 John Lindsay is from the, is from the Monk School of Global Affairs at University of Toronto. Recently moved there from University of San Diego's Institute for Cooperation and Conflict. There you go. Get it about right. That's right. Yeah. And he's a political scientist, so we're moving, we're moving disciplines. Well, thanks very much. It's wonderful to be here, especially since it's freezing in Toronto. It's fantastic here. I'm going to be talking about a project called Cross Domain Deterrence. It actually has a much longer name. It has a fairly large number of collaborators that are involved here. And I'll try and emphasize the cyber aspects of this project. This project had its origins in really thinking through strategic interactions in cyberspace between nation states and other actors. And Eric Bartsky, the PI in this project at UC San Diego. And I were thinking a lot about cyber specifically and a lot of the wild claims that exist for the cyber domain. And a lot of these didn't quite make sense in theories of modern war, the way that we understand them. But when you started thinking about cyber in conjunction with other diplomatic and military instruments of power, suddenly you started to get into some really interesting materials. So a lot of what was interesting about cyber had nothing to do with the cyber domain, but its interactions with other domains. So we're all pretty familiar with the concept of deterrence. Of course it's Dr. Strangelove who tells us deterrence is the ultimate creative fear in the mind of the adversary. So it's about beliefs, it's about the future, it's about communicating credible threats to the other side. Either to get them to do something, to get them to not do something that you would like them to not do, deterrence. But already we can pick lots of different definitions. If you look at this American military definition, you already see that there's a lot of different things that are going on in the concept of deterrence. Trying to prevent an action, trying to create a belief, trying to talk about costs and benefits. So deterrence is actually a bundle of multiple things. It's going to be one of the primary themes that I want to stress here. Now deterrence has been something that actors have been interested in and practicing since antiquity. You can find all kinds of deterrent threats in all kinds of ancient texts. But deterrence was always liable to fail and so military had to be ready to actually fight it out on the battlefield. They had to be willing to transition to defense or brute force however you want to term it. Nuclear weapons are quite interesting because the first time they radically separate these two functions of defense or war fighting and deterrence, communicating with force. Nuclear weapons were obviously costly, devastating. Nuclear weapons are also very difficult to defend against. There was always a non-zero probability that a missile was going to get through and was going to do it quite quickly and with quite devastating results. So there was a necessity to start thinking systematically about the grammar of threat and the grammar of communicating with nuclear weapons. And the important thing there is it's an advent of technology which is now separating different functions that had already exist but now had to be thought about in a different way. Of course politics doesn't stop with nuclear weapons. We have a couple of hair-raising chicken episodes with the Berlin crisis and the Cuban missile crisis. But of course both superpowers start looking for other ways to influence one another. Whether it's in the conventional domain, the subconventional domain, the proxy wars and other places. And there's the so-called stability and stability paradox emerges where you have nuclear weapons preventing large-scale superpower conflict but you then have this expanding range of low-level threats that states can use to pursue their interests. Now this fellow is not as well-known as Dr. Stringslock, perhaps he should be. This is Michael Knox. He was Assistant Secretary of Defense for Global Strategic Affairs during the first Obama administration. He's one of our researchers. I just put this up to kind of highlight his particular brief which was US nuclear forces, missile defense, cyber and space. Michael looked at this and said, my goodness, how the heck do I manage this bundle of wildly difficult things? Especially when we've got some major challenges. A lot of those challenges focused on China at the time. China had just tested an anti-satellite missile. There's been a couple of more that have gone up, created a huge amount of debris in low-earth orbit. And Chinese started talking about ideas that they were going to escalate to de-escalate. They were going to thought about in a military crisis, perhaps clinking a US satellite would be a way of demonstrating resolve. This comes to some of these cultural questions we were talking about for US policymakers in that particular Track 1 dialogue. They started having heart palpitations because that is a big red line when you start shooting down US satellites. Of course there was the growing use of cyber, Estonia, Georgia, Chinese activities starting to pick up. And it looks very, very difficult to deter this stuff. At the high end, worrying that some of that material may actually start to undermine the credibility of the US nuclear deterrent, which is of course tremendously dependent upon cyber technologies for command and control, for early warning, and for other such things. So thinking through a lot of these issues, it raises a lot of questions that have been brought up. Many of them particular to cyber space. I don't know if I just mentioned this, but when we first started this project, this was really the China space cyber project. Thinking about all these different means, but cyber was the real difficult one that seemed to undermine a lot of things that we thought we already understood. So when we start looking at this systematically, cross-demy deterrence, our definition, our working definition, is just the use of apples and oranges. It's the use of unlike threats to deter or compel action in a