FSI scholars produce research aimed at creating a safer world and examing the consequences of security policies on institutions and society. They look at longstanding issues including nuclear nonproliferation and the conflicts between countries like North and South Korea. But their research also examines new and emerging areas that transcend traditional borders – the drug war in Mexico and expanding terrorism networks. FSI researchers look at the changing methods of warfare with a focus on biosecurity and nuclear risk. They tackle cybersecurity with an eye toward privacy concerns and explore the implications of new actors like hackers.
Along with the changing face of conflict, terrorism and crime, FSI researchers study food security. They tackle the global problems of hunger, poverty and environmental degradation by generating knowledge and policy-relevant solutions.
ABOUT THE SPEAKER: Elaine Korzak joined CISAC in September 2013 as a predoctoral cybersecurity fellow. She is a PhD student in the Department of War Studies at King's College London. Elaine's thesis evaluates how cyber attacks challenge current legal norms and whether the identified challenges ultimately warrant a new legal framework. The analysis focuses on two areas in particular: international law on the use of force (jus ad bellum) and international humanitarian law (jus in bello). During her time at CISAC, Elaine is conducting empirical research examining states' responses to the legal challenges created by cyber attacks. Her analysis focuses on various state positions in key international forums, including the United Nations and the International Telecommunication Union.
Elaine earned a Bachelor's degree in International Relations from the University of Dresden (Germany) before focusing her research interests at the interface of international law and security studies. She holds both an MA in International Peace and Security from King's College London and an LL.M in Public International Law from the London School of Economics. Her professional experience includes various governmental and non-governmental institutions (both national and international), where she has worked on various disarmament and international security issues. These include, most recently, NATO's Cyber Defence Section as well as the European Commission's Director-General on Information Society and Media.
ABOUT THE TOPIC: With their unique characteristics such as swiftness, its non-kinetic nature and anonymity, computer network attacks fundamentally challenge the current international legal paradigm which is based on a state-centered concept of armed force involving some degree of kinetic energy transfer through blast and fragmentation. It has been argued that a revolution in military affairs has been ushered in by technological advancements that cannot be accommodated within the existing legal framework. Both practitioners and scholars have called for a new regulatory framework to govern computer network attacks. This presentation will give an overview of Elaine's doctoral research project which evaluates these claims by examining if and how computer network attacks challenge key norms of international law on the use of force and international humanitarian law and whether the identified challenges ultimately warrant a new legal framework.
Elaine Korzak is a research scholar at the Berkeley Risk and Security Lab (BRSL) at UC Berkeley where she focuses on international cybersecurity governance. She is also an affiliate at the Center for Long-Term Cybersecurity (CLTC) at UC Berkeley and the Center for International Security and Cooperation (CISAC) at Stanford University.
Her research covers international legal, policy, and governance aspects in cybersecurity, including norms and international law governing state conduct in cyberspace, cybersecurity negotiations at the United Nations, and the international regulation of commercial spyware. Her work has appeared in the Oxford Handbook of Cyber Security, the Routledge Handbook of International Cybersecurity, the Georgetown Journal of International Affairs, the Bulletin of the Atomic Scientists, and RUSI Journal.
Previously, Elaine was a cybersecurity postdoctoral fellow at the Center for International Security and Cooperation (CISAC) and a national fellow at the Hoover Institution, both at Stanford University, before leading the Cyber Initiative at the Middlebury Institute of International Studies at Monterey (MIIS). She holds a PhD in War Studies and an MA in International Peace and Security from King’s College London, as well as an LL.M. in Public International Law from the London School of Economics and Political Science (LSE).
Hide publication sections
Off
Date Label
Elaine Korzak
Speaker
Cybersecurity Predoctoral Fellow, CISAC, and PhD Candidate
Andrew K. Woods
Cybersecurity Fellow
Speaker
CISAC
CISAC Co-Director Amy Zegart and nine other national security and intelligence scholars were recently invited to the headquarters of the National Security Agency in Fort Meade, Md., for unprecedented talks with high-ranking officials. They discussed cybersecurity, the plummeting public trust in the agency, its relationship with Congress and how to rebuild the agency’s reputation and rethink its program operations.
The academics were first taken to the black granite wall carved with the names of 171 military and civilian cryptologists who have died in service. “I think they wanted us to know that this is an organization of people, not some robots trolling through your emails,” said Zegart, author of the book, “Spying Blind,” which examines why U.S. intelligence agencies failed to adapt to the terrorist threat before the 9/11 attacks.
