11 Items

Neural net completion for "artificial intelligence"

Wikimedia Commons

Analysis & Opinions - Georgetown Journal of International Affairs

GPTs, Software Engineering, and a New Age of Hacking

| Aug. 16, 2023

ChatGPT and other natural language models have recently sparked considerable intrigue and unease. Governments and businesses are increasingly acknowledging the role of Generative Pre-trained Transformers (GPTs) in shaping the cybersecurity landscape. This article discusses the implications of using GPTs in software development and the potential impact on cybersecurity in the age of artificial intelligence (AI). While GPTs can improve efficiency and productivity for programmers, they will not replace human programmers due to the complex decision-making processes involved in programming beyond simply writing code. And while they may help in finding shallow bugs to prevent short-lived vulnerabilities, GPTs are unlikely to change the balance of power between offense and defense in cybersecurity.

guns and missiles burst forth from a laptop screen

Adobe Stock

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Guns, Incels, and Algorithms: Where We Are on Managing Terrorist and Violent Extremist Content Online

| June 12, 2023

Technology companies and governments have spent the past decade trying to better address the evolving threat of terrorist and violent extremist content online (TVEC). This paper examines how effective these efforts have been, where we are today in managing the problem, and wherein lie gaps for improvement.

hand pointing at a screen displaying a screenshot from Darkcode

AP Photo/Gene J. Puskar

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

New Risks in Ransomware: Supply Chain Attacks and Cryptocurrency

| May 16, 2022

This paper provides an overview of the current ransomware landscape, such as the rise of Ransomware-as-a-Service (RaaS) and the increase of supply chain attacks, while also gesturing towards potential emerging solutions, such as software bill of materials (SBOM), vulnerability disclosure databases, and stricter cryptocurrency regulations.

North Carolina' s cell phone app contact tracing SlowCOVIDNC is shown on Friday, Dec. 4, 2020, in Charlotte, N.C.

AP Photo/Chris Carlson

Policy Brief

Technical Difficulties of Contact Tracing

| February 2021

A digital contact tool must sufficiently minimize false positives and false negatives to ensure it does more good than harm. This is especially true as the number of U.S. states deploying digital contact tracing apps grows. In July, Google announced that 20 states and territories were “exploring” apps based on the Apple | Google ENS, which would represent approximately 45 percent of the U.S. population. New York and New Jersey’s recent app rollouts bring the total of state public health authorities currently using the Apple | Google ENS to eleven. In order to understand if the Apple | Google ENS is up for the challenge, we must understand the accuracy of the underlying Bluetooth technology. Long story short, Bluetooth technology simply cannot provide location information that is granular or consistent enough for digital contact tracing apps to reliably function.

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Ending the Cybersecurity Arms Race

| February 2018

Network security has always been something of balancing act between maximizing sharing and ease of use, and erecting barriers.

When computer networks first emerged, there were few limitations on what could be transmitted over them. However, after the world’s first major network computer security incident—the Morris Worm of 1988—organizations began to retreat behind network-level firewalls and anti-virus software. Some defenders even tried to completely disconnect their networks from the outside world via “air gaps.”

This paper argues that it is time to move beyond the security paradigm of separating networks, as epitomized by the air gap. Instead, network defenders should embrace an approach which allows sharing and connectedness, anticipates that adversaries will penetrate the network, and is able to detect, and ultimately eject those adversaries before they can do harm.