T00:00:00Z https://hdl.handle.net/1721.1/141702 The order independence of iterated dominance in extensive games Chen, Jing; Micali, Silvio Shimoji and Watson (1998) prove that a strategy of an extensive game is rationalizable in the sense of Pearce if and only if it survives the maximal elimination of conditionally dominated strategies. Briefly, this process iteratively eliminates conditionally dominated strategies according to a specific order, which is also the start of an order of elimination of weakly dominated strategies. Since the final set of possible payoff profiles, or terminal nodes, surviving iterated elimination of weakly dominated strategies may be order-dependent, one may suspect that the same holds for conditional dominance. We prove that, although the sets of strategy profiles surviving two arbitrary elimination orders of conditional dominance may be very different from each other, they are equivalent in the following sense: for each player i and each pair of elimination orders, there exists a function φi mapping each strategy of i surviving the first order to a strategy of i surviving the second order, such that, for every strategy profile s surviving the first order, the profile (φi(si))i induces the same terminal node as s does. To prove our results, we put forward a new notion of dominance and an elementary characterization of extensive-form rationalizability (EFR) that may be of independent interest. We also establish connections between EFR and other existing iterated dominance procedures, using our notion of dominance and our characterization of EFR. 2013-01-22T00:00:00Z https://hdl.handle.net/1721.1/141701 Collusive dominant-strategy truthfulness Chen, Jing; Micali, Silvio We show that collusion and wrong beliefs may cause a dramatic efficiency loss in the Vickrey mechanism for auctioning a single good in limited supply. We thus put forward a new mechanism guaranteeing efficiency in a very adversarial collusion model, where the players can partition themselves into arbitrarily many coalitions, exchange money with each other, and perfectly coordinate their actions. Our mechanism bypasses classic impossibility results (such as those of Green and Laffont, and of Schummer) by providing the players with a richer set of strategies, making it dominant for every coalition C to instruct each of its members to report truthfully not only his own valuation, but also his belonging to C. Our mechanism is coalitionally rational, which implies being individually rational for independent players. 2012-01-17T00:00:00Z https://hdl.handle.net/1721.1/141700 Applications of ECIR modeling work to cyber policy problems Williams, Cindy One element of core research underway in Explorations in Cyber International Relations (ECIR) at MIT is dynamic modeling, simulation, and analysis. During 2010 and 2011, this research has pushed forward theoretical frontiers in the modeling of resilient mechanisms to explore the interactions of players involved in multi-player auctions and games, under assumptions that are substantially more realistic than those underlying more traditional models. In the coming year, the team hopes in addition to expand on earlier research in the area of fair electronic exchange. This paper explores three examples of future cyber IR policy applications of the work in dynamic modeling, simulation, and analysis. 2011-03-10T00:00:00Z https://hdl.handle.net/1721.1/141699 Understanding ICANN’s complexity in a growing and changing Internet Testart, Cecilia The ever-increasing relevance of the Internet in all aspects of our lives has significantly raised the interest of cyberspace in the political, economical and international spheres. Internet governance and its future design are now relevant to many different stakeholders eager to influence and engage in the decision and policy-making processes. The Internet Corporations for Assigned Names and Numbers (ICANN) is recognized as the central institution involved in the governance of the global Internet. Specifically, it is in charge of the allocation, coordination and development of policy relating to the critical Internet resources –Internet Protocol addresses, Domain Names System and parameter numbers. It was created in 1998, when the Internet had less than 10% of the current Internet users and the World Wide Web potential was just emerging, and was expected to have a technical mandate. Over time, ICANN structure has evolved, resulting in a large and complex institution, with several internal bodies intermingled with its functions. Nonetheless, a very limited number of Internet users know what ICANN is or what ICANN does, because the Internet has always “just worked”. This paper contributes to the understanding of who participates in ICANN’s decision-making and policy-development processes and how. It first examines in details the internal structure of the organization, and then its structural and financial evolution and change since its early stage. The study is based on an in-depth analysis of the legal, financial and public documents of ICANN, as well as the information published directly by ICANN’s internal bodies. The paper reveals the substantial expansion in scale and scope of ICANN mandate and activities since its creation. ICANN recurring changes leading to the current complex structure and processes for policy development, allowed it to cope with and adapt to growth, evolution and change in the Internet and its usages. Additionally, these processes constitute an outreach mechanism for ICANN to its constituencies. However, the permanent internal restructuring, deter and hinder the follow up by external interested parties such as governments and international organizations, which are now requesting more involvement in policy-development processes concerning the Internet. 2014-01-01T00:00:00Z https://hdl.handle.net/1721.1/141698 Anonymity networks: New platforms for conflict and contention Rady, Mina Access to information is critical during population uprisings against repressive regimes. As a venue for information and data exchange, cyberspace offers many powerful social platforms for exchange of information. But the infrastructure of the Internet allows government to block or censor such platforms. In turn, anonymity networks emerged as conventional mechanisms for Internet users to circumvent government censorship. In this paper we show that anonymity networks became “terrains” for government-population conflict as they enable citizens to overpower governments’ conventional control mechanisms over cyber- information exchanges. We delineate escalations of this cyber-conflict by studying two notable cases: Egypt, a simple case, and Iran, a more complex case. We take Tor network as the anonymity network that is subject of investigation. We highlight the range of actions that each actor can take to retaliate via anonymity networks. We conclude that design specifications and protocols of anonymous communication determine the strategies of escalation. Finally, we lay out the foundation for monitoring and analyzing dynamics and control point analysis of anonymous networks. 2013-01-01T00:00:00Z https://hdl.handle.net/1721.1/141697 Fair electronic exchange with virtual trusted parties Micali, Silvio Assume each of two parties has something the other wants. Then, a Fair exchange is an electronic protocol guaranteeing that either both parties get what they want, or none of them does. Protocols relying on traditional trusted parties easily guarantee such exchanges, but are inefficient and expensive, because a trusted party must be part of (thus be paid for) every execution. We put forward a new class of protocols, relying on virtual trusted parties (a new type of trusted party), and show that they provide Fair exchange more efficiently than before, and at a fraction of the cost. In particular, we provide attractive protocols for Fair certified e-mail and contract signing. https://hdl.handle.net/1721.1/141696 The Chinese Internet: Control through the layers Hung, Shirley China is often described as having the world’s most advanced Internet censorship and surveillance regime.1 It garners much fear and attention in the media and among policymakers, yet most reports focus on specific incidents or capabilities, not the system as a whole. The Great Firewall, which generally refers to the technical implementation of controls, is the most well- known part of the system, but the overall control regime includes a significant human element ranging from police persecution of dissidents to human censors who review individual blog and social media posts to the self-censorship that has become an almost reflexive response among citizens. The control regime implemented by China is in many ways exactly what one would expect of a rational, forward-looking, planning-oriented authoritarian regime determined to remain in power while retaining legitimacy: extensive, pervasive, deeply integrated into the technical apparatus of the Internet, and both reflective of and entwined with the political and social structures in which it is embedded. It is not a perfect regime – not every post the government would deem undesirable is caught or removed – but it is good enough. It utilizes technical tools, self-censorship, and human review to create a system with enough built-in flexibility to enable a fine-grained control of which most political leaders around the world can only dream. 2012-10-30T00:00:00Z https://hdl.handle.net/1721.1/141695 Cyber conflicts in international relations: Framework and case studies Gamero-Garrido, Alexander Although cyber conflict is no longer considered particularly unusual, significant uncertainties remain about the nature, scale, scope and other critical features of it. This study addresses a subset of these issues by developing an internally consistent framework and applying it to a series of 17 case studies. We present each case in terms of (a) its socio-political context, (b) technical features, (c) the outcome and inferences drawn in the sources examined. The profile of each case includes the actors, their actions, tools they used and power relationships, and the outcomes with inferences or observations. Our findings include: • Cyberspace has brought in a number of new players – activists, shady government contractors – to international conflict, and traditional actors (notably states) have increasingly recognized the importance of the domain. • The involvement of the private sector on cybersecurity (“cyber defense”) has been critical: 16 out of the 17 cases studied involved the private sector either in attack or defense. • All of the major international cyber conflicts presented here have been related to an ongoing conflict (“attack” or “war”) in the physical domain. • Rich industrialized countries with a highly developed ICT infrastructure are at a higher risk concerning cyber attacks. • Distributed Denial of Service (DDoS) is by far the most common type of cyber attack. • Air-gapped (not connected to the public Internet) networks have not been exempt from attacks. • A perpetrator does not need highly specialized technical knowledge to intrude computer networks. • The potential damage of a cyber strike is likely to continue increasing as the Internet expands. • The size of the actor under attack could have an influence on its ability to deter the attackers with actions in the physical world. • The entrance barriers (including the monetary cost) for any actor to get involved in a conflict seem to be much lower in the cyber domain than in the physical domain. • Accountability on the Internet is difficult, and gets further obscured when the attacks transcend national borders. This fact has probably made cyber attacks desirable for major military powers such as China, Russia and the United States. In many ways, this paper is a re-analysis of the case studies set presented on A Fierce Domain: Conflict in Cyberspace, 1986 to 2012 recently published by the Atlantic Council. In addition, we draw upon other materials (academic and media) to expand our understanding of each case, and add several cases to the original collection resulting in a data set of 17 cyber conflict, spanning almost three decades (1985-2013). Cuckoo's Egg, Morris Worm, Solar Sunrise, Electronic Disturbance Theater, ILOVEYOU, Chinese Espionage, Estonia, Russo-Georgian war, Conficker, NSA-Snowden, WikiLeaks and Stuxnet are some of the major cases included. 