The scholars were then taken to a windowless conference room for several hours of what Zegart called remarkably frank and free-ranging talks about the agency and its tactics.
The NSA is one of the world’s most secret intelligence gathering organizations. Its methods have come under intense scrutiny with a series of damaging leaks about its operations. Former NSA contractor Edward Snowden and national intelligence reporters have revealed tactics that have left many Americans cold and questioning the legality and necessity of the agency’s methods. From monitoring emails and phone calls, to secretly cracking encryption codes that protect personal email as well as financial and medical records and Internet chats – the revelations just keep coming. Civil liberty organizations and Internet privacy advocates here at Stanford are outraged, while some foreign governments are accusing Washington of Big Brother tactics run amok.
Zegart answers questions about those perceptions and her Sept. 23 briefing at NSA headquarters.
Are the accusations that the NSA is Big Brother squared fair?
Image
If you look at the reporting on the NSA so far, there is zero evidence of a widespread, deliberate and nefarious plan by the agency to violate the law and spy on American citizens. This is a policy debate, not a scandal. There’s no question in my mind that the NSA has interpreted its legal authority to the maximum extent of the law possible. They’ve taken what Congress has granted them and they have pushed to the edge – but that’s a very big difference from running amok.
How did this unprecedented meeting come about and why do you think the senior NSA officials – who asked not to be identified – called on social scientists?
In our group, the last time someone went to the NSA was in 1975, which tells you how rare it is for them to invite academics in. The was a sense at senior levels that they need to think more systematically and long-term about education, about being more open to academics coming in and doing research about the NSA and hearing what academics have to say. In part, thought-leaders at universities can play a role in transmitting some of the complexities in which the NSA operates – the tradeoffs the agency is confronting and the constrains under which they are operating.
The other academics invited to the NSA on Monday were William Inboden of the University of Texas, Austin; Michael Desch of Nortre Dame University; Jeffrey Engel and Joshua Rovner of Southern Methodist University; Thomas Mahnken of the U.S. Naval War College; Richard Betts of Columbia University; Benjamin Wittes of The Brookings Institution; Kori Schake of Stanford University; and Robert Chesney of the University of Texas, Austin.
One thing this meeting highlighted for me is that the NSA is not free to respond to the criticism it gets in the press. It’s intertwined with other organizations that have a say in how it responds: the Office of the Director of National Intelligence, the FBI, the Justice Department and the White House. And they have never had to deal with the spotlight before. They gave me this statistic: Last summer, there were 167 legitimate questions from the press; in the summer of 2013 there were 1,900 media requests. That’s a tenfold increase. This is a whole new world for this agency. And to go against secrecy is just totally counter to their culture. This was a bold step for them to have us come in.
Did the NSA officials talk about whether they had broken any laws?
They definitely wanted us to believe that what they are doing is lawful and effective. I believe the lawful part; I’m not so sure about the effective part. I think they haven’t looked hard enough about what effective means. Do they know it when they see it? And who’s to judge?
They were quick to point out that they’re under extensive oversight both by Congress and the Foreign Intelligence Surveillance Act (FISA) court. The question is whether Americans are comfortable with the lines that have been drawn by their own government and if they’re comfortable with the lack of transparency. The NSA is really bad at letting us know what the gains are (from surveillance) and they’ve struggled with how to deal with the public reaction to the Snowden revelations.
This is an intelligence agency and they’re supposed to be stealing information from other governments; that’s what we pay them to do and other governments would use those capabilities in an instant if they had them. That has gotten lost in the debate. When I talk to my parents and friends, they think that the NSA is listening in on their phone calls. That’s just not true. They’re examining phone logs: who called whom and for how long. No one is listening to your conversation with grandma.
The fundamental problem is that the NSA is highly regulated – but nobody trusts the regulatory framework."
Did you discuss former NSA contractor Edward Snowden?
Extensively. It’s the biggest breach in the agency’s history. They’ve been in crisis mode since June. They’ve been putting our fires every day and the arsonist is still out there. NSA officials told us that they know 125 documents have been compromised; they believe Snowden probably has already passed to the press another 50,000 documents and that the entire tranche that he may have taken is bigger than that. But there’s a question about whether that tranche is accessible, that Snowden may have done things to make some of his data hard to read.
They said Snowden didn’t just download documents he himself had access to. He used social engineering, convincing someone else to give him access to additional information to breach security protocols. Meanwhile, Snowden had plenty of avenues for whistleblowing, including five inspectors-general and the members of the congressional intelligence committees, but he availed himself of none.
