April 15 - Cyber - Questions

[deholz]

Questions for Herb Lin, inspired by the week's readings:

1. Herbert Lin & Amy Zegart, Chapter 1 (Introduction) from Bytes, Bombs, and Spies
2. National Research Council, Summary section from At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues
3. Herbert Lin, “The existential threat from cyber-enabled information warfare” (Bulletin of the Atomic Scientists)
4. Herbert Lin and Jaclyn Kerr, “On Cyber-Enabled Information Warfare and Influence Operations” (Oxford Handbook of Cybersecurity)

Questions: Every week students will post one question here of less than 150 words, addressed to our speaker by Wednesday @ midnight, the day immediately prior to our class session. These questions may take up the same angle as developed further in your weekly memo. By 2pm Thursday, each student will up-vote (“thumbs up”) what they think are the five most interesting questions for that session. Some of the top voted questions will be asked by students to the speakers during class.

[elijahrain28]

I'm afraid this question is going to sound like a joke, but... does the term “cyber” detract from how seriously people take this? Especially people from my generation. I took a cybersecurity course in high school, and believe me, high schoolers are perfectly aware of how tacky and 80’s “cyber” sounds.

[fdioum]

Do you think that there is a solution to cyber security that wouldn’t impede upon certain rights that we currently have? More specifically speaking towards the propaganda aspect of cyber security, is there a way to reduce the likelihood of the cyber attack without censoring too much of people's freedom of speech and expression?

[seankoons]

How do you think cybersecurity will be compromised or improved with the use of AI and machine learning? I know currently that AI programs in cybersecurity use learning to be able to improve their cyber defenses when attacks happen (which increases response time), but can’t people also use AI and machine learning for attacking. In turn, is the AI able to learn from its mistakes and keep attacking until a solution is found?

[nicholas-rose]

In the first installment of Cixin Liu’s hit Chinese sci-fi trilogy, The Three Body Problem [1], (spoiler alert!) a super advanced alien race inhibits mankind from making crucial scientific developments by, among other methods, silently disrupting data and measurements. Consequently, many leading scientists begin to despair that progress in understanding our universe is futile.

Given the apparent success of Stuxnet in stalling Iran’s production of enriched uranium at Natanz, it seems that the approach of silently/secretly compromising crucial and high value systems can be extremely effective. It also seems plausible that states would have an interest in offensively disrupting or stalling foreign research or development in a wide variety of fields. Should we be worried about silent interference in cutting edge research (even if it’s unrelated to national defense), and how can we hope to overcome the extremely asymmetric nature of this threat?

[1] https://en.wikipedia.org/wiki/The_Three-Body_Problem_(novel)

[jasonshepp6]

In 2016, Russia launched a campaign of political misinformation to favor Donald Trump over Hillary Clinton in the presidential election. Russian bots took to social media to stoke up conspiracies against Clinton. While it is impossible to know what would have happened without Russia’s involvement, most political academics agree that the election-meddling had a significant impact on the populace.

With this event in mind, is Facebook responsible for allowing this misinformation to occur? Additionally, what actions, if any, should the United States government force Facebook to take in the wake of the 2016 election?

[dillanprasad]

Last year, in the midst of a global pandemic and racial strife that dominated the majority of the nation's attention, a significant shift in the corporate/political landscape of the country occurred that perhaps was not as publicly focused on. Congress began to call in prominent tech CEOs to testify on issues ranging from antitrust to individuals' data rights. This marked the beginning of what some believe will grow into a long, era-defining negotiation between big tech companies, the government, and individual citizens surrounding what the role of technology will be in our lives of tomorrow--and, to what extent and by whom, this influence is controlled. What is the role of the private sector in controlling cybersecurity and cyberwarfare? How might this role change in coming years when the government exerts more control over the operations of private sector tech firms?

[WinstonHartnett]

The decline of traditional newspapers and their less-scrupulous, more sensational replacements have often been cited as a cause of our modern information woes. Has the effectiveness of press institutions in filtering harmful content while not stifling debate been established?

