Those in the business of preparing people to think and perform better in life are clear in distinguishing the difference between education and training. We need both but as we’ll demonstrate in the next few blogs, the approaches and objectives can be quite different. The point is that educational preparation for operating in cyberspace is a real issue.

The same is true for training about cyberspace and cyberspace security, but we’ll get to that later.

Right now, I’m going to add on to the last piece I wrote on “Relevant and Appropriate Education in Cyberspace, discussing the recent Coalition for Advancing Cybersecurity Education (CACE), in Dayton, OH. While this group focused on cybersecurity education, it’s important to think about cyberspace education in more general terms too.

To show you how well I think I can juggle, I’ll try to keep the distinctions between training and education in mind while also trying to distinguish between cyberspace education and cybersecurity education. That’s why this will take a few blogs!

Confusing? Challenging? Well, that’s why we call on the Blogging Luddite to help!

It’s not igpay atinlay…

The terms “education” and “training” can be confusing since the Latin root for educate, educatus, also speaks to training of children. I know I didn’t care which was which when I was a kid, since few of my teachers in Houston’s grade schools seemed to distinguish between the two either. Apart from a few exceptional teachers, it all seemed like training to me: very directive and focused primarily on passing a test. But that’s training…we’ll talk about that next time.

Today, let’s think about the other Latin term, educere, which according to the Online Etymology Dictionary means to “bring out, lead forth,” an explanation of the roots of the words that we use today. That’s right: “lead forth”…leadership, an important construct you’ve seen in these blogs before (here and here). I warned you it would be “Part II of Many!”

We’ve talked about leadership in general several times, and even leadership in virtual worlds. Now it’s time to talk about leadership in cyberspace education, whether about security or otherwise. You may recall that I started on a mini-rant back in January about why we needed both a science of cyberspace and a science of cybersecurity…I just wasn’t thinking about it in terms of leadership and education like I should have. Well, I’m going to fix that, starting right now!

…but it is Leadership!

Here’s the thing about educational leadership in cyberspace…it involves people, not technology (apart from being a tool for teaching and leading people). People must be educated (and yes, trained) to understand how to succeed…to recognize success and contributions to a greater entity than themselves. That “greater entity than themselves” part is what makes communities and nations great, by the way.

Yes, leadership is more than achieving some personal accomplishment. Leadership is helping the people you lead to succeed…providing them with an environment that sets the stage for their own personal accomplishments…to become good leaders themselves.

It even means helping your people become smarter than you are, capable of accomplishing more than you did. That’s leadership…that’s what education can do for us all: make success for our people ever more likely for themselves, their families and communities, and their nation. Education does that, with a little meaningful training tossed in where needed. So what does cyberspace have to do with all this leadership stuff?

With no real evidence to draw on yet (I don’t think it exists at this point), I’ll speculate that as a species we still think in smaller terms about social connectivity than what cyberspace enables. There are still a lot of folks who like their clans and tribes and don’t see the need to trust or work with others outside their social circles. Therefore, they often don’t think about success outside their own circle. Nations are an abstraction for someone else to worry about.

That may also be why so many tend to think of cybersecurity as a local problem that can be solved with local solutions. It might also explain why we have a hard time thinking about “everything being connected to everything,” as Ann Cudworth’s video on the SENDS Center for the Science of Cyberspace points out.

Leadership, particularly when synergized with the connective power of cyberspace, can bridge those abstractions, bringing us closer as a species, allowing us to share our education with others. That’s how leadership, education and cyberspace synergize: we learn about each other, our cultures and how we transcend the current constraints to the “future possible.”

In fact, education empowers the “future possible” and at no time in our species’ existence have we ever been so connected to the “future possible” than now. That’s why the SENDS team proposes to study cyberspace and why we look to do science about cyberspace in cyberspace. That’s what the whole SENDS Pilot was about and why now it is time to leverage that Pilot for greater success and leadership.

Education in and about cyberspace and social connectivity will make that “future possible” possible if we get the educational leadership part right. So, you’ll keep seeing The Blogging Luddite throw “leadership and education” around for some time…Bottom Line: we really need to get this right…now.

by Carl Hunt, sendsonline.org, July 7, 2011

Accepting that the Science of Cyberspace is closely associated with social sciences, we can readily accept that a predominant threat facing us in both meatspace¹ and cyberspace² is that of identity theft.

1)      meatspace
noun [mass noun] (informal)
the physical world, as opposed to cyberspace or a virtual environment.
(“meatspace noun”  Oxford Dictionary of English. Edited by Angus Stevenson. Oxford University Press, 2010. Oxford Reference Online. Oxford University Press.)

2)      cyberspace
noun [mass noun]
the notional environment in which communication over computer networks occurs.
(“cyberspace noun”  Oxford Dictionary of English. Edited by Angus Stevenson. Oxford University Press, 2010. Oxford Reference Online. Oxford University Press.)

In order for identity thieves to steal our identities, they must collect pieces of Personally Identifiable Information (PII) from their target so that they may reconstruct and assume that person’s identity. Why would they do this, and what are the motivations behind such theft? What exactly is PII, and how difficult is it to obtain?

To begin with, the motives of an identity thief are not always associated with credit card theft as the media would have us believe. There are other reasons that a criminal would want to gain access to an individual’s identity. In brief, the high-level motivations for identity theft may include:

1)      Financial – Identity theft for financial gain is the motivation for identity theft that most of us are aware of. For financial gain, an identity thief may attempt the theft of credit card numbers, bank account information and pin numbers, PayPal and other electronic commerce accounts, or even frequent flyer miles. Whether the identity thief directly makes use of financial assets in a victim’s account or uses the account information they have obtained as a tradable commodity, there is tangible monetary value in the PII that they steal.

2)      Social Engineering – The use of both stolen and fictitious identities is a common tactic for social engineers. Identity thieves may make use of social engineering to gain physical access for facilities or logical access to information systems. Successful social engineering attacks by identity thieves involve elements of truth in the persona they are using to gain access to their eventual targets. Possessing a sufficient number of accurate PII data points can greatly increase the successfulness of their attacks.

3)      Misattribution – In examples for both financial gain and social engineering, a primary goal of the identity thief is to obtain access to something. When identity theft is used to attribute events to a victim, the identity thief makes use of PII in a manner similar to social engineering. Misattribution seeks to redirect the attention of an event to the victim of identity theft instead of using that victim’s identity to gain access to an asset.

