News

お知らせ

A Silent Spring for Cybersecurity: Modelling the Societal Consequences of Cyberattacks

David Farber

Distinguished Professor and Co-Director
Keio University Cyber Civilization Research Center

Bradley Fidler

Assistant Professor of Science and Technology Studies
Stevens Institute of Technology

June 2019

Introduction: Lessons from Silent Spring

In 1962, large parts of the world were benefiting from new biological and chemical agents called pesticides. These technologies revolutionized the production and distribution of food, while simultaneously posing an existential crisis: unpredictable and potentially cascading environmental failures that could threaten the modern way of life. Efforts to regulate or reform the uses of these new technologies were stymied by secrecy, inaction, and institutional inertia. Neither the private sector nor the government was willing, or able, to provide a way forward that would preserve the benefit of pesticides, while also reducing the risk of an existential crisis.

That year, Rachel Carson’s bestselling book Silent Spring provided a new way forward. Its impact can be understood in terms of its scientific basis, rhetorical strategy, and audience. Scientifically, Carson modelled the risk posed by pesticides, at the micro and, crucially, the global scale. Rhetorically, she delivered her scientific findings in accessible and emotionally potent language. Combined, these strategies mixed the authority and certainty of science with implications that her audience could understand in terms of their immediate, lived implications. And this audience was the public.

In short, Silent Spring successfully communicated the real risks of unregulated pesticide use to the public—and the public acted. Not only did the environment become a domain of concern, but a new culture, new regulations, and even a new government agency (the EPA) resulted from Carson’s approach.

What We Want to Do

Our solution is a Silent Spring for cybersecurity: an accessible report, meant for the public and the media, distributed for free online. Our objective is to galvanize public support for a global response to the cybersecurity threat. This is an urgent and existential matter because of the potential of cyberattacks to trigger runaway geopolitical confrontations that would end in tragedy. We propose a three-stage project, creating not only this report, but peer-reviewed scholarship and an endowed research center.

Our situation is very much like the one faced by Rachel Carson. The new technology is cyberspace: online computer systems that work well in isolated cases but, when deployed ubiquitously on a global scale, pose the potential for disaster. The advantages of cyberspace are obvious; its deficits are described as cybersecurity: the cultural, institutional, and technological deficits that make it impossible to secure critical online systems. The secrecy surrounding cyber capabilities makes meaningful (and verifiable) agreements on use between states unlikely, and we face inaction in the public and private sectors. The threat is in cyberattacks against these systems. The difficulty in attributing cyberattacks, as well as their ‘use or lose’ qualities in a time of conflict, increases their appeal to weaker states. Multiple adversaries likely have the ability to disable or destroy key parts of the critical infrastructures, such as the electrical grid, at will. We believe that the greatest risk is in the cascading economic and geopolitical consequences of such attacks.

We propose a Japan-US research group that will use public sources to model and systematically illustrate the societal consequences of cyberattacks.

How it is Done Today

Efforts to reduce the risks posed by cybersecurity and cyberattack fall into technological and institutional domains, although the two are tightly linked.

Technologically, we have become an information economy and society with computer systems that were never designed to be in cyberspace—and remain with these early design principles. Mainframe systems were introduced, made mission critical, and secured with the physical security that organizations used for paper records. In the 1970s the Internet was designed to support trusting communities located in American allies. In the 1980s and 1990s computerization deepened and the Internet spread across the planet, and security was added to both as an afterthought with little redesign of the underlying technologies. They remain as they were created—foundationally unsecure—and every good, service, and infrastructure is vulnerable to crippling cyberattack. So-called “clean slate” research programs in new computing and cybersecurity architectures are underway, but none have demonstrated the ability to solve these problems through technology alone—and they are often ‘captured’ by representatives of paradigms from the 1980s and 1990s.

Institutionally, governments and firms are configured to serve the needs of an advanced industrial but not an information society. This means two things. First, and more visibly, governments and firms do not place significant resources in ongoing cybersecurity maintenance. Second, and more fundamentally, this misconfiguration means that firms and governments cannot see beyond maintenance and seek fundamental macro-level solutions. In this arena, for example, our efforts to create international laws and legal norms have failed. The NATO-funded Tallinn Manual, meant to map cyber technologies to international law, resulted in increasing confusion between its first and second edition. Research groups and programs meant to increase cyber resilience are dedicated to technological or organizational change, but not to an international framework. Secrecy from all corners means that the extensive negotiation needed to bridge this gap is impossible. Think tanks and academics working in the area of cyber-law focus on this problem, but with little progress, in part because of a lack of buy-in from their audiences. In general, governments and firms are configured to serve the needs of an advanced industrial but not an information society.

The technology-institution quagmire will not be fixed through the lone inventor, research team, or forward-thinking industry or government group. It will require a dramatic public movement to spur the revolutionary changes, both top-down and bottom-up, which are required.

What is New in Our Approach

Rather than try to untangle the technology-institutional mess ourselves, we want to demonstrate convincingly what will happen if cyberweapons are used to significant effect. We want a clear and well-publicized mapping of cyber-actions to global consequences to galvanize opinion in favor of change. Our approach targets all sectors of society with an interest in cybersecurity and peace: government, industry, academia, and the general public.

