DOCSLIB.ORG

Public Cyberinstitutions: Signaling State Cybercapacity by Nadiya Kostyuk

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Public Cyberinstitutions: Signaling State Cybercapacity by Nadiya Kostyuk Public Cyberinstitutions: Signaling State Cybercapacity by Nadiya Kostyuk A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Political Science) in the University of Michigan 2020 Doctoral Committee: Professor James D. Morrow, Co-chair Assistant Professor Yuri M. Zhukov, Co-chair Professor John Ciorciari Professor Susan Landau Assistant Professor Tamar Mitts Professor Nicholas Valentino Nadiya Kostyuk [email protected] ORCID iD: 0000-0003-0596-5752 ©2020 Nadiya Kostyuk For Anastasia, Valentyna, Joan & Amanda. ii Acknowledgments Over a decade ago I left my family in Ukraine in search of a better education. Many people supported me on this journey and, in particular, during my doctoral studies at the University of Michigan (UoM). The members of my dissertation committee provided their support, guidance, patience, understanding, and encouragement throughout this process and were flexible in working with me remotely during the dissertation writing process. Most importantly, I thank them for agreeing to supervise a cybersecurity-centered dissertation—a rather novel topic in political science in which none of the committee members specialized. My dissertation tremendously benefited from close supervision of my dissertation chairs, James D. Morrow and Yuri M. Zhukov. I thank Jim for always being available to discuss how my ideas on cybersecurity fit into the larger international relations picture. I thank Yuri for seeing potential in my cybersecurity research during my first year of graduate school when very few considered this an issue worth studying. John Ciorciari, both as my committee member and as a Director of the International Policy Center at the Ford School, was instrumental in advising me how to advance my ideas within the international policy context. Nick Valentino’s positive and welcoming attitude helped me build confidence in my own work. Susan Landau was the best mentor I could have asked for during my pre-doctoral fellowship at the the Fletcher School. From her, I learned iii how to write about policy and technology. Tamar Mitts was an invaluable member of my committee when I was moving away from Ann Arbor even though she was going throughout many life transitions of her own. Besides my committee, I am grateful to many other UoM faculty members whose insight shaped and sharpened my intellectual thinking: Christian Davenport, Lisa Disch, Chris Fariss, Pauline Jones, Nachomi Ichino, Arthur Lupia, Walter Mebane, Robert Mickey, Ragnhild Nordås, and Iain Osgood. My scholarship has tremendously benefited from rigorous discussions at the Conflict & Peace, Research & Development and the Political Economy Workshop. My fellow graduate students at the department—Kiela Crabtree, Yiland Feng, Deanna Kolberg, Bomi Lee, Jieun Lee, Todd Lehmann, Anil Menon, Blake Miller, Steven Moore, Marzia Oceno, Thomas O’Mealia, Anita Ravishankar, Sine´ad Redmond, Corina Simonelli, James Stickland, Jessica Sun, Roya Talibova, Michael Thompson-Brusstar, Sasha de Vogel, Carly Wayne, Princess Williams, Alton Worthington, Nicole Wu, Nicole Yadon, and Kirill Zhirkov—also left their intellectual mark on my formation as a scholar and made my time in graduate school very memorable. Lastly, the close friendships that I formed outside of the department with Koustav, Laura, Poonam, Renato, Sampurna, and Thembie were my support systems and kept me intact during difficult times. My research has also benefited from the support of the Belfer Center for Science and International Technology at Harvard’s Kennedy School, the Department of Computer Science and the Fletcher School of Law and Diplomacy at Tufts University, and the Cybersecurity, Internet Governance, Digital Economy, and Civic Tech Initiative at Columbia University’s School of International and Public Affairs. Intellectual conversations with Michael Sulmeyer, Ben Buchanan, Trey Herr, Russell Stuart and Ivan Arregu´in-Toft helped me better connect my academic research to ongoing policy conversations. Fiona Cunningham and Greg Falco became my life-long friends and made my time in Cambridge unforgettable. Cybersecurity lunches at Tufts University with Jared Chandler, Amanda Current, Kathleen Fisher, Jeff iv Foster, Carolyn Gideon, Jeff Taliaferro, and Josephine Wolff sharpened my understanding of the technical side of cybersecurity and taught me how to explain my research to an interdisciplinary crowd. I must thank my McNair family who I met when participating in the Ronald E. McNair Post-Baccalaureate Achievement Program during my undergraduate studies at John College of Criminal Justice at the City University of New York. Its Associate Director, S. Ernest Lee, introduced me to the