The Food and Drug Administration (FDA) is a United States agency responsible for regulating medical devices among other functions. The regulation process entails a lengthy pre-market process that looks at pre-clinical trials, clinical trials, the warehouse in which the device is manufactured, ethics behind the device, and more. When it comes to the device itself, usually it is one singular device on the market for everyone, but what about individualized devices adjustable to the needs of the user? This blogpost defines such devices and delves into how they are currently regulated. It also reviews issues with the current regulatory process within the United States using the European Medicines Agency (EMA) as a counter example to the FDA in regulating individualized technologies. This blogpost aims to highlight the flaws within the regulatory process and suggest ways the FDA can improve it.

When Project Mayhem won the DARPA Grand Challenge in 2014, the project lead from Carnegie Mellon, Dr. David Brumley, writing on his team’s success, quoted DARPA program director Mike Walker saying the program was just the ““beginning of a revolution” in software security.”  What could be better than an AI white hat hacker finding and fixing vulnerabilities at machine speed? Yet, ten years later, AI has not solved the pervasive challenge of cyber defense. Although there have been substantial advances in intrusion detection and prevention systems, AI-based penetration testing, and the inclusion of all manner of AI in modern cybersecurity, the problems facing actors at all levels seem to only be growing. If AI is improving cyber defenses, reducing the number of potential vulnerabilities in software and hardware, and lowering the relative costs for secure development and testing, then why is the overall challenge of cybersecurity not abating?

The tech world has been rocked by the revelations of a more efficient and less expensive LLM created by the Chinese company DeepSeek. The revelations of the new model led to a single day $1 trillion loss on the U.S. Nasdaq 100. DeepSeek avoided U.S. microchip sanctions by training on the lower tier Nvidea H800. The model is publicly available for download and can be run on devices as small as a Raspberry Pi. Others have noted that the program while efficient and effective also includes censorship parameters, in its online models that change or simply delete responses on topics that are of concern to the Chinese State. Journalists and users have tested its internal censorship parameters with queries on Tiananmen Square and Taiwan. I tested DeepSeek’s by probing with the question of whether China abuses the human rights of minorities. I screen captured the recording below.

Pakistan presents a critical case study in digital surveillance and privacy rights within emerging democracies. An evolving framework of digital surveillance and censorship laws in Pakistan increasingly constrain personal rights to privacy and freedom of speech. Pakistan’s unique placement as a post-colonial emerging democracy offers a study of how emerging democracies adapt to the online landscape. Countries can leverage historical legislation and contemporary digital regulations to influence digital spaces. Pakistan is an example of a country misusing privacy regulations in the name of national security or public order. The suppression of dissidents has a severe effect on freedom of speech and press freedom, a troubling sign for an emerging democracy.

I am not a Luddite. Unlike English textile workers who fought the industrialization of manufacturing in the early 19th century, I generally embrace technology. In many ways, I consider myself to be a futurist and a leading-edge adopter of different forms of technology. I am a technically competent professor of political science; I have worked in cybersecurity for decades, taught programming military information systems design courses, worked on DARPA projects, run large globally distributed network infrastructures, and I currently manage and run my own servers, simulation platforms, and programs for courses and research. Yet this year, I have run headfirst into Artificial Intelligence (AI) both in the classroom and beyond it.  

Russian malware actor ColdRiver poses a significant threat to Western government officials, humanitarian organizations, and NGOs critical of the Russian government by undermining humanitarian and strategic organizations. Due to its support from the Russian government, ColdRiver has proved to be a heightened threat towards NATO countries and its allies given their strong dissent of Russia’s current regime. Since 2017, ColdRiver has conducted cyberattacks, with its operators linked to Russia’s Federal Security Service (FSB)—ColdRiver has used advanced persistent threats (APTs) to steal sensitive information and disrupt operations opposing Russia.[3] The purpose of ColdRiver is to prevent NATO countries from pushing negative Russian narratives, to collect intelligence on foreign forces, and to target institutions enforcing sanctions against Russia. This blog will define ColdRiver, its methods, impacts on humanitarian and strategic organizations, and the international response to its ongoing threat will be examined.

