Her broader interests include cyber conflict, North Korea, and security issues in East Asia. Her current research explores the dynamics of how coercion works in cyberspace. She also serves as a Nonresident Fellow at the Atlantic Council’s Cyber Statecraft Initiative. Candidate in the Department of Political Science at Columbia University. Jenny Jun is a Research Fellow at the Center for Security and Emerging Technology (CSET) and Ph.D. Hybrid: UMCP Campus (Hornbake South, Room 2119) + Online EST each from the Security Studies Program (SSP) and the School of Foreign Service (SFS) at Georgetown University. She has presented her work on North Korea’s cyber operations at various panels and has provided multiple government briefings and media interviews on the topic. Jenny is a co-author of the 2015 Center for Strategic and International Studies (CSIS) report North Korea’s Cyber Operations: Strategy and Responses, published by Rowman & Littlefield. ![]() This discussion will provide a counterexample to the claim that cyber weapons are poor tools of coercion, and that cyber coercion depends on situational variables rather than universal features of the cyber domain itself. Features such as costless and automatic application of flow costs and resolution of the hostage’s commitment problem after release enhances credibility. An extension concerning a bombing campaign scenario shows that the ability of encryption to reverse damage rather than to destroy the defender’s asset increases equilibrium demand that can be extracted and resolves credibility concerns. All else equal, backups favor the defender by reducing equilibrium demand. Under complete information, the defender always acquiesces given the demand is priced optimally, but the probability of attack is decreasing in the amount of demand that can be extracted in the mixed-strategy equilibrium. ![]() I present a formal model of coercion via encryption based on a modified attacker-defender game. ![]() At the same time, ransomware contains distinguishing features such as reversibility and backups that depart from models of torture or bombing campaigns that similarly rely on flow costs. The coercive logic of ransomware does not come from the power to hurt held in reserve, but from the application of costs up front followed by a promise to stop. I argue that such assessments may be premature considering the logic behind the success of ransomware, which extorts victims by using encryption to deny access to critical systems or information. Wednesday, Ma4:00 pm Wednesday, Ma5:00 pm America/New York Sociotechnical Cybersecurity Speaker Series: Coercion in Cyberspace: A Model of Extortion via EncryptionĬoercion using cyber capabilities is often thought to be difficult due to a severe tradeoff between the need to credibly demonstrate capability versus the need to maintain a covert presence until the final payload is dropped.
0 Comments
Leave a Reply. |