Collective Behavior and Cyber Strategy Quiz

Questions and Answers

What is a norm in the context of collective behavior?

• An agreement amongst a group about expected behavior (correct)
• A personal belief that is subject to change
• A strict regulation that limits individual actions
• An established law that must be followed by all parties

Which of the following elements is not included in an effective cyber strategy?

• Goals and subordinate objectives
• Risk management strategies
• A clear statement of purpose
• Financial forecasting techniques (correct)

How does the US respond to hostile cyber acts according to the content?

• By using solely economic sanctions
• Through a combination of various means, including military action (correct)
• With diplomatic discussions only
• By ignoring the acts to prevent escalation

What is a key problem highlighted regarding minor damage caused in retaliation?

It lacks a deterrent effect as repairs can be made quickly (C)

Which aspect is crucial for organizational effectiveness in cybersecurity?

Clear communication of roles and responsibilities (B)

In terms of collective expectations, national cyber strategies can articulate what?

A vision of cooperation or privacy goals (D)

The challenge of attribution in international relations primarily refers to what issue?

Identifying state actors involved in cybercriminal activities (B)

What strategy may be employed to ensure that a cyber adversary's systems consistently fail?

Inducing lasting damage that modifies their infrastructure (D)

What strategy did Japan adopt to gain dominance in the semiconductor market?

License it strategy (B)

What was a significant impact of the Vietnam War on the semiconductor industry?

Struggles within the Air Force due to lack of precision (C)

What was the main focus of Intel to regain its market share?

Focusing on microprocessors (A)

What led to the establishment of TSMC in 1987?

Support from Philips and the Taiwanese government (D)

What has the EU done in response to antitrust violations by companies like Google?

Imposed fines (D)

What was a disadvantage for US companies in the context of Japanese influence in semiconductors?

Lack of recognition of Japanese advancements (C)

How do other regions view the US's regulatory approach towards tech companies?

As protectionist (D)

Which company began challenging Japan in the DRAM market?

Micron (C)

What was a critical change in the supply chain nodes between 1990 and 2000?

Clear leaders began to emerge in each supply chain node (A)

What approach does China take with its 'Digital Silk Road'?

Exports its technology and regulatory norms (D)

What significant realization led to the founding of SMIC in China?

Recognition of falling behind in semiconductor technology (B)

Which legislation in the US protects tech companies from liability for user-generated content?

Section 230 (C)

What is a key characteristic of the EU's data protection approach?

Rights-driven emphasis (C)

What effect has the GDPR had on countries outside the EU?

It has influenced data protection laws in other countries. (B)

What concern does the American model raise regarding tech companies?

Unchecked influence and misinformation (B)

What do the proposed norms emphasize regarding cyber operations?

States should avoid targeting critical infrastructure. (B)

What is a key aspect of interstate cooperation on cybersecurity?

Assisting one another in managing cyber incidents. (A)

What aspect does the EU focus on compared to the American model in tech governance?

Rights and data protection (A)

What challenge is associated with the attribution of cyber attacks?

The difficulty in convincing states of accurate attribution. (D)

Why might states refrain from disclosing evidence related to cyber attacks?

They fear intelligence sources could be compromised. (A)

What is one of the primary aims of the norms proposed by the UN GGE and OEWG?

To protect critical infrastructure from cyber threats. (C)

Which problem related to attribution involves potential secrecy?

Data collected through espionage or intelligence gathering. (C)

What legal issue is related to the state responsibility doctrine?

It has been addressed in contexts outside of cyber-attacks. (B)

What is an important norm regarding hospitals and humanitarian organizations?

They should be protected from cyber threats. (D)

What role do private firms play in cybersecurity?

They provide in-house cyber security to protect themselves. (D)

Why is inadequate private cybersecurity a concern for national defense?

Civilian infrastructure is often used to transmit military data. (D)

How does the Swiss cheese model relate to cybersecurity?

It highlights negative externalities affecting inequality and accountability. (C)

Which of the following firms provided protection to the British Labour Party during a DDoS attack?

Cloudfare (D)

What is a significant characteristic of cybersecurity compared to traditional military services?

Cybersecurity was never in public hands to begin with. (C)

Which statement about privatization in cybersecurity is accurate?

Privatization affects equality and accountability in cybersecurity. (B)

What intersection is highlighted regarding private and state roles in cybersecurity?

Private sector maintenance of critical infrastructure is essential. (C)

What implication does the privatization of cybersecurity have?

It may create inequality in access to cybersecurity resources. (C)

What is a significant concern regarding the reliance on the market for security services?

It could result in the exclusion of those who cannot afford security. (C)

What does the term 'cyber-enabled crime' refer to?