American system of education and provided guidance on how I, a new immigrant, could survive in the Big Apple. My mentors, Dr. Peter Romaniuk and Dr. Gail Garfield, introduced me to scientific research and helped me understand that pursuing intellectual curiosity was my calling. Lastly, I must thank my family—Anna, Adam, and Valentyna—who left their comfortable lives in Ukraine and crossed the ocean to join me in the United States to fulfill our American dream. I am also grateful to my new family that I met in the United States—Michael, Yani, Carol, Dennis, Sean, Kayla, Ryan, Jamie, Richard, Suzanne, Sylvia, Michael, Steven, and Giovanni—who opened the doors of their houses to a complete stranger and made me feel at home. There are no words to describe how grateful I am to my life partner, Jon, who taught me how to appreciate and enjoy my life in the Big Apple, be a true New Yorker, and who has been my rock throughout all these years. I devote this dissertation to my grandmothers—Anastasia, Valentyna, Joan, and Amanda—who remain puzzled as to why it took me so long to obtain a degree, studying something that they cannot completely understand, but whose wisdom and unconditional love have been guiding me in life. v Contents Dedication ii Acknowledgments iii List of Figures viii List of Tables ix Abstract xi Chapter 1 Introduction 1 1.1 Public Cyberinstitutions . 1 1.2 Organization of the Dissertation . 5 1.3 Policy Implications . 9 Chapter 2 Debates over Cybersovereignty as a Driver of Global Cybersecurity Strategy Diffusion 11 2.1 Diffusion of Cybersecurity Strategy . 13 2.2 Additional Alternative Explanations . 17 2.3 Data . 21 2.4 Empirical Strategy . 29 2.5 Findings . 31 2.6 Discussion and Implications . 40 2.7 Appendix . 44 Chapter 3 Diffusion of State Military Cybercapacity: The Theory of Complementarity In Alliances 62 3.1 Signaling State Military Cybercapacity . 65 3.2 Theory of Complementarity of Military Cybercapacity . 70 3.3 Alternative Explanations . 73 3.4 Data . 77 3.5 Empirical Strategy . 82 vi 3.6 Findings . 85 3.7 Discussion and Implications . 93 3.8 Appendix . 96 Chapter 4 Deterrence in the Cyber Realm: Public versus private cybercapacity 126 4.1 Public Cyberinstitutions . 132 4.2 The Theory of Cyber Deterrence . 134 4.3 Comparative Statics . 146 4.4 Evidence . 151 4.5 Discussion and Implications . 160 4.6 Appendix . 164 Chapter 5 Limitations and Future Research 196 5.1 Public Cyberinstitutions: Causes and Effects . 196 5.2 Limitations and Next Steps . 198 Works Cited 205 vii List of Figures 1.1 Targets of Major Cybercampaigns (1999-2016) ................... 2 1.2 Distribution of State Cybercapacity (1999-2016) .................. 4 2.1 Adoption of National Cybersecurity Strategies over Time . 12 2.2 Diffusion of Cybersecurity Strategies (2000-2018) . 24 2.3 Summary of the Interviews .............................. 44 2.4 Correlation Plot: Yearly Data ............................ 55 3.1 New Cybersecurity Responsibility versus New Cybersecurity Military Agency over Time .......................................... 63 3.2 Initiation of Military Cyberapparatuses by NATO countries . 64 3.3 Diffusion of Military Cybercapacity (1999-2018) . 78 3.4 Competing Risks Scheme ............................... 83 3.5 Summary of the Interviews .............................. 96 3.6 Correlation Plot: Yearly Data ............................ 109 3.7 Robustness Checks: Alternative Dependent Variable . 125 4.1 Relationship between Defender’s Type and Overall Cybercapacity as a Function of Iθ ............................................ 139 4.2 Equilibria and Challenger’s Types . 141 4.3 Defender’s Pure Strategy Actions when Facing an Opportunistic Challenger . 144 4.4 Number of Interviews per Country (February-December 2018) . 152 4.5 Extensive Form Game Tree of Deterrence by Public Cyberinstitutions . 168 5.1 Diffusion of State Cybersecurity Organizations (1987-2018) . 203 viii List of Tables 2.1 Variables and their Sources Included in the Analysis . 28 2.2 Influence of strategies of cybersovereignty opponents and threat environment on national strategy adoption (hazard ratios) ...................... 32 2.3 Robustness of diffusion via strategies of cybersovereignty opponents: Alternative network measures (hazard ratios) .......................... 33 2.3 Robustness of diffusion via strategies of cybersovereignty opponents: Alternative network measures (hazard ratios) .......................... 35 2.4 Robustness of diffusion via strategies of cybersovereignty opponents: Cumulative influence of alternative network measures (hazard ratios) . 36 2.5 Robustness of diffusion via strategies of cybersovereignty opponents: Alternative measure of the adopted strategies (hazard ratios) . 37 2.6 Robustness of diffusion via strategies of cybersovereignty opponents: Alternative Model Specification (odds-ratios) ..........................