Have Snowden’s actions endangered national security or international relations?
The standard lines about “irreparable harm” are not convincing to many people because they are so vague, we’ve heard them so often, and the government classifies boatloads of information that shouldn’t be secret. But NSA officials got a little more specific. They said Snowden has hurt national security in three ways: The first is that he revealed government surveillance capabilities. Second, he’s revealed politically embarrassing things that are harming relations with our allies – and they believe there is more to come. (Brazilian President Dilma Rousseff postponed a state visit to Washington, for example, following the release of evidence that the U.S. spied on Brazilian politicians and business leaders.) They said Snowden has a pattern of releasing embarrassing information around big international meetings, such as the G20 summit. The third damaging impact is that Snowden has hurt the NSA’s ability to produce intelligence.
What are some of the challenges and solutions moving forward?
Intelligence is a political loser and so you see a lot of members of Congress who says they are shocked – shocked! – to find out what the NSA is doing when they had full opportunity to be briefed on these programs for a long time. So they’re making political hay out of NSA’s difficulties. Most members of Congress have zero incentive to actually learn anything about the complexities of intelligence because the voters don’t hear about it and they don’t reward them for it.
The near-term challenge is to stop Congress from doing something stupid, such as the wholesale cancelling of NSA programs and capabilities. The medium-term challenge is to figure out what sensible options there are to restoring the public trust and make the NSA more transparent and more targeted in its collection approach. When NSA chief Keith Alexander steps down, we are going to see all of these issues come to a head in a very public way with the confirmation of the next director.
The longer-term challenge is creating better mechanisms to assess whether NSA should do things just because it can technically – to weigh the wisdom and efficacy of programs, not just their legality. The NSA also needs a sustainable education campaign so that when things break in the news, legislators and constituents have an understanding of what this agency does and can put these revelations into perspective.
They definitely wanted us to believe that what they're doing is lawful and effective; I believe the lawful part, I'm just not so sure about the effective part."
What are the strengths of the NSA that the public doesn’t get to see?
The NSA is the organization that’s responsible for information assurance, like if you’re in government on a secure phone line. And most people don’t know the NSA wrote the codes to protect our nuclear arsenal from day one. So the NSA has two, often conflicting missions. One is signals intelligence, which is offense, and the other is the information assurance that is defense. In an era of cyber vulnerabilities, information assurance is huge. They feel like they were doing what they were authorized to do and serving the mission and that they are being characterized as evil for doing what they think is right.
What were your biggest takeaways from this meeting?
I would say one of the things that I did walk away from the meeting hearing – and I think that perhaps this is the big policy question – is that the NSA orientation is to collect now, ask questions later. So the question is: Is that the right operating philosophy; are we comfortable as a democratic society with that collect-now-ask-later approach?
This event is now full. We cannot accept any more RSVP's, but you can e-mail Zhila Emadi (zemadi@stanford.edu), if you would like to be placed on a waitlist.
About the Speaker:
General C. Robert Kehler is the commander of U.S. Strategic Command. He provides the President and Secretary of Defense with a broad range of strategic capabilities and options. He is responsible for the plans and operations for all U.S. forces conducting strategic nuclear and conventional deterrence and Department of Defense space and cyberspace operations.
General Kehler entered the Air Force in 1975 as a distinguished graduate of the Pennsylvania State University Air Force ROTC program. He has commanded at the squadron, group, wing and major command levels, and has a broad range of operational tours in ICBM, space launch, space control, space and missile warning operations.
General Kehler's staff assignments include tours with the Air Staff and Strategic Air Command headquarters. He was also assigned to the Secretary of the Air Force's Office of Legislative Liaison, where he was the point man on Capitol Hill for matters regarding the President's ICBM Modernization Program. As director of the National Security Space Office, General Kehler integrated the activities of a number of space organizations on behalf of the Under Secretary of the Air Force and Director of the National Reconnaissance Office. He has also served as deputy director of operations, Air Force Space Command, and as deputy commander, U.S. Strategic Command.
CISAC Conference Room
General C. Robert "Bob" Kehler
Commander, United States Strategic Command
Speaker
Dr. Thomas Berson is a cryptographer who views cryptography as the deep study of trust and betrayal, alternatively as the use and abuse of secrets. He has spent his career working on both the defensive and offensive sides of the information security battle. He is attracted most strongly to security issues raised in the intersection of technology, business, and world events. He is a student of Sun Tzu’s Art of War and its applicability to modern information conflict. He has lectured on that topic in Washington, Beijing, and Stanford.
