Cyber initiative at MIIS tackles digital realm risks.

A cold-hearted hacker worms his way into the electrical power system of a city. After infiltrating the control system, he holds the fate of several electrical grids at his fingertips. He takes the city hostage by threatening to turn off electricity in hospitals, demanding money and immunity in exchange for not crippling the energy grid. Government and public safety officials scramble to mount a response.

Amy Sands not only can imagine such a scenario, she is preparing for it.

She currently steers a program that has started training students to plan for cyber threats – like government information stolen from the cloud or new-age thieves unlocking innocent bystanders’ computers with the speed of a pickpocket – while mapping out who should respond and how they should do it.

Sands’ primary responsibility is directing research centers at the Middlebury Institute of International Studies in Monterey. But she also serves as interim director of the school’s cyber initiative, which launched in 2013. Courses mostly cover issues like privacy and morals in the digital world – more high-level policy discussions than hardware or software minutiae – focusing on cyber issues in international affairs, MIIS’ focus.

Partner agencies and guest speakers bring more technical know-how. In September, CSU East Bay computer science professor Levent Ertaul spoke on limiting vulnerability in cyberspace – password management, deleting files, secure mail and file encryption.

An eight-character password has 6 quadrillion possibilities.

Gabriela Horosanu, an adviser to the Romanian Ministry of Health and a security adviser to the European Parliament, presented on links between medical research, bioterrorism and cybercrime.

There’s even a memorandum of understanding between MIIS and the Military Academy of General Mihailo Apostolski-Skopje of the Republic of Macedonia: The partner institutions have agreed to work together to develop the leading southeast European efforts in the field of cybersecurity. Itamara Lochard, previously the director of the cyber initiative and now a researcher at the Fletcher School of Law and Diplomacy at Tufts University, conducted a 2015 training in Macedonia on tech tools in crisis management at a 10-day summer workshop.

At MIIS, George Moore teaches courses on diplomacy in the digital age, with a recent focus on the Obama Administration’s decision to internationalize IP addresses, which came under fire by Senate Republicans.

There’s also technical guidance for day-to-day data management. Former MIIS Cyber Graduate Research Assistant Dan Gifford led trainings on cybersecurity for NGOs, teaching smart data storage. (One guideline would be, less is better: Don’t store information you don’t need).

Gifford’s writings are posted on the cyber initiative blog, and include an essay on the history of passwords, which have been around for thousands of years. He explores the methods hackers use, including “brute force” – experimenting with every possible combination of keys until something matches. An eight-character password, for instance, has about 6 quadrillion possibilities. Dictionary-based attacks, meanwhile, assume the user has chosen a word or phrase, like “kitten” instead of “1h4^B8.” If just a single English-language word is used, the hacker only needs to breeze through roughly 170,000 words. The longer the password, the longer it will take – even decades – making some passwords unrealistic to hack this way.

In another essay, “Encryption as a Human Right: the Growth of ‘the Right to be Let Alone,’” Gifford explores how the web can do damage on a personal level. He looks at the Celebgate scandal, when Apple iCloud accounts belonging to the likes of actors Jennifer Lawrence and Kirsten Dunst were hacked and naked photos were widely released.

It’s just one famous real-world example of the types of issues MIIS Cyber Initiative students and faculty confront. Just last week came another, as Apple CEO Tim Cook made headlines by defying a court order to unlock an iPhone that belonged to one of the presumed San Bernardino shooters.

And that hospital shutdown scenario Sands described? It’s not just a hypothetical. On Feb. 5, hackers used malware to infect the computer system of the 434-bed Hollywood Presbyterian Medical Center, and the hospital paid $17,000 in bitcoins to regain control.

In this 21st century, we’re living in an increasingly virtual world – with real-world effects. The cyber initiative at MIIS aims to provide a program for students and experts from various backgrounds, ranging from academia to military, to consider what the digital era means for international relations – in times of conflict and times of peace.

Sara Rubin contributed to this report.

For more information, visit http://sites.miis.edu/cyber