Documenting Combined Capabilities for Internet Security
Transnational network operator communities, which comprise roughly a few thou- sand individuals from volunteer organizations, non-profits, and for-profit firms, are little known but critical actors ensuring Internet security. Operator community members collaborate informally with both industry peers and law enforcement to keep nefarious activities such as botnets and phishing out of cyberspace. For instance, approximately 90% of e-mail that traverses the Internet is spam. These actors ensure that spam does not reach users’ inboxes. Yet, precisely because these communities operate ad hoc, through personal relationships based on trust, they remain vastly understudied. This project proposes to fill the research and policy design gap in this space. Through interviews, fieldwork, and Track II style workshops, researchers will engage directly with parties involved in operational incident response to better document and understand (1) how operator communities function, (2) how they could improve cyber incident response by developing more systematic combined capabilities with law enforcement, and (3) how to better design cybersecurity policy in light of these dynamics. The end goal is to produce both academic and policy oriented documents that culminate in a book designed to provide state actors with a much needed roadmap to developing reliable combined capabilities for incident response.