4)      Alias Construction – The final motivation for identity theft is likely as large of a problem as thieves with financial motives. In the United States, alias reconstruction is commonly associated with illegal immigrants stealing Social Security Numbers in order to gain employment. However, as made famous by Kevin Mitnick, alias construction allowed him to live under secret identities while on the run from the FBI.

5)      Cyber Stalking – As an identity thief collects additional pieces of PII on a target, they are able to expand their profiling activities significantly. These additional pieces of PII may allow a cyber stalker to begin tracking victim activities beyond Facebook postings, to breaking into email accounts or even geographically tracking target locations to determine where a victim lives and works. As a cyber stalker builds a better and more complete profile of their victim, we can assume that they gain a greater sense of power and control over their target.

In each of these examples, there are victims of identity theft who have had some degree of PII stolen from them for use by identity thieves. If we are to understand the degree to which our PII are exposed, we can begin building an ontology of PII for use in the structure of a scientific model such as those found in SENDSim.

In building our ontology of PII, we can start by:

1. Identifying data points, or elements which make up PII
2. Determine and assign the degree to which elements of PII are obtainable to an identity thief
3. Determine how important each element of PII are to an identity thief’s motivation
4. Align elements of PII needed for an identity thief’s motivations

By beginning to define the ontology of PII in this manner we can postulate answers to questions such as:

• How can companies or organizations better secure the PII they collect and store on us?
• What security policies can companies or organizations practice in order to protect PII?
• How well an element of PII should be controlled?
• How widely an element of PII should be distributed?
• What affect could the loss of a given element of PII have on a victim of identity theft?
• What is the real risk of sharing our PII?

The table below illustrates the difficulty of obtaining elements of PII, and the importance individual elements of PII have to the identity thieves. Input for this table is initially based on my observations of how PII might be described in order to begin developing a model of PII. To expand our ability to correctly allocate assumptions on the availability and importance of PII to identity thieves, please participate in our survey at http://www.zoomerang.com/Survey/WEB22CHYAUULJE/. Summary results will be published in a later blog depending on the level of participation we receive.

While this article has so far expressed how PII can be used by identity thieves, one curious observation we can make is that the companies and organizations we deal with through our consumer and online habits easily fit into the motivation profile of cyber stalkers.

Why is it important to understand this striking similarity?

Because, many companies that actively collect and data mine our PII often capture more information on their customers than can be argued is useful for legitimate business activities. Further, the ever-expanding databases of PII owned by these companies are prime targets for cyber attack, and are often inadequately protected. For an example of how our PII can be exposed, look at recent PII database compromises at Epsilon (involving Delta Airlines, Hilton Hotels, and GlaxoSmithKline among many others), and at Sony’s PlayStation Network.

These incidents are not isolated events. The size of the events made them headline news, but how many smaller incidents go unreported because corporations choose simply to accept the potential cost of an intrusion rather than properly securing and controlling their information technology assets?

Will the monetary impact and loss of consumer confidence experienced by Epsilon and Sony serve as examples that influence corporate leadership to better understand the potential cost associated with accepting the risks of not implementing effective security controls? This is an important question that we’re happy the SENDS effort is willing to address.

As we collect survey results, we will begin modeling PII based on the feedback we receive. Keep watch at http://sendsonline.org/category/blog/ for our next installment where we will discuss Personally Identifiable Information in terms of Online Behavioral Analytics.

by Shane Powell, sendsonline.org, June 28, 2011

CACE is an “open” association in that it seeks the membership of “all individuals or organizations who are interested in cybersecurity education.” According to their charter, CACE “focuses on educational aspects of current, emerging and at times novel cybersecurity paradigms, frameworks and standards….” While SENDS is obviously about more than cybersecurity, the intersection of education between the efforts, particularly “novel…paradigms,” is of great interest to the SENDS Project.

Several important themes from the CACE meeting interwove very well with the execution of the SENDS Academic Curricula task work, as well as the SENDS Center for the Science of Cyberspace. As much as the CACE folks seemed interested in SENDS, I was even more energized by them…what a great audience! Education in and about cyberspace is big deal, particularly in terms of cybersecurity.

There are systemic benefits to gain by harnessing relevant, appropriate educational approaches to cybersecurity education specifically, and cyberspace science education generally. Notice I didn’t say “modern” approaches to education. In fact, it’s tough to even define what modern really means in the hyper-connected age that is cyberspace…technological change happens so quickly that calling anything modern seems to lose some impact. This was also a thread of the CACE meeting.

So, I am “secretly” proposing we use the “code names” of “relevant” and/or “appropriate” to describe more meaningful forms of education than the common, traditional approaches we tend to use now. We’ll have more to say about that when we release the results of the SENDS Academic Curricula task in the next month or so. (In the interest of full disclosure, it’s really not such a big secret—I overheard one of the senior members of the CACE group use those terms and I agree with them fully!)

Adaptive, connection-oriented education (relevant and appropriate) approaches give us systemic benefits that enable a fundamental framework for our understanding of who we are in cyberspace, what we do there, and the consequences of our behaviors in cyberspace. This framework will help explain and predict, the hallmarks of doing science.

The CACE meeting attendees recognized that we must focus on the value of relevant educational approaches to aid the digital natives that are now starting to exert their influences on the uses and growth of cyberspace. Those of us who pioneered the development of the Internet, the Web and their convergence with human users into what we now call cyberspace, must help our younger users better understand their environment and where it is taking us all.

We built cyberspace without really understanding what could happen when everything begins connecting to everything, as Ann Cudworth proposes in the SENDS Center for the Science of Cyberspace video. We still don’t really know what might happen, although we do now at least have some experience with it. In any event, our younger generations must live with and learn to maximize what we’ve built…we need to help them by making education more meaningful, and that was the message from the CACE meeting, as well.

Another interesting point raised in this week’s meeting was the apparent continued need for “standardized” educational curricula even in the face of the rapidly shifting environment that cyberspace presents to us. Standardization offers both stability and common baselines upon which to build…it also offers certain economies of scale. But, anything “standardized” also has baggage when the world around us changes so rapidly that standards begin to get in the way of innovation and dampens evolution. Clearly, there’s some level of friction at work here.