2014-01-01T00:00:00Z https://hdl.handle.net/1721.1/141694 Three views of cyberspace Clark, David D The purpose of this paper is to draw attention to an important but perhaps under- appreciated aspect of the Internet: the emergent idea of a global commons in the use of the Internet, in which people might transcend national boundaries to discuss, plan and organize to further matters of global import, whether environmental regulation, curbing epidemics, mitigating poverty, reducing risks of nuclear wars, promoting individual freedoms, etc. This paper attempts to construct a framework to assess what this commons might be, variations in its practices, the threats it faces, and both technological and political means of protecting or at least preserving it. 2011-01-05T00:00:00Z https://hdl.handle.net/1721.1/141693 Tools of engagement: Mapping the tussles in cyberspace Clark, David D This paper has been prepared as part of the Explorations in Cyber International Relations project being carried out at MIT, Harvard and collaborating institutions. The goal of this paper is to lay the groundwork for the exploration of a fundamental thesis of the project: that the emergence of cyberspace as a phenomenon has shifted the motivations of the various actors that play on the international stage, it has added to the “tools of engagement” that these actors use as they interact, and it has created or empowered new sorts of actors that must now be taken into account in any theory of international relations. This paper, which should at this point be seen as a working draft, incomplete and anecdotal rather than scholarly and thorough, attempts to catalog by example the range of actors and the tools they use as they interact around and in cyberspace. Through these anecdotes, I illustrate classes of actors who either have a motivation to shape cyberspace, or who seem to have undergone a shift in power (up or down) by the emergence of cyberspace, and who are responding to or exploiting this situation. Using various examples, we can start to catalog some of the means by which different actors can exercise influence in cyberspace, and as well understand the new actors that seem to have significant power to influence. At a high level, we want to explore three related questions. 1.1 • • • What are the tools of influence, both direct and indirect, and to what extent does cyberspace create distinctive behavior? Is there anything new? Are there new actors that appear as players in the space of influence—actors that a traditional state actor would not regularly expect to deal with? When influence is exercises, what actors are the preferred targets of that influence? 2012-03-12T00:00:00Z https://hdl.handle.net/1721.1/141692 Characterizing cyberspace: Past, present and future Clark, David D In general terms, most practitioners share a working concept of cyberspace—it is the collection of computing devices connected by networks in which electronic information is stored and utilized, and communication takes place1. Another way to understand the nature of cyberspace is to articulate its purpose, which I will describe as the processing, manipulation and exploitation of information, the facilitation and augmentation of communication among people, and the interaction of people and information. Both information and people are central to the power of cyberspace. If we seek a better understanding of what cyberspace might be, one approach is to identify its salient characteristics: a catalog of its characteristics may be more useful than a list of competing definitions. 2010-03-12T00:00:00Z https://hdl.handle.net/1721.1/141691 Toward the design of a future Internet Clark, David D This document is one very preliminary proposal for the design of a Future Internet—an outline of requirements and architecture. This document should only be seen as a first step in such a proposal; there are many parts that remain to be considered and elaborated. But it does try to offer a rationale for making key design systems. 2009-10-10T00:00:00Z https://hdl.handle.net/1721.1/141690 The expressive power of the Internet design Clark, David D The present Internet is not defined in terms of its semantics, at least at the packet level. The loose packet carriage model of “what comes out is what went in” is intentionally almost semantics-free. The packets just carry bytes. Packet boundaries can have some limited semantics, but not much. The original design presumed some constraints on the semantics of packet headers, such as global addresses, but the progress of time has violated these and the Internet keeps working. TCP does impose some modest semantic constraints, but of course TCP is optional, and not a mandatory part of the architecture. What defines the Internet, and the range of behavior that is available in the Internet, is the expressive power of the packet header, which has more to do with its format than any semantics. Most fields (e.g. packet length) are unremarkable, some (like the TOS bits) have been redefined several times in the history of the Internet, some (like the options) have atrophied, and some (most obviously the IP addresses) have had a most interesting history in which the only constants are that they are 32 bit fields, that whatever value they have at each end must remain constant for the life of a TCP connection (because of the pseudo-header) and that at any locale in the network, they must provide the basis for some router action. They can be rewritten (as in NAT), turned into logical addresses (as in multicast or anycast), and they can be microcoded in a number of ways to capture address hierarchy (net/rest, A/B/C, CIDR). All that really matters is that they are 32 bits long, and that at any point, they must have at least local meaning to a forwarding process. 2009-04-27T00:00:00Z https://hdl.handle.net/1721.1/141689 The convergence of cyberspace and sustainability Choucri, Nazli This paper highlights the emerging synergy between cyberspace (a new arena of interaction) and sustainability (a new initiative on the global agenda), and their convergence on the global policy agenda. This convergence is at the conjunction of two processes, the growing pressures for transitions toward sustainability in the real context of human interactions; and the expanded, cyber-enabled opportunities for the pursuit of goals and objectives. This convergence, unexpected as it was, is a result mainly of the properties of cyberspace as we know it and those of sustainability as we seek to frame it. Reinforced by the role of knowledge in international forums, both cyberspace and sustainability are relative newcomers to international relations theory, policy, and practice. 2012-04-20T00:00:00Z https://hdl.handle.net/1721.1/141688 A view of top-down internet governance Sowell, Jesse Does the audience want more government and regulatory involvement in peering and interconnection world? 2012-06-04T00:00:00Z https://hdl.handle.net/1721.1/141687 International data exchange and a trustworthy host: Focal areas for international collaboration in research and education Mallery, John C. A key message is the acknowledgement that international cooperation is nascent and a more global approach is urgently needed because there is ultimately just one, single global information environment, consisting of the interdependent networks of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. 2011-11-29T00:00:00Z https://hdl.handle.net/1721.1/141686 Co-evolution of cyberspace and international relations: New challenges for the social sciences Choucri, Nazli Created by human ingenuity, cyberspace is a fact of daily life. Until recently, this arena of virtual interaction was considered largely a matter of low politics— the routine, background, and relatively non-contentious. Today cyberspace and its uses have vaulted into the highest realm of high politics – the most salient and contentious forms of interaction. We now appreciate that cyber capabilities are also a source of vulnerability, posing potential threats to national security, and disturbing the familiar and traditional international order. The expansion of cyber access has already influenced the Westphalian-anchored international system in powerful ways. This paper argues that the construction of cyberspace is creating new challenges for the social sciences, the full nature of still remains to be fully understood -- perhaps even calling into question some of its most basic assumptions. We frame these challenges with reference to co- evolution of the new cyber domain and the traditional international system, and then focus more specifically on the emergent synergy between two independent features of the contemporary world order -- cyberspace (an arena of interaction) and sustainability (a policy imperative), and their convergence on the global policy agenda It is no surprise that sustainability is closely connected to security – or alternatively that security is contingent on sustainability. By extension, cyber security is derivative, in that is refers to security in the cyber domain. 2013-10-13T00:00:00Z https://hdl.handle.net/1721.1/141685 The strong story hypothesis and the directed perception hypothesis Winston, Patrick Henry I ask why humans are smarter than other primates, and I hypothesize that an important part of the answer lies in what I call the Strong Story Hypothesis, which holds that story telling and understanding have a central role in human intelligence. Next, I introduce another hypothesis, the Directed Perception Hypothesis, which holds that we derive much of our commonsense, including the commonsense required in story understanding, by deploying our perceptual apparatus on real and imagined events. Then, after discussing methodology, I describe the representations and methods embodied in the Genesis system, a story-understanding system that analyzes stories ranging from pre ́cis of Shakespeare’s plots to descriptions of conflicts in cyberspace. The Genesis system works with short story summaries, provided in English, together with low-level commonsense rules and higher-level reflection patterns, likewise expressed in English. Using only a small collection of commonsense rules and reflection patterns, Genesis demonstrates several story-understanding capabilities, such as determining that both Macbeth and the 2007 Russia-Estonia Cyberwar involve revenge, even though neither the word revenge nor any of its synonyms are mentioned. Finally, I describe Rao’s Visio-Spatial Reasoning System, a system that recognizes activities such as approaching, jumping, and giving, and answers commonsense questions posed by Genesis. 2011-11-03T00:00:00Z https://hdl.handle.net/1721.1/141684 Empirical studies of bottom-up internet governance Sowell, Jesse The notion of bottom-up governance in the Internet is not new, but the precise underlying mechanisms have received little primary, empirical study. The majority of Internet governance literature is couched in contrasting familiar top-down modes of governance with the design of and subsequent critique of governance institutions such as ICANN or the WSIS processes that created the Internet Governance Forum (IGF). This paper reports on dissertation work collecting and analyzing empirical evidence of how bottom-up governance mechanisms operate in situ. Methodologically, participant-observer ethnographies are supplemented by text mining and social network analysis—the combination facilitates analysis of community-generated artifacts cross-validated against semi-structured interviews. This paper reports on ethnographic studies thus far, drawing on early interviews and private conversations. Scoping the domain, this work evaluates organizational modes at the intersection of Internet operations and security. Three categories of non-state organizational modes contribute evidence: network operator groups (NOGs) and RIRs; Internet eXchange Points (IXPs); anti-abuse organizations and communities such as the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG), Spamhaus, and the Anti-Phishing Working Group (APWG). As of this writing, the anti-abuse studiy is the least developed study and will be addressed comparatively. The author engages as a participant-observer in forums from each category, developing relationships and engaging in semi-structured interviews with participants and organizers. These studies contribute to understanding how decentralized “close-knit yet loosely organized” communities coordinate localized operational capacity (direct access to private network operations and security incidents) to achieve global operational and decisional capacity sufficient to address problems as they arise, at Internet clockspeed. Ongoing fieldwork provides early insights into these processes. Many of these governance arrangements comprise actors pursuing nominally private interests, yet they produce collateral public benefits. Important to this work is that the combination of private interests and the creation of public goods is distinct from both how open these organizational modes are and how transparent the attendant processes are. Various combinations exist within these studies and will be presented. This report will provide a preliminary comparative analysis within and across the studies. These arrangements are framed as instances of private authority. One contribution of this work is a mapping of concepts and models from international relations and political economy to the domain of bottom-up Internet governance to facilitate comparison not only within and across the studies, but also with conventional governance arrangements. Using this language, comparisons will highlight, among other factors, the variety of vetting and consensus building processes at play, trade-offs between formal and informal rules and norms, mechanisms for evaluating policies, and early evidence of the density of social networks that facilitate communication within and across differentiated policy and issue communities. Taken together, these factors will contribute to an argument that bottom-up governance (of the Internet) is not simply a varient of multistakeholder-ist or multilateralist governance confounded by a functionalist and/or corporatist flavor. Rather, bottom-up governance will be presented as a broad yet densely connected, pluralistic marketplace of governance arrangements whose continuous engagement in policy experiments allows the community as a whole to keep pace with the development of issues in and on the global Internet. 