On the other hand, very few disagree that large "information conglomerates" like Sinclair, Fox News, and CNN have harmful effects on rational public discourse. Should the government aggressively apply antitrust regulations against "information monopolies" as they would a steel, banking, or tech monopoly?

[c-krantz]

In recent years (especially with the rise of social media) military acts carried out by the United States such as airstrikes in Syria and Libya are often seen as unprovoked and, in some cases, unnecessary. Although “kinetic” attacks like these serve different purposes than cyberattacks, is it reasonable to believe that the President would prefer to conduct a cyberattack as opposed to a “kinetic” attack due to fear of political backlash? With that said, does the high level of classification of cyberattacks incentivize the President to use these powers more freely?

[smshiffrin]

What are your thoughts on the so-called 'algorithms' of social media platforms such as Instagram, Twitter, Facebook, etc. that analyze a user's preferences, and create a newsfeed perfectly tailored to their interests? Do you think these were established to simply enhance the user's experience, or were they established with the intent to isolate and polarize distinct communities on the Internet?

[abertodano]

Mr. Lin's comments on the "Coming Information Dystopia" highlight an important aspect of propaganda: its purpose is to excite the feelings of its audience, not to make coherent arguments. Though our news can be made more factual, will better logic ultimately remedy the polarized morals that motivate the acceptance of tailored, misleading, or false information in American society? Can the Enlightenment's emphasis on the mind address this issue, or can it only suppress symptoms?

[bdelnegro]

Can we prime individuals to discern between fiction, half-truths, and the truth?

If so, what methods might be used? Do 'inoculation' games like Bad News suffice or should other tactics be developed? Additionally, how might we best reach the subpopulations most vulnerable to manipulation?

If not, does the onus of preventing the proliferation of online misinformation fall on the private sector or government? What actions should/ can we expect them to take?

[TimGranzow7]

This week’s reading selections strongly emphasize how blurry the world of cyberwarfare, online security, and the “information state” truly is, particularly in regard to the actions of the US government and big data corporations. Information is constantly corrupted, falsified, taken advantage of, and presented to us in biased or ingenuine ways. Rapidly progressing technology means a constant war over information that ends with it being nearly impossible to distinguish the truth from a forgery. This clearly has ramifications for election fraud, and already we have seen misinformation tactics used throughout the country in local, state, and federal elections. How should we, as members of society, address this concern, assuming technology for combating the spread of misinformation only becomes more sophisticated. What happens when we can no longer trust any of our sources of information?

[shanekim23]

As some of the readings suggest, tradeoffs are inevitable for policy makers; and they often hesitate to improve cybersecurity because the issue of cyber attacks isn't as apparent. You mention the prospect of using existing market mechanisms (with improved flow of information), but with the awareness of cyber attacks at a critical low point, what is the best way to inform organizations about the possibility of falling victim to a cyber attack? In other words, how will you convince these organizations that cyber attacks are a legitimate threat to the prosperity of their company?

Also, If the media started to frame cyber attacks as they would frame "kinetic" attacks, do you think this would help us come to a societal realization that cyber attacks pose a serious threat to us? If not, what might help us come to a collective realization that we are in danger?

[ghost]

Do you think the private sector and the government can ever fully cooperate on measures to help solve the cybersecurity problem, or are the two going to develop their own solutions and ways to deal with the problem? Will politics get in the way of strong cybersecurity?

[starmz123]

How does the current media environment, particularly the rise of social media as a medium for issues discourse, affect the way in which we approach having nuanced and even-headed conversations about trade-offs and risks? For example, the current conversation around the FDA's decision to 'pause' the Johnson & Johnson vaccine rollout, or evaluating the risks of different existential threats and making the case that one is more likely and pressing?

[Samcorey1234]

How can we most diligently help communities decipher good and bad information? And, do we need more public community services to help people decipher accurate information from that which is false?