Somehow, we need to find and exploit the niches that emerge through the frictions presented by those who want standards and those who prefer the “roll your own” forms of education (again, more comments on that when we publish the Academic Curricula report). How might we find and harness those niches without falling into the traps of standardizing away from innovation and creativity? The CACE group has some ideas about that.

One important thing that CACE and its members do is to seek the infusion of industry and government perspectives into the debate, those who will make the best use of educated cyberspace dwellers. After all, industry and government are the main “consumers” of the “products” of education: our children and families.

I don’t intend to commoditize our progeny as some sort of product that comes off the assembly line of schools, but yet that is being discussed more and more in books like A New Culture of Learning: Cultivating the Imagination for a World of Constant Change (Douglas Thomas and John Seely Brown, CreateSpace, 2011). Education is the most important investment we make in our future and we have to leverage cyberspace and connectivity to try to get education right: that’s where our new generations will be dwelling more and more.

The SENDS Academic Curricula task was a sleeper hit for the SENDS Pilot Project in my view. While we can’t yet post the final report for a couple more weeks, we can say that the indications are, even in 2011, most people feel like cyberspace education (both learning about and using) is largely self-learned. A New Culture of Learning seems to confirm that, as does the results of the SENDS survey. Is that something we can also leverage on behalf of CACE and in shaping the future of education?

To that end, perhaps we’ll find it’s more important to grow “native” cyberspace residents first, and then refine their education through more adaptive focuses on science, technology, engineering and math. Before youngsters take on the challenges of learning to code programs, for example, maybe they should learn what it means to be a responsible resident of cyberspace first…to learn how to learn. It’s just possible that understanding the arts, social sciences and history are still highly relevant to produce cyberspace denizens that learn to become accountable to each other as part of the emergence of good cyberspace behaviors, even when the “rules” of interacting are still evolving.

Programmers may benefit from learning the philosophies that underpin the emergence of effective programming methods in the rigorous ways we must now require to create secure code. Maybe this is how we manage the friction between standardized approaches and adaptive approaches…how we develop an appreciation for responsibility to our nation’s prosperity and security…how we leverage cyberspace connectivity to develop ownership of challenges and build collaborative solutions to those challenges. These are also questions that CACE appears to be tackling – bravo!

As a final note in this continuing story of education in and about cyberspace, the environments in which we teach and learn will also be relevant and must be appropriate. That is why we spend so much time thinking about and writing about the SENDS Center for the Science of Cyberspace. Such a center, even though largely virtual, will help shape learning and teaching in the connected age. CACE is interested in that, also.

by Carl Hunt, sendsonline.org, June 17, 2011

The lessons of history apply to the future too…it’s just a matter of perspective!

Take the lessons we thought we learned from our own nation’s frontier days just before and after the Civil War. Pioneers were moving west from the cities and farms of east coast America, facing a hostile environment not unlike what we face today on the frontiers of cyberspace. Usually, they didn’t even have a map – they just followed the sun! Hmm, not unlike today.

The crooks in America’s “Wild West” practiced their thieving and fraudulent ways on that “border of civilization” just as they do now. And, the good citizens of America’s western plains, valleys and mountains were just as subject to loss of property and livelihood some 125 years ago as they are today in cyberspace.

It seems that even these days we are little more than pioneers scratching around the hard scrabble of cyberspace (confounded by the often opaque processes of exchange and emergence). We have a very Western habit of thinking that we’re modern and technologically sophisticated because we’ve been using the Web and Facebook for years, but we’ll probably look back in 10 or 15 years and realize just how naive we really were in 2011.

The Facebook of 2011 may look like the wagon train of social networking when we look back from 2025!

Now, we’re all trying to sort out how to make a living in a world we so little understand, threatened at every turn by predators that don’t understand it any better than we do, but know as much about thievery and fraud as they did in the Wild West. For the most part, crooks have always been content to live day-to-day by criminal exploitation, which they would probably practice whether we had cyberspace or not.

Not so much is different except that cyberspace connects and it connects very quickly!

In early 2008, the major sponsor of SENDS (what is now the Assistant Secretary of Defense for Research and Engineering) sponsored a workshop and White Paper called “Deterrence 2.0: Deterring Violent Non-State Actors in Cyberspace.” We talked a lot about criminal activity in the workshop, as well as cyberspace-based terrorism. We’ve posted that paper here in the SENDS website.

While the entire paper is a good read, and still quite up to date, I want to quote from one of the contributors to the study, Dr. Thomas Barnett.

Tom had a lot to say about the frontier of cyberspace in the 2008 workshop, some of which ended up in his book Great Powers: America and the World After Bush (Putnam, 2009), but below are some of his thoughts that apply to the current problem we pioneers face.

While it is true that criminals and other informal economy types tend to exploit new communications technologies faster than business or the general population…, there is no lasting or pervasive advantage that accrues to nefarious non-state actors over time, as history demonstrates decade after decade. The “Wild West” only stays wild for so long.

Tom is right that the “Wild West only stays wild for so long,” but what he didn’t say was that cyberspace and the socio-technological convergences we continuously experience keeps bringing us a new form of “Wild West” every time we turn around. Just as we get used to one, a new Wild West springs up to replace it.

Crooks thrive in the Wild West because they know how to flourish in chaos. But most of the rest of us are looking for stability, not instability…most of us don’t think like crooks, or terrorists. Should we be looking to change or should we look to somehow change the crooks? Well, for the sake of stability in civilization, let’s hope it the latter!

A real social scientist would probably have a lot more to say about how we prosper in the Wild West, criminals and non-criminals alike. I’ll keep to my lane here, but will close out with one more thought from Tom.

Having watched its territory roughly quadruple in the first half of the 19th century, America was forced to engage in massive frontier integration and infrastructural build-out. Not surprisingly, this was a seemingly chaotic affair dominated by all sorts of “uncontrollable” non-state actors, both good and bad.

The good news is that we’ve been there, done that and gotten a whole closet full of t-shirts from those Wild West experiences. The bad news is that history repeats itself, as it’s doing now in the Wild West of cyberspace. We’re living on the frontier and we’re still pioneers. If we stay resilient and figure out how to protect ourselves, we’ll do fine…we always have (and that’s history we do hope that repeats itself!).

by Carl Hunt, sendsonline.org, June 3, 2011

You can follow along with the slides from the briefing here if you are interested in knowing how things played out and what we think we accomplished in the Pilot. These slides are a subset of what we briefed and what you see are many of the actual ones we used. I removed some that talk to programmatics, but in the interest of SENDS transparency, we want you to see what we told our sponsors about SENDS and doing science in cyberspace.

