Series
Institute for Information Security & Privacy Cybersecurity Lecture Series

Permanent Link
https://hdl.handle.net/1853/70914
Series Type
Event Series
Description
Associated Organization(s)
Associated Organization(s)
Organizational Unit
Organizational Unit

Filters

2021 - 2022 2
2
2
2
2
Reset filters

Settings
Author: Kostyuk, Nadiya × End date: 2022 × Start date: 2020 × search.filters.applied.f.isOrgUnitOfPublicationTitle: College of Computing × search.filters.applied.f.isOrgUnitOfPublicationTitle: School of Cybersecurity and Privacy ×

Publication Search Results

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    The Cyber Dimension of the Crisis in Ukraine: An Expert Panel Discussion
    (Georgia Institute of Technology, 2022-01-28) Brantly, Aaron F. ; Kostyuk, Nadiya ; Lindsay, Jon R. ; Maschmeyer, Lennart ; Pakharenko, Glib
    This panel brings together experts on the cyber dimension of the conflict in Ukraine to explore its geopolitical context and potential trajectories. The Russian military intervention in Ukraine has taken an ominous turn recently with the buildup of Russian military forces on the Ukrainian border. This represents an escalation in a long-running conflict that began in the wake of the Euromaidan demonstrations in Kyiv in late 2013, resulting in the Russian occupation of the Crimea and military stalemate in the Donbass region. Ukraine also became one of the most active cyber battlefields in the world. Russia has conducted continuous espionage, disinformation, and subversion campaigns. Its operations have caused electrical blackouts in 2014 and 2015 and triggered the NotPetya infection in 2017. Indeed, Ukraine has become the paradigmatic example of cyber conflict in the “gray zone” between peace and war. What are we to make of the current buildup? While no one can predict the future of a dangerous and dynamic crisis like this, our panelists can provide some political and strategic context. We focus in particular on the role of cyber warfare and information operations in the current phase of this crisis. Will the future resemble the past? Should we expect cyber operations to be used as complement to or substitute for military operations? Will cyber attacks make military escalation more or less likely? How might information and disinformation operations shape the Ukrainian or NATO responses to Russian acts? And how should the United States respond?
  • Thumbnail Image
    Item
    Deterrence in the Cyber Realm: Public versus Private Cyber Capacity
    (Georgia Institute of Technology, 2021-10-29) Kostyuk, Nadiya
    Can cyber deterrence work? Existing scholarly works argue that deterrence by punishment using cyberattacks is ineffective because the difficulty of attributing the origin of cyberattacks makes the threat of future attacks less credible. However, these works have told us relatively little about the deterrence ability of public cyberinstitutions (PCIs), defined as publicly observable proactive efforts aimed at signaling a country’s level of cyber offensive and defensive capability. This research shows that middle powers (that have scarce cyber arsenals) can use PCIs to deter cyber attacks that cause significant damage to their economy and prosperity; however, this deterrent capability is rather limited. Using an incomplete-information model, we demonstrate that PCIs only deter adversaries that are susceptible to the costs created by these institutions. Despite this limited deterrence ability, middle powers tend to over-invest resources in these cyberinstitutions: Weak cyber states tend to over-invest to convince strong cyber adversaries that they are strong, whereas strong cyber states over-invest so that adversaries do not believe that they are weak states pretending to be strong. By doing so, states reduce their overall cybercapacity. We establish the empirical plausibility of these results using election interference campaigns as examples of strategic attacks. Our focus on the strategic use of PCIs as a deterrent represents a departure from existing literature—which has focused only on cyberoperations—and has important policy implications.