Posts in Category: SISOlson18

Final Research Design Presentation

Research Portfolio Post #9: Mentor Meeting

I met with Professor Novotny on Friday the 30th of November for an hour to discuss my next steps for my research. Throughout the semester, I have discussed my research interests with my mentor. For each research design, we discussed news ways to look at my research puzzle—the relationship between regime types and cyber governance and power.

On Friday, I explained that I was most interested in pursuing my large-N research proposal for SIS-306. I explained to Professor Novotny that I aim to analyze how scholars determine cyber power and expand on the current measurements to include private corporations in the scholarly analysis. Professor Novotny gave me a few resources to consider when conducting my research. Firstly, on the topic of measuring cyber power and comparing this to internet governance systems and regime types, Professor Novotny suggested I reference Freedom House.[1] He also told me about the resources that the Internet Telecommunication Union (ITU) has for acquiring statistical data on internet usage around the world.[2] This website has extremely useful data sources for operationalizing my variables in my large-N research study. He directed my attention to the degree of internet penetration calculation which measures the number of internet users per capita as well as the digital readiness index which measures how apt countries are at dealing with a cyber issue.[3]

Professor Novotny then informed me about the concepts of input legitimacy and privacy stacks. Input legitimacy is grounded in the theory of multi-level governance that I can use within my literature review in order to inform the choices I make in my methodology. Similarly, a privacy stack is a conceptual way of structuring the levels of protection methods in the public sphere. These concepts are useful for expanding the literature I consider in my project.

Lastly, Professor Novotny shared his own research he conducted on WCIT-12 votes.[4] His research question was similar to my own because he was analyzing the implications that stem from different governments deciding upon international cyber policies. He concluded that there are two distinct paths that states are going down when promoting governance models.[5] He shared with me how he arrived at these conclusions using the Mann Whitney U statistical test. This is one statistical test I will keep in mind when making decisions about how I conduct my research methodology.

As I look forward to SIS-306, I need to keep in mind that I need to broaden my understanding of statistical analysis. I know that there are resources at AU to help me with this concern and my mentor and Professors can also point me in the right direction. Overall, my meeting with Professor Novotny was very informative, and he has given me many resources and concepts to consider as I continue down the path of research.

[1] Michael J. Abramowitz, Freedom in the World 2018: Democracy in Crisis (Freedom House, January 13, 2018), accessed December 4, 2018, https://freedomhouse.org/report/freedom-world/freedom-world-2018; Shahbaz Adrian, Freedom on the Net 2018: The Rise of Digital Authoritarianism (Freedom House, October 30, 2018), accessed November 4, 2018, https://freedomhouse.org/report/freedom-net/freedom-net-2018/rise-digital-authoritarianism.

[2] “ICT Facts and Figures 2017,” ITU, last modified 2017, accessed December 4, 2018, https://www.itu.int/en/ITU-D/Statistics/Pages/facts/default.aspx.

[3] “The ICT Development Index (IDI): Conceptual Framework and Methodology,” ITU, last modified 2018, accessed December 4, 2018, https://www.itu.int/en/ITU-D/Statistics/Pages/publications/mis2017/methodology.aspx.

[4] Eric J. Novotny, “A World Split Apart? An Analysis of WCIT-12 Votes” (Berkman Center for Internet Society at Harvard University, May 1, 2013).

[5] Ibid., pg. 20.

Research Portfolio Post #8: Qualitative Data Sources for Interpretivist Research

I am studying how regime types influence discussion surrounding the composition of cyber institutions because I want to find out how discourses shape the idea of ‘best cyber practices’ in order to help my reader understand how power is constructed when defining strong internet governance models.

