It is rare to find satisfying cybersecurity scholarship. This is not the fault of the talented scholars who have written in this field. I am a fan of the work of many who have tried to lead us to legal and geopolitical solutions to the problems of viruses, worms, botnets, cyberwar, and cyberterrorism. But these individuals have had their considerable talents stymied by cybersecurity’s fundamental knowledge problems. To make a useful contribution, an author must understand technical concepts famous for their complexity, from TCP/IP to BGP, and be able to untangle complex relationships like the ones between the FBI and NSA and the United States and China. Even worse, cybersecurity scholars can never know whether they have the details right, because these topics are shrouded in layers of official and de facto secrecy.
For these reasons, I have never felt entirely satisfied by a single work about cybersecurity, at least not until now. Derek Bambauer has written a fine article about this topic entitled Conundrum, available on SSRN and forthcoming in the Minnesota Law Review. This useful article points the way to a more interesting and more useful new way forward for cybersecurity scholarship and discourse. Continue reading "Cybersecurity through Information Theory"