2012-03-31T00:00:00Z https://hdl.handle.net/1721.1/141683 Mixed context and privacy Sowell, Jesse Users engaging online service providers (OSPs) such as Google, Amazon, and Facebook encounter environments architected by a single actor (the OSP), but comprised of content and executable elements potentially provided by multiple actors. For the ten OSPs analyzed, privacy policies only cover content provided directly by the OSP. Content provided by external (third party) content providers, such as advertising networks and third party developers, are governed by a different set of privacy policies. In effect, users face environments comprised of mixed content governed by potentially conflicting privacy policies. Reasonably unraveling these conflicting privacy guarantees confounds the process of determining whether users’ privacy preference are satisfied. The notion of a mixed context describes scenarios where a user is faced with multiple, potentially conflicting policy guarantees within a seemingly uniform, contiguous environment. This paper develops mixed context as a metaphor that informs the design of privacy policies and the attendant privacy tools. Mixed context has also led to insights into actor incentives and dependencies that shape the design of policies, online environments, and ultimately the balance between advertising (re)targeting and user privacy. The mixed context metaphor draws evidence from OSP privacy policies and builds on Nissenbaum’s notion of contextual integrity [29] as an analytic framework for valuating privacy implications. This framework describes privacy in terms of participants’ context-specific norms that are rooted in an experience-based understanding of the environment and the constraints on the behaviors of other actors in that environment. The instances of mixed context presented here confound this process because, although the environment is architected by a single actor and appears to be a single context, closer inspection reveals it is in fact governed by multiple, potentially conflicting policies. The mixed context metaphor has also helped surface institutional incentive structures that confound the development of meaningful privacy policies and tools. An immediate observation is that many of the actors contributing to the mix are invisible to the casual user. This impedes the development of reasonable expectations about a particular environment based on attributing elements of the experience to particular actors. Second, “invisible” non-OSP actors, in particular advertisers, are not directly accountable to users with regard to how they use information for (re)targeting of advertisements. OSP privacy policies provides conceptual evidence of mixed context; recent media investigations [39] have documented (observed) instances of mixed context outcomes “in the wild.” Although superficially a technical coordination problem, resolutions to mixed context problems are rooted in both technical means and the institutional arrangements of actors. The common “service-and-utility” framing identified in the privacy policy focuses on the benefits of targeting while underplaying privacy implications. Mixed context attempts to avoid interest-specific metaphors such as service-and-utility and value-laden metaphors such as those focusing on the contrast between privacy and surveillance. As applied here, the focus is to identify shared concerns that contribute to a collaborative understanding of the flow of user information that has collateral benefits for both advertising and privacy objectives. Evidence of deficiencies and mixed context have een identified via a bottom-up analysis of privacy policies. In contrast, design and policy recommendations are couched in a top-down institutional analysis that presents incentives for developing tools that convey the implications of mixed context in situ. 2010-08-15T00:00:00Z https://hdl.handle.net/1721.1/141682 Taking care: Four takes on the cyber steward Hurwitz, Roger Stewardship denotes a custodial, non-proprietary relationship to a resource or domain. The notion of a “cyber steward” resonates with those of us who regard cyberspace as a commons or domain that belongs to no one, and yet we sense some duty to protect or manage it. This essay explores possible job descriptions of “cyber steward” and what might motivate a person or organization to take the job. The job description can vary with one’s view of the commons. The motivations towards this stewardship usually involves more than the self-interested, prudential concern for future use of the commons, which drives self-organization to preserve natural resource commons. It can also involve more than a desire to reciprocate for the benefits now being enjoyed, as in the gift culture that marked the early days of the Internet. The “sense of duty” might answer to the interdependence of being in cyberspace, respond to a fear for the loss of its freedom, or harbour a utopian vision of a global society enabled by cyber networks. But it can also be a self-serving pretext to shield a ruling elite from criticism or to preserve some technological advantage over others. 2012-03-18T00:00:00Z https://hdl.handle.net/1721.1/141681 Sets of signals, information flow, and folktales Finlayson, Mark Alan I apply Barwise and Seligman’s theory of information flow to understand how sets of signals can carry information. More precisely I focus on the case where the information of interest is not present in any individual signal, but rather is carried by correlations between signals. This focus has the virtue of highlighting an oft-neglected process, viz., the different methods that apply categories to raw signals. Different methods result in different information, and the set of available methods provides a way of characterizing relative degrees of intensionality. I illustrate my points with the case of folktales and how they transmit cultural information. Certain sorts of cultural information, such as a grammar of hero stories, are not found in any individual tale but rather in a set of tales. Taken together, these considerations lead to some comments regarding the “information unit” of narratives and other complex signals. 2012-06-01T00:00:00Z https://hdl.handle.net/1721.1/141680 The Story workbench: An extensible semi-automatic text annotation tool Finlayson, Mark Alan Text annotations are of great use to researchers in the language sciences, and much effort has been invested in creating annotated corpora for an wide variety of purposes. Unfortunately, software support for these corpora tends to be quite limited: it is usually ad-hoc, poorly designed and documented, or not released for public use. I describe an annotation tool, the Story Workbench, which provides a generic platform for text annotation. It is free, open-source, cross-platform, and user friendly. It provides a number of common text annotation operations, including representations (e.g., tokens, sentences, parts of speech), functions (e.g., generation of initial annotations by algorithm, checking annotation validity by rule, fully manual manipulation of annotations) and tools (e.g., distributing texts to annotators via version control, merging doubly-annotated texts into a single file). The tool is extensible at many different levels, admitting new representations, algorithm, and tools. I enumerate ten important features and illustrate how they support the annotation process at three levels: (1) an- notation of individual texts by a single annotator, (2) double-annotation of texts by two annotators and an adjudicator, and (3) annotation scheme development. The Story Workbench is scheduled for public release in March 2012. 2011-10-09T00:00:00Z https://hdl.handle.net/1721.1/141679 Corpus annotation in service of intelligent narrative technologies Finlayson, Mark Alan Annotated corpora have stimulated great advances in the language sciences. The time is ripe to bring that same stimulation, and consequent benefits, to computational approaches to narrative. I describe an effort to construct a corpus of semantically annotated stories. I outline the structure of the corpus, a structure which colloquially can be described as a “handful of handfuls.” One handful of the corpus has already been constructed, viz., 18k words of Russian folktales. There are two handfuls under construction: legal cases focused on the area of probable cause, and stories from Islamist Extremist Jihadists. Four more handfuls are being planned: folktales from Chinese, English, and a West Asian culture, and stories of international conventional and cyber conflicts. There are numerous additional handfuls under discussion. The main focus of the corpus so far has been on textual materials that are annotated for their surface semantics using conventional annotation tools and techniques; nonetheless, there are numerous novel dimensions along which the corpus might grow and become useful for different communities. In particular I propose for discussion the outlines of a few novel sources, annotation schemes, and collection methodologies that could potentially make the corpus of great use to the interactive narrative or narrative generation communities. 2011-10-09T00:00:00Z https://hdl.handle.net/1721.1/141678 Control point analysis Clark, David D As the Internet becomes more and more embedded in every sector of society, more and more actors have become concerned with its character, now and in the future. The private sector actors, such as Internet Service Providers or ISPs, are motivated by profits as they shape and evolve the Internet. The public sector is driven by a range of objectives: access and uptake, competition policy, regime stability, policies with regard to controlling access to classes of content, and the like. The range of actions open to governments to shape the Internet are traditional and well-understood, including law and regulation, procurement, investment in research and development, participation in the standards process and more diffuse forms of leadership. But these actions do not directly shape the Internet. They bear on the actors that in turn have direct influence over the Internet and what happens there. Thus, as part of any conversation about the shaping of the Internet, there is a narrower question that must be answered: given the Internet as it is today, who are the actors that can exercise direct control over how it works, what options for control do they actually have, and how can they in turn be influenced? 2012-09-12T00:00:00Z https://hdl.handle.net/1721.1/141677 The right way Winston, Patrick Henry I ask why humans are smarter than other primates, and I hypothesize that an important part of the answer lies in the Inner Language Hypothesis, a prerequisite to what I call the Strong Story Hypothesis, which holds that story telling and understanding have a central role in human intelli- gence. Next, I introduce the Directed Perception Hypothesis, which holds that we derive much of our common sense, including the common sense required in story understanding, by deploying our perceptual apparatus on real and imagined events. Both the Strong Story Hypothesis and the Di- rected Perception Hypothesis become more valuable in light of our social nature, an idea captured in the Social Animal Hypothesis. Then, after discussing methodology, I describe the representations and methods embodied in Genesis, a story-understanding system that analyzes stories ranging from pre ́cis of Shakespeare’s plots to descriptions of conflicts in cyberspace. Genesis works with short story summaries, provided in English, together with low-level common-sense rules and higher-level concept patterns, likewise expressed in English. Using only a small collection of common-sense rules and concept patterns, Genesis demonstrates several story-understanding capabilities, such as determining that both Macbeth and the 2007 Russia-Estonia Cyberwar involve revenge, even though neither the word revenge nor any of its synonyms are mentioned. 