Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the acf domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /opt/bitnami/wordpress/wp-includes/functions.php on line 6131

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the filebird domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /opt/bitnami/wordpress/wp-includes/functions.php on line 6131

Notice: Function acf_get_value was called incorrectly. Advanced Custom Fields - We've detected one or more calls to retrieve ACF field values before ACF has been initialized. This is not supported and can result in malformed or missing data. Learn how to fix this. Please see Debugging in WordPress for more information. (This message was added in version 5.11.1.) in /opt/bitnami/wordpress/wp-includes/functions.php on line 6131

Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in /opt/bitnami/wordpress/wp-includes/kses.php on line 2018

Sociotechnical Cybersecurity Speaker Series: Coercion in Cyberspace: A Model of Extortion via Encryption

Home    /     Events

Research Talks/Events

Date/Time: Wednesday, March 15, 2023 4:00 pm - 5:00 pm

Location: Hybrid: UMCP Campus (Hornbake South, Room 2119) + Online EST

Coercion using cyber capabilities is often thought to be difficult due to a severe tradeoff between the need to credibly demonstrate capability versus the need to maintain a covert presence until the final payload is dropped. I argue that such assessments may be premature considering the logic behind the success of ransomware, which extorts victims by using encryption to deny access to critical systems or information. The coercive logic of ransomware does not come from the power to hurt held in reserve, but from the application of costs up front followed by a promise to stop. At the same time, ransomware contains distinguishing features such as reversibility and backups that depart from models of torture or bombing campaigns that similarly rely on flow costs. I present a formal model of coercion via encryption based on a modified attacker-defender game. Under complete information, the defender always acquiesces given the demand is priced optimally, but the probability of attack is decreasing in the amount of demand that can be extracted in the mixed-strategy equilibrium. All else equal, backups favor the defender by reducing equilibrium demand. An extension concerning a bombing campaign scenario shows that the ability of encryption to reverse damage rather than to destroy the defender’s asset increases equilibrium demand that can be extracted and resolves credibility concerns. Features such as costless and automatic application of flow costs and resolution of the hostage’s commitment problem after release enhances credibility. This discussion will provide a counterexample to the claim that cyber weapons are poor tools of coercion, and that cyber coercion depends on situational variables rather than universal features of the cyber domain itself.

Speaker Bio:
Jenny Jun is a Research Fellow at the Center for Security and Emerging Technology (CSET) and Ph.D. Candidate in the Department of Political Science at Columbia University. She also serves as a Nonresident Fellow at the Atlantic Council’s Cyber Statecraft Initiative. Her current research explores the dynamics of how coercion works in cyberspace. Her broader interests include cyber conflict, North Korea, and security issues in East Asia. Jenny is a co-author of the 2015 Center for Strategic and International Studies (CSIS) report North Korea’s Cyber Operations: Strategy and Responses, published by Rowman & Littlefield. She has presented her work on North Korea’s cyber operations at various panels and has provided multiple government briefings and media interviews on the topic. She received her M.A. and B.S. each from the Security Studies Program (SSP) and the School of Foreign Service (SFS) at Georgetown University.

Register