different domain. And this whole question of what is domain comes up all the time. The Pentagon's got kind of a big five war fighting domains. So I'll continue to talk about a little bit more. We're just interested in things that are functionally different in some interesting way that they're going to have different political characteristics when you're bargaining and interacting. Just put up real quick what the organization of this project works because it highlights some of the different approaches that we've got going on. This is a five year project. We're in our second year funded by the U.S. Department of Defense Minerva Initiative. That's a little tiny pot of social science funding. Well, tiny for DoD, huge for social scientists. And this is a partnership that's focused at UC San Diego. We are doing some policy case studies. It's kind of my brief at Toronto. I'm also working with Michael Maktou now at Berkeley. We've got two of the bomb labs, Los Alamos and Lawrence Livermore working with us trying to model some of this. When we first started out, because this is the China space cyber project, this is all about new technology. We thought, hey, we don't have a lot of history here. We're going to have to be modeling this to really think about how these dynamics worked. Once we started getting into this, we realized, hey, deterrence has always been cross domain, right? It's one of these kind of nuclear moments where, hey, the introduction of nuclear means forced you to think explicitly about coercive bargaining. But when you start looking at every crisis interaction, there's always this variation across different means, right? So the Spartans are really good in land power. The Athenians are not willing to meet them there. They want to drag the Spartans out into the sea. The Spartans don't want to go there. So you have a breakdown of cross domain deterrence starting the Peloponnesian War and cross domain deterrence then keeps it prolonged in a sense because both sides are trying to stick to their competitive advantage. And so we've actually started off this big project to use both human coders and some machine learning techniques to go ahead and code, looking at 500 different crises throughout the 20th century so that we can look at the move and counter move and the chain of escalation and de-escalation as it modulates across these different domains and start to understand under what conditions do domains matter or under what conditions should having a bigger portfolio or a larger portfolio matter. So we hope to have the empirical and the modeling side lashed up. We're just right now starting to do that. Okay, so I want to go over the risk of putting up math on that screen, which is always dangerous in an interdisciplinary audience. I wanted to talk a little bit about the way that political scientists think about the problem of war. And I should say rationalist political scientists. There's all kinds of interesting irrationalities and deterrence. We can talk about the QA if you would like to. But the idea here is when we look at war, there's a couple of interesting puzzles about it. And one of the big puzzles is given that war is so costly, it kills a lot of people, it breaks a lot of things, it ruins governments. Why do states and other actors ever get involved in war in the first place? It's the question that Tom Schelling asked, it's a question that Jeffrey Blaney famously looked at. There should always be a deal that is better than fighting. It's a very similar question that comes up when you look at labor strikes. Labor strikes are very costly both to labor and capital, because you're not making anything and you're not getting paid and yet you're striking. There should always have been a deal if they would have understood the longevity of that strike and the cost that both sides are going to absorb, there should have been a deal that they would have been able to come about. So the way that you think about modeling this, here's player A and player B. And this P is the distribution of power between them. War is going to be costly. It might be some situation hackers that get some positive utility out of hacking. Maybe there are some primitive cultures that might have had a positive utility for war. But in general, war is costly. So either side, if they were to fight it out, they're going to have to pay some costs. And that cost opens up this bargaining range in the middle. So X could be any proposal that would be preferable to both sides rather than fighting it out. But the question is, where is that X actually going to be? Of course both sides would like it to be closer to the other sides. They want to maximize their utility. And herein is the beginning of the solution to this kind of problem. If there is a great deal of uncertainty about what the actual distribution of power is, what the estimate on both sides might be, what the cost associated, suddenly you can have this nice bargaining range start to not only contract, but actually go the other direction. And at both sides start to see the value of war greater than any possible other outcome. So if both sides start to see the expected value of war as greater than the expected value of diplomacy, however they've gone through that estimate of process, then war starts to look attractive. So one of the counterintuitive implications of this model of thinking is that war itself is an information-generating process. We all know that war causes a lot of uncertainty, fog of war, closets, all of that. But in the modern bargaining model of war, uncertainty is a major cause of war. But the process of fighting reveals information, how committed each side actually is to this process, how much they care, how much they're willing to bleed and put up with in order to stay in that fight. And that will tend to push that estimate closer together. And as they start to separate, then you have the possibility to start to come to a deal. And this is why it is very, very hard to find any historical instances. There's about three or four that you can come up with clearly until you get into the ancient world, where you have decisive disarmament victories. Almost