2012-01-01T00:00:00Z https://hdl.handle.net/1721.1/141676 The next 50 years: A personal view Winston, Patrick Henry I review history, starting with Turing’s seminal paper, reaching back ultimately to when our species started to outperform other primates, searching for the questions that will help us develop a computational account of human intelligence. I answer that the right questions are: What’s different between us and the other primates and what’s the same. I answer the what’s different question by saying that we became symbolic in a way that enabled story understanding, directed perception, and easy communication, and other species did not. I argue against Turing’s reasoning-centered suggestions, offering that reasoning is just a special case of story understanding. I answer the what’s the same question by noting that our brains are largely engineered in the same exotic way, with information flowing in all directions at once. By way of example, I illustrate how these answers can influence a research program, describing the Genesis system, a system that works with short summaries of stories, provided in English, together with low-level common-sense rules and higher-level concept patterns, likewise expressed in English. Genesis answers questions, notes abstract concepts such as revenge, tells stories in a listener-aware way, and fills in story gaps using precedents. I conclude by suggesting, optimistically, that a genuine computational theory of human intelligence will emerge in the next 50 years if we stick to the right, biologically inspired questions, and work toward biologically informed models. 2012-04-24T00:00:00Z https://hdl.handle.net/1721.1/141675 Depleted trust in the cyber commons Hurwitz, Roger 2012-10-01T00:00:00Z https://hdl.handle.net/1721.1/141674 Introduction Clark, David D 2011-10-01T00:00:00Z https://hdl.handle.net/1721.1/141673 Introduction Choucri, Nazli 2016-12-05T00:00:00Z https://hdl.handle.net/1721.1/141672 Cyberpolitics in international relations Choucri, Nazli 2013-01-01T00:00:00Z https://hdl.handle.net/1721.1/141671 Emerging trends in cyberspace: Dimensions and dilemmas Choucri, Nazli 2016-08-01T00:00:00Z https://hdl.handle.net/1721.1/141670 Cyberpolitics Choucri, Nazli 2014-05-15T00:00:00Z https://hdl.handle.net/1721.1/141627 Cyber Norms Workshop 2014 Deibert, R.; Hurwitz, Roger; Nye, Joseph The Cyber Norms Workshop 3.0, April 7-8, 2014, is the third in a series which provides opportunities for computer and social scientists, cyber security practitioners, government officials (past and present) and legal scholars, from liberal democracies, to discuss the need and possibilities for specific international norms at behavioral, policy and technology planes. This material is based upon work supported by the Office of Naval Research under Grant No. N00014-09-1-0597. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Office of Naval Research. 2014-04-07T00:00:00Z https://hdl.handle.net/1721.1/141626 Cyber Norms Workshop 2011 Hurwitz, Roger; Nye, Joseph An exploratory workshop on international cyber norms met at the Massachusetts Institute of Technology (MIT) in Cambridge, MA, from Oct. 19 through Oct. 21, 2011. The workshop is sponsored by: The Belfer Center for Science and International Affairs at the Harvard Kennedy School of Government. The Canada Centre for Global Security Studies and Citizen Lab at the University of Toronto’s Munk School of Global Affairs. Explorations in Cyber International Relations (ECIR), a joint Harvard-MIT research project. Microsoft Corporation’s Office of Global Security Strategy and Diplomacy (GSSD). MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL). The John D. and Catherine T. MacArthur Foundation. 2011-10-19T00:00:00Z https://hdl.handle.net/1721.1/141625 Cyber Norms Workshop 2012 Deibert, Ronald; Hurwitz, Roger; Nye, Joseph A workshop on international cyber norms met for the second time at the Massachusetts Institute of Technology (MIT) in Cambridge, MA, from September 12 to 14, 2012. The workshop is sponsored by: The Belfer Center for Science and International Affairs at the Harvard Kennedy School of Government. The Canada Centre for Global Security Studies and Citizen Lab at the University of Toronto’s Munk School of Global Affairs. Explorations in Cyber International Relations (ECIR), a joint Harvard-MIT research project. Microsoft Corporation’s Office of Global Security Strategy and Diplomacy (GSSD). MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL). The John D. and Catherine T. MacArthur Foundation. 2012-09-12T00:00:00Z https://hdl.handle.net/1721.1/141624 Explorations in international relations: Final program report Choucri, Nazli In international relations, the traditional approaches to theory and research, practice, and policy were derived from experiences in the 19th and 20th centuries. But cyberspace, shaped by human ingenuity, is a venue for social interaction, an environment for social communication, and an enabler of new mechanisms for power and leverage. Cyberspace creates new condition — problems and opportunities — for which there are no clear precedents in human history. Already we recognize new patterns of conflict and contention, and concepts such as cyberwar, cybersecurity, and cyberattack are in circulation, buttressed by considerable evidence of cyber espionage and cybercrime. The research problem is this: distinct features of cyberspace — such as time, scope, space, permeation, ubiquity, participation and attribution — challenge traditional modes of inquiry in international relations and limit their utility. The interdisciplinary MIT-Harvard ECIR research project explores various facets of cyber international relations, including its implications for power and politics, conflict and war. Our primary mission and principal goal is to increase the capacity of the nation to address the policy challenges of the cyber domain. Our research is intended to influence today’s policy makers with the best thinking about issues and opportunities, and to train tomorrow’s policy makers to be effective in understanding choice and consequence in cyber matters. Accordingly, the ECIR vision is to create an integrated knowledge domain of international relations in the cyber age, that is (a) multidisciplinary, theory-driven, technically and empirically; (b) clarifies threats and opportunities in cyberspace for national security, welfare, and influence;(c) provides analytical tools for understanding and managing transformation and change; and (d) attracts and educates generations of researchers, scholars, and analysts for international relations in the new cyber age. Version 1.2 2015-01-01T00:00:00Z https://hdl.handle.net/1721.1/141623 2014 ECIR Workshop on"Cyber Security & the Governance Gap: Complexity, Contention, Cooperation" Choucri, Nazli This workshop focuses on the dynamics shaping these dual features—cyber threats and cyber governance—while also taking into account operational, pragmatic, and normative aspects, as well as potential policy responses. At the core is “nature of the gap” between the two—all from different perspectives: people as users; business and industry; states and governments; and the international community, private and public—everywhere. The question is which trend will dominate: threats to cyber security or the expansion of cyber governance? Does that matter? If so how? If not, why not? Proceedings of the ECIR Workshop on "Cyber Security & the Governance Gap: Complexity, Contention, Cooperation," January 6–7, 2014, MIT, Cambridge, MA. 2014-01-06T00:00:00Z https://hdl.handle.net/1721.1/141622 2012 ECIR Workshop on "Who Controls Cyberspace? A Puzzle for National Security and International Relations" Choucri, Nazli This Workshop proceeds from the assumption that we have as yet no overarching and complete accounting of who controls what, when, and how, nor do we fully understand what are the precise points of control, where they are currently located and where the future ones might be placed. Accordingly, the Workshop is based on first principles, namely, cyber-ecosystems, power in “real” and cyber contexts, and introduce control point analysis. Then it turns to specific control features from four different perspectives: (a) people as users; (b) business and industry; (c) states and governments; and (d) the international community, private and public – across different regions of the world. Proceedings of the ECIR Workshop on "Who Controls Cyberspace? A Puzzle for National Security and International Relations," November 6–7, 2012, MIT, Cambridge, MA. 2012-12-07T00:00:00Z https://hdl.handle.net/1721.1/141621 2011 ECIR Workshop on "People, Power and CyberPolitics" Choucri, Nazli The People, Power, and CyberPolitics Conference is a joint project of MIT and Harvard University on Explorations in Cyber International Relations (ECIR). Co-sponsored by the Council on Foreign Relations, this workshop is the second in a series of sustained deliberations and explorations involving leading individuals in academia, government and business. The outcome of the workshop will be a new understanding of emergent dimensions of cyberpolitics with respect to (i) the evolving pressures on policy and theory, and (ii) the methods and techniques of exploring current conditions and understanding the contours of potential futures. Proceedings of the ECIR Workshop on "People, Power and CyberPolitics," December 7–8, 2011, MIT, Cambridge, MA. 2011-12-07T00:00:00Z https://hdl.handle.net/1721.1/141620.2 2010 ECIR Workshop on "Cyber International Relations: Emergent Realities of Conflict and Cooperation" Choucri, Nazli An event of the MIT-Harvard multidisciplinary Minerva Project on "Explorations in Cyber International Relations" (ECIR), this conference seeks to adjust traditional views to the cyber realities of the 21st century. Of the many questions shaping world politics today, few are as daunting as Who Controls Cyberspace? Clear as it might appear, this question is deceptively simple, even elusive. It obscures other hidden or implicit aspects, namely, who can control cyberspace, who will control, and who should control cyberspace. However framed, the issue of control is closely tied to matters of scale and scope as well as authority and legitimacy – and most certainly intent and capacity. Our vision is to create new understandings of these realities that help: Highlight alternative perspectives and policies as well as institutional requirements; Clarify threats and opportunities in cyberspace for national security, welfare, and influence; Provide analytical tools for understanding and managing transformation and change; and Attract and educate a new generation of researchers, scholars, and analysts. We hope to develop an integrated approach to international relations and help frame cyber theory and practice for the 21st century. Most important of all, we seek to provide foundations for an integrated view of international relations. Proceedings of the ECIR Workshop on "Cyber International Relations: Emergent Realities of Conflict and Cooperation," October 13–14, 2010, MIT, Cambridge, MA. 2010-10-13T00:00:00Z https://hdl.handle.net/1721.1/141620 2010 ECIR Annual Conference on "Cyber International Relations: Emergent Realities of Conflict and Cooperation" Choucri, Nazli In international relations, the traditional approaches to theory, research, practice and policy were derived from experiences in the 18th and 19th centuries, refined further in the 20th century. But cyberspace has created new conditions—problems and opportunities—-for which there are no clear precedents. As an environment for communication, a venue for social interaction and an enabler of new mechanisms for power and leverage, cyberspace calls for new perspectives, policies and practices. An event of the MIT-Harvard multidisciplinary Minerva Project on "Explorations in Cyber International Relations" (ECIR), this conference seeks to adjust traditional views to the cyber realities of the 21st century. Of the many questions shaping world politics today, few are as daunting as Who Controls Cyberspace? Clear as it might appear, this question is deceptively simple, even elusive. It obscures other hidden or implicit aspects, namely, who can control cyberspace, who will control, and who should control cyberspace. However framed, the issue of control is closely tied to matters of scale and scope as well as authority and legitimacy – and most certainly intent and capacity. Our vision is to create new understandings of these realities that help: Highlight alternative perspectives and policies as well as institutional requirements; Clarify threats and opportunities in cyberspace for