- Belfer Center for Science and International Affairs, Harvard Kennedy School Belfer Center Newsletter

Confronting Complex Cybersecurity Challenges

| Summer 2013

Even the name of the threat, "zero-day malware," is eerily ominous, hinting at the cyber equivalent of a disease without a cure.

That is just one example of the Internet perils that researchers from Harvard Kennedy School's Belfer Center and colleagues from the Massachusetts Institute of Technology are jointly confronting as they imagine global ground rules for the fast-evolving cyberworld.

For the past four years, faculty and fellows from the neighboring institutions have partnered in a project called "Explorations in Cyber International Relations." The ECIR project’s brief is "to explore alternative cyber developments, assess challenges and threats, and identify possibilities and opportunities in cyberspace for security and well-being."

The co-principal investigators are Harvard Professor Venkatesh (Venky) Narayanamurti, director of the Belfer Center's Science, Technology, and Public Policy Program, and MIT Political Science Professor Nazli Choucri, associate director of MIT's Technology and Development Program.

Perhaps it's a measure of the cross-cutting nature of the project that MIT, the nation's leading technical institute, deployed a political scientist to coordinate the effort, while Harvard brought a physicist who founded the University's School of Engineering and Applied Sciences.

MIT is the lead partner in the cyber project, which is funded by the Pentagon's "Project Minerva," a brainchild of former Defense Secretary Robert Gates, who sought to put the nation's top academics to work thinking about the toughest strategic challenges of the 21st century.

The $10 million, five-year grant runs through early 2014, and Choucri and Narayanamurti are both determined to generate additional funding to extend the project's reach well beyond then. There's no shortage of cyber policy puzzles to solve.

Narayanamurti said the ECIR project is working to understand the crossroads of cyber issues in international relations, from governance to legal questions to privacy matters and security threats. The threats can range from cyberespionage of corporate as well as government secrets to cyber attacks aimed at damaging property—or worse.

The Belfer Center's decades-old International Security Program has long focused on physical threats, Narayanamurti noted, "but code can be equally damaging—code can be a weapon just like a bomb."

One of those threats being studied by fellows in the project is zero-day malware, so named because the computer code being used in a bug to attack or infiltrate a system has never been seen before—and therefore has no signature to make it recognizable by anti-virus programs.

Zachary Tumin, who manages the Harvard component of the Harvard/MIT collaboration, said ECIR fellows have developed a research thread to analyze the zero-day malware threat and the illicit global market that buys and sells these potentially destructive cyber tools. Researchers also have created four case studies that examine cybersecurity threats "through the lens of market economics, similar to studies of the illicit drugs and guns markets."

Choucri, whose new book is titled Cyberpolitics in International Relations, said "cyberspace has become part of our lives much faster than we've really recognized. It has kind of oozed in, and we cannot imagine it not being in existence."

She said many of the tools we have for global governance were "tailored for a world before cyber, and for a world dominated by a handful of countries, where non-state actors really didn't matter." Now all that has changed, she said; the new challenge is to determine who controls cyberspace in this matrix formed by the multi-layered Internet and the many levels of international politics.

In support of the ECIR program, Harvard University Distinguished Service Professor Joseph S. Nye hosts a biweekly Cyber Lunch for Harvard and MIT participants, at which some of the nation's leading experts address aspects of cybersecurity. Nye devoted a chapter to "cyberpower" in his 2011 book, The Future of Power, and writes frequently about the emerging field.

"We are still in the early stage of trying to think this though," Nye said. “We are adapting policies to deal with a new technology; we are at the stage with cyber that we were with nuclear policy in 1960. We haven't got a doctrine, we haven’t thought through what is offense, what is defense, what is deterrence."

The Belfer Center's ECIR fellows bring an array of expertise to these questions. Ryan Ellis is doing post-doctoral research on homeland security and critical infrastructure protection; post-doc Lucas Kello is studying the implications of offensive cyber weapons for international relations and security; Vivek Mohan works on the private sector, focusing on surveillance, privacy, and Internet governance, post-doc Associate Aadya Shukla is building computational models to conceptualize cyberspace; and Fellow Tolu Odumosu focuses on telecommunications and Internet policy.

Renowned experts are assisting the initiative. Melissa Hathaway, former National Security Council cyberspace director, is a senior advisor, and Harvard Law Professor Jonathan Zittrain is an affiliate. Another collaborator is David Clark, an engineering professor at MIT who has developed a framework for ECIR on how influence flows in cyber networks.

The Belfer Center's cybersecurity expertise has deep roots: former Executive Director for Research Eric Rosenbach, who is now U.S. deputy assistant secretary of defense for cyberpolicy, developed the cyber partnership with MIT. He previously taught an HKS cybersecurity course with Belfer Center faculty affiliate Richard Clarke, who was special adviser to the president for cyber security and counter-terrorism.

The teaching mantle then passed to Harvard Law School Professor Jack Goldsmith, who taught the 2012 cybersecurity course at HKS, just one of many cross-campus partnerships. The ECIR project recently supported the Berkman Center's development of cyber course modules and a cyber wiki.

This winter, SEAS Professor James Waldo, who is also chief technology officer for Harvard, taught an HKS course on "Technology, Security, and Conflict in the Cyber Age." Belfer and HKS Executive Education are developing a formal cyber security offering, based on the courses taught over the past three years.

"Cyberspace is created by humans, and anyone can play," Choucri said. "It's pervasive. The identity of the actor is not always known. It crosses borders. . . . Now the governments are trying to catch up, to control the companies in cyberspace. It's almost like a whodunit."

For more information on this publication: Belfer Communications Office
For Academic Citation: Smith, James F.. Confronting Complex Cybersecurity Challenges.” Belfer Center Newsletter (Summer 2013).

The Author