Lennart Maschmeyer is a Senior Researcher at the Center for Security Studies (CSS) at ETH Zurich. His current book project focuses on the nature of cyber power and the causes of escalation and restraint in cyber conflict. In particular, his research examines how and why operational constraints explain the puzzling dynamics of conflict at the strategic level. Lennart is also working on a second research project compiling a dataset of all public reporting on cyber attacks by commercial threat intelligence vendors. The purpose of this project is to identify sources of bias in the data and how such bias distorts threat perception among both scholars and policymakers.

Lennart recently completed his PhD at the University of Toronto and holds an M.Phil in International Relations from the University of Oxford. He previously held fellowships at the University of Toronto’s Citizen Lab and at Columbia University’s School of International and Public Affairs.

Staff profile: https://css.ethz.ch/en/center/people/dr--lennart-maschmeyer.html

Max Smeets is a Senior Researcher at the Center for Security Studies (CSS) at ETH Zurich. His current book project focuses on the causes underlying cyber proliferation and restraint. He has also published widely on cyber statecraft, strategy and risk. Next to his scholarly publications, Max is a frequent contributor to policy outlets, including Washington Post, Lawfare, War on the Rocks, Slate, Cipher Brief, and CFR.  Max is co-founder and Director of the European Cyber Conflict Research Initiative (ECCRI.eu), an organization promoting the interdisciplinary study of cyber conflict and statecraft in Europe and beyond. He was previously a postdoctoral fellow and lecturer at Stanford University CISAC and a College Lecturer at Keble College, University of Oxford. He has also held research and fellowship positions at New America, Columbia University SIPA, Sciences Po CERI, and NATO CCD COE.

Twitter: @Maxwsmeets

The purpose of this article is to study the knowledge creation and dissemination process of cyber threats. What do we know about cyber threats? How do we know it? Is this knowledge sufficient? If not, why not? What are the reasons? How can we fix it? In other words, we seek to examine how the iceberg about cyber threats has been formed, sustained, and perceived.  Addressing these questions is not only important for how we talk about cyber insecurity in an academic context. It also has real-world significance in how we should evaluate specific policy recommendations and proposals. We adopt a political-economic lens to analyze the interdependent practices of different actors in driving the politics of cyber insecurity. We make two main arguments. First, we find that there are “knowledge towers”, focal points that receive a lot of attention due to the availability of data/knowledge. Yet, a lot of landscape seems to be unchartered territory. Second, we argue that knowledge creation about cyber threats happens in a self-reinforcing system of incentives - not just economic, but also academic and political - that strongly influence the availability of data, the choice of subjects, and the conclusions drawn.  The result, a reflection on cyber knowledge production by the entire CSS (ETH Zürich) cyber research group, offers pointers to how we have arrived at the particular iceberg, and identifies, where leverage may exist for change.