We kicked things off with a general overview of SENDS and the rationale for why we think a science of cyberspace is so important. Calling on previous writings about wicked problems and organizational leadership challenges, we emphasized both the challenges and the potential solutions we have at our disposal to tackle the tough issues we as a nation face in evolving cyberspace so that it is more about prosperity than about security. While security of cyberspace is a “clear and present” challenge, it’s only a subset of the challenges we face.

The rationale for doing SENDS and a science of cyberspace is rooted in the critical need to integrate, synergize and fuse insights and discoveries into an environment that makes it more likely we can operationalize science on behalf of those who routinely reside in cyberspace…“digital immigrants” and “digital natives” alike. The goal of these multiple objectives is to emphasize emergence and the requirement to understand it and embrace it.

In fact, we boldly claimed that “leadership, command and control in cyberspace are only possible through an understanding of emergence.” Even though our models and writings about cyberspace as an ecospace have morphed in the months of the SENDS Pilot, emergence, powered by the exchange processes we’ve defined, are at the core of any true understanding of cyberspace. That’s still true as we approach the conclusion of the Pilot, and I’ll further “boldly” claim it will be true throughout the endeavor of cyberspace science research. I suspect we’ll even discover exchange and emergence as interactive core components of one or more of Craig’s laws of the science of cyberspace!

Next, Craig reviewed the work we’ve done in developing and articulating the attributes of a Center for Science of Cyberspace (SCSC). The overall goal of the SCSC is to enhance the exploration and exploitation of cyberspace through massively distributed scientific study, hosted in a broadly interactive virtual facility. Throughout the Pilot, we’ve written a great deal about this keystone task, but it is one of the objectives that set SENDS apart from other efforts, and in fact defines what it means to do collaboration within the SENDS environment.

A successful implementation of the SCSC will allow us to study, share and understand cyberspace through many disciplines and perspectives. We have specified the basic conditions for this virtual environment that would allow us to conduct research; test evidence, assumptions and hypotheses; and then apply our findings through experimentation and prototypes, including virtual models such as the SENDSim M&S laboratory environment.

Next, SENDS partner Eric Bonabeau presented the Pilot Project research on SENDSim. The goal of the SENDS modeling and simulation task is to study wicked problems like cyberspace security, and provide emergent, evidence-based solution sets that could enhance the likelihood of resolving such challenges. In SENDSim, we are seeking to transform M&S into a deeper, more immersive and distributed interactive capability, while providing the framework for a laboratory for cyberspace science.

From its initial demonstrations at the Out-Brief, SENDSim is well on its way to meeting all of these objectives. You’ll see a lot more about SENDSim in coming weeks, here on SENDSonline.org.

Craig then returned to the podium to talk about the SENDS Academic Curricula task. The main goal of this task is to promote and advance the study of the Science of Cyberspace and its complement, the Science of Cyberspace Security. We want to accomplish this while simultaneously supporting the nurturing of “digital natives,” the generation that has grown up with the manifestation of cyberspace all around us.

In this task, we sought to outline a concept that supports the establishment of a modern cyberspace educational approach for government and non-government education and training spanning basic entry to Post Graduate level through continuing, evolving curricula. The findings from the task are too numerous to mention in this review, but we’ll provide deeper insights soon. The accompanying presentation slides do highlight the findings and recommendations, however.

In the final task review, the SENDS Consortium, I highlighted the growth in participation over the Pilot Project year, and discussed individual contributions of some of the major partners. Many of those consortium partners are highlighted on this website (here and here). Their efforts helped to make the SENDS Pilot Project distinctive and provided us access to expertise that articulated the essence of cyberspace as we have come to know it through SENDS.

We’ll be providing more of our insights on what we learned in the Pilot Project throughout the month of June, but lessons learned and insights gained provided the close-out for the presentation. These thoughts are too numerous for the current piece but the biggest lesson of all is that cyberspace can’t be understood or measured through technological means alone. It exists as much in our minds and processes as in any physical space…but, it changes the way we think about both.

Those changes, the basis for predictions about the future of people in cyberspace, form the core of the SENDS Project. These changes will also be at the heart of SENDS research and application of future insights on behalf of increased prosperity and security through cyberspace. Stay Tuned!

by Carl Hunt, sendsonline.org, May 31, 2011

Our journey began in the “real world” with the concept of a real brick and mortar facility; a very traditional approach requiring the expenses of a physical plant, its furnishings, and the corresponding resources and people to manage and maintain it.

SEND’s “Big Idea” from the very beginning was to create a collaborative consortium that was multi-disciplinary and distributed. This consortium would work to develop “open source” science and be connected by a substrate of shared understanding (fig 1).  As we merged this approach with our initial concept of the center, we soon realized that the SCSC would need to be more virtual than physical; it had to be a “Center of Gravity”, if you will, a place in Cyberspace that attracts intellectual energy and supports SENDS related activities and production. We will make it a space where SENDS participants can engage in the study of the Science of Cyberspace even as they are distributed across the globe, and be a place that combines the “conventional” goodness (in terms of socially connected research) with the new goodness of network-based social networks.

Figure 1

We want this center to be dedicated to collaboration, shared learning and understanding, and to show how people in cyberspace can grow and prosper in a secure sustaining environment.  We want to host a place, available 24 hours a day to cyberspace explorers that makes them feel comfortable and nurtured, and give them a place to build a community.  It will be a place that provides a safe harbor for them to discover new aspects of Cyberspace and share those with others who will explore and experiment.  We want this environment to be theirs, no matter where our cyber-explorers might dwell.

As we dug more deeply into what a cyber environment could be, we were introduced to Jane McGonagal’s videos on gaming and the impact of her social development concepts about the gaming world.   She asked a question which really resonated with us at SENDS, “What if we could harness this gamer power to solve real-world problems?”  She says that right now, we spend almost 3 billion hours a week playing games, and argues that we should spend even more time playing more relevant and impactful games.  As Jane revealed this information about game playing, why we do it and how it can help us solve real-world problems, we started thinking more seriously about utilizing a gaming-type environment for SENDS.