Existing crimes that have been transformed by the internet. (C)

Which of the following issues arises from the lack of democratic control over private cybersecurity measures?

A difficulty in holding private firms accountable. (A)

What is a characteristic of cyber-dependent crime?

It involves the use of digital systems as both targets and tools. (C)

How does introducing market logic into cybersecurity potentially affect public protection?

It may discourage collective investment in public security. (B)

What is a key obstacle for understanding private military and security companies (PMSCs)?

A general lack of public awareness and information about them. (C)

What defines the complexity of cybercrime?

It is affected by various technological and socio-economic drivers. (B)

Which of the following is NOT a feature of the security services market identified in the context?

It promotes equitable access to security for all citizens. (A)

Flashcards

What is a norm?

A collective expectation for how actors should behave in a particular situation.

How are national cyber strategies normative?

These strategies aim to establish guidelines for acceptable cyber behavior and promote cooperation among nations.

What is the problem of attribution in international relations?

The inability to definitively identify the source of cyber attacks, making it difficult to hold perpetrators accountable.

What is retaliation in the context of cyberwarfare?

The capacity to cause persistent damage and disruption to an adversary's systems.

What are the key aspects of successful retaliation?

The ability to make an adversary's systems fail and stay failed. Minor damage that is quickly repaired has no deterrent effect.

How does the US respond to hostile cyber activity?

Cyber attacks are treated like any other threat against a nation's security.

What are the elements of a national cyber security strategy?

A statement of purpose, scope, and methodology; Problem definition and risk assessment; Goals, objectives, activities, and performance measures; Resources, investments, and risk management; Organizational roles, responsibilities, and coordination; Integration and implementation.

What is the purpose of a national cyber security strategy?

To guide government departments and agencies in budgeting, planning, executing, organizing, training, and equipping personnel.

Norm: Avoid Cyberattacks on Critical Infrastructure

Cyberattacks targeting critical infrastructure, such as energy grids, healthcare systems, and water supplies, should be avoided by states.

Interstate Cooperation on Cybersecurity

States should work together to manage and respond to cyber incidents.

Attribution's Non-Tech Problems

The challenge of proving with certainty that a specific state was responsible for a cyberattack.

Cyber-Attribution: Espionage and Evidence

Data used for attribution might be collected through espionage, making it difficult to disclose evidence.

Cyber-Attribution: Avoiding Learning

States might avoid disclosing evidence to prevent future attacks.

Legitimate State Countermeasures

States must prove their attribution claims to justify countermeasures.

State Responsibility Doctrine

The legal framework for holding states accountable for their cyberattacks.

Cyber-Attribution: Evidence and Argumentation

Proving a cyberattack requires strong evidence and convincing arguments to hold a state accountable.

American Tech Model

A model emphasizing market forces and minimal government intervention to encourage innovation. It allows companies to thrive through competition and risk-taking, minimizing regulations.

Brussels Effect

A European approach to regulating tech that prioritizes user rights and data protection, often leading to stricter rules than the US model

Section 230

US law shielding online platforms from liability for user-generated content, encouraging greater freedom of expression but raising concerns about misinformation and harmful content.

Digital Silk Road

China's effort to spread its technology and regulatory norms internationally, often through infrastructure projects and partnerships.

Protectionism

The practice of using government policies to protect domestic businesses from foreign competition, often through regulations or subsidies.

Monopoly

A situation where a company has a dominant position in a market, giving it undue power and potentially stifling competition.

Antitrust Enforcement

The EU's enforcement of competition rules, often targeting large tech companies for anti-competitive practices like price manipulation or data exploitation.

Content Moderation

The process of scrutinizing and removing harmful content from online platforms, raising issues of censorship and freedom of expression.

Foundry Model

A business strategy where companies outsource their chip manufacturing to specialized foundries, allowing them to focus on chip design.

Fabless Companies

Companies solely focused on designing chips without their own manufacturing facilities.

TSMC

Taiwan Semiconductor Manufacturing Company (TSMC) - established in 1987, a pioneer in the foundry model, serving major chip designers.

SMIC

Semiconductor Manufacturing International Corporation (SMIC) - established in 2000, a key competitor to TSMC, based in China.

Morris Chang's Role

Morris Chang's vision and leadership were key to establishing Taiwan's semiconductor industry and popularizing the foundry model.

Lithography Tools

The ability to produce extremely precise patterns on silicon wafers, crucial for chip manufacturing, dominated by ASML.

Supply Chain Nodes

From the 1990s, companies focused on specific parts of the semiconductor supply chain, creating a specialized and dominant industry structure.

