Research and Publications

ECCRI Virtual Research Workshops – Spring session calendar out now

ECCRI Virtual Research Workshops are back with the Spring session (March – June 2024) calendar! This year will feature senior and upcoming scholars presenting new research on the relationship between cybersecurity, Artificial Intelligence (AI), and other emerging technologies.

While the economic and social impacts of AI have dominated headlines over the last year, the implications of AI for cybersecurity (both offence and defence) have received less attention.

On the other hand, cybersecurity is one aspect of AI safety and security more broadly, and the course of cybersecurity policy offers important lessons for nascent AI governance conversations. Beyond AI, there are other emerging technologies – such as quantum computing, next-generation semiconductors, and biotechnologies – that also have the potential to significantly change the cybersecurity landscape. Our four workshops will shine a light on these rapidly evolving challenges, be sure to tune in!

Untrustworthy AI and Cybersafety

March 28, 2024

Jeremy Pitt, Imperial College London

This talk discusses the role of Artificial Intelligence (AI) in the Digital Transformation, and argues that despite the plethora [sic] of ethical guidelines, design methodologies, international  standards, and even international regulation, AI is still being used, and is going to be used, as a tool for abstracted power and abnegated responsibility. It will consider a range of  threats in the form of “Untrustworthy AI”, which can potentially bringing about democratic  backsliding, a kind of “digital feudalism”, and even diminish the very essence of “being  human”. It will suggest that as well as cybersecurity to deal with external threats, we also need cybersafety to contend with insider threats, which threaten not so much physical resources, but rather cognitive resources and socially-constructed values.

Sign up HERE.


NATO’s evolving role in the cyber domain

April 18, 2024

Amy Ertan, NATO HQ

Today we see constant friction in cyberspace. Yet while cyber defence is part of NATO’s core task of deterrence and defence, there has been speculation across external academic and policy communities on the nature of NATO’s role in the cyber domain. This talk aims to dispel such ambiguity and clarify NATO’s approach to cyber defence by first outlining the key tenants of NATO’s Comprehensive Cyber Defence Policy. By outlining the activity undertaken by NATO as it focuses to protect its own networks, operate in cyberspace (including through the Alliance’s operations and missions), help Allies to enhance their national resilience and provide a platform for political consultation and collective action, the article situates NATO’s current positioning in the broader context of strategic competition in cyberspace.

The talk will then take a forward-looking approach to set out NATO’s vision on proactive cyber defence across the Alliance, as part of efforts to ensure NATO evolves to remain fit for purpose as adversaries continue to evolve their technologies alongside technological advancements. In so doing, Amy will outline the importance of several key areas of work for NATO, including enhancing enhance military-civil cooperation, engagement with the private sector, and the integration of emerging and disruptive technologies into cyber defence activities.

Sign up HERE.


Revisiting Past Cyber Security Recommendations: Lessons we Have Failed to Learn

May 30, 2024

Matthias Schulze, Jantje Silomon, Institute for Peace Research and Security Policy at the University of Hamburg

Cyber-security is constantly evolving as new technologies introduce new vulnerabilities and threat actors constantly develop new techniques to penetrate systems. Much focus in scholarship is on the cyber-offense, while few analyse changes in the cyber-defence posture. Since its inception defensive information security has evolved and introduced a plethora of new security controls to either prevent, detect, mitigate, or respond to new cyber-attacks. More recent measures include implementing machine learning and behavioural analysis, DevSecOps as well as building Zero-Trust architectures, among others.

When studying cyber-incidents defence, a paradox becomes apparent: in many cases, low-end security fails are responsible for a majority of breaches, such as default system configurations and credentials or violations of the principle of least privileges. Even security sensitive organizations such as the US DoD or IT-companies suffer from this paradox, as a recent NSA/CISA report indicates: they spent large sums on high-end security programs just to be compromised by low-end attacks. The paradox becomes even more pronounced when introducing a longitudinal historical perspective, as for example a US Air Force report from 1972 identifies similar security problems to those we still face today. These include inadequate hardware and software not designed with security in mind, the issue of managing resource access controls in a multi-user environment that includes remote terminals (aka a cloud infrastructure), malicious insider threats that bypass security controls, as well as the issue of applying timely software patches. In sum: while the IT security industry is rushing to introduce new high-level security controls, the main problems in securing systems seem to be age-old problems. Thus, a historical approach to cyber-security is warranted.

In this paper, security controls of past decades are examined, shedding light on relevant best practices and recommendations. Starting in the 1950s, we analyse the emerging technologies of each subsequent decade and ask what changes in IT-security controls these new technologies necessitated and how cyber-security changed in general over the years . Furthermore, the aftermath of selected cyber-attacks is analysed to explore potential shifts in security paradigms beyond those introduced by technological development.

Sign up HERE.


Decrypting North Korea Cyber Operation Strategy: Analyzing the Augmenting Role of Cyber-AI nexus

June 27, 2024

Abhishek Sharma, Delhi University

North Korea’s cyber capabilities deployment can be divided into two categories based on objectives: tactical and strategic. These objectives are aimed at protecting and sustaining the regime’s survival guided by Kim’s Byungjin policy—parallel development of economic prosperity and nuclear and ballistic missile programs. Predominantly, North Korean application of Cyber operations manifests via cyber offensive operations targeted specifically for external security via cyber theft, cyber espionage, intelligence collection, influence operations, information warfare, and data exfiltration, but also internal security aimed at surveillance, border patrolling, and snooping. North Korea is a unique authoritarian state example where cyber operationalization is executed through a whole-of-system approach working with ministries, state organizations, party tools, and state-sanctioned cyber hackers, due to constrained resources and the nature of state polity. However, with emerging challenges and constrained resources, cyber operations were not operating and executing efficiently.

To address this, North Korea adopted emerging technologies like Artificial Intelligence (AI) in its cyber offensive strategy, aimed at reducing the skills gap, identifying adversarial vulnerabilities, and improving efficiency. Integration of AI with Cyber operations has given North Korea two added advantages, adapting to the changing environment and exploiting adversary vulnerabilities with new tools. Some of the regime’s social engineering techniques like DDoS, ransomware, spear phishing, and watering holes for financial warfare, data infiltration, and cyber espionage have substantially improved over time. This paper aims to analyze the North Korean cyber operations strategy through the application of Integrated operationalization of cyber with AI tools and techniques to improve its internal and external security environment. The paper covers North Korean Military Institutions and intelligence organization’s application of the AI-Cyber nexus tool inside and outside based on primary and secondary sources like intelligence reports, defense white papers, journals, open-source intelligence, news reports, and ministry statements.

Sign up HERE.