national security, welfare, and influence; Provide analytical tools for understanding and managing transformation and change; and Attract and educate a new generation of researchers, scholars, and analysts. We hope to develop an integrated approach to international relations and help frame cyber theory and practice for the 21st century. Most important of all, we seek to provide foundations for an integrated view of international relations. MIT, Cambridge, MA, October 10, 2010 2010-10-13T00:00:00Z https://hdl.handle.net/1721.1/141619 Design of action and alliance strategy in defense against anonymous cyber threats Rady, Mina Anonymity, a major feature of the cyberspace, is a common channel to a multitude of threats. Despite efforts to defend against anonymous threats, their rapid evolution challenges the sustainability of any designed strategy for cyber defense. A sustainable cyber defense strategy must be able to dynamically adapt to information about new threats and to utilize international alliance when necessary without violating fundamental ethics. Our earlier research in 2012 analyzed ways to influence anonymous networks that can either undermine the network performance or undermine the anonymity of connecting users. Earlier we concluded that most influential control actions are accessible to State level actors. Here we propose a defense strategy design approach that begins with assessment of the control capacities of State actors over the given threat space (in our case, anonymity). Then we delineate the various motivations for States to exercise control over anonymous communication. We suggest a strategy design process that rests on alliance with States who share the control motivation and who possess highest possible control capacity. This strategy relies on a quality-controlled information system based on mapping new information about the Cyberspace into a compatible hierarchical classification. Poster presented in the workshop on “Cybersecurity, & the Governance Gap: Complexity, Contention, Cooperation,” MIT, Cambridge, MA, United States, January 6–7, 2014. 2014-01-06T00:00:00Z https://hdl.handle.net/1721.1/141618 The dynamics of managing undersea cables: When solution becomes the problem Sechrist, Michael; Vaishnav, Chintan; Goldsmith, Daniel; Choucri, Nazli In the U.S., approximately 95% of all international Internet and phone traffic travels via undersea cables. Nearly all government traffic, including sensitive diplomatic and military orders, travels these cables to reach officials in the field.The problem, however, is that the undersea cable infrastructure is susceptible to several types of vulnerability, including: rising capacity constraints, increased exposure to disruption from both natural and mad-made sources, and emerging security risks from cable concentration in dense geographical networks (such as New York and New Jersey, and places like Egypt/ Suez Canal.) Moreover, even under normal working conditions, there is a concern whether governance-as-usual can keep up with the future growth of Internet traffic. In this work, we explore the impact of these problems on the dynamics of managing undersea cable infrastructure. Poster presented in the workshop on “Who Controls Cyberspace,” MIT, Cambridge, MA, United States, November 6-7, 2012. 2012-11-06T00:00:00Z https://hdl.handle.net/1721.1/141617 Cyber defense resources & vulnerabilities Wolff, Josephine Investment in security is aimed at reducing losses due to security breaches and typically determined by calculating annualized loss expectancy (ALE) metrics. However, in the cybersecurity space there is inadequate data on the frequency of breaches, the costs associated with those breaches, and the effectiveness of countermeasures, for organizations to be able to perform meaningful ALE calculations. With rising rates of both IT security spending and online attacks, surveys indicate that many business and government executives are unsure of how to allocate resources for defense and whether their investments in security measures are making any Poster presented in the workshop on “Who Controls Cyberspace,” MIT, Cambridge, MA, United States, November 6-7, 2012. 2012-11-06T00:00:00Z https://hdl.handle.net/1721.1/141616 Cyber mission assurance using STPA Young, William E. From Cyber Security to Mission Assurance: Improving Campaign Mission Assurance. How can we complete campaign mission across a wide range of degradations? Current gaps: 1) Emergent system properties ignored 2) Assurance restricted to tactical level, and 3) Ignores Operational (campaign) Design. Solution: 1) Use systems thinking, and 2) Leverage safety-guided design Poster presented in the workshop on “Who Controls Cyberspace,” MIT, Cambridge, MA, United States, November 6-7, 2012. 2012-11-06T00:00:00Z https://hdl.handle.net/1721.1/141615 Who controls anonymity? Control point analysis of the Onion routing anonymity network (TOR) Rady, Mina Anonymity networks have played major roles in censorship circumvention and various benign or malicious activities in the cyber domain. Hence, those networks became well defined targets of repressive regimes or law enforcement. In this research, we attempt to infer the various control capacities over the operation of such networks and we take the Tor network as an example. We decompose the operation and process of Tor network across the Cyberspace layers. Then we do survey of existing literature about possible control mechanisms over various locations in the network. Then we extrapolate from the control actions to infer possible political actors who would be able to exercise each control action. We use Tor network model as the subject of this investigation due to its distinctive pervasiveness. We conclude with a comprehensive model that depcits distribution of control capacities across the actors at different political levels of analysis. Poster presented in the workshop on “Who Controls Cyberspace,” MIT, Cambridge, MA, United States, November 6-7, 2012. 2012-11-06T00:00:00Z https://hdl.handle.net/1721.1/141614 When virtual issues become real world actions Houghton, James Poster presented in the workshop on “Who Controls Cyberspace,” MIT, Cambridge, MA, United States, November 6-7, 2012. 2012-11-06T00:00:00Z https://hdl.handle.net/1721.1/141613 Diversity of user experience and alternative future internets Clark, David D; Hung, Shirley One of the primary objectives of the ECIR project is to understand what forms the future Internet may take. This requires identification of the levers, constraints, and conditions under which each scenario may evolve. Poster presented in the workshop on “Who Controls Cyberspace,” MIT, Cambridge, MA, United States, November 6-7, 2012. 2012-11-06T00:00:00Z https://hdl.handle.net/1721.1/141612 The Coordinates of cyber international relations Vaishnav, Chintan As the Internet and International Relations become increasingly interwoven, the properties of information goods such as information security, control, or freedom, or those of international activities such as trade, or diplomacy must be framed in the context of emergent behaviors of a system where the Cyberspace interacts with traditional IR. The purpose of this research is to create a foundation for such understanding by conceptualizing the hitherto separate domains of Cyberspace and International Relations into an integrated system, to analyze the fundamental interdependencies between the two domains, using methods from systems analysis. Poster presented in the workshop on “People, Power, and CyberPolitics,” MIT, Cambridge, MA, United States, December 7–8, 2011. 2011-12-07T00:00:00Z https://hdl.handle.net/1721.1/141611 Finding order in a contentious Internet Sowell, Jesse In 1998 an attempt to remove an offensive video blocked YouTube for most of the Internet...network operators resolved the issue in three hours. Spamhaus disseminates authoritative spam blocking lists, performing a vetting function while distributing monitoring and enforcement effort. Non-state collectives are increasingly playing function-specific Internet governance roles, often competing with conventional governance modes. Despite demonstrated operational and decisional capacity, little is known about how this capacity develops or how it is maintained. This research is an empirical, comparative analysis of governance arrangements and the implications for the ongoing design and operations of the Internet. Poster presented in the workshop on “People, Power, and CyberPolitics,” MIT, Cambridge, MA, United States, December 7–8, 2011. 2011-12-07T00:00:00Z https://hdl.handle.net/1721.1/141610 The dynamics of managing undersea cables Sechrist, Michael; Vaishnav, Chintan; Goldsmith, Daniel Problem: Can the Old Modes of Governance Meet the New Demands of the Internet? The exponential growth of the Internet may soon demand that undersea cable deployment happen as quickly as possible. Legacy institutional barriers may need to be streamlined to the point of near instantaneous approval. Staying ahead of the exponential Internet growth rate is key to implementing a resilient, redundant, accessible Internet in the U.S. and around the world. Poster presented in the workshop on “People, Power, and CyberPolitics,” MIT, Cambridge, MA, United States, December 7–8, 2011. 2011-12-07T00:00:00Z https://hdl.handle.net/1721.1/141609 Escalation management in cyber conflict: A research proposal Reardon, Robert Research Questions • Under what conditions is cyber conflict most likely to lead to uncontrolled escalation? • Under what conditions is cyber conflict likely to lead to escalation in other domains (conventional, nuclear)? • What steps are most affective at the reducing the risks of escalation? • How relevant are existing theories of deterrence and escalation management to cyber conflict? Poster presented in the workshop on “People, Power, and CyberPolitics,” MIT, Cambridge, MA, United States, December 7–8, 2011. 2011-12-07T00:00:00Z https://hdl.handle.net/1721.1/141608 Comparative analysis of cybersecurity metrics to develop new hypotheses Fisher, D.; Madnick, Stuart E.; Choucri, Nazli; Li, X.; Ferwerda, J. Few Internet security organizations provide comprehensive, detailed, and reliable quantitative metrics, especially in the international perspective across multiple countries, multiple years, and multiple categories. Organizations ask why they should spend valuable time and resources collecting and standardizing data. This report aims to provide an encouraging answer to this question by demonstrating the value that even limited metrics can provide in a comparative perspective. We present some findings generated through the use of the Explorations in Cyber Internet Relations (ECIR) Data Dashboard. In essence, this dashboard consists of a simple graphing and analysis tool, coupled with a database consisting of data from disparate national-level cyber data sources provided by governments, Computer Emergency Response Teams (CERTs), and international organizations. Users of the dashboard can select relevant security variables, compare various countries, and scale information as needed. In this paper, we present an example of observations concerning the fight against cybercrime, along with several hypotheses attempting to explain the findings. We believe that these preliminary results suggest valuable ways in which such data could be used and we hope this research will help provide the incentives for organizations to increase the quality and quantity of standardized quantitative data available. Poster presented in the workshop on “People, Power, and CyberPolitics,” MIT, Cambridge, MA, United States, December 7–8, 2011. 2011-12-07T00:00:00Z https://hdl.handle.net/1721.1/141607 Learning legal principles to enable law at cyber speeds Finlayson, Mark A. Goal: Law at Cyber Speeds. If we are to enable the creation of Automatic Cyber Targeting Systems to respond in network time to cyberattacks, we must be able to do legal analyses at network speeds Poster presented in the workshop on “People, Power, and CyberPolitics,” MIT, Cambridge, MA, United States, December 7–8, 2011. 2011-12-07T00:00:00Z https://hdl.handle.net/1721.1/141606 Representing cyberspace using taxonomies and meta-data analysis Elbait, Gihan Daw Problem: Modeling and mapping the landscapes of emerging research fields, such as cyberspace. • Most research fields are composed of many subfields which are related in intricate ways, therefore structural organization of these subfields could be of great use. • Acquiring and analyzing such knowledge is hampered by the vast amount of data available in publications. • The need of database integration to enable the mapping of relevant component of the topic in hand (e.g. Cyberspace and International Relations). Poster presented in the workshop on “People, Power, and CyberPolitics,” MIT, Cambridge, MA, United States, December 7–8, 2011. 