1 / 20

Dialectics of Cyber International Relations and Cyber Defense:  Towards a Strategic Research Program

Explorations in Cyber International Relations (ECIR). Dialectics of Cyber International Relations and Cyber Defense:  Towards a Strategic Research Program. John C. Mallery ( jcma@mit.edu ) Computer Science & Artificial Intelligence Laboratory Massachusetts Institute of Technology.

renata
Télécharger la présentation

Dialectics of Cyber International Relations and Cyber Defense:  Towards a Strategic Research Program

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Explorations in Cyber International Relations (ECIR) Dialectics of Cyber International Relations and Cyber Defense: Towards a Strategic Research Program John C. Mallery (jcma@mit.edu) Computer Science & Artificial Intelligence Laboratory Massachusetts Institute of Technology Presentation at theECIR Workshop onCyber International Relations: Emergent Realities of Conflict and Cooperation, MIT, Cambridge, October 14, 2010. OSD Minerva Research Project at Harvard & MIT Explorations in Cyber International Relations

  2. Overview • Activities Under ECIR • Strategic IR Research Program • Cyber Defense Strategy • Meta-power As IR Leverage Criteria • High-leverage Research Areas • Dialectics • Computational Politics • Selected Leverage Vignettes

  3. Activities Under ECIR • Stanley Cyber Monitoring & Analysis System • 5 document streams • Over 4k documents • Cross-organization Cyber Data Study • 5 themes: international interactions, crime, economics, defensive coordination, long-term transformations • Recommendations for cyber data collection • Over a dozen organizations • Cyber Defense Strategy • Work factor concept • Technology strategy • Today: Linking IR to Cyber Defense

  4. Strategic Research Program • How can we prioritize research on cyber international relations to focus on the highest leverage problems? • Exhaustive enumeration is slow • Recycling pre-existing disciplinary concepts may lack relevance or leverage • Approach • Link to cyber defense strategy • Identify cyber fueled processes that drive strategy-relevant reallocations power, wealth, knowledge, cultural attractiveness, welfare • Elucidate those processes

  5. What is cyberspace? • Interdependent network of information technology infrastructures (NSPD54/HSPD23) • Internet • Telecommunications networks • Computer systems • Embedded processors • Controllers in critical industries • Virtual environment of information and interactions between people (NSPD54/HSPD23) • US Military: • Electro-magnetic spectrum • Information operations • C4ISR, space • Supply chains for IT • Computers, networks, software, crypto, id mgt., etc.

  6. Big Elephant: High Cognitive DifficultyDue Vast Cross-Cuts • Cyber insecurity has manifestations across the range of human activities where there is value • Business • Defense • Society • Technological basis of crisis is difficult to apprehend • Current COTs failures • 40 years of traditional computer security • Future: transformational computing & networking • Policy and legal responses are difficult • Cyber spans most traditional policy domains • Received legal concepts and categories are blurred • Best organizational modes unclear • Responses often reflectdisjointed incrementalism • Analytical reductions based onreceiveddisciplinary lenses (analogies) • Proposed solutions based on repurposed concepts • Creation of integrative frameworks) is essential • Enables cumulation across disciplines and knowledge areas

  7. DoD Cyber Strategy • William J. Lynn, Deputy Secretary, DoD • Foreign Affairs, August, 2010 • NATO, September, 15 • CFR, September 30 • Vast vulnerabilities & critical reliance • Military/Intel • Critical infrastructure • Private sector • Five pillars • Domain of warfare • Active & timely defense • Protection of critical infrastructure • Collective defense with allies • Technological leverage

  8. Strategic Approach • Transform US cyber-infrastructures to: • Resist attacks and continue to function under adversity • Enhance confidence in computation and communications • Enable rapid adoption of new technological advances • Strength competiveness via improved agility, effectiveness, and learning • Vision • Trustworthy systems and resilient society • Articulation of roles and responsibilities • Alignment of guiding images • Integrative Framework • Effective application of resources • Coordinated division of labor • Common language • Dynamic refinement • Objectives • Prioritized • Risk adjusted • Time horizons • Implementing strategies • High leverage • Synergistic moves

  9. Defensive Complexity Analysis • Response to cyber asymmetries requires high leverage solutions • Application to the entire attack value cycle (financial, political-military) • Time frames: Short-term (0-2 yrs), medium-term (2-5 yrs), long-term (5-10 yrs) • Security meta-metrics focus on difficulty of attacker or defender tasks • Work factor (WF) is the difficulty of executing tasks • Analogous to computational difficulty in cryptography • Extends beyond the technical designs to domain embeddings (cyber operations research) • Dimensions of work factors • Resources • Computational complexity (mathematical leverage) • Cost (often related to complexity) • Expertise and Knowledge (technical specialties, domain knowledge) • Planning, execution and information management • Cognitive difficulty (model as formulation of non-linear plans and counter plans) • Learning difficulty (reversing obfuscation, devising new tactics or approaches) • Organizational effectiveness/dysfunction (integration, learning, structure, psychology) • Risk • Uncertainty (confidence, incomplete information) • Culture (risk acceptance or aversion) • Information differential gain/loss (innovation, leakage by insider, espionage, diffusion) • Make technical or policy moves that cumulatively • Impose hard problems on attackers (prefer geometric impact) • Facilitate coordinated defense (eliminate multipliers)