Load more

Recommended publications
  • Cybersecurity Activities at NIST's Information Technology Laboratory
    CYBERSECURITY ACTIVITIES AT NIST’S INFORMATION TECHNOLOGY LABORATORY HEARING BEFORE THE SUBCOMMITTEE ON TECHNOLOGY AND INNOVATION COMMITTEE ON SCIENCE AND TECHNOLOGY HOUSE OF REPRESENTATIVES ONE HUNDRED ELEVENTH CONGRESS FIRST SESSION OCTOBER 22, 2009 Serial No. 111–59 Printed for the use of the Committee on Science and Technology ( Available via the World Wide Web: http://www.science.house.gov U.S. GOVERNMENT PRINTING OFFICE 52–857PDF WASHINGTON : 2010 For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512–1800; DC area (202) 512–1800 Fax: (202) 512–2104 Mail: Stop IDCC, Washington, DC 20402–0001 COMMITTEE ON SCIENCE AND TECHNOLOGY HON. BART GORDON, Tennessee, Chair JERRY F. COSTELLO, Illinois RALPH M. HALL, Texas EDDIE BERNICE JOHNSON, Texas F. JAMES SENSENBRENNER JR., LYNN C. WOOLSEY, California Wisconsin DAVID WU, Oregon LAMAR S. SMITH, Texas BRIAN BAIRD, Washington DANA ROHRABACHER, California BRAD MILLER, North Carolina ROSCOE G. BARTLETT, Maryland DANIEL LIPINSKI, Illinois VERNON J. EHLERS, Michigan GABRIELLE GIFFORDS, Arizona FRANK D. LUCAS, Oklahoma DONNA F. EDWARDS, Maryland JUDY BIGGERT, Illinois MARCIA L. FUDGE, Ohio W. TODD AKIN, Missouri BEN R. LUJA´ N, New Mexico RANDY NEUGEBAUER, Texas PAUL D. TONKO, New York BOB INGLIS, South Carolina PARKER GRIFFITH, Alabama MICHAEL T. MCCAUL, Texas STEVEN R. ROTHMAN, New Jersey MARIO DIAZ-BALART, Florida JIM MATHESON, Utah BRIAN P. BILBRAY, California LINCOLN DAVIS, Tennessee ADRIAN SMITH, Nebraska BEN CHANDLER, Kentucky PAUL C. BROUN, Georgia RUSS CARNAHAN, Missouri PETE OLSON, Texas BARON P. HILL, Indiana HARRY E. MITCHELL, Arizona CHARLES A. WILSON, Ohio KATHLEEN DAHLKEMPER, Pennsylvania ALAN GRAYSON, Florida SUZANNE M.
    [Show full text]
  • Potential Hazards of the Protect America Act
    University of Pennsylvania ScholarlyCommons Departmental Papers (CIS) Department of Computer & Information Science January 2008 Risking Communications Security: Potential Hazards of the Protect America Act Steven M. Bellovin Columbia University Matthew A. Blaze University of Pennsylvania, [email protected] Whitefield Diffee Sun Microsystems Susan Landau Sun Microsystems Peter G. Neumann SRI International Follow this and additional works at: https://repository.upenn.edu/cis_papers See next page for additional authors Recommended Citation Steven M. Bellovin, Matthew A. Blaze, Whitefield Diffee, Susan Landau, Peter G. Neumann, and Jennifer Rexford, "Risking Communications Security: Potential Hazards of the Protect America Act", . January 2008. Copyright 2008 IEEE. Reprinted from IEEE Security and Privacy Magazine, Volume 6, Issue 1, January 2008, pages 24-33. This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to [email protected]. By choosing to view this document, you agree to all provisions of the copyright laws protecting it. This paper is posted at ScholarlyCommons. https://repository.upenn.edu/cis_papers/368 For more information, please contact [email protected]. Risking Communications Security: Potential Hazards of the Protect America Act Abstract A new US law allows warrantless wiretapping whenever one end of the communication is believed to be outside national borders.