all wars end with some unsatisfying, limited accommodation and negotiation. And that happens because both sides understand that the further disarmament contests would be far too costly. So if they can fix the information problem, that's one thing, but then there's also a credibility problem. Even if you've got an option for coming to an agreement in the middle, there still might be a problem. Maybe the balance of power is changing and each side realizes, hey, I better keep fighting today because the other side is getting stronger. And if I don't disarm this fellow today, then you're going to be in a bad situation in the future. So you can have a preventative motivation. Perhaps you've got agency problems, right? So who am I dealing with? Big problem in a regular war, right? Are you actually talking to the right warlord or are they going to continue fighting even though you've made a deal with somebody? So commitment problems can also be a major issue here. And unfortunately that means that limited war itself can be a form of stable equilibrium where both sides might have a sustainable situation and expectations that they will continue to do well in the future. So all of that background and kind of just talking about the modern theory of war is our entrance into this to say, okay, some of these different parameters are active and we can start to expect that different means that are being introduced into this system are going to have different effects upon the distribution of power, estimates of that, what the cost might be, what your ability to credibly signal might be. So when we think about cross-domain deterrence and what is that, excuse me, Klauswitz said that politics by other means, that implies that there's already this decision to pick war instead of diplomacy or somebody else as part of an ongoing bargaining process that continues throughout the process of war. Well what happens when you have many means to choose from, not just guns versus butter but guns versus guns and lots of other kinds of guns, under what conditions should you choose one or the other? So the important thing is to recognize that deterrence is not one thing, deterrence is actually a bundle of different objectives. You're trying to get your way at low cost without a fight, okay? And people when they talk about deterrence can often mean different things. US policy makers when they talk about deterrence, sometimes it's about controlling escalation, a lot of times it's talking about trying to persuade other countries to do something but without actually having to pay the cost of what it would take to get them to give way on their particular product. We can go out and break out a couple of these, right? There's this idea of influence, things that affect that P, the probability of victory in war. Now there are lots of military means that can affect P, the distribution of power but be terrible for this third one signaling, okay? It's the class of military commitment problem. If the US would have known during the beginning of the Korean War that the Chinese were about to intervene with 300,000 red Chinese troops, there's no way that the US military would have crossed the yellow. But the Chinese couldn't make that known because if they said, hey, we're infiltrating a bunch of people through the hills, that suddenly would have become the US Air Force's newest bombing target, okay? So in order to have a potent capability, you had to keep it secret. Well that meant that there's a massive disagreement on what the distribution of power looks like. There's no bargaining range. It's impossible to make a credible signal even though you have influence to get your way if a fight does happen now. Cyber should really come to mind here. Everything in the cyber domain, most things in the cyber domain depend on deception. It's very difficult to clearly reveal that you're going to do something specific in the cyber domain. And so it tends to be good for influence, good for intelligence, getting your own information but very bad for signaling. Nuclear weapons are almost exactly the opposite. Nuclear weapons are terrible for influence because it's very hard to imagine situations under which a nuclear war fighting situation would result in anything called victory that you would like or understand. But nuclear weapons are fantastic for signaling, okay? This is where they really come into their own. There's different kinds of costs that are associated with it. And we can iterate through and talk about, and we do this in some depth, looking at different domains, both military and non-military, and rate them in different ways across these different desertorata. Just to kind of talk about a situation that we're all familiar with, if you think about Vladimir Putin's use of little green men in the Crimean situation, NATO could have met that with putting boots on the ground in Ukraine. Wouldn't be militarily the best way to oppose a large-scale Russian invasion, but suddenly you would have dead NATO troops if that were to happen. That, of course, would mobilize a large-scale response. Putting skin in the game is a great way to signal resolve. Instead, air power is set to Poland, which is a fantastic way to link Russian tanks and manipulate that P variable. But the problem with air power and naval power is the things that make it really good at war fighting, its mobility, its power projection, also make it really easy to move it somewhere else. And so there are all kinds of questions about whether it will credibly be there to use in the future. How much time do I have left? A couple minutes. Okay, great. So part of the cross-domain problem is thinking about what the rock-paper-scissors problem looks like. If the classic game during the nuclear era was chicken-right to teenagers zooming towards another, figuring out who's going to blink, now we're looking at an ongoing sequence of interactions where each side might be playing a different set of means. And there are also new means that are being introduced in the midst. And there's a great deal of uncertainty about how those might interact and what the interactive playoffs would potentially