| by Sierra Abukins

News Stories

Nershi, Karen
Dr. Karen Nershi’s research focuses on international security questions emerging from the adoption of new technologies, with a particular focus on ransomware, state-backed cybercrime, and cryptocurrency.

Dr. Karen Nershi will join the faculty in Middlebury Institute’s nonproliferation and terrorism program this fall. Dr. Nershi holds a PhD in political science from the University of Pennsylvania and was a postdoctoral fellow at the Stanford Internet Observatory at Stanford University. Her research focuses on international security questions emerging from the adoption of new technologies, with a particular focus on ransomware, state-backed cybercrime, and cryptocurrency.

“I’m thrilled that she’s joining us as part of a broader institutional investment in cybersecurity,” said Professor Philipp Bleek, who directs the Cyber Collaborative, mentors its student club, the Cyber Security Working Group, and chaired the search committee that hired Dr. Nershi for this new role. “Her expertise at the intersections of cybersecurity, financial crime, and data analytics is a fabulous fit for us, complementing existing activity in the financial crime management program and the META Lab.”

Bleek said their goal is to ensure all students studying global security get exposure to this topic.

“A terrorism-focused student needs to understand how the internet enables radicalization or helps terrorist groups to hide financial assets. A weapons-of-mass-destruction nonproliferation-focused student needs to grapple with cyber vulnerabilities of nuclear weapons plants or nuclear weapons or how the internet affects efforts to monitor and control the spread of dual-use technologies,” said Bleek.

Middlebury Institute is also launching a new online MS in cybersecurity for spring 2025.

We spoke with Dr. Nershi to hear more about her research and her journey to the Institute.

Tell me about your path. What first sparked your interest in this area, and how did you come to be doing the work and research you do now?

I’m originally from Louisiana. I did my undergrad at the University of Alabama in international studies, and then I completed my PhD in political science at the University of Pennsylvania in Philadelphia. I’ve always been interested in international relations. I studied abroad several times as an undergrad, so that’s always been an area of interest for me. I was also interested in the dynamics around conflict, things like the funding of rebel groups and organized crime.

For my dissertation, I was focused on anti-money-laundering enforcement and the dynamics of international cooperation around enforcing anti-money-laundering laws. It’s really hard to get reliable data to study money laundering, as banks are very secretive about the data. 

At the time, they were introducing anti-money-laundering laws in this new sector of cryptocurrency, where a lot of information is publicly available from the blockchain. I collected transaction data from cryptocurrency exchanges that let me look at how well countries were enforcing these new laws for the sector. I saw huge variations between countries.

I just became really interested in cryptocurrency, and that led me to study ransomware, which led me to my current research, which is especially focused on cyber crime, its connection to states, and also cybersecurity more broadly.

Karen Nershi RSA Conference
Dr. Karen Nershi had a chance to connect with many current Institute students who attended the RSA Conference in San Francisco earlier this month.

What attracted you to the Middlebury Institute?

I’m super excited to be joining Middlebury. The Middlebury Institute is such a special place. I can’t wait to be on campus again in the fall. There are a few main things that really attracted me. First of all, I’d say just the areas of research and study are really interesting to me. Another thing that I really like is that it’s a graduate institute with master’s students, so there’s a big emphasis on providing students with skills and expertise to go out and work in companies or in government on these cutting-edge topics. That’s really interesting to me, as well as this multidisciplinary approach. Another really unique and exciting part of the Institute is that they value translating insights from your research into these policy outputs in a way that can have a real impact.

The last main factor that’s really attracted me is just the people at the Institute. And this is true of the faculty whom I’ve gotten to know who are working on these really interesting topics, and also who are just wonderful people. To be around great colleagues and then also the students, who just seem to be a really passionate group about their interests. I met students who are doing different kinds of cyber investigations online already. It seems like they come from a wide variety of backgrounds with a lot of different insights, and they are just really interested in these topics, so I think that’s gonna be really rewarding both teaching and working with students on research projects.

What kinds of courses or other programs do you hope to develop and offer for our students?

This fall, I’ll be teaching Introduction to Cybersecurity, taking something of a broad perspective on the way cybersecurity is affecting international relations. I’ll also be teaching a weekend workshop about investigations on the dark web and exploring what sources of data are available to go out and collect information about criminal activity. We’ll be learning about research that’s already been done on the dark web. What are the sorts of questions you can explore? What is the connection to the social impacts? We’ll be visiting some of these sites ourselves and learning about what’s a safe and ethical way to do this. That’s going to be exciting, as well as sort of a hands-on exploration of data on the dark web.

