Where Industry Meets Innovation

  • Contact Us
  • sign in Sign In
  • Sign in with certificate
mit campus


Search News

  • View All
  • ILP News
  • MIT Research News
  • MIT Sloan Management Review
  • Technology Review
  • Startup Exchange

ILP Institute Insider

February 10, 2014

Modeling Cyberspace Control Worldwide

Nazli Choucri analyzes issues of governance, politics and participation in the global onslaught of online communications.

Eric Bender

“Cyberspace is fluid, it is pervasive, it affects anybody who wants to participate, and it is very difficult to control,” says Nazli Choucri, MIT Professor of Political Science and a leading researcher on international conflict. “In fact, we’re not really sure who is in control.”

Nazli Choucri
MIT Professor of Political Science
In the Explorations in Cyber International Relations (ECIR) program, funded by the Office of Naval Research, Choucri and her colleagues across multiple disciplines at MIT and Harvard study how governments and private groups try to exploit online possibilities and minimize online risks, how international relations are evolving under cyber pressures, and how world politics are influencing the entire cyber domain.

At the international level, Choucri says, there are two major debates about governance of cyberspace. One is a major conflict over the roles in managing the Internet that the private sector should play compared to international organizations such as the International Telecommunications Union. The other is about cyber security and cyber espionage and different ways of controlling damages that seem to be growing at accelerated rates.

In various contexts, talks on these two issues of governance and security are running on parallel tracks, but given the pervasive overlaps between them, “it’s really important that the talks converge,” she says.

The need is particularly urgent because of the astonishing pace of developments online. “Change is happening much too fast for the state to control the impact on its own population,” she says. Even in the United States, which was fairly quick to create a White House cyber czar and various other organizational structures, the designated authorities and their policies are not at all fully connected to each other, she emphasizes. If there are any connections, they are loose.

Seeking Cyber Security
Private industry also has struggled to respond quickly to cyber challenges, especially cybersecurity threats. One example of this comes from an ECIR project about how firms respond to cybersecurity breaches, led by Dr. Michael Siegel of the Sloan School.

“The difficult part of the research has been to convince companies that this situation will be a generic one forevermore, so they should think more broadly about deciding how much security do they need, how much they will pay for it, and in what conditions, and develop an entire policy,” Choucri says. Companies need to share information to solve the problem but have balked on doing so due to concerns about their liabilities, she emphasizes.

Taking a broader perspective on cybersecurity, she has worked with Professor Stuart Madnick at the Sloan School and graduate student Jeremy Ferwerda to look at the structure of both public and private responses to online threats – with special attention to the Cyber Emergency Response Teams (CERTS) that have been established in a large number of countries.

“The current institutional landscape resembles a security patchwork that covers critical areas rather than an umbrella that spans the known modes and sources of cyber threat,” the three researchers summed up in a 2013 paper in Information Technology for Development. “We expect that responses will be driven more by institutional imperatives and reactions to crises than by coordinated assessment and proactive response.”

As one crucial step for more proactive response, the researchers called for pairing statistics on cyber threats and responses collected by international and national organizations with data from the private sector.

They also highlighted three major challenges in defending against cyber crime. First, “many individuals are not accustomed to reporting cyber crime to law enforcement organizations because issues may be deemed ‘minor’ or purely technical in nature, or because events on the Internet are deemed outside the jurisdiction of a local police agency,” they wrote. “Second, even when crimes are reported, investigation and prosecution remains difficult. Evidence is often ephemeral and transitory, and the global nature of cyber crime presents serious difficulties in pinpointing the location and identity of criminals. Lastly, it often proves difficult to assess the true monetary damage of cyber crime.”

Mapping Models
In other ECIR work, Choucri has collaborated with David Clark, Internet architect and Senior Research Scientist at the MIT Computer Science and Artificial Intelligence Laboratory, to build a conceptual framework that aligns architectural layers of the Internet and the players that control it with the structure of international relations and the players that shape world politics. “That gives us an internally consistent way of mapping which actors and which activities and which rules operate at each Internet layer and each level of international relations,” she says.

When Clark began analyzing control points and players for given Internet activities, “all of a sudden the cyber ecology and the cyber topography surfaced,” Choucri says. “It’s far more complex than I could have imagined, and it’s at variance with what I know about politics and power, because the Internet has a lot of autonomy low down in the hierarchy.”

Another ECIR effort, led by the Sloan School’s Madnick, is developing a set of tools that can be deployed across scientific journals to automatically create taxonomies of structures, processes, actors, actions and potential outcomes in cyber international relations. Applications of this work build on experience in knowledge networking drawn from the Global System for Sustainable Development, an earlier effort led by Choucri. This system is being extended to include the cyber arena in a companion initiative called the Cyber System for Strategy and Decision.

During their project, Madnick and his colleagues found that although “cyber space” and “cyberspace” were thought to be “essentially the same word with just a minor variation in punctuation,” their usage varies significantly within the taxonomies they generated. “Since the overall field of cybersecurity is so new, understanding the field and how people think about it (as evidenced by their actual usage of terminology, and how usage changes over time) is an important goal,” they pointed out in a 2012 paper.

Reassessing State Roles and Controls
Examining politics on a global scale, Choucri’s Cyberpolitics in International Relations (MIT Press, 2012) lays out a host of issues, a “map” of the interplay of cyber realities with international relations policy and practice.

“Underneath all of the issues is an emergent major contention in international politics,” she emphasizes. “Will we be able to maintain the Internet and cyberspace as a whole as a relatively open arena of interaction, or will they become more compartmentalized and more contained, as it is in China? And what does all of this mean for individual expression and individual freedom?”

“In the traditional world of international relations, the major players are countries and other big private or public entities, and the individual has very little leverage on anything,” Choucri comments. “But cyberspace is an arena that has empowered individuals and aggregations of individuals, not only in industrial countries but everywhere, in ways that have never happened before. The population of the globe is really going to become much more assertive. That’s not exactly a message that governments everywhere enjoy.”