[jane-uc21]

An appealing and unique aspect of cyber offense is its potential reversibility (in contrast to the terminal loss of life and infrastructural damage done by kinetic warfare). If further regulated by international law to reduce risk of escalation, and technically advanced to ensure reversibility and precision, could cyber warfare be a more ethical alternative to kinetic warfare from a duty-bound perspective? Given that less permanent damage is done to resources, could it also be better from a pragmatic perspective? If so, what innovations and international agreements could facilitate this?

[louisjlevin]

Per my memo, what do you make of the premise of ethical hacking? Could penetration testing really provide a viable solution for governments and corporations looking to fortify their defences, or is the whole thing just too easily manipulated and ungovernable?

[blakekushner]

With relatively recent documentaries like "The Social Dilemma" and other issues surrounding social media, do you think there is anything to be done to "fix" how social media sites are run and how they function in society? Following that, do you think there is any way to turn social media into a place for useful information rather than spreading more disinformation?

[LucLampietti]

I have two separate questions. First, what role do you foresee blockchain playing in cybersecurity currently and down the road? Second, is holding corporations more responsible for ensuring their customer's digital security too much of a sacrifice for tech innovation to merit consideration?

[a-bosko]

In the excerpt from “Bytes, Bombs, and Spies” by Herbert Lin and Amy Zegart, the authors discuss possible escalation of conflicts that can arise from cyber-attacks. In one example, the authors mention that the use of a weapon that causes more damage than initially intended can cause an escalation of conflict, or in certain cases a full-out nuclear war.

How do we avoid this kind of escalation in order to prevent nuclear war? How do we keep the peace with other countries, especially since the internet is a global entity with no boundaries or borders?

[chakrabortya]

What does the cyber-insurance market that helps hedge against cybersecurity threats look like? Who are the key players and customers? How is it priced?

[stellaslorer]

Thinking about how cyber warfare might crystallize in the future, it seems like we are already at the beginning of the age of misinformation––instigated by Donald Trump and the notion of “fake news”. How would the ways that we combat and, hopefully, prevent cyber warfare differ when we think of this as an internal issue versus that coming from the outside?

[brettriegler]

What role does education and higher education play in educating the next generation about cyber security and cyber warfare? I went through the public school system in IL and learned all about nuclear weapons and conventional warfare but nothing about cyber warfare and cyber security. Not understanding cyber security can impact public opinion and therefore influence public officials and what course of action they take.

[janet-clare]

In the unfolding prospects of cyber conflict, there stand two possibilities, cyber/cyber, and cyber/kinetic. Cyber strategies and tactics are introducing a whole new strategy of warfare, that, at first glance anyway, may be arguably more bearable in that tactical physical violence appears to play less of a role. However, there are still potential human consequences to be considered, some imaginably just as devastating. What is your assessment of such a shift toward a more “sophisticated”, less barbarous form of military engagement? Are we capable? Or are we fooling ourselves?

Also,on a lighter note, I saw on the internet (so it must be true!) that you are a hobby magician. Could you show us some sleight of hand? :)

[AlexandraN1]

Cybersecurity is an area which could often benefit from the expert opinion of actors within the private sector. How do we enhance communication between private experts in technological issues and policy makers, without inappropriately increasing their power and influence to obtain private ends?

[scicerom]

Though many important issues of cybersecurity lie in implementation, most of this returns back to a search for methods that can be implemented, whether that be cryptographic research or network infrastructure planning. However, much of modern cryptographic research happens behind closed doors in organizations such as the NSA. In what ways is the non-scholastic and restrictive nature of such research positive for overall cybersecurity and in which ways is it the opposite? Is the answer different between countries or alliances?

[ZeyangPan]

According to the National Research Council, the use of offensive operations in cyberspace as an instrument to advance U.S. interests raises many important technical, legal, and policy questions that have yet to be aired publicly by the U.S. government.

Does the information indicate that a government can utilize cyberspace as a tool to advance its national interests? Should ordinary people worry about their cybersecurity being monitored by the government?

