Tufts Democrats: What did you think?
The Tufts Democrats got an earful from me about how US foreign policy on cyberspace hasn’t advanced significantly in fifteen years. I complained that a whole lot of basic questions haven’t been settled, and drew on some key national documents to verify that is the case.
They were more impressed with my rapid-fire interactive summaries of Hollywood takes on cyberwar and cyber dystopia. Or so they tweeted.
Jumbos: what did you think? Please post in the comments. Thanks!
Whither Cyberspace?
I gave a talk this morning about cyberspace at the Fletcher Doctoral Conference 2011. It was a panel with renowned expert Greg Rattray (FF’98), Professor William Martel, and Col. Tom McCarthy (FF’12+).
On one level, the topic was whether cyberspace is a domain and why. In another sense, it was a talk about why we’re still talking about that. With so much ink spilled since the 1990s on strategy of cyberwar, cyberattack, and cyber defense, why are we still dithering over first principles? And is there any practical effect? Is the domain determination consequential, specifically with regard to the organs of government and military to protect American interests.
Many of the hot current issues got raised during the Q&A:
- How do we prepare government and the military to share responsibility for cyberspace with the private sector?
- How do we characterize the risks of cyber attacks, and can we have any useful measures of them?
- What is the government empowered to do on our behalf?
- What makes attribution difficult, or even different, in cyberspace?
- Why not simply refer nonstate cyber attacks to the relevant authorities in the host country?
R resources for Tufts grad students
This is a quick post with links that I thought could be useful for a Tufts graduate student. What’s useful for one might be useful for others.
Econometrics in R
http://cran.r-project.org/web/views/Econometrics.html
Graphical presentation of regression results
http://tables2graphs.com/doku.php?id=04_regression_coefficients
A good site for Stata users that want to learn R
http://www.statmethods.net/
UCLA’s library for R beginners
http://www.ats.ucla.edu/stat/r/
StackExchange for statistics
http://stats.stackexchange.com/
One Question for Hank Greenberg
What would you ask Hank Greenberg if you were seated at his table at lunch? I’m attending a talk tomorrow at the Fletcher School. Please post questions for Greenberg in the comments.
Network mapping roundup
You’ve got a complex system that you would like to map. Where do you start?
Of course the answer is, “Stop. Put down the pen. Ask yourself what the map must communicate.”
But once you’ve got a clear idea about that, and therefore the data you need to gather, and the way you’d like to analyze that data, … you may well need some new tools. Read the rest of this entry »
Current events for Beth’s class
Beth Chalecki asked me to give a talk on cyber security for her course at Boston College. While I won’t post the slide deck here, I will compile a reading list on the blog. I’d like to note that the blogroll at right includes several of the big names in the field: Bruce Schneier, C. Warren Axelrod, Ross Anderson, David Rice, Alessandro Acquisti, and others.
Documents
- National Strategy to Secure Cyberspace (US-CERT)
- Cyberspace Policy Review (White House Office of Cybersecurity)
- Presidential Decision Directive 63 (Clinton via FAS)
- US Cyber Command fact sheet and website
News items
- Stuxnet
- Ghostnet
- Estonia
- Georgia
- Rod Beckstrom
- Howard Schmidt
- William Lynn discusses the cyber domain in Foreign Affairs
Academic works
- Technology, Policy, Law and Ethics Regarding US Acquisition of Cyberattack Capabilities (Owens, Dam and Lin, eds.), full text at Macarthur Foundation
- Proceedings of a Workshop on Deterring Cyber Attacks (National Research Council Committee on Deterring Cyberattacks, Steinbruner, chair) *
- Building Security In (Gary McGraw and US-CERT)
- Cyber Warfare and Cyber Terrorism (Janczewski and Colarik, eds.)
- Cyberpower and National Security (Kramer, Starr and Wentz, eds.)
- Cyberpower (Nye)
- Cybersecurity Agenda (EastWest Institute)
- Commission on Cybersecurity for the 44th Presidency and their final report
- International Guide to Cyber Security (Westby)
* Beth: if you’d like to tackle cyber deterrence, Lukasik’s conference paper in these Proceedings (eds. Steinbruner et al., 2010, pp 99-111) is an interesting departure point for debate.