One of the common components in games is the virtual worlds they use.  Whether they be massively multiplayer online role-playing games (MMORPG) such as Runescape ,World of Warcraft or service-based like Xbox live, these games hosted in virtual worlds provide a connectivity within the medium to do things which replicate the real-world and also allow participants to go beyond the limits of the physical world.   Even more important is the community they build of like-interested members.  A big attraction of these virtual game worlds is the connectivity they enable.  Online gaming is an activity which connects participants distributed across the world, with multi-discipline skill sets interacting virtually towards a common goal.  This sounds a lot like the goals we have for the SENDS Center for the Science of Cyberspace.  Where better to conduct this research but within the virtual “confines” of cyberspace?  The word “confines” is being paradoxical of course, since we don’t begin to know the confines of cyberspace yet.

Figure 1 addresses the need to use these environments to help build “Shared Understanding,” a critical component to help us overcome a major element of Wicked Problems like cyberspace security. In fact, virtual gaming environments also help create “shared realities,” yet another important way to collaboratively visualize problem domains .

With this new vision, Carl and Craig consulted SENDS consortium advisor Paulette Robinson of the National Defense University and the Federal Consortium for Virtual Worlds.   Our discussions with Paulette led to our association with Ann Cudworth of Alchemy Sims (she is Annabelle Fanshaw in most virtual worlds).  Now things got very exciting.

Ann led us into the realm of virtual worlds, a journey and education which is one of ongoing discovery.   Our first interchange with Ann was through traditional e-mail, and our first meeting in Second Life within the Alchemy Sims lands.  While we were aware of Second Life, we had no experience with it.  In preparation for the meeting, Ann guided us through establishing an account, building our avatars and getting indoctrinated though Second Life’s orientation program.   It was a self-taught experience.

As we entered Second Life for the first time, Ann gave us landmarks to explore and learn the basics.  This learning became a very important element of our center’s concept.  We realize that many of the visitors to SCSC will be new to virtual worlds, and many of these potential users will have to learn how to get around and become accustomed to life in a virtual world prior to using the facilities at the SENDS center.  This will need to be one of our key attributes of our center: an orientation facility for new users that ease their transition into virtual world life.

Ann and Craig had their first meeting in the “No-Escape” lounge of Alchemy Sims.  After a tour of various lands, learning about teleporting and more about the realm of the possible in a virtual world, she closed the first meeting with recommendations of places to visit which showed us the functional qualities we were looking for in our center.  This is where we made our big leap.  It was time to bring Carl out his Luddite mode and introduce him to Second Life and virtual worlds.  Carl and Craig soon became comfortable exploring on their own, discovering new places and even outfitting their avatars with new objects.  We had truly broken through our personal barriers about utilizing virtual worlds and were now convinced that a virtual world center would be an enabler for our multidisciplinary, distributed consortium of SENDS members.

Our discoveries confirmed to us that the functionality we were searching for was not only possible, but functionally best in a virtual center.  We decided the best approach was to outline a concept document describing the attributes, functions and purposes of a virtual Center for the Science of Cyberspace.  As Ann began the process of design for a basic virtual center and showed us screenshots of her scale model, we could not only visualize but we could visit the embodiment of the SCSC come to life.  With Ann’s screenshots, below, we could see the design ideas taking shape. We could see and even “feel” the Center becoming more real.

Looking NorthEast across the SCSC

Looking North West across the SCSC

We decided that the most important aspect of the design was a new visitor’s initial impression.  A visit to the SCSC will be about immersion.  To ease into that immersion and help visitors embrace the full experience, there will be introductory tours, both guided and self-guided.  Signposts and interactive stations will help to convey information and instruction.  Learning the skills to move around the center will be an important and integral part of the center.   By walking, flying and teleporting, our visitors can move from location to location.  We will strive to build the environment as ADA (American with Disabilities Act) compliant as possible, so access is available for all.

Schematic Map of SENDS Center for the Science of Cyberspace

There will be learning centers and walking tours to help learn not only about operating in a virtual world, but also to learn about SENDS and the Science of Cyberspace.  The center is about the exchange of ideas, the opportunity to experiment, meet and discuss concepts, conduct meetings, collaborate, and meet other people with an interest in the Science of Cyberspace.  Discovery is not the only aspect of science we want visitors to the center to experience; we also want them to experiment and to create.

The design form of the center follows the enablement of these functions.   Meetings will be conducted in both traditional meeting rooms, as well as around campfires and fountains.  These meeting places are simply open, comfortable natural settings, some as large as amphitheaters and some as small as individual hangouts.  The key is that these environments must stimulate discovery and sharing.

Each of the “buildings” relates to an aspect of cyber science, such as Artificial Intelligence, Physics, and Gaming, and Security.

One of the interesting things in Ann’s past is her experience working at the MIT Research Lab of Electronics (RLE) in Cambridge, Massachusetts. She was a technical illustrator for MIT from 1978-79, and got to know quite a few scientists and their labs while she did the charts and graphs for their publications.

It was a “mutable” environment, literally.  They would take an empty floor, and with almost “Borg” like diligence fill it up with interconnected equipment.  It had no “design” in a visual sense, but to them, it made a thing of interconnected functioning beauty.  We believe that we should give the scientists at the SCSC that capacity, to rezz (create) and build things, to move walls around, to utilize the bandwidth in ways they need to.  If being in a virtual world is taking a walk in your mind, we should give them a lot of trails to walk along, and inter-connectivity to the rest of the Metaverse.  Using places like virtual sandboxes will allow visitors to create conceptual things, not just objects for their avatar or basic items to share.  The opportunity to create, to visualize their concepts, to present 3-dimensional perspectives of their ideas, will entice many visitors into staying around and forming a community.

SCSC- Looking at the Hypergate Platform

Even with these ideas and concepts starting to take shape, there are still many challenges to tackle.  Many of the SENDS-interested people will have the preconceived notion that a virtual world is just a chat room, or a child’s game.  For our center to be virtual implies we will be able to overcome the biases against interacting within a virtual world, and that we seek to deeply explore and discover new things within Cyberspace.  We don’t fully know how to replace face-to-face contact and a warm handshake or embrace virtually, but we’re starting to learn more about it.

We will need to decide where in the virtual worlds or Metaverse, the SCSC will reside, and where it will be hosted in real life.   Connectivity from corporate and government networks may be restricted.   There are still a lot of virtual world Luddites like Carl was out there. We will need to help them overcome their reservations, and gain a positive impression of virtual worlds.

