June 22-24, 2015
International Affairs Building
On June 22-24, 2015, Columbia University’s School of International and Public Affairs (SIPA) and Stanford University’s Center for International Security and Cooperation (CISAC) hosted a Multidisciplinary Workshop in Cybersecurity. The goal of the workshop was to bring together international relations scholars, prominent policy makers and executives from the tech and financial sector to discuss and develop a forward looking research agenda for resolving key cyber-related challenges.
While technological capabilities move ahead at lightning speed, policy and legal frameworks in cybersecurity lag behind. Historically, governments have safeguarded citizens and national interests from external threats. In cyber, however, traditional boundaries are fuzzy. What constitutes an internal threat? An external one? How do we even know a threat when we see it? The roles and missions in cyberspace of various government agencies are also unclear. What is clear is that the government cannot go it alone: the private sector holds key capabilities and owns vital assets that make public/private cooperation essential but demanding, and often, problematic.
Breaking out of intellectual silos is crucial to developing a better understanding of cyber challenges and how to address them. Cyber threats involve political, legal, organizational, economic, and psychological factors that technical experts often do not fully understand or appreciate. These outstanding gaps and questions provide an opportunity for SIPA and CISAC to play an early and significant role in thought leadership in this policy area.
Over the course of two-and-a-half days of seminars, a simulation, and keynote discussions with prominent policy makers, corporate executives, the questions posed and relationships built led to a concrete, forward-looking policy and academic research agenda to improve cyber security globally.
A full list of participants at the workshop can be found here.
Final Agenda and Background Papers
The final agenda for the workshop is available in .pdf format here. A summary of the agenda is given below with background papers submitted by speakers to accompany their talks, where relevant.
Session1: Cyber-security as a concept with David Clark and Greg Conti
Session 2: Know your enemy: Understanding threats to cyber-security with Steve Bellovin
Steve Bellovin slides: Thinking Security
Session 3: Offensive dimensions of cyber-security with Herbert Lin
Owens, Dam & Lin (2009), Technology, Policy, Law and Ethics Regarding US Acquisition and Use of Cyberattack Capabilities, National Research Council of the National Academies.
Session 4: Attribution and cyber-attacks with Jason Healey
Rid & Buchanan (2014), Attributing Cyber Attacks, Journal of Strategic Studies.
Healey (2012), Beyond Attribution: Seeking National Responsibility for Cyber Attacks, Atlantic Council Cyber Statecraft Initiative Issues Brief.
Session 5: Insights from Interdisciplinary Thinking on Cyber-security with Marjory Blumenthal & Carolyn Nordstrom
Blumenthal (2011), Is Security Lost in the Clouds?, (see pp69-86) in Anania, Bauer & Van Eeten (2011), The Economics of Cybersecurity, Communications and Strategies, DigiWorld Eocnomic Journal no. 81.
National Academy of Sciences (1991), Computers at Risk: Safe Computing in the Information Age, Executive Summary and Overview.
Dinner and Keynote with Phil Venables, Chief Information Risk Officer, Goldman Sachs
Session 6: Crisis Simulation with Lucas Kello
Lunch and Keynote with members of US Army Cyber Command
Session 7: Cyber-deterrence with Martin Libicki and Richard Betts
Session 8: Decision-making under uncertainty with Robert Jervis and Rose McDermott
Session 9: Tension between civil liberties and security with Matthew Connelly and Susan Landau
Landau (2015), Control and Use of Data to Protect Privacy, Science, Vol. 347, Issue 6221.
Session 10: Domestic and international law and policy frameworks with Matthew Waxman
Matthew Waxman slides: Domestic and international relating to cyber security
Lunch and closing thoughts with Jason Healey and Herbert Lin
Lin (2015), An Evolving Research Agenda in Cyber Policy and Security, research paper submitted to the Journal of Cybersecurity.
This workshop was hosted by:
For nearly 70 years, SIPA has been equipping future leaders with the skills, knowledge and intellectual curiosity to solve the world’s most critical public policy challenges. Through a rigorous and multidisciplinary curriculum, practical capstone projects and field work that engage real world issues, and connections to world-renowned scholars and practitioners, SIPA students learn to make a positive difference in the world, whether in the public, private, or nonprofit sector. At home in Columbia’s prestigious university community and the global City of New York, SIPA is also a uniquely diverse, international and entrepreneurial community that brings together world leaders of diverse backgrounds, skills, and perspectives.
In 2014, SIPA launched a new initiative around technology and policy called ‘Tech&Policy@SIPA’. This ambitious effort fuses public policy, engineering, data science and entrepreneurship through a variety of activities, including new courses on data analytics and visualization; a Challenge Grant that invites graduate students to combine ICT and data to solve urban challenges globally; participation with Columbia Entrepreneurship in a start-up lab in lower NYC; and interdisciplinary research around internet policy issues including internet governance and cyber security. This new research is aimed at deepening collaboration at Columbia University across disciplines as well as convening interdisciplinary expert groups, such as at this Conference. By equipping the next generation of public policy students and scholars with a deeper understanding of new technology, nurturing organizations that are building novel tech-based solutions to pressing public policy problems, and supporting cutting-edge interdisciplinary research, SIPA is stimulating a host of creative endeavors at the intersection of technology and public policy.
This workshop was held in collaboration with:
The Center for International Security and Cooperation (CISAC) is Stanford University’s hub for researchers tackling some of the world's most pressing security and international cooperation issues.
Founded 30 years ago, CISAC in its early years brought together scholars focused on U.S.-Soviet-China relations, arms control and nonproliferation, and the scientific and technical aspects of international security. Today we are building on our historic strengths to seek solutions to the many longstanding and emerging challenges associated with an increasingly complex world.
We are guided by our longstanding belief that a commitment to rigorous scholarship, openness to new ideas, and lively intellectual exchange can spur the creation and spread of knowledge to help build a safer world.
Among those are cybersecurity, war and civil conflict, migration and transnational flows, public health and biosecurity, international norms and ethics, as well as insurgency, terrorism, homeland security and nuclear proliferation. CISAC’s multidisciplinary community brings together social scientists, historians, lawyers, physical and biological scientists, engineers, as well as leaders from the private sector and the world of public policy.
Through education, scholarship and Track II diplomacy, CISAC strives to influence the policymaking agenda in the United States and abroad. We are guided in this effort by our longstanding belief that a commitment to rigorous scholarship, openness to new ideas, and lively intellectual exchange can spur the creation and spread of knowledge to help build a safer world.
This workshop was financially sponsored by:
Funding for the Multidisciplinary Workshop on Cyber Security has been provided through a major grant to SIPA from the “Rigor and Relevance” initiative of Carnegie Corporation of New York. The Carnegie-funded initiative at SIPA seeks to foster advanced and balanced research in cyber policy and internet governance and to strengthen and expand the community of researchers and practitioners using such research to address pressing issues in cyber policy and governance—with a special focus on supporting junior faculty and doctoral students who engage in policy-oriented work and spend time in settings in which they engage directly with senior practitioners.