  10. Defensive Strategy Decomposition:Planes of Action • Leadership organization • Policy community • Technology visionaries • Domain architects • Cyber technology base • IT capital goods industry • Telecommunications operators • Identity management & crypto sectors • Standards bodies and certification/accreditation authorities • Public sector domains • Military & intelligence systems • Government systems • Defense industrial base • Private sector domains • Critical infrastructure • Research and education infrastructure • Supply chain • Major enterprise • Smaller enterprise • Consumer • International cooperation • Allies • Trading partners • Regional or issue groups • Global • International competition • Mutual understandings • Declaratory policies • Norms

  11. Solutions vs. Mitigations • Solution Domains (10-30 years) • Science, technology, engineering • R&D infrastructure • Human capital • IT capital goods industrial organization • Critical infrastructures • Threat mitigation domains • Information assurance management • International cyber crime law enforcement • Cooperative engagement (like minded) • International norms (agreements 10+ yrs) • Deterrence (cross domain responses)

  12. Meta-power (BBB) As Leverage Framework • Power: Set of action possibilities and payoffs for actors within an interaction framework • Meta-power: Action possibilities that change the distribution of power resources among actors (Deutsch: Nth order power) • Strategic Competition: Contention over meta-power resources • Leverage: Impact of cyber-fueled international processes on national strategies

  13. High-leverage Research Areas • Information Diffusion • Economic strategy based on knowledge activities becomes problematic • Globalization • National location of key industries (and spread effects) more difficult • Cyber-enabled organizational learning => higher adaptive capacities • Race for more effective organizations as a basis for national advantage • Computational support for cyber decision-making and understanding • Modeling, mechanism design, precedent reasoning, game theory, grammars of action • Cultural interpenetration • Global digital ecumene -> clash of civilizations or transcendence? • Empowerment of small groups • Ability of “terrorists” to organize and cause trouble

  14. Dialectics • Information assurance is slippery with many potentially self-defeating moves • Centralization -> aggregation of threat • Standardization -> low diversity -> scale economies of attack • Conservation of threat -> attacks move to weaker surfaces • Two definitions of dialectics: • Process and complement process • Action and reaction

  15. Examples of Cyber Dialectics • Ready access to S&T knowledge • Faster research cycle within countries • Unprecedented rates of global knowledge diffusion • Empowers global business operations (e.g., IT sector) • More efficient resource utilization • More conflict over loci of production • Virtual concentration of dispersed groups • Critical mass to articulate knowledge interests • Critical mass to organize insurgencies or nihilistic actions • Informationalized militaries (e.g., GIG) • Global power projection (Gulf War 1 forward) • Asymmetric power projection (cyber war) • More effective bureaucracy • Improved domestic operations, law enforcement, transparency • Reduced autonomy of the state (via network interpenetration, higher scrutiny)

  16. Computational Theories of Politics and IR • Karl Deutsch • Political cybernetics and systems dynamics • Integration theory • Hayward Alker • Mathematical politics (limits – degrees of freedom, structural change) • Systems dynamics (limits – structural transformation) • Generative grammars (limits – descriptive) • AI and text-interpretive theories of IR (learning, meaning) • Dialectics of world order • Herbert Simon • AI and political science (search paradigm) • Computational search in organizations (“bounded rationality”) • Lloyd Etheredge • Government learning (1985) (psychology and structure) • John Mallery • Computational politics (1988) • Application of computational models of cognition to IR

  17. CyberSocial Systems • Networking and computation spread ubiquitously 1992-2010 • Cyberphysical systems • Now: • Computers provide cognitive prosthetics • Networks link human-computer cognitive systems • Speed -> gain in systems • Faster rates of interaction • Global immediacy • Co-evolution and interpenetration of cyber systems and biological cognition • Computational analytical frameworks needed • Individual => social network => organization

  18. Digital Noosphere(Tailard Desjardins) • Collective knowledge of humanity • Under active assembly on the Web today • Culture becomes digital • Expectation of increasing cultural gain • Organizational adaptation requires increased rates of learning • Faster interactions (digital diplomacy) • More informationmarshaled • Better knowledge: Conflict vs. homogenization • Major challenge of modernity • Networked global ecumene • Opportunities for broader international integration • Clash of cultures: West, Islam, South Asia, East Asia

  19. Globalization (World System Analysis) • Reinforces and extends ability of transnational firms to coordinateglobalproduction • Increases centripal impact on loci of production • Reduces state sovereignty, but some states can influence firms’ locationalcalculi (e.g., China) • New Neo-mercantilism (world order threat) • Competition for future industries • Lock-in of raw materials and new markets (e.g., Africa) • “Currency wars” • Refocus on developmental economics • “Conditioned development” (Cardoso) • “Spread effects” (Myrdal), “staple theory” (Innis) • Industrial policy helps understand emerging powers • Necessary strategy for national economic renewal

  20. Strategic Research Program • How can we prioritize research on cyber international relations to focus on the highest leverage problems? • Exhaustive enumeration is slow • Recycling pre-existing disciplinary concepts may lack relevance or leverage • Approach • Link to cyber defense strategy • Identify cyber fueled processes that drive strategy-relevant reallocations power, wealth, knowledge, cultural attractiveness, welfare • Elucidate those processes

More Related