July 1, 2021

Timelines: Design Activities for Surfacing Values and Ethics in Technologies

A new white paper authored by Richmond Wong, a postdoctoral fellow at the Center for Long-Term Cybersecurity, introduces “Timelines,” a group activity that can help organizations uncover potential issues related to ethics and values during the design phase of a new technology. The paper, Timelines: Design Activities for Surfacing Values…

March 16, 2021

The Cybersecurity Risks of Smart City Technologies: What Do The Experts Think?

This report by an interdisciplinary team of scholars from the University of California, Berkeley aims to help local-level policymakers better understand how cybersecurity risks vary among different “smart city” technologies. “The Cybersecurity Risks of Smart City Technologies: What Do The Experts Think?” presents results from a 2020 survey in which 76 cybersecurity experts ranked different technologies according to underlying technical vulnerabilities, their attractiveness to potential attackers, and the potential impact of a successful serious cyberattack.

January 20, 2021

CLTC Report: An Evaluation of Online Security Guides for Journalists

This report, “An Evaluation of Online Security Guides for Journalists,” posits that a key reason why journalists do not take sufficient action to protect themselves online is that there is an overwhelming amount of security advice on the internet, most of which is difficult for journalist-readers to understand or translate into practice, and difficult for the guides’ authors to keep up to date. Authored by Kristin Berdan, a fellow at the Citizen Clinic and research fellow at the University of Toronto’s Citizen Lab, the paper is based upon an analysis that included a review of 33 online security guides available on the public internet that are geared toward journalists. The paper concludes with recommendations to make guides and security education of journalists overall more effective.

December 15, 2020

Designing Risk Communications: A Roadmap for Digital Platforms

“Designing Risk Communications, that looks at some of the existing risk communication practices used by digital platforms, and provides a framework that firms can use to more effectively communicate risks to their users. Published as part of the CLTC White Paper Series, the report was authored by Jessica Newman, CLTC Research Fellow and Program Lead for the AI Security Initiative; Ann Cleaveland, CLTC’s Executive Director; Grace Gordon, a Master of Development Practice student at UC Berkeley who was a 2020 Summer Graduate Student Researcher at CLTC; and Steven Weber, Faculty Director of CLTC and current Associate Dean and Head of School of the UC Berkeley School of Information.

October 6, 2020

CLTC and McAfee Study: MITRE ATT&CK Improves Security, But Many Struggle to Implement

Together with McAfee®, a device-to-cloud cybersecurity company, CLTC has released a new research study, MITRE ATT&CK as a Framework for Cloud Threat Investigation, focused on threat investigation in the cloud through the lens of the most widely adopted framework, MITRE ATT&CK. Authored by Jasdeep Basra and Tanu Kaushik from UC Berkeley’s…

September 22, 2020

CLTC Report: “Security Implications of 5G Networks”

A new report published by the Center for Long-Term Cybersecurity explores how the widespread adoption of fifth-generation (5G) cellular service will lead to improvements in security — and also expose new threats and attack vectors. The report, “Security Implications of 5G Networks,” is authored by Jon Metzler, a lecturer at the Haas School of Business at UC Berkeley and founder of Blue Field Strategies, a consulting firm helping infrastructure clients such as network operators. The report is based upon research and interviews that Metzler conducted with support from a CLTC grant.

September 8, 2020

New Paper: “A Data Sharing Discipline”

A new white paper from the Center for Long-Term Cybersecurity (CLTC) explores the increasingly important domain of data sharing, when individuals and/or organizations voluntarily share data for mutual benefit. The paper considers an array of questions related to the sharing of data, which in recent years has become a valuable asset as organizations use algorithms to extract insights and drive decision-making.

June 23, 2020

“A New Era for Credit Scoring: Financial Inclusion, Data Security, and Privacy Protection in the Age of Digital Lending”

The Center for Long-Term Cybersecurity (CLTC) has published a new report, A New Era for Credit Scoring: Financial Inclusion, Data Security, and Privacy Protection in the Age of Digital Lending, that examines the trade-offs associated with digital lending platforms in India. By providing small loans to consumers through their mobile phones, lending apps have broadened access to credit for low-income borrowers. But they have also introduced new threats to fairness, privacy, and digital security, as lenders use an array of personal data — including age, location, and even personal contacts — to gauge an individual’s willingness and ability to pay.

