Search Episodes
Listen, Share, & Support
Listen to the latest episode
Subscribe via iTunes
Subscribe via RSS
Become a fan
Follow on Twitter

Support Us:

Please consider making a donation to help make this podcast possible. Any contribution, great or small, helps tremendously!

Subscribe to E-Mail Updates

Related Readings
  • Answers for Aristotle: How Science and Philosophy Can Lead Us to A More Meaningful Life
    Answers for Aristotle: How Science and Philosophy Can Lead Us to A More Meaningful Life
    by Massimo Pigliucci
  • Nonsense on Stilts: How to Tell Science from Bunk
    Nonsense on Stilts: How to Tell Science from Bunk
    by Massimo Pigliucci
  • Denying Evolution: Creationism, Scientism, and the Nature of Science
    Denying Evolution: Creationism, Scientism, and the Nature of Science
    by Massimo Pigliucci

RS 201 - Ben Buchanan on "The Cybersecurity Dilemma"

Release date: February 4th, 2018

Ben Buchanan

The security dilemma is a classic problem in geopolitics: Often when one nation takes measures to protect itself from attack (like adding to their stockpile of missiles), other nations see that and worry it means the first nation is preparing to attack them, which leads to a dangerous feedback loop of escalation. In this episode, Ben Buchanan (postdoctoral fellow at Harvard studying cybersecurity and statecraft) explores how this dilemma plays out in the realm of cybersecurity: Why is the dilemma harder to resolve than it used to be with traditional warfare? And is there anything that might help?

Ben's Book: "The Cybersecurity Dilemma"

Ben's Pick: "Rise of the Machines: A Cybernetic History" by Thomas Rid

Edited by Brent Silk

Music by Miracles of Modern Science


Full Transcripts 

Reader Comments (6)

How about peace through strength? Instead of looking for the best way to cripple ourselves to reassure or embolden our enemies, wouldn't it be better to become so superior that nobody will challenge us? The DOMino program should fix holes in government networks, but it won't secure the DNC, RNC, personal email accounts, etc. Apparently, Dutch hackers hacked the Russian hackers back in 2014 and shared info with the U.S. during the 2016 election, and the U.S. dropped the ball.

Thomas Rid defended Kaspersky, even after Kaspersky antivirus was used to steal NSA hacking tools. China banned Kaspersky from its national institutions years ago, and the U.S. finally wised up and followed suit.
February 5, 2018 | Unregistered CommenterMax
Purely defensive measures rarely work out well. We should just hack everyone at all times. That way, if someone actually launches an attack on our infrastructure, such as the power grid, we can both immediately correctly attribute the attack, and quickly counterattack. This would give rise to a new MAD dynamic - Mutually Assured Destruction.
February 5, 2018 | Unregistered CommenterJameson
Security flaw-finding tools, like those that competed at the Cyber Grand Challenge, can be used to defend your own systems or attack the enemy. Tools to monitor your system for suspicious activity are more defensive, but if your enemy uses your tools the way the Pentagon used Kaspersky antivirus, then of course you can turn it into spyware.
February 5, 2018 | Unregistered CommenterMax
'*' 11:08 AM
Security program sons a hackory means the first nation is preparing for OSSR!!!!!!!!!!!!!!!!
OSSR is how a female assesses a male: O.offspring[][][]S.service[][][]R.resource(s)………………..
(hackers.hackeosdoctoral), no different in the mechanics of nation-states!
Stone Sour - Through Glass [OFFICIAL VIDEO]
SMART.mEWS Keeping you current
Praying Mantises Don Tiny Goggles to Help Us Understand 3-D Vision
It’s not harder, it’s easier: all humans have an internal ch[akkra] system, also,
an external auric energy field; we then ask, how is it possible that no two
fingerprints are alike? If thus so, being the case that the human brain has an
EM imprint, NSA can tag it – the problem is what to do with it!
Harvard should fix holes in government net.woes tats AN enemy, AGREE ...
Psychon-Quantum of Consciousness - ResearchGate

The fourth branch of government are the people.
Key Assumptions of the Transcension Hypothesis: Do Advanced Civilizations Leave Our Universe?
February 10, 2018 | Unregistered CommenterN.J.
If the proposal in Sec. 4 of Rep. Graves' Active Cyber Defense Certainty Act were put into effect, would it contribute to the destabilizing effects of the cybersecurity dilemma?
February 13, 2018 | Unregistered CommenterJim Lippard
I was perturbed to hear Ben Buchanan summarize two categories of mitigations in response the following of Julia Galef's questions:

> What are some of the strategies that […] states around the world historically […] have used to try to mitigate the dilemma, to try to prevent these unfortunate retaliatory feedback loops? And to what extent do those measures help with the cybersecurity version of that dilemma

Ben Buchanan's answer (detail removed for brevity) was:

> Conceptually, there's at least two categories of activities we can think about, that in the past have mitigated the security dilemma

> One of these we call the offense/defense balance.

> A second category of what we call mitigation is to shape offense/defense differentiation. To make it very clear that the technologies you're building are purely defensive, and shouldn't be seen as threatening.

These answers *seem to presume* that nation states *only* engage in a behaviors of attack or defense behaviors and not on cooperative behaviors.

Perhaps aligning incentives such as by engaging in mutually beneficial trade is considered "defensive" incidentally by introducing an opportunity cost for defection, but that strategy is qualitatively different than say building a wall, and I didn't hear any examples or indication that mutual cooperation was encompassed as a potential mitigation strategy.

Also disappointingly absent from this conversation was a consideration of the zero-marginal cost effects of technology, for example a "purely defensive" development of strong encryption technology which is open source may benefit nation-state actors and citizens of multiple nations. This makes spending $X on a firewall quite different than $X fixing security vulnerabilities in open source software.

The topics of burning 0-days and the US compromise of security standards (which I assume referred to touches on this subject, but I wish it was explored in more depth. In the case of 0-days, retaining them offers a defensive advantage, whereas in other cases such as designing new defensive technology, there may be no analogous opportunity cost of offense.

Even if the lack of cooperation for mutual benefit is not a blindspot, but quarantined behind some "standard assumptions" in the field, that would be disasterous, since it precludes productive opportunity cost considerations from any prescriptive results.

Finally, I'm not familiar with this field at all, so if my concerns are addressed, I would love a good introductory reference.
March 30, 2018 | Unregistered CommenterNathan Wilcox

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
All HTML will be escaped. Hyperlinks will be created for URLs automatically.