Scott Shackelford. Courtesy photo

by PETER DORFMAN 

In September 2019, an international consortium with corporate funding launched the CyberPeace Institute, an independent nongovernmental agency created to address the growing impact of cybercrime. The institute is based in Geneva, Switzerland, but Indiana University is helping define its mission and programs. Among its thought leaders is Scott Shackelford, an associate professor at the IU Kelley School of Business.

Shackelford was working on his 2013 book Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace (Cambridge University Press) when he first helped coin the term “cyberpeace.”

Early internet visionaries saw the internet as a single, global, networked commons, Shackelford observes. But what has evolved in countries like China is the idea of “digital walled gardens,” where governments manage their distinct cyberspace domains. “We’ve tried peace-building in the real world,” he says. “What lessons can we take from that into cyberspace?”

Most of the world’s institutions rely on internet-based governance, so protecting their systems from hacking is critical. He’s called for a federal body to investigate cyberbreaches, similar to the National Transportation Safety Board, which investigates plane crashes. 

At the same time, with the recent spread of authoritarian governments and high-profile corporate scandals, is absolute security necessarily a good objective? And where do whistleblowers fit into the concept of cyberpeace? Shackelford advocates strong data encryption as a defense for institutions and individuals. But, due to privacy concerns, he opposes the governments’ insistence on backdoor access to individuals’ data.

A native Hoosier from Indianapolis, Shackelford, 36, is a 2005 IU graduate. He joined the IU faculty in 2010 after receiving a master’s degree from the University of Cambridge, a Stanford University law degree, and a Ph.D. at Cambridge. He heads the Cybersecurity Program at IU and directs the Ostrom Workshop Program on Cybersecurity and Internet Governance.

Since 2016, Shackelford has been involved in research on “how to make democracy harder to hack.” He wrote an op-ed in mid-2016 for the Christian Science Monitor posing the question, calling out election security in particular.

Now, three years later, the question remains: Is democracy any harder to hack? Shackelford says it’s hard to say. One measure is in what the Department of Homeland Security (DHS) is focused on protecting. DHS maintains a list of “critical infrastructure” for which it funds protective measures against physical and cyberattacks. Voting machines are now on that list—but they weren’t until January 2017, Shackelford notes. “A lot more needs to be done before 2020,” he stresses.