The reporters of the “Facebook Dilemma” essentially argue that Facebook is in way over its head in terms of the power they have been dealt to maintain a platform that can cause consequential movements away and towards democracy.[1] The reporters cite examples such as the crucial role Facebook played in the Arab Spring, the Ukrainian revolution and the 2016 American election. They allude to the idea that Facebook has an immense amount of power due to their business model to monitor populist movements, but they have done a minimal amount to control their platform that other nations are weaponizing and criminals are manipulating. This video series led me to the puzzling idea of how the media portrays the ‘proper way’ to manage cyberspace.

In this qualitative data source, the reporters represent the executives at Facebook, as being unprepared and unequipped to deal with the management of privacy protections. There is an implied understanding in this video series that the top executives of the company were negligent in safeguarding the power over privacy that their social media platform had granted them. The system of internet governance that Facebook had constructed to monitor their platform was represented as uncontrollable and “part of the problem” of privacy infringements and of unmanageable dissemination of disinformation.[2]

In the video series, the identities of the executives in the company are constructed as being young and naive about the power their algorithms provide over enacting change in democratic regimes abroad and domestically. There is implied meaning that only those with experience (in the government) can properly govern such a powerful tool.

This text is connected to the overarching political questions, who should manage the internet and how should it be managed? This video series is deeply linked with the political debates happening throughout the world on how to best construct cyber norms. The “Facebook Dilemma” offers just one discourse that portrays the media’s concern over what values should be prioritized when establishing internet norms.

In Interpreting International Politics, Lynch asserts, “contestations over discursive forms of power and struggles to delegitimize some meanings and create new ones matter.”[3] In the “Facebook Dilemma,” I analyze that there is a contestation by the media to delegitimize Facebook’s executives attempt to “fundamentally [rewire] the world from the ground up” by “connecting all the people.” [4]

This data source indicates a rupturing point—the rise of the internet, particularly social media as being a tool that regimes need to have control over. Scholars have already analyzed the impact social media has on connecting people to enact change, I, on the other hand, want to explain how constructions of historically understood ‘successful’ regime types are causing intersubjective meanings about the ‘best’ model of internet governance and the role companies have in this constructing or reshaping  these norms.

[1] “The Facebook Dilemma – Transcript,” FRONTLINE, accessed November 10, 2018, https://www.pbs.org/wgbh/frontline/film/facebook-dilemma/transcript/.

[2] Ibid.

[3] Celia Lynch, “Interpretive Concepts, Goals, and Processes in International Relations,” in Interpreting International Politics (Routeledge, 2014). Pg 18.

[4] “The Facebook Dilemma – Transcript.”

Research Portfolio Post #7: Qualitative Data Sources

For my small-N research proposal, I plan to analyze states that have free or constrained internet governance models. I plan to term my dichotomous dependent variable as states that have a “network authoritarianism” model or a “collateral freedom” model. States that have models of network authoritarianism employ internet governance models such as, “[t]he model of national governments and law which is based on the idea that as the Internet grows in importance, fundamental regulatory decisions will be made by national governments through legal regulation.”[1] The “collateral freedom” model is a system in which states employ relatively unconstrained government regulation over the internet to allow for economically and socially free practices that morph internet practices.

In order to study this dependent variable, I will need to gather data on the impact of government regulations on the expansion of the internet. Firstly, I will gather data on how my selected countries have worded their cyber strategies. The Global Cyber Strategies Index has compiled all the regulatory documents that each country has enacted regarding cyber practices.[2] This is an extremely useful resource for finding government regulations. For example, the index links documents for Iran and Israel, two nations that are often cited in the scholarly articles as having strong cyber capabilities and differing approaches to governing these capabilities. Iran has passed two legislation, one pertaining to cybercrime in 2009 and another pertaining to cyber commerce in 2004. In the Computer Crimes Act of 2009, Iran delineates illegal activities and the repercussion for committing them.[3] Israel also passed a cybercrime regulatory act in 1995 which outlines how cyber criminals should be brought to justice.[4] Both include statutes that describe the situations in which non-citizens fall under their respective laws which will be a crucial part of my research focus. Should I choose Iran and Israel as case studies for my research, I would analyze the documents in depth in order to ascertain how these countries have structured their regulation of cybercrimes.