be. Okay, so let me just put this together real quick. Okay, so when we try and put all of these things together, part of the problem is we're looking at the increasing complexity of means that are available, the uncertainty that those generate. But there are different things that policymakers and the political level and military commanders think about when they think about complexity and uncertainty. Militaries tend to develop a lot of new weapon systems focused on the problem of fighting and winning a war if it comes to that. So you have diversification of a lot of different things, layering on of command and control institutions to deal with those new systems. It creates all kinds of management and power measurement problems. But interestingly then, once you take that and you put that into the political realm, you suddenly have new means not only for fighting a war, but for signaling, for doing all kinds of things short of war, for looking for influence, for deterring in one level, operating in another. You have a great deal of complexity that happens in this set of bargaining interactions. And because now you have a worry that there's going to be a bargain that's going to end up not to your favor, there is now incentives to start developing new things. So you have this complexity ratchet over time that is, we have militaries and other innovators that are trying to patch those holes, but in patching that they're presenting new opportunities for political actors in those complex bargaining relationships. Okay. So just to wrap up here. I'd say that the cross-demand deterrence has always been around. It's always been leveraging many means, but the diversification in that portfolio makes it more important than ever to figure out how CDD works. And innovation in many ways is an unhandled exception in the existing set of institutions and policies that had protected this status quo. This isn't just a cyber problem. We talked a little bit about little green men, but I'll mention this kind of wiretaps in the Fourth Amendment, right? So the Fourth Amendment is put up in order to keep, you know, Paul's ancestors from coming to the door of these poor American colonists, breaking down the door, stealing their documents coming home. So there's this search and seizure protection. Well, suddenly you invent wiretapping capabilities. You're not having to go into somebody's house. You're not even necessarily taking their stuff because it's information. You haven't destroyed the information by taking it. But now there has to be a big judicial process of reinterpretation to say, okay, the Fourth Amendment protection against unreasonable certain seizure actually applies to your communications, even though they're going outside of your property as well. Okay, so there's this constant reinterpretation that can happen to legal domain, but it's also happening in the way that states and other actors put together their deterrence policies. What that means is that even though we see all of these deterrence failures certainly in cyber and we fear them in space, those are happening on the basis of existing deterrence that is working and there are major disincentives for going big. We're not looking at stability and stability, not just the nuclear level, but also the conventional level, but you have a proliferation of ways to design around those existing deterrence. So I will go ahead and wrap up there. I know we can go take this in a lot of interesting directions, but hopefully that gives you a flavor of what we're looking at. John, great. Thank you very much. Thank you. Thanks, John, for your great presentation and the great project. As you describe it, it could have existed before 1970 or before 1990. And we've got a very tantalizing slide which says, So you have to have the question of does information age change everything? Apart from the philosophical considerations of how information age might change deterrence, what's your database look like for, so you're going back to the Palestinian wars across the main deterrence, what are your cases which you might look at in the cyber age where there's been a real engagement of cyber military power? Sure. So there's lots of things that we could potentially look at. I've looked at the Sony case pretty closely, which is an interesting one because you've got some of these information imperfections that are incentivizing that attempted coercion, but coercion highlights exactly this problem that I was mentioning. As soon as the Koreans operating under their proxy guise as the guardians of the peace start to make demands. Now you've activated this large attribution effort. They're starting to cross lines. They're making however empty terrorist threats. And suddenly there's a lot of effort that is put on solving that attribution problem. So attribution is a little less difficult when one side is highly motivated to solve it and deal with it. And it's the very act of trying to use cyber for coercive purposes. It starts to become very self-effacing, self-undermining. So that's one case that we've looked at. With our kind of experimental projects, we're developing a set of games for both the South China Sea and a Baltic situation that will play with both professional military policy folks that are dealing with these situations and as well as some other experimental groups to try and populate the different ways that people value some of those political objectives in all the means that are available so that we can make sure that our computational models are tracking along some sense of reality in a way that people actually think about some of these problems. But that ICB database has got hundreds of different cases. So once we populate that with the new data set, we're then hoping to look at some of the cases that are particularly interesting for the number of cross-domain interactions and then go do slightly more qualitative deep-diving things. As a once-in-exploit note, instead of considering the zoning case, if not military, we might consider the impact on the United States military documents on a global strike as a real case. Yeah, absolutely. Interesting. You've talked about