STANFORD CISAC SOCIAL SCIENCE SEMINAR Chaos and Coercion with Cyber Weapons: Technical and Organizational Dimensions
DATE AND TIME May 15, 2014 3:30 PM - 5:00 PM AVAILABILITY Open to the public No RSVP required ABSTRACT What's the worst a malicious actor can do on the Internet with 100 lines of code? What technical and organizational capacities could routinely cause such effects? How much would it cost to develop them and who can do it? It has become conventional wisdom among academic researchers that cyber weapons are relatively cheap, easy to produce, offensively advantaged, and destined to diffuse to all governments. The evidence used to make these points, however, is typically at the level of anecdotes related to how headache-inducing malware has propagated quickly and been authored by young individuals with some technical skills. Almost no extant research explores what is necessary to produce cyber power, and which aspects of those processes are most challenging. This presentation uses the example of a technical approach, global machine scanning, as a case study of how cyber operations capable of routinely causing large-scale effects may be organized. "Machine scanning" is a term for automated processes to explore the entire Internet space to find vulnerable devices and other computer systems that may be exploited to cause cyber and physical effects. I draw on machine scanning data to demonstrate how small inputs into complex technical systems can cause tremendous consequences -- including interrupting supply chains, disrupting entire business sectors, stopping critical infrastructure services, and denying use of a substantial fraction of the global Internet. While my analysis shows a guiding logic and many examples of new ways that cyber weapons could be used to cause chaos, I also explain the difficulties in linking such technical operations to broader bureaucratic processes and political decision-making. Chaos does not equal coercion. Incorporating the techniques I describe into a broader cyber warfare work flow is a separate and understudied challenge. BIO Tim Junio is a cybersecurity postdoctoral fellow at CISAC and received his PhD in political science from the University of Pennsylvania in 201. Dr. Junio’s dissertation focused on principal-agent problems among bureaucracies responsible for cyber operations in the United States, South Korea, and Taiwan, particularly focusing on the military “cult” of the cyber offensive. For the last several years, Dr. Junio has developed new cyber capabilities at the Defense Advanced Research Projects Agency (DARPA), and previously worked on cyber security strategy and analysis for the Office of the Secretary of Defense, RAND Corporation, and Central Intelligence Agency. LOCATION CISAC Conference Room Encina Hall Central, 2nd floor 616 Serra St. Stanford University Stanford, CA 94305 FSI CONTACT Catherine McMillan <camcm...@stanford.edu> http://fsi.stanford.edu/events/chaos_and_coercion_with_cyber_weapons_technical_and_organizational_dimensions/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