Secondly, I will analyze newspaper articles and reports (if they can be found) that pertain to how the cyber regulations are implemented on citizens and non-citizens. In order to know the extent to which a nation has a model of networked authoritarianism or collateral freedom, I also need to know the degree to which these regulations are being implemented. The degree of implementation is important for operationalizing my dependent variable because the implementation of laws indicates the strength of a regulation. For example, the US indicted five Chinese military hackers for commercial espionage.[5] In the indictment the statues that were employed are included in the report which helps to gather information on the application of regulations.

This dichotomous governance model has not yet been defined in the scholarly community and therefore presents an interesting avenue for my own research.

[1] Lee A. Bygrave and Jon Bing, Internet Governance: Infrastructure and Institutions (Oxford, UNITED KINGDOM: Oxford University Press USA – OSO, 2009), accessed October 27, 2018, pg 56. http://ebookcentral.proquest.com/lib/aul/detail.action?docID=430398.

[2] “Global Cyber Strategies Index,” Center for Strategic and International Studies, last modified 2018, accessed October 2, 2018, https://www.csis.org/programs/technology-policy-program/cybersecurity-and-governance/global-cyber-strategies-index.

[3] Parliament of the Islamic Republic of Iran, Computer Crimes Act, 2009, accessed October 28, 2018, http://cyber.police.ir/?siteid=46&pageid=632.

[4] Israeli Parliament, Israel: Computers Law, 5755-1995 (as Amended on July 17, 2012), 1995, accessed October 29, 2018, http://www.wipo.int/wipolex/en/details.jsp?id=15420.

[5] “U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage,” last modified May 19, 2014, accessed September 30, 2018, https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor.

Research Portfolio Post #6: Quantitative Data Sources

For my large-N research design, I aim to analyze the cyber power of countries. The Cyber Power Index (CPI) is one data set that offers a useful ranking system. The data set ranks countries’ power in terms of their cyber capabilities. The index uses indicators from four categories: “legal and regulatory framework, economic and social context, technology infrastructure and industry application.” [1] The index number is an interval data type because the score ranges from 1-100 with 100 being the most favorable cyber power score. This index is useful for my research because it is a thorough compilation of 39 statistical indicators that encompasses the complexity of the ways in which cyber impacts state power.

The CPI encompasses a variety of indicators that make up the index number. These indicators are broken up into four themes and then an average of the score for each country in these conceptual themes is computed to give the index score. The legal and regulatory theme includes indicators such as the international cyber-security commitments indicator which is a nominal data set that measures whether a country has signed an international agreement to legislate cyber-security. There is also an ordinal data indicator for the existence of a cyber-security plan. The economic and social context theme includes interval data sets such as the expected years of education and research and development expenditure as a percentage of GDP. The technology infrastructure and the industry application categories include measurements of internet capacity in interval data sets.

For my own research, I can use the overall cyber power index or one of the specific power categories such as the Economic and Social Context or the Legal and Regulatory framework. I could use these themed indices to specifically operationalize my dependent variable to gain a better understanding of how other factors correlate with economic cyber power or cyber governance power.

In this data set, only 19 countries are covered. These countries were selected because they are all members of the G20. The size of the sample is a limitation of this data because it is smaller for the typical large-N research analysis. This sample also does not include third world countries which limits the scope of my research analysis. There are no African countries included in this data set which limits its ability to convey global patterns.

[1] Booz Allen Hamilton, Cyber Power Index, Index (Economic Intelligence Unit, 2011), accessed October 8, 2018, https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/EIU%20-%20Cyber%20Power%20Index%20Findings%20and%20Methodology.pdf.

Research Portfolio Post #5: Research Topic Post

I am proposing to research cyber security norms because I want to find out what explains the difference between regional and universal cyber norms in order to help my reader understand how cyber norms are currently being developed and whether the current composition of practices in the world order can promote a universal cyber norm practice in the future.