In addition to these specific courses, I’m also really interested to get engaged with the Cyber Collaborative, this fantastic student-led club that’s been focused on cyber and building connections to companies. I’ll also be continuing to develop my research with support from research assistants and graduate students. 

You’ve spent time in Jordan and Morocco studying Arabic as a Foreign Language and Area Studies Fellow and a Critical Language Scholarship recipient. You’ve also lived and worked in Germany. Why is studying language important for students who want to forge careers in global security?

It is really so valuable to learn another language and, if you can, also to have the experience of living somewhere else for some period of time. It’s great to travel the world, but there’s definitely something different about living in a country and getting embedded in the culture. It’s a really valuable experience, because you learn so much about another culture and other ways things can be done. You also learn a lot about your own culture. It’s like how a fish swimming in water doesn’t really realize that they’re in water. You notice what’s so unique and interesting about your culture because you have this point of comparison.

I think for anyone who’s interested in working in politics or the policy world it’s just very valuable to have this type of experience to broaden your viewpoint on things. Especially in the policy world, you start to understand points of comparison with policies in your own country and other approaches you could try. It’s just a really enriching experience, and great for anyone in the field of international relations.

You led research about Russian ransomware attacks that was highlighted in Wired magazine and also won you the Perry World House 2023 Emerging Scholars Policy Prize. How did you decide to focus on this topic, and what did you find?

I became interested in this topic stemming from my dissertation work around cryptocurrency and money-laundering risks, which led me to become interested in ransomware. Ransomware is a type of cyber crime in which the attackers will release malware on a computer system that encrypts the user’s files. To get access to your files, you need to send the attackers a ransom, typically the cryptocurrency Bitcoin. After you send them the ransom, they send you a decryption key that will allow you to get access to all of your files. That’s the traditional 1.0 ransomware attack. 

More recently, we’ve seen developments around double extortion ransomware attacks, which is what I focus on in my research. That’s where the attackers not only encrypt a company’s files, but they also steal or exfiltrate the company’s data, which can be sensitive financial documents or personal information about their employees or their customers. They’ll steal this data and then threaten to leak it or sell it on the dark web if the company doesn’t pay an additional ransom or larger ransom to stop them.

There are some really interesting international dynamics around this. In this context of ransomware in particular, a lot of the attacks and the groups carrying out these attacks have been located in Eastern Europe, broadly speaking, and there are a number of reasons for this. Many of the attacks have been directed against companies and government offices within Western countries.

As we enter a big election year, what’s on your mind?

It’s definitely a huge challenge. We have these changes happening on the technological side that governments have been really struggling to try to keep up with, which include information security and propaganda campaigns on social media. That’s really a big area of concern, especially with new technological developments like deep fakes, such as faking people’s voices. There’s all kinds of mischief and really dangerous things that can happen in that space. Based on my own research around ransomware, there are concerns that different types of attacks could really disrupt an election, the ability to hold an election, or even just people’s faith in the election results. If there’s some sort of major hack on Election Day or close to elections, even if it doesn’t actually change the results, the knowledge that there’s been some sort of big hack could lead people to question the results.

What makes you excited to be working in the field of cybersecurity right now? What would you say to convince a prospective student that this is where the action is?

The field of cybersecurity is a new area with lots happening and there’s a big need for better understanding from the social science perspective of the area of cybersecurity.

Right now, I’m really interested in exploring the ways that different states have engaged with cyber crime to further their political agendas and foreign policy. Russia, China, North Korea, Iran are all countries that have engaged with cyber crime to varying degrees to accomplish different types of goals.

A lot of the focus in the cybersecurity research has been on the uses of cyber and conflict, which is an interesting and important area, but I think when we look more broadly, we see that a lot of the activity has been more low-level, not rising to the level of inspiring decisive military response. However, in aggregate, all these cyber intrusions can have a really important impact on a country’s national security.

This area of cybersecurity is such a dynamic area with so many new developments and technological changes. As social scientists, we need to try to understand these phenomena better so we can better understand what is the societal impact and how to design policies, either nationally or or coordinating at the international level, that can help address some of these really real threats and harms emerging from the cyber realm.