    [Show full text]
  • Don't Panic: Making Progress on the 'Going Dark' Debate
    Foreword Just over a year ago, with support from the William and Flora Hewlett Foundation, the Berkman Center for Internet & Society at Harvard University convened a diverse group of security and policy experts from academia, civil society, and the U.S. intelligence community to begin to work through some of the particularly vexing and enduring problems of surveillance and cybersecurity. The group came together understanding that there has been no shortage of debate. Our goals were to foster a straightforward, non-talking-point exchange among people who do not normally have a chance to engage with each other, and then to contribute in meaningful and concrete ways to the discourse on these issues. A public debate unfolded alongside our meetings: the claims and questions around the government finding a landscape that is “going dark” due to new forms of encryption introduced into mainstream consumer products and services by the companies who offer them. We have sought to distill our conversations and some conclusions in this report. The participants in our group who have signed on to the report, as listed on the following page, endorse “the general viewpoints and judgments reached by the group, though not necessarily every finding and recommendation.” In addition to endorsing the report, some signatories elected to individually write brief statements, which appear in Appendix A. Our participants who are currently employed full-time by government agencies are precluded from signing on because of their employment, and nothing can or should be inferred about their views from the contents of the report. We simply thank them for contributing to the group discussions.
    [Show full text]
  • Forum on Cyber Resilience 2016 Annual Report Of
    FORUM ON CYBER RESILIENCE 2016 ANNUAL REPORT OF ACTIVITIES FORUM ON CYBER RESILIENCE 2016 ANNUAL REPORT MISSION The Forum on Cyber Resilience is a roundtable of the National Academies of Sciences, Engineering, and Medicine. It was created to facilitate and enhance the exchange of ideas among scientists, practitioners, and policy makers who are concerned with urgent and important issues related to the resilience of the nation’s computing and communications systems. The Forum serves as a source of knowledge, insight, and expertise and as a catalyst for stakeholder collaborations. It offers a venue in which to examine and discuss emerging challenges and issues as they become evident. At the same time, as a standing body, the Forum provides a base of engaged, long-term sustained thinking about emerging and future trends as cyber infrastructure challenges, threats, and issues evolve. CONTEXT AND OPERATIONS The Forum fosters sustained and candid dialogue among its government, academic, and industry members, and it serves as an independent focal point for honing and refining questions and issues that may not otherwise arise elsewhere or through the traditional Academies study- development process. The Forum is designed to foster activities developed by its members and to advocate for consensus studies or other activities, as needed, to inform its future meetings, and to raise awareness of issues and consequences in the wider public. The Forum convenes senior representatives from government, universities, and industry to define and explore critical
    [Show full text]
  • Proposal for a Joint Cyber Security and Policy Program at Tufts University
    Proposal Participants • Steven Block, Academic Dean, The Fletcher School • Ming Chow, Senior Lecturer, Computer Science • Kathleen Fisher, Professor, Computer Science • Soha Hassoun, Professor, Computer Science (Chair) • Michele Malvesti, Professor of the Practice, The Fletcher School • Jeff Taliaferro, Associate Professor, Political Science Executive Summary of Proposal We request the creation of a Bridge Professorship to strengthen expertise at Tufts in Cyber Security and Policy and to provide leadership for the creation of a variety of degree programs in Cyber Security and Policy. Cyber Security and Policy is an emerging cross-disciplinary field that impacts many aspects of our increasingly technology-dependent society. Tufts can make global contributions to this nascent field by leveraging our existing strengths in Diplomacy, International Relations, Political Science, Computer Science, and Active Citizenship. The relatively modest additional investment of a Bridge Professorship can lead to substantial gains for the university in reputation, revenue, and societal impact by providing the impetus for new revenue-generating degree programs and by opening up collaboration and funding opportunities with the Commonwealth of Massachusetts, the federal government, and industry. "America's economic prosperity, national security, and our individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure, and reliable Internet. Our critical infrastructure continues to be at risk from threats in
    [Show full text]
  • Privacy and Cybersecurity: the Next 100 Years