Intel's Dominance and Oligopoly

Intel's dominance in microprocessors in the late 20th century, resulting in a highly profitable oligopoly and influencing the company's future decisions.

Passive security measures

These security measures are solely defensive and operate within the defender's network, without any active offensive capabilities.

Private sector's role in cybersecurity

The private sector's vital role in maintaining critical infrastructure, making it essential for cybersecurity due to its ownership and reliance

Impact of private cybersecurity on national security

Inadequate private cybersecurity can harm national defense and internal security due to the use of civilian infrastructure for transmitting military data, like cables and satellites.

Agents of cybersecurity

Private companies provide in-house cybersecurity, while dedicated specialist firms offer services to companies, governments, and others.

Privatization of cybersecurity

The increasing privatization of cyber security, where private companies play a larger role, compared to traditional military and security services.

Cybersecurity's private origins

The development of the cyber domain happened primarily in the private sector, unlike traditional military and security services which were initially under public control.

Problem of cybersecurity privatization

The inherent challenges of relying on private companies for cybersecurity due to potential negative effects on equality and democratic accountability.

Inequality in cybersecurity access

This refers to the potential for unequal access to cybersecurity resources, with some entities having greater protection than others.

Swiss Cheese Model in Cybersecurity

Private security companies (PMSCs) offering cybersecurity services create a 'Swiss Cheese Model' where only those who can afford them are protected, leaving the vulnerable and disadvantaged exposed.

Market Logic in Cybersecurity

The introduction of market logic into cybersecurity can lead to a decline in support for general public protection measures, as influential actors may prioritize private security solutions.

Democratic Control in Cybersecurity

The lack of democratic oversight and control over private cybersecurity companies presents a significant challenge, as the secrecy surrounding their operations, limited public understanding, and lack of contract transparency raise concerns about accountability.

Cybercrime Definition

Cybercrime encompasses a wide range of criminal activities utilizing electronic communication networks and information systems.

Cyber-enabled Crime

Cyber-enabled crime refers to traditional offenses like fraud or forgery that have been amplified or transformed by the internet.

Cyber-dependent Crime

Cyber-dependent crime relies on digital systems as both the target and the means of attack, often involving malware or hacking.

Categories of Cybercrime

Cybercrime falls into two broad categories: Cyber-enabled crime and Cyber-dependent crime.

Defining Cybercrime

The lack of a universal definition for cybercrime highlights its complexity, influenced by various actors, technologies, and socioeconomic factors.

Study Notes

Cyber Security Foundations

• Two main points to consider: Technology and Political, economic, and military aspects.

Technology

• First attempts at creating the internet were in the 1960s, for military use.
• Public internet access became available in the 1990s.
• iPhones were introduced in 2007.
• Web 1.0 was static and difficult to use. First commercial web in 1990s
• Web 2.0 was interactive (e.g., Facebook) and needed no technical knowledge to use.
• Web 3.0 is interactive, using AI and the Internet of Things.

Political, Economic, and Military

• The very first phone was a Simon, a proper smartphone.
• It had similar functions to current iPhones.
• People did not need to carry phones or cameras separately.

Cyberspace Layers

• Physical: Devices and hardware
• Logical: Connections between devices.
• Semantic/social: Individuals and information in cyber activities.

Cybersecurity in International Relations

• International consensus on norms and rules for behavior in cyberspace is lacking.
• Determining the origin of cyberattacks is also difficult.

Approaches to Security

• Realism, Liberalism, Social Constructivism, Securitization, Critical Security Studies, Peace Studies, Poststructuralism, Postcolonialism, Human Security, and Gender.
• Traditional and non-traditional security.
• Digital sovereignty approach, who governs the web?
• Multi-stakeholder approach for tackling cybersecurity.

Critical Infrastructure

• The US government identified 16 critical infrastructure sectors.
• Incapacitating them would harm national security, health, and economy.
• Cyber space is becoming crucial for national security.
• Offensive vs Defensive strategies are present in cyber warfare.

Cyber Power

• The ability to invent, adopt, and adapt new technologies, affecting military, economic, and cultural power
• Innovation power underlies modern military power.
• The speed to adapt technology is a critical aspect.
• Sovereign state is the primary concept in regulating global politics.
• Cyberspace affects concepts of power, governance, and sovereignty.
• Digital sovereignty refers to a government's authority over the internet and defending its citizens' interests.
• Multiple stakeholder approach is considered for regulating the Internet/ cyberspace

Cyber Exceptionalism

• The digital realm is different from the physical world. Unique approaches are needed to address cyber threats.

Multi-Stakeholder Internet Governance

• Prioritises the responsibility of those affected by the internet rather than government regulation.
• Promotes transnationalism and avoids government-dominated international institutions.