Publications

2023
Article

MoPe: Model Perturbation-based Privacy Attacks on Language Models

By: Marvin Li, Jason Wang, Jeffrey Wang and Seth Neel

Recent work has shown that Large Language Models (LLMs) can unintentionally leak sensitive information present in their training data. In this paper, we present Model Perturbations (MoPe), a new method to identify with high confidence if a given text is in the training... View Details

Keywords: Large Language Model; AI and Machine Learning; Cybersecurity

March 2024
Teaching Note

SolarWinds Confronts SUNBURST

By: Frank Nagle and David Lane

Teaching Note for HBS Case Nos. 723-357 & 723-368. View Details

Keywords: Cybersecurity; Corporate Disclosure; Crisis Management; Information Technology Industry; United States

2021
Article

Evidence of Decreasing Internet Entropy: The Lack of Redundancy in DNS Resolution by Major Websites and Services

By: Samantha Bates, John Bowers, Shane Greenstein, Jordi Weinstock, Jonathan Zittrain and Yunhan Xu

This paper analyzes the extent to which the Internet’s global domain name resolution (DNS) system has preserved its distributed resilience given the rise of cloud-based hosting and infrastructure. We explore trends in the concentration of the DNS space since at least... View Details

Keywords: Domain Name System; Resilience; Entropy; Internet and the Web; Infrastructure; Performance Effectiveness; Safety; Cybersecurity

14 Nov 2019
Blog Post

Future Leaders Dive into the MS/MBA: Engineering Sciences Program

the program will help him expand on the cybersecurity work he did in the military. “For nine years, I concentrated on defense work, and I wanted to come here to get a broader experience and understand more of the business side—to see how... View Details

05 Feb 2019
News

Protecting the Power Grid

key component of solutions.” With increasing interdependence between the nation’s electric grid and the public internet, cybersecurity is gaining attention of both regulators and the public. “Foreign adversaries have regularly penetrated... View Details

Keywords: Ralph Ranalli; terrorism; Electric Power Generation, Transmission, Distribution; Utilities

November 2024
Case

FedEx Cyberattack (A): Navigating the NotPetya Storm

By: Hise Gibson, Frank Nagle, Alicia Dadlani and Martha Hostetter

In 2017, FedEx’s European division — acquired the year before for $5 billion — was hit by a devastating cyberattack that destroyed thousands of computers and business systems across several countries. Corporate Chief Information Officer Rob Carter put the company’s... View Details

Keywords: Cybersecurity; Crisis Management; Disruption; Planning; Transportation Industry; United States; Europe

2022
Article

Data Poisoning Attacks on Off-Policy Evaluation Methods

By: Elita Lobo, Harvineet Singh, Marek Petrik, Cynthia Rudin and Himabindu Lakkaraju

Off-policy Evaluation (OPE) methods are a crucial tool for evaluating policies in high-stakes domains such as healthcare, where exploration is often infeasible, unethical, or expensive. However, the extent to which such methods can be trusted under adversarial threats... View Details

Keywords: Analytics and Data Science; Cybersecurity; Mathematical Methods

Web

AI at Work | Working Knowledge

potential for bias and “hallucinations.” What are some potential missteps with AI? Relying on the tools excessively, which can erode the creative process. Scaling too quickly—AI continues to evolve and improve, but still has limits. Deploying AI without the right View Details

Web

Contacts & Resources | Information Technology

faculty, staff, and Doctoral students can login to the HBS IT Services and Support Portal to search IT services and documentation, check service status, or submit a help ticket. Let us know if there are other topics on cybersecurity best... View Details

November 2024
Supplement

FedEx Cyberattack (B): Reflections and Lessons

By: Hise Gibson, Frank Nagle, Alicia Dadlani and Martha Hostetter

Set in 2024, this (B) case provides an update to the (A) case (no. 625-049) about a devastating cyberattack that destroyed thousands of computers and business systems at FedEx’s European division in 2017. It describes lessons learned and changes made in the wake of the... View Details

Keywords: Cybersecurity; Disruption; Crisis Management; Organizational Change and Adaptation; Europe

March 2022
Article

How to Prioritize the Improvement of Open-Source Software Security

By: Frank Nagle

Keywords: Open Source Distribution; Cybersecurity; Applications and Software

Profile

Julio Cedeno

Julio met his wife, Sarah, at the university. After graduation, they moved to Houston where Julio began a six-year tenure with Chevron. Balancing act of work, marriage, and education Julio had interned with Chevron between his junior and senior years, contributing to... View Details

Keywords: Manufacturing/Energy

Web

Corporate Governance and Boards of Directors - Course Catalog

areas such as accounting and financial reporting, compliance and culture, cybersecurity risk, and sustainability. The course concludes with a short module on preparing for board service. The class sessions will involve case discussions,... View Details

24 Apr 2023 - 27 Apr 2023
Conference Presentation

Diversity, Equity, & Inclusion: The Paradoxical Effect & Impact on Security

By: J. Carlos Vega, Hise O. Gibson, Nicole Gilmore and Larry Whiteside Jr.

Diversity, Equity, & Inclusion (DEI) is necessary to create the world class teams we need to defend against advanced threats and adversaries; however, the approach that most take often fails spectacularly. The panel challenges the current practices, the failings, and... View Details

Keywords: Diversity; Cybersecurity; Corporate Social Responsibility and Impact

03 Mar 2016
News

3-Minute Briefing: Pamela Meyer (MBA 1986)

cybersecurity resulted in losses of $500 billion in 2014, but we’re only spending about $100 billion to address the problem. There’s a huge gap between the size of the threat and our ability to detect it. + ONLINE web-only content... View Details

Keywords: Julia Hanna

January 2025 (Revised March 2025)
Case

DJI- Striving for Innovation Amid Contestation

By: William C. Kirby and Daniel Fu

DJI was founded in a college dorm room in Clear Water Bay, Hong Kong. By 2020, DJI, a company manufacturing drones, occupied a 77% share of consumer drone sales in the United States with a wide array of clients including law enforcement and government agencies. Its... View Details

Keywords: Drones; Hong Kong; China; Chinese Manufacturing; Chinese Dream; China's Political Economy; International Relations; Cross-Cultural and Cross-Border Issues; Cybersecurity; Conflict and Resolution; Market Entry and Exit; Manufacturing Industry; Hong Kong; China

01 Dec 2020
News

Quantum Leap

doubt that it could radically transform sectors ranging from energy to finance and cybersecurity to transportation, but the potential is still mostly theoretical as scientists can’t quite grok all the implications yet. And a number of... View Details

Keywords: Jen McFarland Flint; Computer and Electronic Product Manufacturing; Manufacturing

October 2024
Case

EU's Digital Services Act and Digital Markets Act

By: David B. Yoffie and Sarah von Bargen

Since the early 2020s, the EU began passing regulations on digital platforms and their marketplaces. One of the first was the Digital Services Act package, consisting of the Digital Services Act (DSA) and the Digital Markets Act (DMA). These regulations were focused on... View Details

Keywords: Digital Platforms; E-commerce; Governing Rules, Regulations, and Reforms; Cybersecurity; European Union