custom building. So one explore would use the concept of material that is in cyber. The idea that CSH is deteriorating on the cyber attack because it ceases the perceived costs outweighs the perceived benefits of an attack because of how integrated it is with the global economy. So in terms of a good deterrent strategy, in your opinion, what measures can the state implement to kind of increase the missing costs of the cyber attack? Yeah, great question. And cyber deterrence has really gone through them. I think a major evolution in the last couple of years. If you look at U.S. declaratory policy, say around 2011, it basically says, hey, deterrence by punishment, inflicting consequences afterwards, is not really feasible in cyber because of the attribution problem and offense dominance. So we're going to have to focus on deterrence by denial, having good defenses. Fast forward to 2015 policy and suddenly deterrence is back in vogue again. So there's a lot of discussion that large scale cyber attacks on a specified target set will result in the consideration of consequences not limited to the cyber domain, lots of other things. So a willingness to start thinking through a lot of that. So when we model the cyber domain, it's interesting is that you've got this real inflection point where you've got a great deal of offense dominance and things that are very difficult to deter, partially because it's easy for threat actors to do things and partially because there's a lack of resolve on the defense side to really secure those kinds of targets to have a great deal of activity on the low end. But as you start to move to more complex and more valuable targets, all the activity falls off. And deterrence starts even theoretically to become far more feasible because the attacks are more costly. It's more likely you're going to make mistakes. The attribution problem becomes much easier. So you have this inversion where with the targets that you actually care about, cyberspace starts to look a lot more defense dominant than people normally expect, which means you're having to accept that deterrence and cyber is not going to be a one size fits all. You're going to have to figure out what kinds of targets are actually worth defending and what kinds of targets are actually worth making some of those commitments and recognizing that clear commitments are going to incentivize an approach right up to that. So you're going to have to decide do I want to deter wide or do I want to deter effectively? So I think starting to disaggregate the cyber domain into different kinds of activities, different kinds of targets, you're going to see that deterrence conversation becomes more nuanced but the good news is that deterrence is feasible for the things that you really care about. But in order to make it work there, you have to accept failure everywhere else. I thought the preliminary results might be interesting enough to a group like this for us to at least start an interesting conversation. The issue started a couple of years ago when we were scoping our modelling framework for this statecraft strategy and statecraft in cyberspace program and I'll talk more about that larger modelling framework on Thursday. But this particular piece of work came about because we were energised about the issue of balkanisation in cyberspace. These were the people involved in that conversation. Nathan Ryan, who you met earlier. Adrienne Lechford is a postdoc who was a student of Terry's, who's now gone to the University of Warwick and Dmitry Brishnev, who's sitting in the audience is working with us on the project at the NSC. He's a student in the physical sciences. Okay, so I want to do this quickly. I want to just set the scene, why this is a problem. I want to show you a very interesting result. Very interesting result, surprising one. And then I want to talk about what the policy implications of this could be. So as I said, work in progress. So governance in general of the internet is a complex, divisive and contested issue, as John was talking about. The problem is, if we get it wrong, we could kill the greatest engine and generator of wealth and innovation since the invention of the steam engine. So we really do, this is a high stakes game. We want to keep the internet cyberspace open and free with very light regulation, so that in principle any individual or any machine anywhere on the planet can connect free of intervention, free of regulation, free of government interference and snooping to any other individual or machine on the planet like that. That's not how some authoritarian regimes would like. They would like these channels to go through some sort of government box and then across to another government box in another country and then be distributed out to the citizenry. Kind of, they do it for all sorts of internal reasons. Usually the security of their regimes, they feel very threatened by open flow of information. Whereas in the West, we feel empowered by the open flow of information. But the issue is, could the internet go like that? Could it change? So we don't like, we in the West don't like the idea of a balkanised internet. We call this balkanisation, where the internet is fragmented up into territorially sub-internet, such as China is trying to do with its great firewall and so forth. But from a complex systems point of view, it's a whole of system process balkanisation. You're doing something to the whole process and when you fiddle around with the topology of a system, you can generate critical processes that you don't fully understand. You could generate tipping points. Terry's going to talk later this morning about some other work on tipping points. Tipping points are where things are just going along, trundle, trundle, trundle, pretty much the same as they always were and then suddenly they change and move the system to a different state. There's interesting work on how you predict these things. There's interesting work on whether the state that succeeds in the previous state is stable or not. There's a whole lot of things. Classic examples of tipping points were the 2008 Great Financial Crisis and