There has been a significant call for the formation of cyber norms to establish and maintain order in cyberspace. The concept of norms can be understood through international relations theory and in particular through the constructivist lens. Constructivists understand cyber in terms of norms and practices that govern how states interact. Constructivists posit that universal norms take priority over regional norms.[1] Nations such as China, the US, Russia, and other nations have established regional norms in so far as they have created values and practices to guide the usage of cyber capabilities in cyberspace.  Some scholars such as Mette Eilstrup-Sangiovanni have made the case for an international institution to be put in place to codify the formation of cyber norms in order to make the world a safer and more predictable place, but there remains a puzzle surrounding the state-specific formation of cyber norms and whether the current practices of nations have been developed in a manner that allows for compatibility to create universal norms.[2]

I am interested to know how cyber norms differ in the nations that have high caliber cyber capabilities. What explains China, the US, Israel, and Russia’s differing approach to existing in the cyber domain? How do the interactions between countries differ? How are they the same?

China is one interesting example of a nation that uses cyber to advance their national interests outside the generally accepted cyber norms. China has engaged in stealing American intellectual property and this has resulted in “costs between $225 billion and $600 billion annually.”[3] A large portion of this intellectual property theft has been conducted by cyber means. This issue has been researched and examined by the Office of the US Trade Representative, and one portion of this investigation was the role cyber played in producing this outcome. When analyzing China’s usage of cyber, the report explicates, “China’s [cyber] activities stand in contrast to domestic and international standards adopted around the world.”[4] Countries like the US, Germany, Japan and Britain criminalize the act of cyber theft, yet China remains as an outlier in this norm. Another example of China being in contention with a broader understanding of cyber security norms, is the incompatibility between the European Union’s General Data Protection Regulation (GDPR) and China’s Cybersecurity Law. Although these laws are nascent and not fully implemented yet, there remains contention between the laws that offers an interesting analysis of the difference between the two regions varying organization of cyber practices.[5] [6] Namely, I would like to research the explanation behind the variance in these standards.

The explanation of this puzzle is significant for a variety of reasons. Firstly, in the case of China, because of the economic interdependence of nations, fair competition enables the expansion of national interests. According to a study on how cyber espionage affects U.S. National security interests, the “theft of intellectual property from individual companies also weakens the ability for nations to compete on a global scale.”[7] Cyber norms govern interaction between nations in economics and security, so it is important to gain a deeper understanding of why there are discrepancies between the standards of powerful countries in order to promote standards that strengthen competition. Secondly, a deeper understanding of the variance among the current cyber norms between nations may reveal a route for greater cohesiveness to achieve the international institution academics have been requesting.

Although I focused on China in this post, I am still researching other countries’ approaches to the formation of cyber norms. I aim to research Russia, Israel, Iran and other nations laws and application of cyber capabilities so that I can look for more potential case studies to answer my broad research puzzle. However, China remains as an interesting case study when analyzing the application of cyber practices that form norms.

Case Specific: What explains the difference between China’s cyber norms and the more widely accepted norms? How did the formation of the variance of norms shape the discrepancies in utilizing cyber capabilities and implementing laws?

General: What explains the variety of regional cyber norms in different nations or groupings of nations?

[1] T. V. Paul, International Relations Theory and Regional Transformation (Cambridge, UNITED KINGDOM: Cambridge University Press, 2012), accessed September 30, 2018, http://ebookcentral.proquest.com/lib/aul/detail.action?docID=866889. Page 183.

[2] Mette Eilstrup-Sangiovanni, “Why the World Needs an International Cyberwar Convention,” Philosophy & Technology 31, no. 3 (September 1, 2018): 379–407.

