CLTC is excited to welcome Dr. Andrew Reddie as Research Director. In this role, Andrew will lead and advise on several of CLTC’s research collaborations, working with our graduate student researchers (GSRs) and fellows. Reddie is Assistant Professor of Practice at the UC Berkeley School of Information and senior engineer at Sandia National Laboratories. We interviewed Andrew to learn about his current and future work. (Please note that questions and responses have been edited.)
What is your personal research focus?
I work on big questions related to arms control and governance of emerging technologies, with a view toward thinking about how to regulate and govern these technologies. My work touches on various technologies, including integration of artificial intelligence in nuclear command, control, and communications (NC3) systems, as well as hypersonic missile technologies.
I also have work looking at the use of wargaming methods as a new tool inside of the social science toolkit. It’s an alternative to the kind of traditional wargaming methods that you would see at places like RAND or the Center for Naval Analysis, as it entails putting them inside of an experimental paradigm.
Finally, I’m interested in questions related to the political economy of security, focused on how states intervene in their domestic markets to spur innovation, driven by an interest in the regulatory frameworks around cybersecurity standards. Broadly speaking, my work bridges the technology-security-politics triangle.
How do you explain wargaming to the uninitiated?
Wargaming puts an individual or a group of individuals in a competitive context, where they are working toward achieving some goal, given a set of conditions determined by an underlying research question. The simplest approach is a seminar-based game where you provide players with a scenario and ask them to come up with a series of options for what they would want to do. You can also have some adjudication mechanism, such as having a group of subject-matter experts as judges to move a game from one round to the next. But there are also more complicated games, including with rules-based adjudication, where you have a wargame that looks more like a board game. The major strength of rules-based games from a social science perspective is that there is no human being doing adjudication that might bias the results.
With the technology we have at our fingertips, we’re now able to put these games online, which allows us to get results at scale to perform large-n data analysis on the game outcomes. You can also use it to create AI players of different types — for example, to model an ideal-typical player that’s trying to maximize economy outcomes versus security outcomes.
The game design can run the gamut, but at its base, wargaming is about putting an individual in an environment that approximates what that you’re interested in studying, and then varying the treatment or independent variable you’re interested in, which for my work is usually a military capability — for example, how does adding military capability X influence the likelihood of escalation?
What will you be working on at CLTC?
One of the projects, funded in part by Cisco, is focused on bringing consideration of cyber risk into the mergers and acquisition process at the board level. CLTC has done a lot of work on board governance issues, and so the question they’re attempting to answer is how best to create a framework to incorporate cybersecurity risk into that M&A structure. The risk is that if companies don’t understand the vulnerabilities of the companies they’re bringing in, it can have a significant deleterious impact on their own security.
The other project is focused on the security and privacy risks as we shift to hybrid work, which is different from either in-office work or remote work. The questions are along the lines of, what type of data can you access? What are the data protections you have to use in order to make sure that your housemates or your spouse aren’t getting their hands on either personally identifiable information (PII) or proprietary information? And on the flip side, how do you create those structures in such a way that you’re still maximizing productivity? This is what you might call a trilemma: you’ve got competing utilities that you want to maximize across productivity, security, and privacy.
The companies have demonstrated foresight that this is something they’re going to have to deal with this, so let’s start thinking about it now, before it’s a problem for us down the road.
There’s also an equities portion to that work. So if you have individuals who are working more on the remote side, or more on the office side, how do you make sure that their interaction with the firm is roughly equivalent? Research from prior to the COVID-19 pandemic showed that being in the office has benefits, like increased chances of promotion and higher pay and bonuses.
We conducted a survey of people from across both public and private industry for some of these questions. For example, we’ve talked to people inside of state governments across the country who are responsible for the transition to hybrid work. And we’ve talked to folks outside of the IT sector with regard to how they think about cyber risk and their M&A infrastructure.
It’s about trying to get a handle on these new phenomena that companies are having to wrestle with. The companies have demonstrated foresight that this is something they’re going to have to deal with this, so let’s start thinking about it now, before it’s a problem for us down the road.
I will also be supporting work at the intersection of emerging technologies and governance issues in line with my research interests outlined above.
What brought you to CLTC to pursue your research?
I’ve been affiliated with CLTC since its inception. I was part of the first cybersecurity reading group and I’ve been a grantee, and I have stayed involved with the center throughout my graduate studies. CLTC thinks about not only the short-term challenges that, in some respects, can be very technical, but it also looks down the road to ask, how might we best mitigate challenge X, Y, or Z? That’s something I’ve always appreciated. Methodologically, I appreciate the scenario analysis and futures studies approaches implemented by CLTC. I’m also keen to understand the equities of private industry in this space, given that much of my work has focused on governments.
