1. Institutional Developments, CERTS & CyberData, and ECIR Data Dashboard
ECIR - Explorations in
Cyber International Relations
Institutional Developments, CERTS & CyberData, and ECIR Data Dashboard
Multidisciplinary Team
Leads: Stuart Madnick (IT Group, School of Management
& Engineering Systems Division, School of Engineering)
Nazli Choucri (Political Science)
Students:
Steven Camiña* (EECS)
Jeremy Ferwerda (Political Science)
Erik Fogg* (Political Science)
Fan Wei* (Mathematics)
Xitong Li (School of Management)
Hamid Salim (Systems Design & Management)
2 August 2010 (v1)
* Graduated or left project

2. Empirical Data – Theory Relationship
Does Korea have a lower rate of piracy per computer than the US? .. and Why
Data suggests: ideas, identifies ‘deviance’, new explorations
Empirical
Data
Theory
Data needed:
to confirm, explore further, develop, reframe or extend theory especially across domains (“real” and cyber)
What countries have increases in Total CERT Reported Incidents per Capita while others are decreasing? … and Why?
How are USA Cyber Crime Dollar Loss & Total Cases changing over time? … and Why?

3. Agenda Identify Initial Relevant Data Sources Gather sample data
CERTS plus many others
Gather sample data
Identify problems and issues
Develop ECIR Data Dashboard Prototype
Adding provenance features
Perform Preliminary Analysis of Interesting Observations
Despite the limitation & challenges mentioned above
Develop Business Case for Data Gathering
Especially for CERTs
Side project: Exploring Terms and Taxonomies Relating to the ‘Cyber Space’ Research Field (via bibliometic data mining)

4. Some Interesting Demonstrations & Observations
Malaysia v Brazil: Total CERT Reported Incidents per Capita
Brazil high
Malaysia low
Brazil declining
Malaysia increasing
Almost
same
How about per
Internet Users?
Some Possible explanations:
Data: Initially Malaysia CERT was not capturing incidents effectively *
Public Policy: Brazil addressed incidents aggressively; Malaysia was lax
* Comment on “perceptions”

5. Some Interesting Demonstrations & Observations
Software Piracy Divergences OECD and Non-OECD Countries
Some Possible explanations:
Countries with less developed intellectual property laws are now beginning to accurately report losses, or
These countries have less mechanisms in place to prevent software privacy.

6. Some Interesting Demonstrations & Observations USA Cyber Crime Dollar Loss Outpacing Total Cases
Some Possible explanations:
Budget for investigating cyber crime not increased enough over this period
Individual criminals increasingly more effective at inflicting monetary damage

7. Some Interesting Demonstrations & Observations: Software Piracy Trends
China
Germany
USA
Korea
Korea has a much lower rate of piracy per computer than the US
Germany, initially possessing a much higher ratio, has converged to the US rate
China's rate is very high, decreased, then began to increase in 2006 (as well as Malaysia)

8. Some Interesting Demonstrations & Observations: Trends in Cyber Crime Cases
In Korea the number of reported cases and arrests is converging toward a 1:1 ratio.
This could mean that fewer reported cases are 'false alarms‘ or
That Korean police are increasingly adept at tracking down cybercriminals. or ????

9. Some Interesting Demonstrations & Observations: Relative rates of cyber crime cases per internet users
Countries tend to have stable, though different, rates of cyber crime cases per # of users
Suggesting cultural differences/lack of efficacy in reducing cyber crime through education and prevention

10. Summary and Future Work
Important to study cyber international relations within & across countries
The ECIR Data Dashboard and preliminary data gathered (especially CERT & Institutional data) are useful tools
The development of many CERTs are in infancy
Data availability, consistency, and interpretability, especially of CERT data, are challenging obstacles for the exploration and a focus of our research
Ongoing Work
More data sources and data categories are being identified and incorporated in the Dashboard
Semantic reconciliation techniques (e.g., MIT context mediation research and semantic web research) will be explored to alleviate data inconsistency and interpretability and to provide a consistent view for the exploration
Economic and/or social incentives of improving the reporting and sharing of nation-level data are to be investigated
Suggestion that we help to develop “business model” for the CERTS
Show that some data provides useful insights -> Imagine what more data can do!
Like old days: “What do you mean you do not have a web site?!”

11. Reports Completed or In Process
“Experiences and Challenges with using CERT Data to Analyze International Cyber Security,” Proceedings of the AIS SIGSEC Workshop on Information Security & Privacy (WISP 2009), Phoenix, Arizona, December 2009, pp [SWP # , CISL , ]
“Explorations in Cyber International Relations (ECIR) - Data Dashboard Report #1: CERT Data Sources and Prototype Dashboard System” [ ]
“Institutional Foundations for Cyber Security: Current Responses and New Challenges “ (draft completed – to be submitted)
“Some Interesting Findings Using CERT Data to Analyze International Cyber Security” (draft)
“Exploring Terms and Taxonomies Relating to the ‘Cyber Space’ Research Field” (draft)