I met with Professor Novotny on Friday the 30^th of November for an hour to discuss my next steps for my research. Throughout the semester, I have discussed my research interests with my mentor. For each research design, we discussed news ways to look at my research puzzle—the relationship between regime types and cyber governance and power.

On Friday, I explained that I was most interested in pursuing my large-N research proposal for SIS-306. I explained to Professor Novotny that I aim to analyze how scholars determine cyber power and expand on the current measurements to include private corporations in the scholarly analysis. Professor Novotny gave me a few resources to consider when conducting my research. Firstly, on the topic of measuring cyber power and comparing this to internet governance systems and regime types, Professor Novotny suggested I reference Freedom House.[1] He also told me about the resources that the Internet Telecommunication Union (ITU) has for acquiring statistical data on internet usage around the world.[2] This website has extremely useful data sources for operationalizing my variables in my large-N research study. He directed my attention to the degree of internet penetration calculation which measures the number of internet users per capita as well as the digital readiness index which measures how apt countries are at dealing with a cyber issue.[3]

Professor Novotny then informed me about the concepts of input legitimacy and privacy stacks. Input legitimacy is grounded in the theory of multi-level governance that I can use within my literature review in order to inform the choices I make in my methodology. Similarly, a privacy stack is a conceptual way of structuring the levels of protection methods in the public sphere. These concepts are useful for expanding the literature I consider in my project.

Lastly, Professor Novotny shared his own research he conducted on WCIT-12 votes.[4] His research question was similar to my own because he was analyzing the implications that stem from different governments deciding upon international cyber policies. He concluded that there are two distinct paths that states are going down when promoting governance models.[5] He shared with me how he arrived at these conclusions using the Mann Whitney U statistical test. This is one statistical test I will keep in mind when making decisions about how I conduct my research methodology.

As I look forward to SIS-306, I need to keep in mind that I need to broaden my understanding of statistical analysis. I know that there are resources at AU to help me with this concern and my mentor and Professors can also point me in the right direction. Overall, my meeting with Professor Novotny was very informative, and he has given me many resources and concepts to consider as I continue down the path of research.

[1] Michael J. Abramowitz, Freedom in the World 2018: Democracy in Crisis (Freedom House, January 13, 2018), accessed December 4, 2018, https://freedomhouse.org/report/freedom-world/freedom-world-2018; Shahbaz Adrian, Freedom on the Net 2018: The Rise of Digital Authoritarianism (Freedom House, October 30, 2018), accessed November 4, 2018, https://freedomhouse.org/report/freedom-net/freedom-net-2018/rise-digital-authoritarianism.

[2] “ICT Facts and Figures 2017,” ITU, last modified 2017, accessed December 4, 2018, https://www.itu.int/en/ITU-D/Statistics/Pages/facts/default.aspx.

[3] “The ICT Development Index (IDI): Conceptual Framework and Methodology,” ITU, last modified 2018, accessed December 4, 2018, https://www.itu.int/en/ITU-D/Statistics/Pages/publications/mis2017/methodology.aspx.

[4] Eric J. Novotny, “A World Split Apart? An Analysis of WCIT-12 Votes” (Berkman Center for Internet Society at Harvard University, May 1, 2013).

[5] Ibid., pg. 20.

On September 6^th I met with my mentor, Eric Novotny, for 45 minutes to discuss my research interests and further expand my knowledge of the cyber field. I previously met with my mentor on August 22^nd to introduce myself and to discuss the fields of research within the field of cyber security. During this first discussion, Professor Novotny explained how the issue of attribution is one aspect that is being discussed, explained and challenged within scholarly debates. Following our meeting he sent me some articles and research relating to this topic. This was the catalyst for my last post regarding my interest in cyber attribution.

In our second meeting, I explained to him some of the developing questions I am beginning to ask about this topic. In particular, I mentioned my queries about the proposals for International Institutions to regulate attribution. My mentor mentioned how some institutions such as the UN Human Rights Council are attempting to establish norms within cyber space but are largely not successful. I aim to understand what sort of methodologies scholars have utilized to frame their argument in regards to International Institutions. Professor Novotny also directed me to look into the Tallinn Manual 2.0 which codifies all of the international laws regarding cyber operations¹. This manual will likely be an important point of reference for my research.

I also posed the question: “What is the most cutting-edge research happening in the cyber field?” Professor Novotny explained to me that the private sector has been very involved in cultivating cyber security measures. He mentioned that big service providers have recently gotten together to establish a code of conduct. We also talked about the Cyber Threat Alliance’s efforts to collect data on cyber hacks which they then turned over to the FBI. Based off our conversation, I think that the private sectors efforts to defend themselves offers another interesting path for further research. I would like to look into whether there has been discussion on the private sector’s involvement in cyber foreign affairs.

Lastly, we conversed about the recent General Data Protection Regulation law enacted in the European Union. I asked about how this regulation is blurring the lines of state sovereignty. Professor Novotny mentioned that because the GDPR is a still relatively new, the intricacies are still being ironed out, but I believe the GDPR and similar laws (potentially taken from the Tallinn Manual) offer an interesting puzzle to this field in that the laws can sometimes reach beyond the sovereign constituents.

Overall, Professor Novotny has helped me to identify paths for further research that will help me expand my foundation and lead me to uncover the puzzles that have not been researched. My next steps are to continue to gather articles on the various topics we discussed so that I can start thinking about different methods I will use to execute the research on the various puzzles I am beginning to see.

¹Schmitt, Michael N. Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. 2nd ed. Cambridge: Cambridge University Press, 2017.