    INVITED PAPER Privacy and Cybersecurity: The Next 100 Years This paper discusses the interrelationship of privacy and cybersecurity and provides brief retrospectives and speculative views of how the future may look for theory and algorithms, technology, policy, and economics from the point of view of five different researchers. By Carl Landwehr, Senior Member IEEE, Dan Boneh, John C. Mitchell, Steven M. Bellovin, Susan Landau, Member IEEE,andMichaelE.Lesk,Member IEEE ABSTRACT | The past and the future of privacy and cyber- by computers are nearly as old as the computing profession security are addressed from four perspectives, by different itself: the desire to break cryptographic codes (i.e., to vio- authors: theory and algorithms, technology, policy, and eco- late the confidentiality of messages) motivated some of the nomics. Each author considers the role of the threat from the earliest and most intensive developments of digital com- corresponding perspective, and each adopts an individual tone, puters. As computers have insinuated themselves into ranging from a relatively serious look at the prospects for im- sensors and control systems and society’s dependence on provement in underlying theory and algorithms to more light- them has grown, both the possibility and the reality of hearted considerations of the unpredictable futures of policy physical damage resulting from exploitation of security and economics. flaws have been demonstrated repeatedly. The breadth of this topic is extraordinary. Through cryptography, it touches the algorithmic foundations of KEYWORDS | Cryptography; cybersecurity; privacy; security computer science. In aiming to build systems with as few security flaws as possible, it places strong demands on I.
    [Show full text]
  • 2017 Annual Report the Force for Science
    2017 ANNUAL REPORT THE FORCE F O R SCIENCE Founded in 1848, the American Association for the Advancement of Science is an international, nonprofit organization dedicated to advancing science, engineering and innovation for the benefit of all people. With more than 120,000 individual members in more than 91 countries, AAAS is the world’s largest multidisciplinary scientific society and a leading publisher of cutting-edge research through the Science family of journals. As one of the top voices for science worldwide, we spearhead initiatives in policy, international cooperation and diplomacy, STEM education, public engagement, and more. We strive to promote and defend the integrity of science and its use, provide a voice for science on societal issues, and strengthen and diversify the science and technology workforce. More information is available at www.aaas.org. American Association for the Advancement of Science 1200 New York Avenue, NW Washington, DC 20005 USA COVER PHOTOS: Adobe Stock/www.stock.adobe.com Table of Contents Introduction by Board Chair and CEO ................................................................. 2 Science Policy ......................................................................................4 Science Diplomacy ..................................................................................7 Science Communication and Public Engagement ..................................................... 10 Fellowships and Professional Development ........................................................... 13 Science
    [Show full text]
  • Testimony for House Judiciary Committee Hearing on “The Encryption Tightrope: Balancing Americans’ Security and Privacy” March 1, 2016
    Testimony for House Judiciary Committee Hearing on “The Encryption Tightrope: Balancing Americans’ Security and Privacy” March 1, 2016 Susan Landau, PhD Professor of Cybersecurity Policy Worcester Polytechnic Institute 100 Institute Road Worcester MA 01609 Testimony for House Judiciary Committee Hearing on “The Encryption Tightrope: Balancing Americans’ Security and Privacy” March 1, 2016 Mr. Chairman and Members of the Committee: Thank you very much for the opportunity to testify today on “The Encryption Tightrope: Balancing Americans’ Security and Privacy.” My name is Susan Landau, and I am professor of cybersecurity policy at Worcester Polytechnic Institute. I have previously been a Senior Staff Privacy Analyst at Google and a Distinguished Engineer at Sun Microsystems. I am the author of two books on the issues of today’s hearing: Surveillance or Security? The Risks Posed by New Wiretapping Technologies (MIT Press, 2011) and Privacy on the Line: The Politics of Wiretapping and Encryption (MIT Press, 1998); the latter is co-authored with Whitfield Diffie. I have written about these issues in the Washington Post, the Chicago Tribune, Scientific American, and other venues. I am a Fellow of the Association for Computing Machinery and of the American Association for the Advancement of Science, and I was recently inducted into the Cybersecurity Hall of Fame.1 My comments represent my own views and not those of the institutions with which I am affiliated. Today I will speak on security threats, encryption, and securing smartphones. It would seem to be a fairly straightforward issue: the smartphone of one of the two San Bernardino terrorists had its data encrypted.
    [Show full text]