[3] Qtd. Pham Sherisse, “How Much Has the US Lost from China’s Intellectual Property Theft?” CNN Tech, last modified March 23, 2018, accessed September 30, 2018, https://money.cnn.com/2018/03/23/technology/china-us-trump-tariffs-ip-theft/index.html.

[4] Office of the U.S. Trade Representative, Findings of the Investigation into China’s Acts, Policies and Practices Related to Technology Transfer, Intellectual Property, and Innovation under Section 301 of the Trade Act of 1974 (Washington, DC: Executive Office of the President, 2018, accessed September 30, 2018, https://purl.fdlp.gov/GPO/gpo90942. Page 171.

[5] “Translation: Cybersecurity Law of the People’s Republic of China (Effective June 1, 2017),” New America, accessed October 1, 2018, https://www.newamerica.org/cybersecurity-initiative/digichina/blog/translation-cybersecurity-law-peoples-republic-china/.

[6] “General Data Protection Regulation (GDPR) – Final Text Neatly Arranged,” General Data Protection Regulation (GDPR), accessed October 1, 2018, https://gdpr-info.eu/.

[7] Adrian Merton Mayers, “A Study on How Cyber Economic Espionage Affects U.S. National Security and Competitiveness” (D.B.A., Northcentral University, 2018), accessed September 30, 2018, https://search.proquest.com/docview/2071837112/abstract/47CAFDBE9BA446AAPQ/1.

Research Portfolio Post #4: Article Comparison

In “Why the World Needs an International Cyberwar Convention,” Eilstrup-Sangiovanni[1] explains how to reduce the increasing severity of cyber dangers. She begins her argument by redefining previous scholar’s definitions of cyber warfare. Using small-N analysis, she grounds her argument in international relations theory to compare the “Cult of Offensive” that happened prior to World War II to what she terms is the current “Cult of (Cyber) Offensive.”[2] The current arms buildup in cyber weapons and increase in aggression both diplomatically and technically, merits the need for an International Cyberwar Convention (ICWC.) Her conception of the ICWC addresses all the shortcoming of deterring cyber attacks and also presents a means to establish norms and accountability standards.

In Mariarosaria Taddeo’s article “Deterrence and Norms to Foster Stability in Cyberspace,”[3] the scholar acknowledges that deterrence theory does not apply to cyber warfare in the same way that the original theory applies to ground war. Through a critical analysis of scholarship on deterrence, she presents three elements that are important to achieving success in the application of deterrence. These are “target identification, retaliation, and demonstration.”[4] Taddeo asserts a call to action to the global community to engage the UN security council to implement the triangle of deterrence.

Both agree that the cyber domain presents new challenges for achieving peace when compared to kinetic war. They both also agree on how cyber related problems need to be addressed in such a way that promotes cyber norms. Although the authors disagree on the importance of deterrence theory, they both agree on the need to establish or strengthen an autonomous power that monitors the risks that come with cyber warfare. Eilstrup-Sangiovanni suggests creating a new international institution while Taddeo calls for an existing institution to strengthen its power in the cyber realm.

The first article applies to my research because of the categories the author presents within the conception of the ICWC. I could use the categories she presents in my operationalization of data. Similarly, Taddeo’s triangular structure to secure cyber threats presents a useful organization for evaluating the ability to deal with cyber threats within the context of deterrence theory. Lastly, the debate between the applicability of deterrence to the cyber domain offers and interesting puzzle to this research discussion that ought to be clarified.

[1] Mette Eilstrup-Sangiovanni, “Why the World Needs an International Cyberwar Convention,” Philosophy & Technology 31, no. 3 (September 1, 2018): 379–407.

[2] Ibid., 384

[3] Mariarosaria Taddeo, “Deterrence and Norms to Foster Stability in Cyberspace,” Philosophy & Technology 31, no. 3 (September 1, 2018): 323–329.

