From Russia with Love: Understanding the Russian Cyber Threat to U.S. Critical Infrastructure and What to Do about It

I. Introduction II. A Short History of Russian Hacking of U.S. Government Networks and Critical Infrastructure III. Unpacking the Ukraine Grid Hacks and Their Aftermath IV. Analyzing Policy Options to Help Promote the Resilience of U.S. Government Systems and Critical Infrastructure ... A. Contextualizing and Introducing Draft Version 1.1 of the NIST Cybersecurity Framework ... B. Operationalizing International Cybersecurity Norms on Critical Infrastructure ... C. Deterrence and a Path Forward ... 1. Publicize Benefits as Applied … 2. Publicize Exercise Results ... 3. Publicize Updates V. Conclusio

Making Democracy Harder to Hack

With the Russian government hack of the Democratic National Convention email servers and related leaks, the drama of the 2016 U.S. presidential race highlights an important point: nefarious hackers do not just pose a risk to vulnerable companies; cyber attacks can potentially impact the trajectory of democracies. Yet a consensus has been slow to emerge as to the desirability and feasibility of reclassifying elections—in particular, voting machines—as critical infrastructure, due in part to the long history of local and state control of voting procedures. This Article takes on the debate—focusing on policy options beyond former Department of Homeland Security Secretary Jeh Johnson’s decision to classify elections as critical infrastructure in January 2017—in the U.S., using the 2016 elections as a case study, but putting the issue in a global context, with in-depth case studies from South Africa, Estonia, Brazil, Germany, and India. Governance best practices are analyzed by reviewing these differing approaches to securing elections, including the extent to which trend lines are converging or diverging. This investigation will, in turn, help inform ongoing minilateral efforts at cybersecurity norm building in the critical infrastructure context, which are considered here for the first time in the literature through the lens of polycentric governance

Money for nothing : understanding the termination of U.S. major defense acquisition programs

How can political science account for the rare cases of major weapons program termination in the United States from the end of the Cold War to 2005? To begin to answer this question, this thesis offers the first definition of weapons program termination to facilitate a controlled comparison. The focus here is on contemporary civil-military relations and the decentralized structure within which these relationships operate with regard to questions of resource allocation. This structure disincentivizes the services and legislators from proposing the termination of weapons programs. Only executive-branch civilians within the Office of the Secretary of Defense are institutionally positioned to propose such terminations. An analysis of the cost, schedule, performance, and relevance of the air force's F-22 aircraft demonstrates how this structure over-determines perpetuation as the standard outcome of the resource allocation process. Using the language of agency theory, I contend that civilian detection of what they perceive as shirking by the military services acts as a catalyst for termination. In general, this shirking may be characterized as perceived malfeasance or chicanery. Secretary of Defense Richard Cheney terminated the A-12 aircraft program once he lost confidence in the navy, prompted by the discovery that his praise of the program to Congress was radically at odds with reality. Twelve years later, Secretary Donald Rumsfeld and his deputy, Paul Wolfowitz, terminated the Crusader artillery system once they perceived the army was no longer providing trustworthy information regarding the program. This examination reveals how non-structural factors like trust and confidence play a powerful role in extremely bureaucratized, structural processes. Theoretical . frameworks that account for these factors, such as the agency-theory strand of civil- military relations, are therefore particularly valuable to more robust understandings of political decision-making that determines who gets what, when.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

From Russia with Love: Understanding the Russian Cyber Threat to U.S. Critical Infrastructure and What to Do about It

I. Introduction II. A Short History of Russian Hacking of U.S. Government Networks and Critical Infrastructure III. Unpacking the Ukraine Grid Hacks and Their Aftermath IV. Analyzing Policy Options to Help Promote the Resilience of U.S. Government Systems and Critical Infrastructure ... A. Contextualizing and Introducing Draft Version 1.1 of the NIST Cybersecurity Framework ... B. Operationalizing International Cybersecurity Norms on Critical Infrastructure ... C. Deterrence and a Path Forward ... 1. Publicize Benefits as Applied … 2. Publicize Exercise Results ... 3. Publicize Updates V. Conclusio

Making Democracy Harder to Hack

With the Russian government hack of the Democratic National Convention email servers and related leaks, the drama of the 2016 U.S. presidential race highlights an important point: nefarious hackers do not just pose a risk to vulnerable companies; cyber attacks can potentially impact the trajectory of democracies. Yet a consensus has been slow to emerge as to the desirability and feasibility of reclassifying elections—in particular, voting machines—as critical infrastructure, due in part to the long history of local and state control of voting procedures. This Article takes on the debate—focusing on policy options beyond former Department of Homeland Security Secretary Jeh Johnson’s decision to classify elections as critical infrastructure in January 2017—in the U.S., using the 2016 elections as a case study, but putting the issue in a global context, with in-depth case studies from South Africa, Estonia, Brazil, Germany, and India. Governance best practices are analyzed by reviewing these differing approaches to securing elections, including the extent to which trend lines are converging or diverging. This investigation will, in turn, help inform ongoing minilateral efforts at cybersecurity norm building in the critical infrastructure context, which are considered here for the first time in the literature through the lens of polycentric governance