EAGER: Collaborative: Policies for Enhancing U.S. Leadership in Cyberspace

EAGER：协作：加强美国网络空间领导地位的政策

• 批准号: 1444871
• 负责人: Stephanie Forrest
• 金额: $ 10.26万
• 依托单位: University of New Mexico
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-09-15 至 2017-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1444871&HistoricalAwards=false
• 关键词: EAGER; Collaborative; Policies; Enhancing; U.S.

Cybersecurity is threatened by the zero-day exploits (software vulnerabilities that have not been previously disclosed and are therefore potential vectors for attack). The threat is serious for exploits in the hands of major cyber powers that are potentially hostile nations. Publication of a zero-day exploits can enhance the resilience of domestic cyber-infrastructure (if an adversary has discovered the same exploit), and it could give other countries the opportunity to patch their systems proactively, increasing confidence that they will not be penetrated. Communicating zero-day exploits, however, has the obvious drawback that the exploit loses value as a weapon, because countries could patch their own systems to resist it. Thus, the cost of publication is the loss of such exploits for use in deterrence and/or future offensive cyber operations. U.S. policy has recently begun to address the question of which zero-day exploits known to the government should be published, both to enhance national security and to instill confidence by others. The project analyzes various costs and benefits of publishing exploits or patches, and studies how the costs might be mitigated whether through policy or technical means. In a new collaboration, computer scientist, Stephanie Forrest, and political scientist, Robert Axelrod, are developing integrated approaches to the rapidly expanding problem of cyber conflict, combining historical analysis, technical research, strategic analysis, and computational modeling. This project focuses on three areas where U.S. policy could provide additional leadership in cyberspace: publication of zero-day exploits; labeling of neutral infrastructure, such as networks associated with hospitals or religious sites, and shared norms to protect neutral cyberspaces; and sustainment of Internet interoperability, which allows Internet users on different networks to communicate directly without interference. The findings may benefit national security by giving policymakers a way of assessing the costs and benefits of publishing exploits or patches. This project injects a fresh and timely voice into debates about the cyberagenda, suggesting concrete measures for minimizing the likelihood and impacts of conflict among state actors.

网络安全受到零日漏洞(以前未披露的软件漏洞，因此是潜在的攻击媒介)的威胁。这一威胁对于掌握在主要网络大国手中的漏洞来说是严重的，这些大国可能是敌对国家。发布零日漏洞可以增强国内网络基础设施的弹性(如果对手发现了同样的漏洞)，它可能会让其他国家有机会主动修补他们的系统，增加他们不会被渗透的信心。然而，传递零日漏洞有一个明显的缺点，即这种漏洞失去了作为武器的价值，因为各国可以为自己的系统打补丁来抵抗它。因此，发布的成本是损失了用于威慑和/或未来进攻性网络行动的这种利用。美国的政策最近开始解决应该公布哪些政府已知的零日漏洞的问题，这既是为了加强国家安全，也是为了向其他国家灌输信心。该项目分析发布漏洞或补丁的各种成本和收益，并研究如何通过政策或技术手段降低成本。在一项新的合作中，计算机科学家斯蒂芬妮·福雷斯特和政治学家罗伯特·阿克塞尔罗德正在开发综合方法来解决迅速扩大的网络冲突问题，将历史分析、技术研究、战略分析和计算建模结合在一起。该项目侧重于美国政策可以在网络空间发挥更多领导作用的三个领域：公布零日漏洞；标记中立的基础设施，如与医院或宗教场所相关的网络，以及保护中立网络空间的共同规范；以及维持互联网互操作性，允许不同网络上的互联网用户直接通信而不受干扰。这些发现可能会给政策制定者提供一种评估发布漏洞或补丁的成本和收益的方法，从而有利于国家安全。该项目为有关网络议程的辩论注入了新鲜和及时的声音，提出了将国家行为者之间发生冲突的可能性和影响降至最低的具体措施。