So, what is next and where do we go from here?  As mentioned earlier, a concept document will need to be written.   We currently have a fly-over video to help people better visualize and experience what the center might look like and how it might function.  Stay tuned to the SENDSonline.org blog and the SENDS website for further developments and to monitor our progress.

Editor’s Note: Ann Cudworth, also known as Annabelle Fanshaw in Second Life, is the founder of Alchemy Sims, a full-service virtual space building, sim-designing, and 3D visualization company. Ann is a 2 time Emmy award winning production designer for network television.  Her sets are seen on CBS, and CBS.com, as well as a host of other networks and media outlets. Ann is an advisor to SENDS for the exploration of virtual world environments for the virtual component of the SENDS Center of Cyberspace Research.

by Craig Harm and Ann Cudworth, sendsonline.org, May 20, 2011

The FCVW is headed up by SENDS Advisor, Dr. Paulette Robinson. Paulette has been a source of marvelous connections for SENDS and in fact she brought us together with Ann Cudworth, another SENDS advisor and our primary creative consultant. It was a pleasure for us to return at least a small fraction of the favors Paulette has being doing for us in the year of the SENDS Pilot.

I actually met Ann face-to-face for the first time last week, after having “seen” her in virtual meetings (at her virtual world facilities) and chatting with her in a dozen teleconferences. Meeting with her in person seemed routine somehow, just like I had been doing business with her in “normal” settings from the beginning. It was as if the real-life meeting was an augmentation to the virtual relationship rather than vice-versa. So far, virtual worlds work pretty well, at least from this Luddite’s perspective!

In true SENDS fashion, I did the podium presentation of the Pilot at NDU, while Craig provided the virtual tour of the facilities in Second Life from his office in Iowa. Craig did an outstanding job taking the audience from one lab site to another, but I got the most laughs from my invisible magic carpet that I rode around on during the tour. Actually, I got myself stuck in the “sitting down” position, an artifact of Second Life…it demonstrated the accuracy of my byline, however.

While you can get the more neutral perspective on the presentation Craig and I did from Ann’s blog on the conference, I’ll address a couple of points about our presentation that tie specifically to the SENDS Pilot.

Virtual world enhancements for cyberspace science are critical. How do you do a science of cyberspace unless you do it in cyberspace? We’ve actually been calling it the “science of cyberspace in cyberspace” for some time, but there are important questions we still need to raise.

While the occasional face-to-face meeting may be great for firming up social connectivity, how much “face-to-face” is really necessary? Do we even have credibility if we propose to build new physical-based science centers to study and do science about cyberspace? In fact, is it even good stewardship of investor funds to build physical centers?

That line of questioning leads to an even more important question about leadership. How do we wean ourselves away from traditional approaches to doing science and research in traditional institutions? Can we? Should we?

Leadership in cyberspace is a big deal. Our readers know we’ve been talking about this for a while in SENDS blogs, and even from the beginning in the SENDS White Paper on the Science of Cyberspace. This topic is increasing in importance as a very recent US Army War College Report demonstrates. It’s obviously important to the strategies we develop for cyberspace education. We’ll share more thoughts about leadership in cyberspace soon.

Finally, I’m happy to say that while in DC, Ann showed me the beginning of her next blog on mapping cyberspace. The first edition is one of the most popular pieces accessed from the SENDSOnline.org site. This is an obviously important topic, and we couldn’t have anyone better than Ann leading the “Lewis and Clark” expedition for this task. On a personal note, I hope Ann can show me how to make better use of my “magic carpet” during the next iteration of mapping cyberspace; maybe some techniques that don’t solicit quite as much laughter with audiences (it was fun, though!).

by Carl Hunt, sendsonline.org, May 16, 2011

At the rate we’re going in the arms race between attackers and defenders within cyberspace, the number may actually turn out to be infinite; after all that’s the nature of arms races with each side trying to out-think or out-perform the other!

But let’s try simple first. Could it help to simplify such a complex environment as cyberspace security by claiming there are only a couple of “faces” to consider? Let’s see.

We can argue that there are basically two states to consider about the future of cyberspace security: it remains a problem or it doesn’t. Given that we haven’t fixed security for any other environment in which humans interact, it’s pretty unlikely we’ll manage to do it in cyberspace, particularly given that we still don’t understand it very well. Therefore, I’ll jump right out there and claim we won’t eliminate the cyberspace security challenge for the foreseeable future…at least not the way we go about it now.

That’s face one and my first hypothesis. We (cyber security “experts”) will not overcome the cyberspace security problem. Okay, maybe we could someday, but probably not in this generation that still includes the people that created the problem…and perhaps not in the next generation where the greatest temptation is to still exploit the environment for personal gain. Again, since we haven’t resolved threats to the air, land, water and even space, our track record isn’t good.

A big part of the problem is that because of the constant dynamics and massive, complex interactions enabled by cyberspace, we may never be able to tell when we’ve achieved success at any threshold we arbitrarily set. It’s a constantly moving target…causes and effects are often hard to trace. As we’ve begun to demonstrate in SENDS and elsewhere, that’s the nature of cyberspace. That doesn’t mean we shouldn’t set aggressive goals and pursue them; it just means outcomes are probably going to be more like Alice’s Red Queen effect than anything we can ever be “satisfied” with.

Okay, that’s one face of the “two-and-a-half faces.” It’s a Wicked Problem, probably incapable of actually being solved, given human behavior and our performance in the other environments. We’re trying to win a technological arms race that we naively created for ourselves dating back from the simple days of passing email and files on the Arpanet. We created an environment where the then-simple nature of cyberspace interacted with the complex nature of humans, including the criminal and warrior sides of humanity, and produced the perhaps irresolute wicked problem of cyberspace security.

You might be tempted to say “Okay, bummer…well, what’s the other face?”

With the advent of cyberspace, the simple morphs into the complex all too quickly, but in the spirit of simple hypotheses, I propose the following: the ecology of cyberspace is both the problem and the solution (it’s not a great hypothesis, strictly speaking, but it gets across the point).

“Right,” you might say, “most ecological environments do self-contain their own internal threats and solutions to those threats but how in cyberspace are you supposed to find them?”

They are actually finding themselves every day. Threats, opportunities and solutions intermingle at every moment in time that cyberspace is operational, which is all of the time, of course. What’s apparently occurring, however, is that these threats, opportunities and solutions are not yet synergizing into a stronger ecological environment, as often happens in natural systems. The cyberspace ecology is not finding balance.