there's a raft of others. They don't only occur in socioeconomic systems. They occur in ecosystems. They occur in brains. They occur in transport networks. When you get a traffic jam, that's a similar sort of process and so forth. So what we were asking was, could you balkanise an internet? Would it be more or less stable than today's internet is? And if it was balkanised, could you unwind it and get it back? If somehow it went bad from our point of view, could we debalkanise it? So what we did, we did some modelling. We used simple networks. We know a lot about the shape, the topology of cyberspace, the type of network it is and we know a lot about networks now. In the last 10 or 20 years, there's been a lot of work on networks of all types under a general umbrella of complex systems thinking. We know about the behaviour of them. We know how to model them. We know some of the properties that come out from them. We know these sorts of networks do this. Those sorts of networks behaviour like that. So what we wanted to do was to build a little toy internet, one that had the same characteristics as real cyberspace and to see what its behaviour would be like if we did things to it and then to test and then to see whether those results were general enough that they could be applied to the real space. So the models were minimally realistic but sufficiently general. So we do this because we're dealing with a singular phenomenon. There's only one internet. There's only one universe. It's very hard to do experiments on things like this because you can't replicate it. So science has to model. Science can get its knowledge in three ways through observation, which is sometimes good, but often not sufficient. Darwin did a pretty good job just with observation. So you can have to resort to experience. You can use experience. That's another way when you constrain a lot of things and manipulate things. And the third way of trying to understand the world from a scientific perspective is to simulate it and then do your experiments on the simulation. Now that's useful in cosmology. We learn about the beginning of the universe and the unfolding of the universe from the Big Bang onwards through vast, really clever, really subtle simulations because we can't go back and do it. And we can test some of the results of the simulations from observations we make about the universe today or indeed the universe in the deep past and still get signals from the deep past. So that's the sort of approach we're taking to this. We try and build a minimally realistic model, and then test it against observations we can make on the real internet to see how generally it is. So observation is not sufficient. You can't just think this stuff through because your brain isn't clever enough to handle the complexity of something like cyberspace or indeed the universe. So what we did was grow, we know how the internet grows and we know it grows by a thing called preferential attachment and that process leads to a thing called a scale-free model, a scale-free graph. That's all the tech we're going to talk about now. All that means is that if I've got a box and I'm wandering around wondering where to plug it into in the internet in some way or other sense, I plug it into, on average, somewhere where more other people would plug previously than a place that's never been plugged into before. So there's a bias towards plugging things into things that are already receiving a lot of plugs. And that's all preferential attachment means and that gives the structure of the internet as we see today. So we did that. The little model allowed the nodes of this thing, we threw a whole lot of nodes into a computer and said nodes, you can connect to other nodes and you connect progressively to nodes that are already connected to more nodes. How to bias to do that rather than connect to other sorts of nodes. And we get something like this. This is a scale-free network, a classic description of something like the internet. This has got a couple of hundred dots in it. Now we've got the dots in two classes. We've called one class of dots countries, they're the ones that aren't coloured in and the other dots are other, i.e. not countries. And you can see that people aren't connecting to countries necessarily and countries aren't necessarily connecting to countries. It's all random but preferential. And that's the way the internet looks rotten today. Of course on a much faster scale. And you can do this thousands of times and get average properties of a process like this. But we're doing it at this stage. And then what we did, having got it to grow like that, we then allowed threats to pass between those nodes along those little lines. And the threats would pass from node to node and if a node had a certain level of thread it would say, I don't like being connected to you and it would disconnect and it would look for another node to connect to. And in the hope that it was going to be subject to fewer threats. And there would be a cost to doing that but there would be a gain from being released from this channel of threats that were coming down. So we did that and we ran that and we could see that the things just kept going. Things would disconnect, they'd reconnect and we continued to get what's called a scale-free network. The internet still looked the same. As long as those threats just kept coming people would disconnect, you'd give up on this ISP and go to another one if you want to think it like that. And that's the sort of evolution you got. But then we allowed countries, those little dots that subset a handful of entities in this net to modulate the threats. They said that if a threat comes through me I can tone it down, I can do something to it like the world. But you'll have to pay a cost. So if you're chance to be connected to me you won't have so many threats coming down the pile. But it will cost you a little bit. You'll have some work to do. That's okay. And we did this thousands and thousands of times and we did it in all sorts of ranges of possibilities the numbers of countries and the numbers of nodes and the levels of the threats and the levels