[4] Ibid., 325

Research Portfolio Post #3: Philosophical Wagers

Establishing an understanding of how to do research within the confines of the broad research community is an important foundation I need to develop before I begin my own research pursuits, and the concepts of ontology and methodology are an integral part of building up that foundation. This concept was at first confusing to me, but I really started to understand ontologies importance to the research field when Abbot outlined the “Debates about Social Ontology.”1 Seeing the dichotomous relationship between ontological concepts helped me to realize that ontology is the principle that describes how the observer views and knows the subjects he is researching. The idea that there are opposite ways to approach the understanding of a subject leads me to be aware of the portion of the spectrum that I fall on between the ontological debates. When researching a topic, I need to be aware that there is more than one way to understand something.

Similarly, understanding methodology is important when developing my research. Methodology is the systematic formation of the techniques used to categorize data in a format that can be analyzed by the researcher. There a multiplicity of ways to approach the setup of a methodology, and each way will lead me to a different way to explain my research query, but no one method is more meritorious than another. Some methods may be more appropriate than another, but properly constructed methods will lead the researcher to credible results.

I hold that with the proper methods, I can objectively observe the social world. I have not neglected the notion that I am a part of the social world and I have aided in producing the reality of the social world, but when researching, I aim to remove myself from these confines as completely as I can. I concede that I cannot completely separate myself, but the ultimate goal when setting up my methods and understanding my results, is to remove myself from the social world, in order to look at my data objectively. Based off my view, I may be more inclined to choose a small-N analysis methodological approach based on where I have situated myself. According to Abbott, small-N analysis situates itself “to square the methodological circle by combining situated and transcendent knowledge.”2 Small-N analysis’ approach is in accordance with my outlook on the debate between objectivity and subjectivity. However, I am aware of the other method’s merits and I am open to whichever method leads me to uncover the puzzle of my research.

I can make valid knowledge claims about anything I can collect data on. There are many different approaches to collecting data. For example, in Fox’s article, he takes a neo-postivist approach for collecting data on official support and legislation of religion to create knowledge on state repression. On the opposite side of the spectrum, the interpretivist, Weeden, immerses herself in data regarding Syrian culture to make a knowledge claim on the way symbols and power are used in this state’s regime. Both authors take different approaches to operationalizing and analyzing, but both systematically collect data within their chosen method by their chosen ontology in order to male valid knowledge claims.

1Andrew Abott, Methods of Discovery: Heuristics for the Social Sciences, New York: W.W. Norton & Company, 2004, 52-54.

2 Ibid., 58.

3 Jonathan Fox, “State Religion and State Repression,” in The Routledge Handbook of Religion and Security, ed. Chris Seiple, Dennis R. Hoover, and Pauletta Otis, London: Routledge, 2012 (pp. 182-192).

4Lisa Wedeen, “Acting ‘As If’: Symbolic Politics and Social Control in Syria,” Comparative Studies in Society and History 40, no. 3 (July 1998): 503-523.

Research Portfolio Post #2: Mentor Meeting

On September 6th I met with my mentor, Eric Novotny, for 45 minutes to discuss my research interests and further expand my knowledge of the cyber field. I previously met with my mentor on August 22nd to introduce myself and to discuss the fields of research within the field of cyber security. During this first discussion, Professor Novotny explained how the issue of attribution is one aspect that is being discussed, explained and challenged within scholarly debates. Following our meeting he sent me some articles and research relating to this topic. This was the catalyst for my last post regarding my interest in cyber attribution.

In our second meeting, I explained to him some of the developing questions I am beginning to ask about this topic. In particular, I mentioned my queries about the proposals for International Institutions to regulate attribution. My mentor mentioned how some institutions such as the UN Human Rights Council are attempting to establish norms within cyber space but are largely not successful. I aim to understand what sort of methodologies scholars have utilized to frame their argument in regards to International Institutions. Professor Novotny also directed me to look into the Tallinn Manual 2.0 which codifies all of the international laws regarding cyber operations1. This manual will likely be an important point of reference for my research.