[EmaanMohsin]

International hacker groups like Anonymous have gained recognition for launching various cyber attacks against organizations and governments across the world. Although some describe them as "cyber terrorists" others believe they are "freedom fighters" exposing government and corporate corruption. How do you think the U.S should interact with these hacker groups? Should there be a push to criminalize individuals involved, or should we look into alliances in order to use their resources and potentially circumvent future attacks on the American government?

[benindeglia]

In this struggle for information, many groups have done cyber attacks against governance like our own to try and out corruption or terrible state secrets. With these documents, there is a push from the private sector and from government to focus on protecting their information and cyber space. Do you think this would result in an increase of tyrannical action and make government more secure in doing atrocities, since they are much more confident in it never seeing the light of day? How do we approach the issue of government security while still having government transparency and ease of access being a priority?

[BuffDawg]

The greatest threat of never-ending cyberwarfare seems to be the issue that, in the event of cyber attacks and threats, the perpetrators are not always easy to identify or distinguish. Does this hamper the possibility of coming to agreements to reduce or completely stop cyber war? Is it possible to develop methods to perfectly identify the source of future attacks?

[nobro011235]

In light of recent Russian meddling in the 2016 election, it seems more and more apparent that social media is an apt way to spread misinformation for political gains as a form of cyber warfare. The spread of anti-vaxxer sentiment on social media further drives home this point. Would you recommend stripping Americans of their "right" (in quotes because it's debatable) to say anything on social media platforms and switching to a single government source on such issues? Obviously it seems tough to trust the government with the dissemination of information, but the democratization of information seems extremely susceptible to cyberattacks.

[ydeng117]

In the realm of our cyberspace, it seems that nations are now following the law of the jungle. It seems nations can freely launch cyber warfares and those being attacked simply follow the tit-for-tat strategy. How should we create a war protocol for cyberwar among nations? What sanctions can be applied to make countries hold their liabilities in starting cyberwarfare? When we concern about cyber information security, how should we reconcile the conflict between protecting the authenticity of information and protecting people's freedom of speech? How should we interpret the action of social media platforms like Twitter permanently suspending Donald Trump's account?

[cdrovetsky]

Cyber warfare can specifically target finance and commerce, which is a relatively new "development" in warfare. Are we over emphasizing the threat of cyber attacks because we emphasize the importance of finance, commerce, and private property over the human cost of war?

[blakemoss]

There is massive financial potential in exploitative social media algorithms that herd users into radicalizing echo chambers. The internet is also seen by many as a bastion of free expression. How can we regulate these dangerous practices without encroaching on that perceived freedom and thus angering many internet users?

[cjcampo]

A statement from Lin & Zegart in reading 1 claims that "To date, academics and analysts have paid much more attention to cyber defense than to cyber offense" (4). To what extent is this true outside the scope of academics and analysts? That is, when considering antagonistic counterparties and rogue hackers, is the total humanpower on the side of defense really greater than that of the attack?

Consider, for example, deepfakes: I would imagine that the number of dedicated professionals and officials working to better our ability to detect deepfakes is far less than the total number of people working towards building out deep learning techniques to better deepfakes, or the people just toying around with the capabilities of deepfakes online. Should we really be discounting this?

[vtnightingale]

Much of the discussion in the readings was around the idea of how do governments and industries prevent cyber attacks on their interests. My question is how do we as citizens (mostly of the US) prevent our governments from using cyber attacks on other countries? Given the history of the US (and other former colonial states) in destabilizing other countries, either by indirectly or directly supporting coups, how do we prevent our government from doing so with state-of-the-art cyber capabilities and identifying when they in fact do so?

[Junker24]

My question for this week is:

With the trend of many industries moving towards online, Is there a greater risk associated with doing so? Such as banking, commerce, etc.

[omarh4]

Since the only real solution to a strong cyber offense is a cyber defense and vice versa, what are some safeguards we can realistically implement against cyber threats? As a Democratic, Westernized country, what additional measures can we take to ensure that our extra vulnerability to cyber attacks does not become a danger to our critical infrastructure systems?

