Understanding the institutional landscape of cyber security

Author(s)
Testart Pacheco, Cecilia Andrea
Thumbnail
DownloadFull printable version (12.99Mb)
Other Contributors
Technology and Policy Program.
Advisor
David D. Clark.
Terms of use
M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582
Metadata
Show full item record
Abstract
The decentralized architecture of the Internet, which has been key to its development and worldwide deployment, is making it challenging to secure Internet user experience. Many organizations claim to be playing a role in improving Internet security. If anything, the space of security-related institutions seems on first inspection to be over-populated, yet poor security persists. This work proposes a framework to understand the role different institutions play in cyber security. The analysis gives insights into the broad institutional ecosystem of public, private and international actors, and the varied nature of these institutions, their interests, incentives, and contributions to cyber security from hardware, software, protocols, standards and regulation. Based on natural language clustering algorithms, this framework classifies institutions along five dimensions: the aspect of cyber security the institution covers (e.g. network security, cybercrime), the industry and activity sector of the institution (e.g. telecommunications, software and service providers), whether it is part of a specific jurisdiction (e.g. US, Europe), specific institution's characteristics such as its working mode (e.g. forum, information sharing) or primary focus (e.g. economic development, consumer trust), and the governance type (for-profit, not-for-profit, government or international organization). We developed a dataset of approximately 120 institutions that claim a role with respect to cyber security, and using the framework, we identify areas of competing and overlapping institutional interest, relevant areas out of scope of current institutions and dysfunctionalities that hinder overall security improvement.
Description
Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2016.
 
Thesis: S.M. in Technology and Policy, Massachusetts Institute of Technology, School of Engineering, Institute for Data, Systems, and Society, Technology and Policy Program, 2016.
 
Cataloged from PDF version of thesis.
 
Includes bibliographical references (pages 145-153).
 
Date issued
2016
URI
http://hdl.handle.net/1721.1/104820
Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer ScienceMassachusetts Institute of Technology. Engineering Systems DivisionMassachusetts Institute of Technology. Institute for Data, Systems, and SocietyTechnology and Policy Program
Publisher
Massachusetts Institute of Technology
Keywords
Electrical Engineering and Computer Science., Institute for Data, Systems, and Society., Engineering Systems Division., Technology and Policy Program.
Collections