Dr. Berson is Advisor to the CEO and Board of Directors at Salesforce. His portfolio includes cybersecurity, national security, and geopolitical matters. Anagram Laboratories, Dr. Berson’s cybersecurity consultancy, will celebrate its 40th anniversary in 2026.
Dr. Berson was the first person to be elected a Fellow of the International Association for Cryptologic Research. He was an editor of the Journal of Cryptology for fourteen years. He is a Past-Chair of the IEEE Technical Committee on Security and Privacy, and a Past-President of the International Association for Cryptologic Research.
Dr. Berson is an elected Member of the US National Academy of Engineering. His NAE citation reads, “For contributions to cybersecurity in the commercial and intelligence communities.” His National Research Council committee memberships include the Forum on Cybersecurity Resilience, the Committee on Computer Security in the Department of Energy, the Committee to Review DoD C4I Plans and Programs, and the Committee on Offensive Information Warfare.
Dr. Berson earned a B.S. in physics from the State University of New York and a Ph.D. in computer science from the University of London. He was a Visiting Fellow in Mathematics at the University of Cambridge, and is a life member of Clare Hall, Cambridge.
Dr. Berson’s Erdös Number is 2; his amateur radio call sign is ND2T.
About the Topic: What do the National Security Agency’s bulk surveillance programs reveal about Americans? This talk presents ongoing studies of Internet and telephone metadata. Preliminary results suggest that technical restrictions are far less effective than many observers have assumed.
Jonathan Mayer is a Ph.D student in Computer Science and a J.D. student in Law at Stanford University. He joined CISAC as a predoctoral cybersecurity fellow in 2012, and continued as a cybersecurity fellow at CISAC for 2013-2014.
His research aims to advance difficult problems in technology policy. His recent work has focused on how to protect consumer privacy while promoting online innovation. In one line of studies, Jonathan has used web measurement to shed light on the information collected about consumers online. Another project aims to develop third-party web services that deliver functionality without tracking users.
Jonathan completed his undergraduate degree at Princeton University in 2009, with a concentration in the Woodrow Wilson School of Public and International Affairs.
CISAC Conference Room
Jonathan Mayer
Cybersecurity Fellow, CISAC
Speaker
John Villasenor, a CISAC affiliate and professor of electrical engineering and public policy at UCLA, writes in this IEEE SPECTRUM article with Mohammad Tehranipoor, that counterfeiters sell old components as new, threatening both military and commercial systems.
They explain that the global trade in recycled electronics parts is enormous and growing rapidly, driven by a confluence of cost pressures, increasingly complex supply chains, and the huge growth in the amount of electronic waste sent for disposal around the world. Recycled parts, relabeled and sold as new, threaten not only military systems but also commercial transportation systems, medical devices and systems, and the computers and networks that run today’s financial markets and communications systems.
About the Topic: This presentation will describe a pilot program being developed by the U.S. Holocaust Memorial Museum's Center for the Prevention of Genocide (CPG) that will give policy makers, analysts, advocates, journalists, scholars, students, and the public at large reliable, up-to-date forecasts of the risk of mass atrocities in countries worldwide. The central aim of this program is to enhance efforts to prevent atrocities by giving concerned actors better risk assessments with more lead time. The CPG expects to launch this pilot program in early 2014.
About the Speaker: Jay Ulfelder is an independent consultant and owner of the blog, The Dart-Throwing Chimp. From 2001 until 2011, he served as research director for the Political Instability Task Force, a U.S. government-funded research program that aims to forecast and explain various forms of political change in countries worldwide. Ulfelder's research interests include democratization, political violence, social unrest, state collapse, and forecasting. His publications include Dilemmas of Democratic Consolidation: A Game-Theory Approach and “Democratic Transitions” in The Routledge Handbook of Democratization and co-authored “A Global Model for Forecasting Political Instability” in the American Journal of Political Science. He received his Ph.D. in Political Science from Stanford University in 1997 and his B.A. in Comparative Area Studies--USSR and Eastern Europe from Duke University in 1991.