2011-12-07T00:00:00Z https://hdl.handle.net/1721.1/141605 Designing an Internet Clark, David D Why the Internet was designed to be the way it is, and how it could be different, now and in the future. How do you design an internet? The architecture of the current Internet is the product of basic design decisions made early in its history. What would an internet look like if it were designed, today, from the ground up? In this book, MIT computer scientist David Clark explains how the Internet is actually put together, what requirements it was designed to meet, and why different design decisions would create different internets. He does not take today's Internet as a given but tries to learn from it, and from alternative proposals for what an internet might be, in order to draw some general conclusions about network architecture. Clark discusses the history of the Internet, and how a range of potentially conflicting requirements—including longevity, security, availability, economic viability, management, and meeting the needs of society—shaped its character. He addresses both the technical aspects of the Internet and its broader social and economic contexts. He describes basic design approaches and explains, in terms accessible to nonspecialists, how networks are designed to carry out their functions. (An appendix offers a more technical discussion of network functions for readers who want the details.) He considers a range of alternative proposals for how to design an internet, examines in detail the key requirements a successful design must meet, and then imagines how to design a future internet from scratch. It's not that we should expect anyone to do this; but, perhaps, by conceiving a better future, we can push toward it. 2018-01-01T00:00:00Z https://hdl.handle.net/1721.1/141549 Cyberpolitics in international relations Choucri, Nazli Cyberspace is widely acknowledged as a fundamental fact of daily life in today's world. Until recently, its political impact was thought to be a matter of low politics—background conditions and routine processes and decisions. Now, however, experts have begun to recognize its effect on high politics—national security, core institutions, and critical decision processes. In this book, Nazli Choucri investigates the implications of this new cyberpolitical reality for international relations theory, policy, and practice. The ubiquity, fluidity, and anonymity of cyberspace have already challenged such concepts as leverage and influence, national security and diplomacy, and borders and boundaries in the traditionally state-centric arena of international relations. Choucri grapples with fundamental questions of how we can take explicit account of cyberspace in the analysis of world politics and how we can integrate the traditional international system with its cyber venues. After establishing the theoretical and empirical terrain, Choucri examines modes of cyber conflict and cyber cooperation in international relations; the potential for the gradual convergence of cyberspace and sustainability, in both substantive and policy terms; and the emergent synergy of cyberspace and international efforts toward sustainable development. Choucri's discussion is theoretically driven and empirically grounded, drawing on recent data and analyzing the dynamics of cyberpolitics at individual, state, international, and global levels. An examination of the ways the construction of the Internet, with cyberspace as the core, are changing the theory, policy, and practice of international relations. 2012-11-01T00:00:00Z https://hdl.handle.net/1721.1/141548 International relations in the cyber age: The co-evolution dilemma Choucri, Nazli; Clark, David D In our increasingly digital world, data flows define the international landscape as much as the flow of materials and people. How is cyberspace shaping international relations, and how are international relations shaping cyberspace? In this book, Nazli Choucri and David D. Clark offer a foundational analysis of the co-evolution of cyberspace (with the internet as its core) and international relations, examining resultant challenges for individuals, organizations, and states. The authors examine the pervasiveness of power and politics in the digital realm, finding that the internet is evolving much faster than the tools for regulating it. This creates a “co-evolution dilemma”—a new reality in which digital interactions have enabled weaker actors to influence or threaten stronger actors, including the traditional state powers. Choucri and Clark develop a new method for addressing control in the internet age, “control point analysis,” and apply it to a variety of situations, including major actors in the international and digital realms: the United States, China, and Google. In doing so they lay the groundwork for a new international relations theory that reflects the reality in which we live—one in which the international and digital realms are inextricably linked and evolving together. A foundational analysis of the co-evolution of the internet and international relations, examining resultant challenges for individuals, organizations, firms, and states. 2019-04-01T00:00:00Z https://hdl.handle.net/1721.1/141490 ecir.mit.edu Choucri, Nazli Exploration in Cyber International Relations (ECIR), is the label of a multidisciplinary and multidimensional research project initiated under a grant from the Minerva Program, Department of Defense. A joint project of MIT and Harvard University, ECIR included, but was not limited to Political Science, Economics, Business and Management, Engineering, Computer Science, Artificial Intelligence, and Law and Government. In response to new 21st c. realities, the goal is to construct a cyber-inclusive view of international relations (CyberIRworld) – with theory, data, analyses, simulations – to anticipate and respond to cyber threats and challenges to national security and international stability. The research design is modular (organized in core themes and cross cutting issues), supported by a multi-method strategy that enables the "individual" connect to an overarching "whole." ECIR is anchored in empirical analysis, buttressed by modeling, simulations, and the construction of new tools as needed. Basic assumptions are: (1) interdependence of technology and policy, (2) conjunction of uncertainty and regularity in human interactions, and (3) persistence of transformation and change in international relations. There is limited understanding of how cyberspace influences international relations and how power and politics in international relations influence the conduct and management of cyberspace. Dominant assumptions of the 20th century politics and policy are severely undermined by the 21st century deeply rooted in the cyber age with its dynamic and changing configurations. There are excellent maps and visual materials for international relations and its various facets. There are excellent maps of cyber access, different representations of traffic, and different features of cyberspace. Missing, however, is a combined view so essential for understanding the implications of the cyber domain and if effects on world politics. This problem is addressed through the use of multiple perspectives, methodologies, databases, and diverse analytical as initially manifested throughout our Explorations in Cyber International Relations (ECIR). More recently, ECIR continued initially as an extension of the original ECIR research, but soon took on new challenges with new directions of inquiry. ECIR continued focuses on four distinctive but interconnected research themes. Disclaimer: Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Office of Naval Research. 2020-09-21T00:00:00Z https://hdl.handle.net/1721.1/141488 Understanding “Cyber Conflict” Shukla, Aadya Problem: Emergence of cyber as the new arena for conflict raises three basic questions: (a) What qualifies as a Cyber Conflict? (multiple definitions exist); (b) Does intervention of cyber in conflict life-cycle requires new models to decipher control points in cyberspace?; and (c) What is different between conflicts in kinetic and cyberspace? Solution: Application of USE CASE ANALYSIS to understand the mechanics of cyber conflict to arrive at a model of cyber conflict in a data driven manner (analysis of events since 2001). In Software Engineering domain use case analysis is used as an established tool to define processes and roles a stakeholder employs to interact with a system, and system’s response to the user stimulus. Poster presented in the workshop on "Who Controls Cyberspace,” MIT, Cambridge, MA, United States, November 6-7, 2012. 2012-11-06T00:00:00Z https://hdl.handle.net/1721.1/105890 The Theory of Lateral Pressure Highlights of Quantification & Empirical Analysis Choucri, Nazli Lateral Pressure refers to any tendency (or propensity) of individuals and societies to expand their activities and exert influence and control beyond their established boundaries, whether for economic, political, military, scientific, religious, or other purposes. Framed by Robert C. North and Nazli Choucri, the theory addresses the sources and consequences of such a tendency. Lateral Pressure theory seeks to explain the relationships between state characteristics and patterns of international behavior. The theory addresses the sources and consequences of transformation and change in international relations and provides a basis for analyzing potential feedback dynamics. To the extent that states expand their activities outside territorial boundaries – driven by a wide range of capabilities and motivations – they are likely to encounter other states similarly engaged. The intersection among spheres of influence is the first step in complex dynamics leading hostilities, escalation, and eventually to conflict and violence. These processes are contingent on the actors’ intents, capabilities, and activities. The causal logic in lateral pressure theory runs from the internal drivers, that is, the master variables that shape the profiles of states -- through the intervening variables, namely, aggregated and articulated demands given prevailing capabilities -- the outcome often generates added complexities. This paper proceeds as follows: First we highlight the basic features of lateral pressure theory, its core components, and their interconnections. Some aspects are more readily quantifiable than others. Some are more consistent with conventional theory in international relations. Others are based on insights and evidence from other areas of knowledge, thus departing from tradition in potentially significant ways. Second, we summarize the phases of empirical investigations and the evolution of theory over time. Third, we return to basics and focus on the refinements of metrics and quantification of the core concepts. All of this pertains to the world, as we have known it prior to the construction of the Internet, the core of cyberspace. Fourth, we then turn briefly to results so far of our o research on lateral pressure in the cyber domain. The Endnote highlights some emerging imperatives. 