The folly of treating routing hijacks as a national security problem

A recent paper in the journal Military Cyber Affairs, co-authored by researchers at U.S. Naval War College and Tel Aviv University, details how four BGP hijacks occurring between 2016-2017 took place, re-routing potentially sensitive Internet traffic through China. It made the rounds, promoted by some threat intelligence company and cybersecurity...
Labrona, Untitled (2016)

Research on public attribution of state-sponsored attacks

I’ve recently returned from the Cybersecurity and Cyberconflict: State of the Art Research Conference, organized by Dr. Myriam Dunn Cavelty and her colleagues at the Center for Security Studies, ETH, in Zürich, Switzerland. The conference brought together a mix of scholars researching “the strategic (mis)use of cyberspace by state and...

A Farewell to Norms

“Keep right on lying to me. That's what I want you to do.”  ― Ernest Hemingway, A Farewell to Arms Most liberal internationalists, particularly in the United States, are thoroughly committed to the idea that the development of cyber norms is the key to resolving inter-state conflicts in cyberspace. This is the...

Special interests push U.S. Congress to override ICANN’s Whois policy process

Ever since ICANN’s creation, there has been a clash between the protection of personal data and its contractually-required Whois service. Under ICANN contracts, registrars were required to publish sensitive information about domain name registrants. The email addresses, names and other contact information of domain holders was available to anyone in...

New IGP White Paper: Is It Time to Institutionalize Cyber Attribution?

Public attribution of cyber incidents to nation-state actors is increasing. It is a challenging and important accountability function that is often performed by a combination of threat intelligence firms or other private actors and less frequently by states. But is it time to institutionalize cyber attribution? The cybersecurity community has...

Defusing the cybersecurity dilemma game through attribution and network monitoring

States are stuck in a “cybersecurity dilemma”. They can’t reliably distinguish between other states’ offensive and defensive activities. E.g., surveillance or probing being used by a state for defense might look like offensive measures to those states being surveilled or probed. As a result, cyber powers engage in a never...

Regulating cyber through trade regimes

Background The international trade in hardware, software, and content complicates many cybersecurity challenges. Domestic regulations and enforcement may fall short of their intended aims when foreign criminals and governments are out of their jurisdiction, and cheap insecure technologies proliferate worldwide. In response, some security experts have looked to restricting trade...

The flaws and risk in the Kaspersky case

There is a constant drumbeat of Russian threat stories these days, but none is more important to Internet governance than the legal battle between Kaspersky Labs and the United States. It highlights the dangers of nation-states inserting themselves into cybersecurity governance, and shows why the alignment of cybersecurity with nation...