Belfer Center Home > People > Ryan Ellis

« Back to list of experts

Ryan Ellis

Ryan Ellis

Associate, Cyber Security Project




Ryan Ellis writes and researches on topics related to cybersecurity, infrastructure politics, homeland security, and communication law and policy. Prior to joining the Belfer Center, Ryan was a Postdoctoral Fellow at Stanford University's Center for International Security and Cooperation (CISAC) and served as a Project Manager at the University of California's Institute on Global Conflict and Cooperation (IGCC). He holds a Ph.D. in communication from the University of California, San Diego.



By Date



February 2015

"The Vulnerability Economy: Zero-Days, Cybersecurity, and Public Policy"


By Ryan Ellis, Associate, Cyber Security Project

The case is designed to support a discussion of the costs and benefits associated with competing models of vulnerability disclosure. The trade in zero-days is a growing area of policy concern. The case can be used in courses on cyber policy, science and technology policy, or national security. It can be used to explore the concepts of public goods, dual-use technologies, and externalities.



November-December 2014

"Regulating Cybersecurity: Institutional Learning or a Lesson in Futility?"

Journal Article, IEEE Security & Privacy, issue 6, volume 12

By Ryan Ellis, Associate, Cyber Security Project

On 22 November 2013, the Federal Energy Regulatory Commission approved the latest version of mandatory cybersecurity regulations for the bulk electric system—known as Critical Infrastructure Protection (CIP) Reliability Standards. The CIP standards are relatively unique: they are developed through an unusual model of industry-led regulation that places industry, and not federal regulators, at the center of regulatory design and enforcement. The CIP regulations have received a significant amount of criticism. Critics argue that the regulations are incomplete at best and irreparably flawed at worst. The author examines the lessons we can learn from the CIP standards and poses a provocative question: Are the regulations actually a secret success?



June 2014

"Creating a Secure Network: The 2001 Anthrax Attacks and the Transformation of Postal Security"

Book Chapter

By Ryan Ellis, Associate, Cyber Security Project

The author critically examines the creation and implementation of new security standards within the postal network after the 2001 anthrax attack. Drawing on research conducted at the Smithsonian Institution and documents obtained under the Freedom of Information Act (FOIA), the article traces the politics inscribed within the architecture of new security technologies. The article sets debates about postal security within a broader account of political economy. The article emphasizes the possibilities and limitations of disasters to create moments of disruption and undergird new political interventions.



July 24, 2013

"Protecting US Critical Infrastructure: One Step Forward for Cybersecurity, One Back?"

Op-Ed, Technology+Policy | Innovation@Work

By Ryan Ellis, Associate, Cyber Security Project

"...[T]he Department of Homeland Security's Industrial Control System Cyber Emergency Response Team (ICS-CERT) recently canceled two long-planned conferences and a number of training sessions. The cancellations are likely an effect of sequestration—no funds."



Wig Zamore STEP Photo

June 13, 2013

"Dangerous Cargo: Action Needed on Hazardous Materials"

Op-Ed, Power & Policy Blog

By Lewis M. Branscomb, Director Emeritus of the Science, Technology and Public Policy Program; Aetna Public Service Professor Emeritus of Public Policy and Corporate Management and Ryan Ellis, Associate, Cyber Security Project

"The threat of terrorism complicates matters even further. In April, two men in Canada were arrested for plotting an attack on rail lines near Toronto. In the US, homeland security officials have warned that shipments of hazardous materials are an attractive terrorist target."



March 5, 2013

"Cyber Security"

Media Feature

By Ryan Ellis, Associate, Cyber Security Project

Dr. Ellis raises an interesting question: Does the pursuit of offensive cyber capabilities undermine domestic security? The conversation highlights a growing area of concern and ongoing debate.




"The Premature Death of Electronic Mail: The United States Postal Service's E-COM Program, 1978–1985"

Journal Article, International Journal of Communication, volume 7

By Ryan Ellis, Associate, Cyber Security Project

In the late-1970s, the United States Postal Service (USPS) launched an innovative electronic mail service, "E-COM," that sought to integrate networked computing and the postal system. Postal management envisioned E-COM as a path-breaking program that would carve out a key place for postal service in the coming information age. The following examination of the ultimate failure of E-COM contributes to the history of networked computing and communications, while additionally providing a unique perspective on the current precarious state of postal service in the United States.



AP Photo

February 2010

"Rail Transportation of Toxic Inhalation Hazards: Policy Responses to the Safety and Security Externality"

Discussion Paper

By Lewis M. Branscomb, Director Emeritus of the Science, Technology and Public Policy Program; Aetna Public Service Professor Emeritus of Public Policy and Corporate Management, Mark Fagan, Philip Auerswald, Former Associate, Science, Technology, and Public Policy Program (STPP), 2003–2014; Former Assistant Director, STPP, 2002–2003, Ryan Ellis, Associate, Cyber Security Project and Raphael Barcham

Toxic inhalation hazard (TIH) chemicals such as chlorine gas and anhydrous ammonia are among the most dangerous of hazardous materials. Rail transportation of TIH creates risk that is not adequately reflected in the costs, creating a TIH safety and security externality. This paper describes and evaluates policy alternatives that might effectively mitigate the dangers of TIH transportation by rail. After describing the nature of TIH risk and defining the TIH externality, general policy approaches to externalities from other arenas are examined. Potential risk reduction strategies and approaches for each segment of the supply chain are reviewed. The paper concludes by summarizing policy options and assessing some of the most promising means to reduce the risks of transportation of toxic inhalation hazards. Four policy approaches are recommended: internalizing external costs through creation of a fund for liability and claims, improving supply chain operations, enhancing emergency response and focusing regulatory authority. It is further suggested that the Department of Transportation convene a discussion among stakeholder representatives to evaluate policy alternatives.

Events Calendar

We host a busy schedule of events throughout the fall, winter and spring. Past guests include: UN Secretary-General Ban Ki-moon, former Vice President Al Gore, and former Soviet Union President Mikhail Gorbachev.