Articles

93 Items

Photo of Mark Zuckerberg preparing to resume testimony about user data on Facebook.

(AP Photo/Jacquelyn Martin)

Magazine Article - Belfer Center for Science and International Affairs, Harvard Kennedy School

America Needs to Align Technology with a Public Purpose

| Nov. 25, 2018

The arc of innovative progress has reached an inflection point, writes Ash Carter in The Atlantic. "Recent technological change that has brought immeasurable improvements to billions around the globe now threatens to overwhelm us. Making this disruption positive for all is the chief challenge of our time. We ourselves—not only market forces—should bend the arc of change toward human good. To do so, we must reinvigorate an ethos of public purpose that has become dangerously decoupled from many of today’s leading tech endeavors."

Visitors walk across the Yalu River Broken Bridge, right, next to the Friendship Bridge connecting China and North Korea in Dandong in northeastern China's Liaoning province.

(AP Photo/Emily Wang)

Journal Article - Quarterly Journal: International Security

Conflict and Chaos on the Korean Peninsula: Can China’s Military Help Secure North Korea’s Nuclear Weapons?

    Author:
  • Oriana Skylar Mastro
| Fall 2018

China’s military could play a vital role in securing or destroying Pyongyang’s nuclear weapons if the North Korean regime collapsed.

People at Seoul Train Station watch a a local news program reporting about a North Korean missile launch. Aug. 30, 2017 (Lee Jin-man/Associated Press).

Lee Jin-man/Associated Press

Journal Article - The RUSI Journal

North Korea’s Missile Programme and Supply-Side Controls: Lessons for Countering Illicit Procurement

| Oct. 17, 2018

Despite one of the most extensive sanctions regimes in history, including an embargo on missile technologies, North Korea has taken huge steps forward in its ballistic missile programme. Daniel Salisbury explores the limitations of, and challenges of implementing, supply-side approaches to missile nonproliferation. Considering North Korea’s recent progress and efforts to evade sanctions, the article highlights the continuing need to strengthen efforts to counter illicit trade in missile-related technologies.

Blogtrepreneur/Flickr

Blogtrepreneur/Flickr

Journal Article - Nonproliferation Review

Solving the Jurisdictional Conundrum: How U.S. Enforcement Agencies Target Overseas Illicit Procurement Networks Using Civil Courts

| September 2018

Over the past two decades, the United States has increasingly turned to targeted sanctions and export restrictions, such as those imposed against Iran and North Korea, in order to curb the spread of weapons of mass destruction. One vexing problem, however, is how to contend with jurisdictional hurdles when the violations occur overseas, in countries that are unable or unwilling to assist US enforcement efforts. To solve this problem, US prosecutors are turning to strategies with significant extraterritorial implications—that is, exercising legal authority beyond national borders. One such tool is to use civil legal procedures to seize assets linked to sanctions or export-control violations in jurisdictions that lack cooperative arrangements with US enforcement agencies. While this may be an attractive strategy to bolster enforcement efforts against overseas illicit procurement, using such tools is not without consequence. This article explores the political, legal, and technical implications of enforcing extraterritorial controls against overseas non-state actors by exploring the recent uses of civil-asset forfeiture against Iranian and North Korean procurement networks.

teaser image

Journal Article - IEEE Internet of Things

IIoT Cybersecurity Risk Modeling for SCADA Systems

| Apr. 06, 2018

Abstract:

Urban critical infrastructure such as electric grids, water networks and transportation systems are prime targets for cyberattacks. These systems are composed of connected devices which we call the Industrial Internet of Things (IIoT). An attack on urban critical infrastructure IIoT would cause considerable disruption to society. Supervisory Control and Data Acquisition (SCADA) systems are typically used to control IIoT for urban critical infrastructure. Despite the clear need to understand the cyber risk to urban critical infrastructure, there is no data-driven model for evaluating SCADA software risk for IIoT devices. In this paper, we compare non-SCADA and SCADA systems and establish, using cosine similarity tests, that SCADA as a software subclass holds unique risk attributes for IIoT. We then disprove the commonly accepted notion that the Common Vulnerability Scoring System (CVSS) risk metrics of Exploitability and Impact are not correlated with attack for the SCADA subclass of software. A series of statistical models are developed to identify SCADA risk metrics that can be used to evaluate the risk that a SCADA-related vulnerability is exploited. Based on our findings, we build a customizable SCADA risk prioritization schema that can be used by the security community to better understand SCADA-specific risk. Considering the distinct properties of SCADA systems, a data-driven prioritization schema will help researchers identify security gaps specific to this software subclass that is essential to our society’s operations.