June 3, 2020

New Report: Digital Safety Technical Assistance at Scale

“Digital Safety Technical Assistance at Scale,” a report by Sean Brooks, Director of the Center for Long-Term Cybersecurity’s Citizen Clinic program, explores the opportunities and challenges of expanding the digital safety technical assistance resources available to civil society organizations. The report draws in part upon lessons learned from the first two years of operating Citizen Clinic, a first-of-its-kind program that engages interdisciplinary teams of UC Berkeley students to provide digital safety services to politically targeted civil society organizations.

May 5, 2020

Decision Points in AI Governance

“Decision Points in AI Governance” takes an in-depth look at recent efforts to translate artificial intelligence (AI) principles into practice. Authored by CLTC Research Fellow and AI Security Initiative (AISI) Program Lead Jessica Cussins Newman, the report provides an overview of 35 efforts already under way to implement AI principles, and highlights three recent efforts as case studies.

March 18, 2020

Looking Over the Horizon: A Report on Five Years of Growth and Impact at CLTC

  To mark our five-year anniversary, the Center for Long-Term Cybersecurity (CLTC) has produced a new report looking back on what we’ve achieved so far — and where we’re going. “Five years ago, we launched CLTC with a mission to look over the horizon,” wrote Steve Weber and Ann Cleaveland,…

February 5, 2020

“What, So What, Now What?”: Adversarial Machine Learning

    CLTC has launched a new series of “explainer videos” to break down complex cybersecurity-related topics for a lay audience. The first of these videos focuses on “adversarial machine learning,” when AI systems can be deceived (by attackers or “adversaries”) into making incorrect assessments. An adversarial attack might entail…

February 5, 2020

Post-Mortem 2020: Looking Back on CLTC’s Scenarios from 2020

In 2015, CLTC developed a set of scenarios depicting various “cybersecurity futures” for the year 2020. As the year 2020 has arrived, Professor Steve Weber, Faculty Director for CLTC, wrote a post on the CLTC Bulletin assessing those scenarios, including what we foresaw — and what we didn’t.

February 5, 2020

Internet Fragmentation Index

To what extent is the internet “splintering” across national borders? That hotly debated question is at the center of a new research initiative from the Daylight Security Research Lab. The “Internet Fragmentation Index” is a first-of-its kind analysis of how different countries’ internets are (or are not) similar.

January 15, 2020

Resilient Governance for Boards of Directors: Considerations for Effective Oversight of Cyber Risk

This report by the Center for Long-Term Cybersecurity and Booz Allen Hamilton uses insights gleaned from board members with 130+ years of board service across nine industry sectors to offer guidance for boards of directors in managing cybersecurity within large global companies. The report, “Resilient Governance for Boards of Directors: Considerations for Effective Oversight of Cyber Risk,” provides an innovative framework to help boards take a dynamic approach to cybersecurity governance and oversight. The report identifies four “dynamic tensions” likely to shape board governance and oversight of cybersecurity. This includes an organization’s overall risk model or mindset; distribution of cybersecurity expertise on the board; balance between cooperation and competition with other enterprises; and the model for information flows between management and the board.

December 17, 2019

A Public, Private War: How the U.S. Government and U.S. Technology Sector Can Build Trust and Better Prepare for Conflict in the Digital Age

A new report co-published by the Center for Long-Term Cybersecurity and Technology for Global Security (Tech4GS) provides a blueprint for how the U.S. government and private-sector companies can collaborate to prepare for a cyberwar or other massive cyberattack on U.S. interests. Authored by Jonathan Reiber, former Chief Strategy Officer for Cyber Policy and speechwriter in the Office of the Secretary of Defense, “A Public, Private War: How the U.S. Government and U.S. Technology Sector Can Build Trust and Better Prepare for Conflict in the Digital Age” outlines a series of policy recommendations for both the government and companies to improve their preparedness.

December 3, 2019

“CLTC Bulletin” Live on Medium

CLTC has launched a new “publication” on Medium, the popular blogging platform. Designed to be a more informal outlet for our communications, the CLTC Bulletin features news, research and opinions from CLTC staff and researchers. Check it out at https://medium.com/cltc-bulletin.