In early October, I had the privilege of attending The Class of 1971 Student Conference on U.S. Affairs (SCUSA) at the United States Military Academy. This year marked the 75th anniversary of the conference since its inception in 1949. From the beginning, SCUSA has provided a unique opportunity for collaboration between more than 200 students and scholars from around the globe to develop policy recommendations for the United States related to the year’s given theme. For 2024, the theme was “Securing the Blessings of Liberty: U.S. Foreign Policy in a Multipolar World.” Within this theme, there were 15 roundtables with topics. I was assigned to Table 12, “Latin America Under Pressures of Multipolarity.” Upon receiving our topics ahead of time, we were given readings to prepare for our roundtable discussions and assigned a cadet point of contact (CPOC) who was responsible for showing us around West Point and providing insight into the day-to-day as a cadet.  

The Russia-affiliated ransomware group LockBit has become the most prolific ransomware of the modern day in part due to their Ransomware-as-a-Service (RaaS) model.  Ransomware groups that use RaaS offer ransomware on dark web marketplaces to be used by attackers in exchange for some of the attackers' profits. 

Last month I took part in the "Cyber Conflict: Lessons from the Indo-Pacific" workshop hosted at the Lee Kuan Yew (LKY) School of Public Policy at the National University of Singapore alongside Dr. Aaron Brantly. This workshop brought together scholars, policymakers and cyber security experts to address important cyber challenges in the Indo-Pacific region. Dr. Brantly and I presented a paper on “The Impact of Censorship and Surveillance in India, Pakistan, and Bangladesh: A Comparative Analysis.” Following the two-day workshop and discussions of regional cyber challenges I also had the chance to listen in on a roundtable discussion during Singapore International Cyber Week, where participants shifted the conversation to emerging threats in our increasingly AI-driven world. What impacted me most about these events was how they highlighted the interactions going on between cyber security challenges and emerging technical threats, and how they provided a meaningful understanding of the evolving strategies that these policymakers and scholars are currently grappling with.

The U.S. election is over, and Americans voted for Donald Trump to take the reins of the country for the next four years. President Trump’s election implications for policy areas ranging from immigration to the environment and nearly everything in between. Yet one area that will impact everyone nationally will be the relationship between security in online and offline spaces. The United States appears to be rapidly moving towards a model in which there are aligned and opposition media and social media outlets. Moreover, President-elect Trump has expressed a consistent desire to undermine the freedom of the press, to greatly expand libel laws, and to weaponize the tools of the state against those who might speak against him.

Amidst the ever-evolving landscape of cyberspace, policies seeking to regulate and maintain digital rights at the state and supranational levels remain largely the same. The European Union’s approach to data and surveillance presents two different regulatory approaches to cyber capabilities. The General Data Protection Regulation (GDPR) regulates its consumers through data protection standards.[1] The EU preserves digital rights by providing safeguards from companies looking to exploit personal data.[2] Another cybersecurity is mercenary spyware, contributing to illegitimate surveillance of journalists, politicians, law enforcement officials, diplomats, lawyers, businesspeople, civil society actors, and other actors.”[3] Spyware is categorized as a dual-use good under the European Union Dual-Use Regulations (EUDUR). When compared, these regulations and what they seek to regulate hold intrinsic differences, but both hold implications for the future of digital rights. GDPR regulates the consumer rather than the market to ensure corporate compliance whereas EUDUR regulates surveillance technology as a product leaving its marketplace and applications self-regulated by member states. The need to pivot alongside technological development reveals a more nuanced conversation surrounding how legislation lags in its protection of digital and human rights. This work will compare the approaches that the EU policy takes towards cybersecurity to glean a greater understanding of the elasticity needed to keep pace with technological advancements.

Ransomware poses a persistent threat in the cyber landscape. Over the past four years, there have been more than 19,000 recorded ransomware attacks and leaks, with the number of victims increasing daily. The massive number of attacks in such a short timespan highlights the importance of understanding the tactics employed by ransomware groups.