Any way they wants to say it.
Thank you to John McWhorter for correcting my needlessly didactic campaign against the singular usage of the pronoun “they.”
According to McWhorter: if a linguist ran an elementary school, they would chuck the principle that singular third person pronouns can only come in the varieties “he,” “she,” “he or she,” and such ugly postmodernisms as “s/he.” How I have mistreated my students. All I can say is I hoped spare them the wrath of fellow overzealous grammarians.
He’s got further ammunition for Star Trek fans: fascination with split infinitives and sentence-ending pronouns was an alien effort to port Latin grammatical rules into English, not an effort to reflect well spoken English.
My blog doesn’t depress wages
I’m going to go out on a limb here and say Paul Bradshaw is wrong. The argument goes like this: drive up the supply of journalists, drive down the unit price of a story. Sounds fine, until you think through the argument more carefully. It only matters that hacks bloggers are giving away drivel content for free if their competition drives wages down.
What reduces the value of something economically? Increased supply or reduced demand are two key factors. And indeed, journalism as a profession has been consistently devalued economically as a result of one of those factors: increasing numbers of people who want to be journalists and who will work for free, or for low wages. The result is that the wages of journalists are very low – a pattern which predates the internet and the rise of blogging, etc.
This is rife with the same fallacies that convinced Lou Dobbs that unskilled immigrant labor drives down middle class American wages. Bradshaw’s pseudo-economic analysis treats journalists like fungible, undifferentiated commodities, just about the same as feed corn.
There are lots of markets where giving some stuff away doesn’t make the other stuff worthless. In fact, free-beer software creates entire business ecosystems for software, hardware, and services. Strategic giveaways are good business strategy. For more on that, read Tapscott and Williams or Chris Anderson.
Then there’s the question of whether blogs and papers are in the same market. They’re not. Newspapers do the hard job of editing: screening, curating, and fact-checking stories. The whole reason that you’ll pay to read the Financial Times but not my blog is because of their hard-won reputation for excellence.
If your newspaper is printing roundups of the “Here’s what the blogs are saying about…” variety, it’s time to switch your subscription.
Open Letter to Social Science Research Network
Dear SSRN:
If any of my works exist on your server, and if you intend to exploit them commercially, I wish to negotiate for a share of the revenues. I hereby opt out of any commercial exploitation of my works, either for a fee or as a free addendum to another commercial service, subject to further negotiation.
You may use works I have uploaded to your site prior to today under a CC-BY-NC-SA Creative Commons license. Details are available here. http://creativecommons.org/licenses/by-nc-sa/3.0/
Sincerely,
Ben Mazzotta
Cyber Shield newest mixed metaphor
This is the latest example of what’s wrong the metaphor of cyberspace for information security. Cyberspace isn’t a space. Cyber attacks don’t involve thrown projectiles or spears. A shield won’t bat them down. The meat of the policy is buried: look how little attention is devoted to the five points in the last paragraph quoted below.
If he had said that installing Norton Internet Security on every computer in America was the definition of a cyber shield, or ordering drone attacks against suspected zero-day-threat writers, or requiring American companies to write back doors for the feds into encryption, or mandating the use of federally issued firmware in critical industries….well, then that would be the definition of a cyber shield. It’s a completely empty term.
US urges NATO to build ‘cyber shield’
(AFP) – Sep 15, 2010BRUSSELS — NATO must build a “cyber shield” to protect the transatlantic alliance from any Internet threats to its military and economic infrastructures, a top US defence official said Wednesday.
Cyber security is a “critical element” for the 28-nation alliance to embrace at its summit of leaders in Lisbon on November 19-20, US Deputy Defence Secretary William Lynn said in Brussels.
“The alliance has a crucial role to play in extending a blanket of security over our networks,” Lynn said.
“NATO has a nuclear shield, it is building a stronger and stronger defence shield, it needs a cyber shield as well,” he said at a forum hosted by the Security & Defence Agenda think-tank. Read the rest of this entry »