[chasedenholm]

As cyber warfare increases its global presence, is strict regulation possible in any way? The low barrier to entry in the cyber space to me would indicate that it would be incredibly difficult to maintain any regulation. As we continue to advance different weapons in the cyber space and increase the use of cyber-related attacks, without strict regulation, do you think cyber warfare could replace conventional warfare? How do you think the two types of warfare might complement each other moving forward? 

[ChivLiu]

I heard that a lot of western countries using local cyberspies to access some governmental secrets for other countries, and those people are usually ones that think their home countries have failed them. My question is that will globalism reduce people's patriotism and become more likely to work for other countries that seem to bring them more benefits?

[sosuna22]

A lot of companies and governments have very good cyber security for themselves or at least try to protect themselves. However, many use third party platforms for miscellaneous purposes that can include significant information. I'm curious how governments and companies that share private information with these third party platforms can ensure the security of that information, given that they may not have the same level of resources?

[madisonchoi]

Giant social media and tech companies such as Facebook have perfected algorithms to pump out content and ads that suit our interests, consumption, desires, and hobbies perfectly - almost too perfectly. Firstly, do you think that these detailed algorithms that generated such specific and targeted ads have become, in a way, a version of an invasion of privacy? Secondly, is it even possible for the concept of privacy in the digital era to exist anymore? Every search on the internet, social media app, etc. is tracked and noted through data, so is it possible to have any amount of privacy when we are so engulfed by technology?

[brettkatz]

What do you believe are the incentives that resulted in university researchers and think tanks being shut out of cyber research, in contrast to nuclear research in the 1980s? Is it that in the past, for some reason, projects were generally declassified more often and thus researchers were privy to more information? Or was it that in the past researchers were given access to more classified information because there were fewer fears of leaks - spies were a thing but hacking information was less so.

[isabelmw]

What are your thoughts on doxxing/doxing? Any general comments or thoughts regarding its danger, use, etc. I'd be interested in -- I wrote my memo this week on some of the history of it and examples (HK protests, Boston Marathon, Neo Nazis, KKK).

[ishaanpatel22]

Misinformation and "fake news" is a massive issue facing our society, and this problem has been intensified by the ubiquitous use of social media. In your opinion, do you think fake news should be regulated, or is it the responsibility of the reader to distinguish fact from fiction? If it should be regulated, is it up to news platforms and social media sites, or an external force (like the government)?

[gracecwagner]

Where do you think the line is between freedom of speech and freedom of the press is in regards to social media in countries where these rights are constitutionally given?

[nataliamedina1202]

How does search engine usage contribute to the polarization of the political climate? Because search engines and algorithms can promote misleading information that align with individuals desired results, there is a serious threat that personal biases can be confirmed under the false illusion of ‘doing research’. How do these algorithms worsen the political divide in the United States, and what can be done about it without the risk of censorship?

[dramlochun]

With the increasing relevance and prevalence of Bitcoin and other cryptocurrencies, how are we going to prepare as a society for the impending, vast shift of economic transactions online through blockchain technology? There already are numerous questions about identity and identity theft by way of obtaining another person's key. Should the government take steps to try and regulate the exchange and trade of Bitcoin for example? If so, then how should disputes be settled? Should the judicial system settle it as it does in the present day for bank transactions? This solution isn't the most logical, however, given that human intervention defeats the ultimate purpose of blockchain technology. Ultimately, there are numerous questions surrounding the cybersecurity and regulation of Blockchain and who is responsible. Given the recent adoption of this currency by firms like Tesla, PayPal, Square, and more, why hasn't there been more conversation by policymakers about how we intend to protect civilians who will very soon need to use these technologies?

[laszler]

You mention that the methods of social media exploitation of cognitive biases (tweets, short videos, etc) are much more prevalent than they were two decades ago. Even ten years ago, I personally would not have been able to predict that social media would turn into what it is now in regard to malice and manipulation.

With this in mind, do you think that new, well-intentioned technologies have the possibility of being similarly coopted for exploitation of biases in the future, or have we reached a point where the capacity to do so has already been exhausted?