The concept of privacy is supported by no formal definition despite its popular usage in legal frameworks and the international codification of the “right to privacy”. A multi-faceted approach to the condition of privacy has been detailed by previous work in the lab. The objective of the following writing is to offer insight into the revelation of privacy in a legal context and its international application. This text recounts the development of “the right to privacy” beginning with the U.S. Constitution and the subsequent work of Warren and Brandeis, before the adaptation of privacy as a right in international regulation like the Universal Declaration of Human Rights (UDHR) and the emergence of data protections and privacy regulation in the digital era such as the General Data Protection Regulation (GDPR).

The idea of privacy is a convoluted subject evolving alongside technological breakthroughs that have repeatedly reinvented what constitutes an individual’s concept of privacy. This review seeks to characterize primary elements relating to the condition of privacy. Deliberations around the principles of privacy such as autonomy, self-determination, power, and reasonability will be covered. This work aims to define privacy in today’s ecosystem while considering historic approaches that have shaped the environment of personal privacy and data protections. The genealogy of privacy studies holds significance in how privacy has adapted to include the digital space that connects the public and the private space and the challenges resulting from this intersection.

            The European Cyber Conflict Research Initiative (ECCRI) is a collective of professionals, scholars, journalists, and government officials within the cybersecurity space that seeks to “promote interdisciplinary research on cyber conflict and statecraft.”[1] Their 2024 Cyber Forum at the Blavatnik School of Government of Oxford University was the first of its kind. The Forum allowed the ECCRI community to meet and discuss the evolving threat landscape. Themes of sovereignty, responsibility, pessimism and optimism dominated conversations on policy, China, efficacy of attacks, and prepositioning.

Founded in 2016, Neuralink is an American neurotech company focused on both treating human disease through technology and synthesizing human and artificial intelligence. Presently, Neuralink is undergoing human trials for their device, Telepathy, an implant intended to enable individuals with paralysis the ability to control electronic devices with their mind. Although it remains under development and testing, Telepathy represents the first successful implantation of an invasive brain-computer interface with the ability for high-bandwidth, high-resolution neural recording and stimulation in animals. Questions remain regarding the ethical practices performed within Neuralink’s laboratories and the intended future of Telepathy. As testing continues, scientists and the general public alike remain poised to see how this technology will shape humanity’s future interactions.

The European Union has made significant strides in protecting digital rights by introducing of comprehensive laws, most notably the General Data Protection Regulation (GDPR) and the proposed Digital Services Act (DSA). The GDPR, which came into effect in 2018, is a far-reaching data protection law that applies to any organization processing the personal data of EU residents, regardless of the organization's location.[1] The GDPR sets out fundamental  principles and rights, such as lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.

Poland’s inquiry into the use of mercenary spyware is a groundbreaking initiative towards achieving accountability against the misuse of digital surveillance tools. The probe beginning in early 2024 was founded on allegations by civil society against the former ruling Law and Justice (PiS) Party for the targeting of up to six hundred individuals with Pegasus spyware.This work will analyze the handling of spyware by Poland’s former government with a focus on those illegitimately targeted from military officials to political opposition figures. There will be a focus on how practices such as targeting members of political opposition threaten the safeguarding of fair elections and working democracies and the implications of Poland’s unique positioning within the European Union (EU).

According to Yale University there are over 3 million people in the United States who use pacemakers to prevent or treat too slow, too fast, or irregular heartbeat. Pacemakers are small, implanted battery-powered devices that help regulate the rhythm of the heartbeat. They include electrodes that deliver electrical impulses to one’s heart to make it beat regularly. Depending on the pacemaker, its battery can last between 5 to 15 years. Battery life is essential for keeping the electrical impulses consistent. Without the battery, the pacemaker will not work and, depending on the person’s condition, may be life-threatening. What if the concern for battery life was no longer an issue? What if there was a way to avoid surgery to charge pacemaker battery? This blogpost delves into the newly discovered science behind a body rechargeable pacemaker and explores vulnerabilities brough about innovative and increasingly interconnected pacemaker technologies.

The Black Basta Ransomware Operator group is an infamous organization in the world of cybercrime, known for its ransomware attacks on organizations throughout the world. The group's efforts showed a significant rise in the complexity and effects of ransomware attacks and how devastating they can be. The Russian-based group reportedly tallied over $107 million from late 2022 through 2023, extorting an estimated 90 companies, including industrial giant ABB.