2016-11-11T00:00:00Z https://hdl.handle.net/1721.1/97324 Finding order in a contentious Internet Sowell, Jesse H., II (Jesse Horton) This inquiry started with the simple question, "Who manages the Internet infrastructure and how?" Since, this question evolved into an evaluation of the routing system and the institutions that manage it. This institutional complex is referred to as the number resource system (NRS). NRS authority is contingent, rooted in consensus based knowledge assessment necessary to adapt apace with Internet growth. The efficiency with which observable negative externalities are remediated is a compelling entry point to this work. The Pakistan-YouTube story is a halcyon parable of "self-repair." Network operators recognized a global negative externality, traced it to the origin, and remediated the complicit networks in approximately three hours. To the casual observer, organic cooperation surfaced to remediate damages, then dissolved into the background noise of "normal operations." Remediation is far from organic; rather, it is a consequence of distinct rights and obligations amongst, and enforced by, NRS participants. Explaining the rationale and mechanics of "ad hoc" crisis management is the first contribution of this work. The early NRS comprised "close-knit yet loosely organized" communities created to 1) share operational knowledge (network operator groups, NOGs); 2) delegate unique network identifiers (Regional Internet Registries, RIRs); 3) create neutral markets for exchanging routes and traffic (Internet eXchanges, IXes); and 4) limit abusive messaging (anti-spam, later anti-abuse). Alongside Internet growth, NRS norms evolved into distinct institutions, replete with function-specific constitutional, collective choice, and operational rules for managing the knowledge commons and facilities supporting routing system function. The NRS institutions form a contingent social order, rooted in shared, authoritative images of system function and externalities management. NRS institutions collectively ensure participants common interests in the jointly provisioned routing system stability. The second contribution of this work explains NRS institutional structures and how the attendant rules keep pace with a high clockspeed Internet infrastructure. NRS institutions are characteristically, and necessarily, adaptive: each comprises a unique consensus process, animated by a diverse set of nominal competitors, that creates and adapts function-specific rules and processes contributing to routing system integrity. Consensus processes evaluate the performance of common resource management rules and, when-not if-necessary, adapt these rules to satisfy changing resource demands and patterns of use in the broader Internet infrastructure industry. Anticipation and evaluation in the consensus process are essential to adaptive capability, framed as a form of joint knowledge assessment. Moreover, diverse representation, comprising experts across industry sub-sectors, animated by constructive conflict amongst these experts, mediated by consensus processes, makes for a durable family of credible knowledge assessment processes that are rare amongst conventional regulatory arrangements. Processes described thus far are largely endogenous to the NRS and its constituencies. Historically these institutions have operated quietly underneath the hood. Adaptation and the resulting policy is scoped to common interests, explicitly avoiding impinging on public policy. In contrast to conventional international regimes, the NRS self-limits to the scope of its authority, namely supporting and enhancing routing system function. Thus far, the NRS's common interests have not run counter to the public interest. Nonetheless, a path-dependent history of harmonious alignment between a common and the public does not carry the assurances of alignment resulting from explicit coordination and cooperation. Some states and state-sanctioned international governance organizations see control of NRS facilities as critical to preserving their own authority. Predatory claims to stewardship of routing system resources further complicates the alignment problem. To better frame and understand this alignment problem, the concluding chapters of the dissertation explore the question: 'Are the incentives and resources of NRS institutions commensurate with the aggregate social loss due to a partial, or worse yet, systemic, failure?" Simply put, absent the progress on the explicit assurances above, the answer is no. Would-be state principals also fall short. State-based authorities are severely deficient in basic operational capacity that form the foundation of knowledge assessment capabilities and subsequent adaptive capabilities in the NRS. States' deficiencies correspond to those capabilities engendered by the NRS. Adding NRS stewardship to a state's portfolio of domestic regulatory interests will expose management processes to powerful short-term interests that will inevitably weaken, if not eliminate, extant credible knowledge assessment and adaptive capabilities. In effect, aggressive predatory rule would likely eliminate precisely the characteristics that make the NRS a valuable steward of a high clockspeed infrastructure. This initial conclusion is not a prediction of adaptive management doomed to failure. Although neither the NRS, nor state authorities, have sufficient capabilities and modes of authority to manage an Internet underpinning an ever-increasing array of public, private, and social goods on their own, a mix of their capabilities is sufficient. Rather, the conclusion frames a discussion of what explicit assurances will look like and the barriers to developing those assurances. The last part of this dissertation lays out the challenges for establishing such a comity, a mutual recognition of the norms and authority between the NRS and state authorities. In the global political arena, the NRS's political capital is credible knowledge assessment and adaptive capacity as the roots of authoritative policy advice. Barriers to explicit assurances draw lessons from the deconstruction and reconstruction of scientific knowledge in political environments, instances of international epistemic consensus, and characteristics of elusive, but effective, adaptation that has survived in conventional regulatory environments. Analytically, the dissertation argues the NRS and state authority need not be competitors-the two can be quite complementary. If these two sets of institutions can avoid the pitfalls of previous efforts, in particular short-term usurpation of the others' authority, the global, nondiscriminatory character of the Internet may be sustainable. Thesis: Ph. D., Massachusetts Institute of Technology, Engineering Systems Division, 2015.; Cataloged from PDF version of thesis.; Includes bibliographical references (pages 477-498). 2015-01-01T00:00:00Z https://hdl.handle.net/1721.1/90804 Cyber safety : a systems thinking and systems theory approach to managing cyber security risks Salim, Hamid M If we are to manage cyber security risks more effectively in today's complex and dynamic Web 2.0 environment, then a new way of thinking is needed to complement traditional approaches. According to Symantec's 2014 Internet Security Threat Report, in 2012 more than ten million identities that included real names, dates of birth, and social security were exposed by a single breach. In 2013 there were eight breaches that each exposed over ten million identities. These breaches were recorded despite the fact that significant resources are expended, on managing cyber security risks each year by businesses and governments. The objective of this thesis was twofold. The first objective was to understand why traditional approaches for managing cyber security risks were not yielding desired results. Second, propose a new method for managing cyber security risks more effectively. The thesis investigated widely used approaches and standards, and puts forward a method based on the premise that traditional technology centric approaches have become ineffective on their own. This lack of efficacy can be attributed primarily to the fact that, Web 2.0 is a dynamic and a complex socio-technical system that is continuously evolving. This thesis proposes a new method for managing cyber security risks based on a model for accident or incident analysis, used in Systems Safety field. The model is called System-Theoretic Accident Model and Processes (STAMP). It is rooted in Systems Thinking and Systems Theory. Based on a case study specifically written for this thesis, the largest cyber-attack reported in 2007 on a major US based retailer, is analyzed using the STAMP model. The STAMP based analysis revealed insights both at systemic and detailed level, which otherwise would not be available, if traditional approaches were used for analysis. Further, STAMP generated specific recommendations for managing cyber security risks more effectively. Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, Engineering Systems Division, System Design and Management Program, 2014.; Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2014.; 93; Cataloged from PDF version of thesis.; Includes bibliographical references (pages 148-156). 2014-01-01T00:00:00Z https://hdl.handle.net/1721.1/77438 Story retrieval and comparison using concept patterns Krakauer, Caryn E. (Caryn Elizabeth) To understand a new situation, humans draw from their knowledge of past experiences and events. For a computer to use the same method, it must be able to retrieve stories that shed light on a new situation. Traditional story retrieval uses keywords to determine similarity. Keywords are useful for determining whether stories share similar topics. However, they miss how stories can be structurally similar. In my work, I have used high level concept patterns, which are structures of causally related events. Concept patterns follow the Goldilocks principle, that the features should be of intermediate size. Given a story about cyber crime and another about traditional warfare, the wording will be different, as cyber crime involves viruses, DDOS attacks, and hacking, while traditional warfare involves armies, invasions, and weapons. However, both stories may involve instances of revenge and betrayal. Using a corpus of 15 conflict stories, I have shown that a similarity measure based on concept patterns differs substantially from a similarity measured based on keywords. In addition, I compared three concept-pattern methods with human performance in a pilot study in which 11 participants performed story comparison. My goal was to contribute to a human competence model, but I have also explored applications in story retrieval, prediction, explanation, and grouping. Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.; Cataloged from PDF version of thesis.; Includes bibliographical references (p. 55). 2012-01-01T00:00:00Z https://hdl.handle.net/1721.1/72901 Unraveling Internet identities : accountability & anonymity at the application layer Wolff, Josephine Charlotte Paulina Both anonymity and accountability play crucial roles in sustaining the Internet's functionality, however there is a common misconception that increasing the anonymity of Internet identities necessitates diminishing their accountability, and vice-versa. This thesis argues that by implementing accountability mechanisms and anonymity protections at the application layer of the Internet, rather than the network layer, it is possible to develop a variety of different types of accountable-anonymous virtual identities tailored to meet the needs of the great diversity of online applications. Examples are drawn from case studies of several identity mechanisms used by existing applications, including e-mail, the virtual community Second Life, the Facebook social network, and the review site Yelp. These case studies focus on potential "points of control" for each application, as well as the ways different proposed identity schemes can leverage these control points to help mitigate the problems observed in existing identity frameworks, especially the issue of "discardable identities," or online identities that can be easily and cheaply disposed of and replaced. General design patterns for implementing accountability are discussed, with particular emphasis on the design of application-specific identity investment-privilege trade-offs, conditional anonymity schemes, and aggregated, identity management systems, as well as the role of scoped identities and linked identities in promoting online accountability. Thesis (S.M. in Technology and Policy)-- Massachusetts Institute of Technology, Engineering Systems Division, Technology and Policy Program, 2012.; Cataloged from PDF version of thesis.; Includes bibliographical references (p. 147-157). 2012-01-01T00:00:00Z https://hdl.handle.net/1721.1/72880 Strategic philanthropy for cyber security : an extended cost-benefit analysis framework to study cybersecurity Cho, Yiseul The international climate of cyber security is dramatically changing and thus unpredictable. As such, agile yet sustainable solutions are needed, along with an effective and a pragmatic evaluation framework to assess and demonstrate the value and efficacy of international development collaboration. Currently, no mature frameworks are available for evaluating such non-conventional, new, and complex international activities as they exist today, and thus this study aims to provide an innovative and pragmatic approach to study cybersecurity. This study recognizes the lack of institutionalized solutions, and aims to provide a novel framework with which to evaluate emerging solutions. In particular, this study evaluates the effectiveness of international development activities and public-private partnerships as a way to improve cyber security. Guided by literature on strategic philanthropy and international development, this study develops an extended cost-benefit analysis framework and applies it to an in-depth case study of a Korean security agency, its Computer Emergency Response Team (CERT.) This newly extended framework can be used for assessing international programs and activities aimed at improving cyber security, where the costs and benefits are not restricted by traditional boundaries. Unlike conventional approaches, this study explicitly includes three additional critical aspects, which are neglected in the conventional cost benefit analysis framework: 1) synergic effect (such as public-private partnership), 2) indirect impact, and 3) shared value. An in-depth case study with field interviews and technology reviews was conducted to test the applicability of this extended framework. Based on the application to the case of the international development activities of the Korean CERT, this study presents two findings. First, private companies can benefit from participating in government-led international development programs. Second, international development activities are effective solutions to improving global and local cyber security. Repeated applications of this framework to other cases will further assess the generalizability of the framework. Cumulated evidence from evaluating the effectiveness of international development activities will also inform the development of future activities for establishing partnerships of strategic philanthropy to improve cyber security. Thesis (S.M. in Technology and Policy)-- Massachusetts Institute of Technology, Engineering Systems Division, Technology and Policy Program, 2012.; Cataloged from PDF version of thesis.; Includes bibliographical references (p. 74-79). 