Here, we indicate select research thrusts and illustrate some results.
1. The Core: Framework and Foundations for Theory & Policy
ECIR research constructed the CyberIR System, an empirically-grounded overarching model of cyberspace and international relations based on the intersection of the layers of the Internet and the levels of analysis in international relations. This CyberIR system allows us situate actors, actions, and expected impacts.
2. Cyber Power & Cyber Security: Control Point Analysis
Researchers developed a Control Point Analysis method to identify how different states and other entities control their own Internet experience. Included are detailed results of US, China, and Google cases that show who, how, and where the state (or the firm) enables (private or public) controls on or management of its own Internet system, and with what effects.
The traditional definition of politics in terms of who gets what, when, and how becomes simply a function of who does what, when, and how. It would seem that the technological tussle over control is ongoing, with no lasting victory for any side. One actor designs an application, other actors hunt for points of control, others design mitigations to the controls and so on. Related research points to impacts of social media and messaging on strategic relations.
3. Cyber Governance: How the Cyber System is Structured & Disciplined
Based on institutional analysis, legal documents, memoranda of understanding and review system of the Internet community, researchers identified (a) the operationally distributed and decentralized governance mechanisms that are (b) based on authority granted largely by the Internet community, with (c) legitimacy predicated on actual performance. Anchored in three core functions (situated within ICANN and framed as the IANA functions). They identified the ways in which the entire global system, managed by private entities to date, is already subject to global contention. Researcher also created a census of key actors and entities for the cyber governance domain.
4. Alternative Futures: Drivers of Change
Designing potential futures for cyberspace and international relations, potential structure and process, and the underlying governance principle. Here are the results from four research studies based on different method, data bases, and time frames:
- Comparative analysis of 17 case studies of cyber conflict shows that the most dominant type of cyber-attack involves Distributed Denial of Service (DDoS). Others include email-based malware, and identity theft or defacement; and the sophistication of for-profit malware tools has been steadily increasing. Hackers have used email, known or unknown vulnerabilities in operating systems, deception, and outsourcing of traffic attacks, among other attack tools.
- New taxonomy generation methods to cybersecurity in order to generate an empirically based knowledge-profile drawn from large scale data bases (i.e. full records of published journals) applied to the issue of cybersecurity.
- Foundations of strategic behavior, by extending Lateral Pressure Theory to the cyber domain and comparing the profiles of states and their behavior propensities with those in “real” domains. Many states exhibit different profiles in cyber and real domain, with different propensities for expansion.
- System dynamics modelling of corporate responses to cyber-attacks and evidence showing the effects patching and the impacts of delayed corrective measures.
5. Cross-Cutting Themes:
Three cross cutting themes serve to anchor ECIR contributions to the Department of Defense Minerva Program.
- Analysis of the CERTS system, a new state-based institutional response to cyber threats showed the degree of incompleteness is the design of the system, the barriers to cumulative data on cyber threats, and importance of closing some critical gaps;
- Evolution of strategic postures worldwide from Agenda 21, to WSIS, to NetMundial revealed both convergence and divergence in global cyber policy development. It also showed the emergent fault lines in world politics.
- Extensions of resilient mechanism design (i.e. alternative game theory) applied to conditions for improved international collaboration showed the possibilities associated with an overarching legitimizing authority—to some extent this is consistent with the results in item (c) above.