of the costs just to see how this sort of work passed out for a wide range of things. So I'm showing you average conditions or sample conditions from this but the results I'm showing you are quite general. So what happens is when this modulation reaches a critical value when a country could start to could start to modulate a threat sufficiently strongly to stop a threat coming through we had a critical phenomenon occurred. We had a tipping point. I'll show you this. And this was quite interesting. What happened was here's the probability of stopping a threat by a country going from doesn't actually care a threat's got passed through a country node through to any other node it just passes them on, passes them on and here it's starting to do something with them here it's trying to stop them and here it stops all threats. What you found was that what we call vulcanisation which was how often countries the other nodes the nodes that weren't countries started to tuck in behind countries the rate at which so here they're assembling behind countries and they're not and they're going back and forwards at this point when countries have been coming quite effective at knocking back threats all the other nodes tuck in behind behind the countries with a great fidelity now don't worry about the exact numbers they're irrelevant the thing is the shape of that it's a tipping phenomenon it's not to do with the particular values of the parameters it's to do with this broad process that's going on but if countries start to behave like this non-countries will start to tuck in behind them very bloody quickly so we get a vulcanised network and suddenly the network looks like this these are the countries everyone tucks in behind a country and the main connections in the graph the backbone of the internet suddenly becomes from country to country to country to country and that's a very very robust and strong result that happens again and again and again so countries don't have to do much to and you can see this in a dynamic simulation let's see ok so here's countries in red this is gradually increasing the number of the number of ability to stop threats and you can see in this representation as as entities get more connections we allow them to grow bigger so you can see them so what started out just as a random as a random process over time starts to vulcanise so and it continues and continues then it slows down and the other thing that happens is that it's been stable and vulcanised as you continue the process this thing goes on and on and on and it just starts to lock down you see the odd one trying to find a new home but nearly always the new home is behind a country it stabilises and becomes more solid now that's a really interesting result that goes on for thousands of steps I won't show you them all but you can see that this lovely little network which started out just like the network we had to begin with has now become vulcanised just by having that tweak in how things in how states manage their relationships to threats in this case threats and we're talking about threats in the most general character here now so this happens over a wide range of settings when we do it with thousands of countries or thousands of nodes tens of nodes tens of countries and hundreds of things same result it's a general result about the behaviour of the internet and different types of threats ok so what? all that's really good academic fluff here's the take home message firstly the internet we have we've got by having standards it's free and open and wonderful but it's not stable we didn't get there by careful planning we got there because a bunch of geeks in Los Alamos and places like that declared it to be like that to begin with and it kind of kept going the other take home message is very small and simple changes in the ways that countries can lead to changes in the global structure of the internet not by fear not by international negotiations just by their own individual behaviours to drive a global change in the internet in the internet structure and once it's forked and it's very hard to nudge it out you can't undo that and that comparison is the difficulty the world has had in creating global free trade we had quite good global free trade before the first world war in the Edwardian period and it's slowly got eroded and we've been trying ever since system an open free network and we just can't do it thanks Terry I'm winding up so here's the message for us we've got to work hard and smart and long just to keep the internet we've got the China's and Russia's they can just wait because the modernised internet's coming to be they can just wait for any slip ups any changes any changes in behaviour and a balkanised internet's going to drop into their laps the policy ramifications of that are enormous we behave in our international negotiations as if we're talking about a structure which itself is stable which we need to prevent from we need to make rules about to prevent it from going the bad way our strategy needs to be exactly the opposite we need to protect this thing and prevent it unveiling its tendency to balkanise very quickly and that's the that's the story one I guess challenge to one of your initial assumptions and then one question about organisation the challenge is you said when you're Western we don't like this balkanisation thing we want to keep things free and open the challenge that I've got to you is I know we released a couple years ago Facebook for example were launching balkanisation on the internet they were advocating internet work on ID for each person etc etc basically so they control access to the internet so the problem with this is have you looked at and will you be looking at the role of non-state actors in these things assuming or given that they have different motivations to states so Facebook's motivation is going to be different so Australia's motivations do you think that would have an impact oh it's true that's a very good point when I said the west there are parts of the west I hope the majority would like to keep it free and open but some governments are getting some western governments