2012-01-01T00:00:00Z https://hdl.handle.net/1721.1/71284 Learning narrative structure from annotated folktales Finlayson, Mark (Mark Alan), 1977- Narrative structure is an ubiquitous and intriguing phenomenon. By virtue of structure we recognize the presence of Villainy or Revenge in a story, even if that word is not actually present in the text. Narrative structure is an anvil for forging new artificial intelligence and machine learning techniques, and is a window into abstraction and conceptual learning as well as into culture and its in influence on cognition. I advance our understanding of narrative structure by describing Analogical Story Merging (ASM), a new machine learning algorithm that can extract culturally-relevant plot patterns from sets of folktales. I demonstrate that ASM can learn a substantive portion of Vladimir Propp's in influential theory of the structure of folktale plots. The challenge was to take descriptions at one semantic level, namely, an event timeline as described in folktales, and abstract to the next higher level: structures such as Villainy, Stuggle- Victory, and Reward. ASM is based on Bayesian Model Merging, a technique for learning regular grammars. I demonstrate that, despite ASM's large search space, a carefully-tuned prior allows the algorithm to converge, and furthermore it reproduces Propp's categories with a chance-adjusted Rand index of 0.511 to 0.714. Three important categories are identied with F-measures above 0.8. The data are 15 Russian folktales, comprising 18,862 words, a subset of Propp's original tales. This subset was annotated for 18 aspects of meaning by 12 annotators using the Story Workbench, a general text-annotation tool I developed for this work. Each aspect was doubly-annotated and adjudicated at inter-annotator F-measures that cluster around 0.7 to 0.8. It is the largest, most deeply-annotated narrative corpus assembled to date. The work has significance far beyond folktales. First, it points the way toward important applications in many domains, including information retrieval, persuasion and negotiation, natural language understanding and generation, and computational creativity. Second, abstraction from natural language semantics is a skill that underlies many cognitive tasks, and so this work provides insight into those processes. Finally, the work opens the door to a computational understanding of cultural in influences on cognition and understanding cultural differences as captured in stories. Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.; This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.; Cataloged from student submitted PDF version of thesis.; Includes bibliographical references (p. 97-100). 2012-01-01T00:00:00Z https://hdl.handle.net/1721.1/71281 Enabling imagination through story alignment Fay, Matthew Paul Stories are an essential piece of human intelligence. They exist in countless forms and varieties seamlessly integrated into every facet of our lives. Stories fuel human understanding and our explanations of the world. Narrative acts as a Swiss army knife, simultaneously facilitating the transfer of knowledge, culture and beliefs while also powering our high level mental faculties. If we are to develop artificial intelligence with the cognitive capacities of humans, our systems must not only be able to understand stories but also to incorporate them into the thought process as humans do. In order to work towards the goal of computational story understanding, I developed a novel story comparison method. The techniques I present in this thesis enable efficient and effective story comparison through story alignment. My algorithms, implemented into the Genesis system, allow the comparison and combination of stories which is a step towards enabling imagination in artificial intelligence. This capability is made possible by reducing the runtime of a previously intractable computational problem to polynomial time. In the course of this research, these algorithms have been applied to a variety of story analysis problems. By comparing short, 10 sentence summaries of the Tet Offensive and the Yom Kippur War, the system predicts information omitted from both stories. In the analysis of a brief synopsis of Shakespeare's Macbeth, my algorithm is able to correctly match actors and events between two different variations of the tale by cutting down a search space of over 10³⁰ nodes to a mere 546 nodes. My techniques also demonstrate promise as a component of a larger video analysis system. The story alignment capabilities are used to fill in missing gaps in descriptions of videos, corresponding to missing video data, by comparing video feeds to an existing video corpus. Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.; This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.; Cataloged from student submitted PDF version of thesis.; Includes bibliographical references (p. 81-82). 2012-01-01T00:00:00Z https://hdl.handle.net/1721.1/66440 Story understanding in Genesis : exploring automatic plot construction through commonsense reasoning Low, Harold William Capen, IV Whether through anecdotes, folklore, or formal history, humans learn the lessons and expectations of life from stories. If we are to build intelligent programs that learn as humans do, such programs must understand stories as well. Casting narrative text in an information-rich representation affords Al research platforms, such as the Genesis system, the capacity to understand the events of stories individually. To understand a story, however, a program must understand not just events, but also how events cause and motivate one another. In order to understand the relationships between these events, stories must be saturated with implicit details, connecting given events into coherent plot arcs. In my research, my first step was to analyze a range of story summaries in detail. Using nearly 50 rules, applicable to brief summaries of stories taken from international politics, group dynamics, and basic human emotion, I demonstrate how a rendition of Frank Herbert's Dune can be automatically understood so as to produce an interconnected story network of over one hundred events. My second step was to explore the nuances of rule construction, finding which rules are needed to create story networks reflective of proper implicit understanding and how we, as architects, must shape those rules to be understood. In particular, I develop a method that constructs new rules using the rules already embedded in stories, a representation of higher-order thinking that enables us to speak of our ideas as objects. Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2011.; Cataloged from PDF version of thesis.; Includes bibliographical references (p. 72). 2011-01-01T00:00:00Z https://hdl.handle.net/1721.1/63241 A matrix based integrated framework for multi disciplinary exploration of cyber-international relations Gaurav, Agarwal Cyberspace is the most pervasive and rapidly adopted communication media and the most disruptive until date. It is now indispensable for almost every facet of modern society and touches, practically, everyone by providing a powerful platform for interaction and innovation. Given the widespread availability of tools to operate in this environment, a growing array of actors are trying to benefit as they seek to control critical decision points in the real world and cyberspace. It is imperative to understand what cyberspace "is made of' - over and above the Internet and answer the question "who gets what, when, and how?" The intent of this research initiative is to contribute to the generation, management and sharing of knowledge to enhance understandings of the emerging area of cyber-international relations as a complex, flexible and adaptive domain of interactions. The first contribution of this thesis is the development of a multi-dimensional Cyber System for Strategic Decisions (CSSD) framework. This framework enables a holistic identification of the elements of a system, which are structured as set of nested and hierarchical relationships. It facilitated in mapping the entities that comprise different domains of cyberspace and the dependencies within and across those entities. The second contribution of this thesis is the development of the foundations for an internally consistent and articulate representation of cyber-international relations in terms of actors- individuals and group of individuals, layers of the Internet and the context of cyber engagement that form the basis of the CSSD framework. This approach can be applied to diverse domains to build scenarios and model different facets of both the real world and cyberspace according to the practical needs. The instruments and intensity of engagement and the extent of time of engagement are the two dependencies that map the interactions among the different entities. The third contribution of this thesis is the development of a robust, comprehensive, and coherent test use-case based on "Intellectual Property Rights (IPR)" domain. The CSSD framework is then adapted to test its applicability to the use-case. IPR has been selected as the test use-case because it provided both the legal understanding and legislative efforts at international level, in as collaborative, effective and uniform manner as possible, to protect the rights of intellectual property owners and to avoid future conflicts. Thesis (S.M. in Engineering and Management)--Massachusetts Institute of Technology, Engineering Systems Division, 2010.; Cataloged from PDF version of thesis.; Includes bibliographical references (p. 117-130). 2010-01-01T00:00:00Z https://hdl.handle.net/1721.1/62632 A comparison of taxonomy generation techniques using bibliometric methods : applied to research strategy formulation Camiña, Steven L This paper investigates the modeling of research landscapes through the automatic generation of hierarchical structures (taxonomies) comprised of terms related to a given research field. Several different taxonomy generation algorithms are discussed and analyzed within this paper, each based on the analysis of a data set of bibliometric information obtained from a credible online publication database. Taxonomy generation algorithms considered include the Dijsktra-Jamik-Prim's (DJP) algorithm, Kruskal's algorithm, Edmond's algorithm, Heymann algorithm, and the Genetic algorithm. Evaluative experiments are run that attempt to determine which taxonomy generation algorithm would most likely output a taxonomy that is a valid representation of the underlying research landscape. Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2010.; Cataloged from PDF version of thesis.; Includes bibliographical references (p. 86-87). 2010-01-01T00:00:00Z https://hdl.handle.net/1721.1/61175 Text to Text : plot unit searches generated from English Nackoul, David Douglas The story of Macbeth centers around revenge. World War I was started by an act of revenge. Even though these two stories are seemingly unrelated, humans use the same concept to draw meaning from them. Plot units, revenge included, are the common set of structures found in human narrative. They are the mistakes, the successes, the revenges and the Pyhrric victories. They are the basic building blocks of stories. In order to build a computational model of human intelligence, it is clear that we must understand how to process plot units. This thesis takes a step in that direction. It presents an English template for describing plot units and a system that is capable of turning these descriptions into plot-unit searches on stories. It currently processes 26 plot units, and finds 10 plot units spread out over Macbeth, Hamlet, the E-R Cyber Conflict, and a collection of legal case briefs. Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2010.; Cataloged from PDF version of thesis.; Includes bibliographical references (p. 51). 2010-01-01T00:00:00Z