Our research combines two methodological strategies: 1) a modification of the Delphi Method, and 2) Agent-Based Modelling of International Relations, as described below. Our work findings will be published simultaneously in two forms: a detailed, popular-facing and qualitative description of how these events would play out for our audience, which will itself cite directly a detailed technical report from our research project (our publication strategy is described in more detail below).

  1. Modified Delphi Method

Here our strategy is to systematize reliable information about perceptions and decision-making in environments that are often classified or otherwise secretive. We do this by modifying the Delphi Method to accommodate accurate but general or hypothetical claims.

We begin by gathering knowledge that can be made available by recently retired, high ranking figures from government and industry. For our purposes, this knowledge need not be exact. Actual high-level government or corporate policy will not be available to any group operating in an unclassified space. However, these individuals are still capable of providing likely attack and response scenarios: what they feel are the most likely attacks, and the decision-making that would factor into responses to those attacks. Often, this information is provided in hypothetical or generalist terms, in order to avoid breaking secrecy commitments. Nonetheless, the Markle Foundation’s Task Force on National Security in the Information Age and its Status Report on Information Sharing used this message to generate actionable analysis despite working in a domain of classified specifics.

After gathering this information, our next step is to make it more specific and reliable through elite consensus. Here we use a modified version the RAND Corporation’s Delphi Method, which “solicits the opinions of experts through a series of carefully designed questionnaires interspersed with information and opinion feedback in order to establish a convergence of opinion.” This will permit us to gain expert consensus, based largely on recent experience in high level government and corporate roles, on the range of threats, the likelihood of those threats, and their corresponding responses.[1] The Delphi Method will permit experts to build off each other’s general claims, moving them toward specificity—all without a single individual needing to reveal specific details. In this way, experts prohibited from providing specific information can generate specific information as a group.

  1. Agent-Based Modeling of International Relations

The Delphi Method will provide us with scenarios and their likelihood in the cyber domain; it will also provide us with information on both cyber and non-cyber (e.g. legal, policy, kinetic) responses. It is accepted that significant cyberattacks will quickly move into the non-cyber realms of governments.

To the extent that the consequences of cyberattacks do move beyond the cyber realm, the chain of events enters the analytical domain of International Relations (IR). Specifically, we will utilize the empirical and analytical foundations of structural realist (or neorealist) IR, to understand how non-cyber responses play out in the global context of self-interested states and competitive markets. In recent years, economists and political scientists have applied increasingly computational methods to International Relations—culminating in agent-based models for IR. Agent-Based Models will allow us to create, analyze, and experiment with simulations of the complex outcomes of cyberattacks and the initial responses they generate. In other words, agent-based models allow us to simulate the decision-making of agents (e.g. states, non-state groups, corporations), and from those decisions, predict resulting global events and macro phenomena (that is, modeling complex adaptive systems).

As such, agent-based IR provides us with two important analytical foundations: a way to understand the properties and priorities of global decision-making agents, and a rigorous computational method for predicting their behavior in response to certain inputs.

What are the deliverables?

We have two reasons for creating this novel combination of our modified Delphi Method and agent-based International Relations. The first reason is scientific: we want to create predictive and falsifiable explanations of phenomena, with theoretically informed empirical study of our domain (the benefits of which we outline below). The second is rhetorical: we want our work to be convincing. We want the public to have good reason to believe us, even when our predictions may appear dire or even dystopian. As we explain above, this is no simple ‘public engagement’ strategy: instead, it is the means by which we aim to succeed where all other projects have failed.

As such, our primary deliverable will be a public-facing document. We hesitate to call it a report, since reports do not typically excite the public; we also shy from manifesto, as they usually lack scientific basis. Our document will be a combination of the two: science that demands action. It will present different post-cyberattack scenarios in narrative form, detailing in emotionally potent detail their implications for the everyday life of the public. We know we cannot simply write successfully narrative ourselves, which is why we will partner with a popular writer and media consultant. We are also interested in experimenting with novel rights management (e.g. giving it away), to encourage studios to adapt our narrative into streaming and movie formats. (A corollary to the success of Silent Spring is the public impact of the TV-movie The Day After, which influenced the public, as well as then-President Ronald Reagan.)

What difference will we make? What are the risks and payoffs?

We want to galvanize public opinion to make sweeping, revolutionary cybersecurity reform a necessity. We base our strategy on the reasonable assumption that, with increased financial and political resources, the problem is fundamentally tractable—what is lacking is money and will.

For more than a decade, we have seen countless ‘new approaches’ to research, analysis, and policy in the cybersecurity domain. Nonetheless remain at the existential precipice. The ‘public option’ has not yet been attempted; it is overdue.

Less significantly, but still of consequence, our work will generate peer-reviewed scholarship in International Relations, computer science as well as a range of interdisciplinary fields concerned with the intersection of cybersecurity and global politics and economics, thereby increasing the understanding of this problem in academia.

[1] If necessary, we can use computational methods (e.g. Agent-Based Modelling) to refine our understanding of the likelihood of responses.