are getting gulled into thinking that a balkanised internet may not be such a bad thing for their own security and there and they could get gulled by the China's and Russia's to sort of collaborating to create something like that and I think that would be really dangerous one of the things we've seen in some western countries the US, Australia is reducing the number of portals for governments as a security measure but then you can bet a whole lot of government and parasitic organisations would try and tuck in behind that for their own protection that could be a cascading problem inside western countries too so yeah, it's a problem and we need to defend what we've got we've created by happenstance this fabulous thing and it could get snatched away very quickly by a few stupid policy responses so a very good thought maybe you don't want people to have to answer this but what's wrong with bolting a solution you can't because the innovation that we get out of the internet just won't occur when things are bolted down through government agency of one sort or another and there's a general it's the libertarian in me the idea that we can freely interact with human beings without a government intervention I think is broadly ethically a good thing and this is the first time it's happened in the history of the planet and we shouldn't encourage it not convey it I'm a little bleeding democrat aren't I sorry we've been discussing this for several years and it's really amazing to see it in such a well presented form yes as Terry just said it does tell its own story very powerful what's powerful about it I think for a long time when we've spoken about organization we've just assumed it meant the degrading of the internet or a weakening of the internet actually what it is is a very robust alternative and that's what makes it such a challenge I was going to read off your last slide and it disappeared so this is the I think you wrote that the internet they want will just drop into their laps this is something I'm going to talk about tonight I see what you mean in the sense they want two internets they want the one they've got at the moment but they also know deep down if you really approve that they want the other one too the one that you're talking about so how do we play that can we have a world where there's a big free and open space and a bunch of businesses in Russia, China, Iran and so forth that are somehow connected to this larger more, I don't know that's beyond the power of a simple model like that and certainly be one to have a look at to see whether that would propagate whether the interesting model, I have no idea how it would go that it would be a challenge how do you like the policies that you've introduced I'm sorry? How do I pay for the policies that you've interact with after a long time? You can interact with your property I see intellectual property not even at Brodova it's a good question you can see some governments might even see organizing the internet as a way to protect their IP I'm not sure this model is trying to look at the structure of cyberspace rather than dealing with those things and I think you would need to elaborate models to get questions like that and in fact models like this are set up to then be elaborated for particular questions I need some more interpretation of the model as I understood it the non-state players are fearful ones rushing behind the states for protection but that seems to me the opposite of what is actually occurring with say the great firewall where it's the states who are the last record and they're trying to deny their populations the non-state actors within their jurisdiction the system that's also a way of doing that the modelling for that would require the non-state actors to be actively trying to get out of the system we chose for this little toy not to look at that just to look at how spontaneously what would happen if you just empower states to be able to control threats better than they do but it's a good point I'm just interested to know if you had any factors in the model that actually didn't result in vulcanisation or at least slowed it down that might inform a strategy to keep the internet open no sorry one of the things that this toy model conceptual is to keep things as simple as possible keep the number of parameters down so we just have threats and costs costs of servicing servicing the threat and some notion of do you become poor or richer if you're whacked all the time and those are very abstract very abstract concepts and we could set them to large or small or what have you and we continued to get that sort of behaviour so it wasn't that deep we're trying to get the general behaviour and then we handed over to you policy guys and said okay would you like where do you want to go now now that we've given you this steaming cowpat where do you take your let's talk about further how we might change the policy settings in some way what would be the killer thing that would allow to switch that off, that process which would clearly advantage the West and maintain the system as it were we haven't searched for that and that's a process that you engage in a dialogue with policy people to find out the sorts of things that might be feasible let's try it so it seems to me there is an optimistic interpretation actually that is totally consistent with some sort of a model if we call the little white nodes firms instead of states and these firms have the power to build better software to mitigate those threats then you might end up in a world where users flock to a few firms that have massive network effects and others get selected out and it kind of looks like a world that has a Google and a Microsoft and an Apple that has actually inoculated itself against other smaller entities that are coming in here so maybe if those are firms that are in control of the architecture of the internet it might actually be locking out some of these more state-centric solutions although when you think about the success Google has had in getting a toehold in China it might not be a global solution but it's a very good point but I think we'll have to wrap up that