CISAC Conference Room
Jay Ulfelder
Independent Consultant and Blogger, The Dart-Throwing Chimp
Speaker
Radiation detection technology might significantly enhance a nation state’s ability to detect and counter the threat of nuclear terrorism, but the technology is not a panacea for the nuclear terrorism problem. Because of limitations imposed by physics (and arguably even more serious and fundamental limits imposed by geometry), radiation detection systems may never be able to detect all nuclear threats in credible risk scenarios. Of course, it is highly unlikely that the problem of nuclear terrorism- like many societal problems we face today- has a simple technological solution, but technology can help. I will argue that the pursuit of an all technological solution has- paradoxically- limited the progress that has been made in developing effective systems for detecting nuclear threats. Using an investment metaphor: we in the US and most of the developed world have bet on “get rich quick” schemes with respect to radiation detection technologies and have eschewed a path of steady progress. I argue that the US- and others- should take a more straightforward model to funding radiation detection research and development and develop simple metrics to measure steady progress as opposed to our current policy of betting all on “transformational solutions” that would “solve the problem”.
About the speaker: Jim Lund is a Senior Manager at Sandia National Laboratories in Livermore, CA. Prior to arriving at Sandia in 1994, he worked at Radiation Monitoring Devices in Massachusetts for 12 years where he was the manager of the Advanced Radiation Detector Group and led a group developing radiation detectors for advanced medical diagnostics and imaging.
After arriving at Sandia as a Consultant, Lund became a Senior Member of the Technical Staff and eventually a Distinguished Member of the Technical Staff before becoming a Manager in 2003. He is currently a Senior Manager of Security Systems Engineering- a group of five engineering and science departments at Sandia, Livermore.
Lund has a B.S. in Chemistry and Math from Salem State University and an M.S. in Applied Physics from the University of Massachusetts. He has written and coauthored many publications in the field of ionizing radiation detection, refereed for several journals, evaluated proposals for DOE, NSF, and NIH, and has been invited to present to several national advisory groups (NAS, JASON, DSB, etc.).
CISAC Conference Room
Jim Lund
Senior Manager, Security Systems Engineering, Sandia National Laboratories
Speaker
Rebecca Slayton is a lecturer in Stanford’s Public Policy Program and a junior faculty fellow at CISAC for 2013-2014. She was a visiting scholar at CISAC for 2012-2013. Her research examines how experts evaluate the prospects and risks of new technology, and how they make their judgments politically persuasive in the context of international security. She recently completed a book, Arguments that Count: Physics, Computing, and Missile Defense, 1949-2012, which will be published by MIT Press in 2013. Arguments that Counts compares how two different ways of framing technology—physics and computer science—lead to very different understandings of the risks associated with weapons systems, and especially missile defense. It also shows how computer scientists established a disciplinary repertoire—quantitative rules, codified knowledge, and other tools for assessment—that enabled them to analyze the risks of missile defense, and to make those analyses “stick” in the political process. She has recently begun studying how different cultures of risk have shaped, and continue to shape, the field of cyber security.
Slayton was a lecturer in the Science, Technology and Society Program at Stanford University and a CISAC affiliate from 2005-2011. In 2004-2005 she was a CISAC science fellow. She earned a PhD in physical chemistry at Harvard University in 2002. From 2002-2004, she retooled in the social sciences as a National Science Foundation postdoctoral fellow at the Massachusetts Institute of Technology. She also won a AAAS Mass Media Science and Engineering Fellowship in 2000, and has worked as a science journalist.
Slayton’s research and teaching examine the relationships between and among risk, governance, and expertise, with a focus on international security and cooperation since World War II. Slayton’s current book project, Shadowing Cybersecurity, examines the historical emergence of cybersecurity expertise. Shadowing Cybersecurity shows how efforts to establish credible expertise in corporate, governmental, and non-governmental contexts have produced varying and sometimes conflicting expert practices. Nonetheless, all cybersecurity experts wrestle with the irreducible uncertainties that characterize intelligent adversaries, and the fundamental inability to prove that systems are secure. The book shows how cybersecurity experts have paradoxically gained credibility by making threats and vulnerabilities visible, while acknowledging that more always remain in the shadows.
Slayton’s first book, Arguments that Count: Physics, Computing, and Missile Defense, 1949-2012 (MIT Press, 2013), shows how the rise of a new field of expertise in computing reshaped public policies and perceptions about the risks of missile defense in the United States. In 2015, Arguments that Count won the Computer History Museum Prize. In 2016, Slayton was awarded a National Science Foundation CAREER grant for her project “Enacting Cybersecurity Expertise.” In 2019, Slayton was also a recipient of the United States Presidential Early Career Award for Scientists and Engineers, for her NSF CAREER project.