I also posed the question: “What is the most cutting-edge research happening in the cyber field?” Professor Novotny explained to me that the private sector has been very involved in cultivating cyber security measures. He mentioned that big service providers have recently gotten together to establish a code of conduct. We also talked about the Cyber Threat Alliance’s efforts to collect data on cyber hacks which they then turned over to the FBI. Based off our conversation, I think that the private sectors efforts to defend themselves offers another interesting path for further research. I would like to look into whether there has been discussion on the private sector’s involvement in cyber foreign affairs.

Lastly, we conversed about the recent General Data Protection Regulation law enacted in the European Union. I asked about how this regulation is blurring the lines of state sovereignty. Professor Novotny mentioned that because the GDPR is a still relatively new, the intricacies are still being ironed out, but I believe the GDPR and similar laws (potentially taken from the Tallinn Manual) offer an interesting puzzle to this field in that the laws can sometimes reach beyond the sovereign constituents.

Overall, Professor Novotny has helped me to identify paths for further research that will help me expand my foundation and lead me to uncover the puzzles that have not been researched. My next steps are to continue to gather articles on the various topics we discussed so that I can start thinking about different methods I will use to execute the research on the various puzzles I am beginning to see.

 

1Schmitt, Michael N. Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. 2nd ed. Cambridge: Cambridge University Press, 2017.

 

Research Portfolio Post #1: Research Interests

My primary research interest involves cyber security norms on the world stage. In particular, I am interested in the complex issue of cyber attribution. Attribution involves discerning the cause of a cyber-attack in order to carry out repercussions on the true attacker. There is a need to address the question of attribution due to the increase in cyber-attacks, and the implications these attacks have on executing foreign policy.

Cyber attribution offers interesting challenges when engaging with global actors which is why I am keen to research this topic. The article “Stateless Attribution: Toward International Accountability in Cyberspace”1 discusses some of the difficulties of attributing cyber-attacks to nations and non-state actors, but more work is needed in categorizing the qualifications to make a credible attribution. The authors of this article also highlight some of the most recent and high-profile cyber-attacks that involved state actors, and then propose the need for an international institution to address the issue of attribution in order to mitigate the difficulties.

In my initial look at the scholarly articles involving cyber attribution, a few articles have brought up the need for an international institution. I am interested to know how many scholars have proposed this idea, whether the ideas are similar, whether the proposed composition is feasible, or whether works has been done to create an international institution. Cyber attribution and the need for an international institution offers one route of perplexing research.

There has also been research on the evolving cyber norms between actors, but there more explanation is needed on state interactions and cyber attribution. For example, in the article “Is it Time to Institutionalize cyber-attribution”2 the authors conclude their analysis by asking further research queries such as “How do geopolitical rivalries undermine the confidence placed in attribution?” This question offers a provoking puzzle within this field of study. It would be interesting to do a survey on how different pairings or groupings of countries deal with cyber attribution and whether there is correlation between the states attempt to deal with attribution and the historic foreign policies and relations on non-cyber related issues.

Overall, cyber attribution offers a bundle of questions to be explained. In broader terms, cyber itself merits research because of the many ways in which it impacts state and non-state actors. The way in which the world views cyber is dictated by the ways in which researchers explain it; thus, warranting my academic and personal interest in the subject.

 

1 Davis, John, Boudreaux, Benjamin, Welburn, Jonathan, Aguirre, Jair, Ogletree, Cordaye, Mcgovern, Geoffrey, and Chase, Michael. “Stateless Attribution: Toward International Accountability in Cyberspace.” RAND Corporation, (2 June 2017)

2 Badii, Farzaneh. “Is it Time to Institutionalize Cyber Attribution?,” Internet Governance Project, August 21, 2018, https://www.internetgovernance.org/2018/08/21/new-igp-white-paper-is-it-time-to-institutionalize-cyber-attribution/ (Accessed: 1 September 2018)