What could we as part of this system do to exploit the ecological nature of cyberspace to self-discover security solutions amidst the increasing threats we face every day? What’s this other face of cyberspace security?

Okay, I over-simplified things a wee bit and it’s really lots of faces…and brains, and experiences, and even purposes. From an ecological perspective, it’s all of us who use cyberspace for good, bad and indifferent reasons. We’re all part of this ecology yet we fail to realize it and don’t think about the dangers of polluting it with malware and unbelievably poor security procedures. We’re still very immature in cyberspace protection.

We don’t effectively exploit the community nature of cyberspace to empower the emergence of potential solutions. We prefer to allow a handful of so-called experts to sell us software that we can load and forget while it “protects” us. We allow ourselves to become pawns in a game between the “protectors” of cyberspace and the “attackers” of cyberspace, staying out of the fray and missing out on the real fun.

Pawns in a game…hmmm. Why not be players in this game? In fact, why not be full-fledged “gamers” in this game?

A recent work by Jane McGonigal generally suggests a novel solution to the cyberspace security challenge. Her book, Reality is Broken: How Games Make Us Better and How They Can Change the World, creates a compelling argument for massively distributed gaming environments that could yield solutions no security expert or single industry could ever achieve (these experts are still too narrowly focused). Such a gaming environment could be both massive and inclusive…yes, even inclusive of the attackers (after all, the real world is!).

It’s worth considering. If ecologies self-contain internal threats (e.g., attackers), opportunities (e.g., niches) and solutions (e.g., resources), and by definition they do, then why not explore the potential to harness the energy ecologies produce? Why not try to direct these human energies in the case of cyberspace into gaming environments that allow the emergence of new approaches to cyberspace security? Why not have representatives of all elements of the ecology be a part of the game and design the game so that it does help achieve something greater than the sum of its parts…perhaps give attackers as gamers the intrinsic thrills they seek? In fact, gaming environments might even become more appealing to all but the most hardened group of attackers, potentially eliminating at least part of the attacker population.

Such an approach may not mitigate the external threats such as meteors or floods taking out power grids or data centers, but insightful gaming environments can lead to modeling these threats and thus thinking about them more collaboratively. McGonigal has led some thinking and even action about that, as well.

Admittedly, the thesis of McGonigal’s book received mixed reviews. Some thought it was childish and immature and full of inappropriate comparisons to human evolution and progress. But, some reviewers think she is on to something. Clearly, she is on to inspiring us to think about life and wicked problems in a far more collaborative way, seeking to achieve the same biological responses through games that we gain through achieving other successes (even “successes” in attacking and stealing money from banks online). “Leveling-Up” in games about cyberspace may or may not make us happier or less likely to engage in attacks on banks and economies, but it could engage some important thinking about the subject in a more fun and productive way.

We are beginning to see basic forms of that thinking in games like CyberCIEGE, a Navy Information Assurance game in a virtual world environment. We also have seen games for kids (and adults) to teach cyberspace security in Surfing the Net with Kids, as well as new cyber security awareness “micro-games” the US Air Force is seeking to develop.

None of these efforts are massively distributed games that embrace the whole ecology, however. That could really be interesting! That’s a direction worth exploring further and testing the premises of SENDS and other research looking into a science of cyberspace security. As the next years of SENDS unfold, you’ll see that sort of experimentation in the SENDS virtual Center for the Science of Cyberspace, an ideal environment to test these hypotheses and premises. More on that soon.

Who says cyberspace security can’t be fun also?

by Carl Hunt, sendsonline.org, April 25, 2011

Oh yeah, about that half-face of the two-and-a-half faces…actually, the half-“face” refers to another part of the anatomy and the half-(other part of the anatomy) attempts we’ve been making at doing cyberspace security by considering only the technological side. We really need to get this right. People, whether they attack the environment or not, are part of the ecosystem…let’s start thinking more inclusively about them, shall we? That’s real cyberspace leadership.

Whether we choose to participate in the new paradigm of social networking or take every opportunity to resist it, we too are now involved… deeply!

Social media and social networking represent the first real online communal experience that most Internet or mobile computing users have ever engaged in. Its influence is seeping into significant aspects of our daily lives. With increasing frequency, participants of online social networking make use of socially focused services to save money at grocery stores, discover hot new restaurants and book otherwise difficult to obtain reservations, or research cutting edge new products. All the while, they share knowledge, opinions, and life events with their expanding networks of family and friends…even with complete strangers whom they merely share common interest or acquaintance.

The Internet has become a consumer commodity, and social networking is gaining a notable position alongside browser searches for users to discover information that others have found. Social networking has rapidly entered our daily lives and is becoming ubiquitous because of the ease with which we, as users can participate.

Mobile computing through smart phones allows users to maintain always-on, always-connected access to their social networks. Information found in cyberspace is available through mobile computing on-demand, allowing for an unlimited number of Phone-a-Friend “lifelines” when users need to find information.

The growing influence of social media in recent years has traditional news outlets scrambling to adapt the processes through which they generate and deliver news and entertainment content to this new medium. The speed with which word of world events can propagate through Twitter, Flickr, and Facebook postings is simply astonishing.

Approaches publishers use capture this momentum differ and rapidly evolve as they discover better formulas for establishing profit structures. Millions of dollars can be made should one of their media licenses generate a single wildfire meme that is championed by dominant social networks!

In a way though, the advent of social networking is not as new as it may seem. Remember that the Internet was originally developed to allow scientists and scholars to openly collaborate. In this, has the intent and purpose of the Internet really changed? I would argue that it has not.

Many of the principles and practices laid down when the Internet and its enabling technologies were developed are still at the forefront of how we use information technologies today. Concepts like the openness of information, the availability of technology, and fair use of content were described at the advent of the Internet and are still present today. Tim Wu, in his sweeping history The Master Switch, notes the “Rise and Fall of Information Empires,” chronicling this phenomenon.

Much like the concepts of individual rights and freedoms have spread through the world, technologies that enable these concepts to propagate are now spreading. At its core, cyberspace propagates these ideas in a manner that is apparent to new users from the moment they first begin surfing the Web.

Yet, much like personal rights and freedoms, digital freedoms must be secured in order to be protected. Problems arise when you realize that security is not inherent to cyberspace, and directly conflicts with concepts like openness, availability, and fair use. To establish and maintain security, sacrifices of freedoms and liberties must be made. But, at some point security unchecked eliminates those freedoms and liberties.

