[liberationtech] Chaos and Coercion with Cyber Weapons: Technical and Organizational Dimensions - FSI Stanford

Mon May 12 20:00:04 PDT 2014

STANFORD CISAC SOCIAL SCIENCE SEMINAR

Chaos and Coercion with Cyber Weapons: Technical and Organizational Dimensions  

DATE AND TIME

May 15, 2014
3:30 PM - 5:00 PM

AVAILABILITY

Open to the public
No RSVP required

ABSTRACT

What's the worst a malicious actor can do on the Internet with 100 lines of code? What technical and organizational capacities could routinely cause such effects? How much would it cost to develop them and who can do it?

It has become conventional wisdom among academic researchers that cyber weapons are relatively cheap, easy to produce, offensively advantaged, and destined to diffuse to all governments. The evidence used to make these points, however, is typically at the level of anecdotes related to how headache-inducing malware has propagated quickly and been authored by young individuals with some technical skills. Almost no extant research explores what is necessary to produce cyber power, and which aspects of those processes are most challenging.

This presentation uses the example of a technical approach, global machine scanning, as a case study of how cyber operations capable of routinely causing large-scale effects may be organized. "Machine scanning" is a term for automated processes to explore the entire Internet space to find vulnerable devices and other computer systems that may be exploited to cause cyber and physical effects.

I draw on machine scanning data to demonstrate how small inputs into complex technical systems can cause tremendous consequences -- including interrupting supply chains, disrupting entire business sectors, stopping critical infrastructure services, and denying use of a substantial fraction of the global Internet.

While my analysis shows a guiding logic and many examples of new ways that cyber weapons could be used to cause chaos, I also explain the difficulties in linking such technical operations to broader bureaucratic processes and political decision-making. Chaos does not equal coercion. Incorporating the techniques I describe into a broader cyber warfare work flow is a separate and understudied challenge.

BIO

Tim Junio is a cybersecurity postdoctoral fellow at CISAC and received his PhD in political science from the University of Pennsylvania in 201. Dr. Junio’s dissertation focused on principal-agent problems among bureaucracies responsible for cyber operations in the United States, South Korea, and Taiwan, particularly focusing on the military “cult” of the cyber offensive. For the last several years, Dr. Junio has developed new cyber capabilities at the Defense Advanced Research Projects Agency (DARPA), and previously worked on cyber security strategy and analysis for the Office of the Secretary of Defense, RAND Corporation, and Central Intelligence Agency.

LOCATION

CISAC Conference Room
Encina Hall Central, 2nd floor
616 Serra St.
Stanford University
Stanford, CA 94305

FSI CONTACT

Catherine McMillan <camcmill at stanford.edu>

http://fsi.stanford.edu/events/chaos_and_coercion_with_cyber_weapons_technical_and_organizational_dimensions/