To what degree will social networking users balance the security risks and concerns that go with a free and open society? That’s one of the most important issues facing us all.

For most of us, our concept of online security centers around our personal identities. Not just the safety of personally identifiable information, but our rights to protect our property: physical and intellectual alike. The idea of a free and open digital society is noble, but is it really practical? Debate is ongoing on the answer to this question. It is my hope that through the Science of Cyberspace we may begin to better understand how the trade-offs realized when we balance digital freedoms with personal security affect the way we live.

In fact, such research may yield one of the first “new” laws of cyberspace that Craig Harm has been seeking if we find these “laws” to be hybrids of physical and social convergence.

Achieving balance between digital freedoms and personal security is an issue that must be addressed now. However, there is a lack of quantifiable evidence describing the effects of new technologies and legislation introduced to this balance. What happens if our government continues to waver and delay implementation of laws and regulations directly affecting our access to cyberspace resources and the protection of our personally identifiable information? What happens if they act too soon or take insufficient measures?

Perhaps the experimentation environments we propose in SENDSim and the SENDS Center for the Science of Cyberspace will help us generate and observe important evidence to observe “what happens.”

Many consumer advocate groups actively lobby legislators with advice on how digital freedoms can be maintained. Conversely, other groups of lobbyists advocate policies which secure their clients’ ability to profit from the use of Internet services. In their own rights the recommendations made by each side of the debate are based on the interests of the groups they represent. The concern arises when the recommendations of any group is pushed into legislation without taking into consideration the consequences. As other SENDS blogs have noted, local optimization of behaviors and objectives often escalate to unpredictable, sometimes undesirable results!

User privacy rights are under continuous attack through their use of the Internet, web sites, and social networking services. Governments, businesses, and cyber attackers alike benefit from gleaning information on individuals and groups making use of these mediums. What we do online is being tracked and analyzed, and others are profiting from the exposure of our personal information and online behaviors.

Future blog entries for SENDSOnline will focus this discussion on specific legislation and significant developments surrounding online privacy rights. We will explore what constitutes personally identifiable information, how it is collected and used. We will examine the actions, or lack thereof, taken by lawmakers to ensure our online privacy rights. And we will work to understand the impact of having our personal information and online behaviors exposed to the world, so that we can identify practical solutions for protecting our online privacy.

This is becoming an important issue in our daily lives. Please join the SENDSOnline community in discussing the concerns surrounding it.

by Shane Powell, sendsonline.org, April 25, 2011

Shane Powell, a first-time contributor with this piece, is one of the founding members of the SENDS Consortium. You can find out more about Shane at: http://sendsonline.org/about/consortium-membership/.

These luddite-leaders actually performed a worthwhile service for cyberspace development: through their resistance to change, they slowed things down enough so that technology didn’t completely overtake people, organizations and the cultures that were rapidly evolving through exchange and interaction. Again, I know…I did it (and still do; just ask Craig). So, maybe there’s some good as well as not-so-good in being a luddite? I’m hopeful…

The last blog I posted about leadership in cyberspace really started the thinking parts of my luddite brain to move. I had to ask the question “what have we done as a nation to build leaders and leadership tools to conduct cyberspace-based operations?” I’m not talking about network management tools or more security studies, but philosophies that demand and empower the growth of leaders through cyberspace education as well as leaders who actually know how to lead people and effectively manage cyberspace-based assets. Jack Holt wrote about this not too long ago, also.

The century-old debate about what’s more important, leadership or management, is only just now becoming a topic of interest in cyberspace. There’s a close parallel between this debate and the old effectiveness versus efficiency issue: first do the right thing, then do the thing right. Leaders ensure an organization is doing the right things first…but the complexity of cyberspace makes sorting that out ever more difficult…sometimes we default to only managing the things we can see, without understanding the bigger picture. That’s not leadership.

About two years ago, another self-professed partial IT luddite, General Kevin Chilton, USAF, gave a talk at the US Strategic Command’s inaugural Cyberspace Symposium in Omaha. Deeply insightful, Chilton, the commander of STRATCOM at the time, reflected on three elements: Culture, Conduct and Capabilities. These three Cs if you will, were, and still are, big ideas about growing leadership in cyberspace.

My favorite quote in the article spoke to the real challenge we have in enhancing operations and security in cyberspace. “We have to transition from a culture of convenience to a culture of responsibility,” Chilton (also a former astronaut) observed. Responsibility and accountability, also emphasized in the article, are the cornerstones of leadership at every level, whether in cyberspace or not. Leadership, based on a sense of responsibility and willingness to be accountable, is critical to success in cyberspace. Even luddites know that.

I strongly encourage readers to review Chilton’s address, captured in the Air & Space Power article I quoted above. These words form the basis for the US and even the rest of the world to fully understand what cyberspace is doing for us and to us.

Right now, our culture is to just try to manage cyberspace and hope good things happen…hope we make a lot of money or perhaps find new outlets for altruistic endeavors. We’re allowing technology to connect us without understanding why or what benefits there might be from these new connections and technologies. Leaders should be uncomfortable with that direction. They should want to know more about the culture, conduct and capabilities emerging all around us, facilitated by the massive connectivity that cyberspace embodies. They should demand more insights about what’s happening.

Going back to our visit to the Air Force Institute of Technology last week, it’s encouraging to see that new generations of leaders are at least aware of the need to know more about our environments, to know more about how people and technology coevolve. Other similar military educational classes are taking up these challenging topics as well, including the Naval Postgraduate School and the Service Academies. Universities around the world are starting to think in these veins.

That’s all well and good, of course, and the next generation of cyberspace leaders (firmly entrenched as native residents already) will experientially know about the challenges General Chilton expressed in his speech and article. From its beginnings, the SENDS team began to think about those challenges and opportunities, particularly as explored through the SENDS Center for the Science of Cyberspace. We’ve written a bit about it already and will continue to discuss it as we move into the next phase of SENDS. Leadership in cyberspace is a big deal!

In the meantime, we (including the luddites) need to lay the groundwork for exploring leadership in cyberspace, not only to prepare people to lead and manage resources, but how to better lead the development of the next generation of capabilities within this great connecting environment.

Good leaders will help us get this right. They’ll do the right thing.

by Carl Hunt, sendsonline.org, April 21, 2011