Cybersecurity Development Research Articles

Unpacking cyber norms: private companies as norm entrepreneurs

ABSTRACTConcerns over practices in cyberspace are central to the consolidating international agenda for cybersecurity. Responses to such concerns come in different shapes and sizes, and are proposed by different actors. Whether it concerns intellectual property rights, the theft of trade secrets, collection of personal data, critical infrastructure protection, DNS security, or geopolitical issues, the rise of cybersecurity as a multifaceted global issue has led to the proliferation of governance mechanisms aimed at responding thereto. While state efforts have sought to promote norms of responsible state behaviour in cyberspace, we argue that technology companies are also taking the lead as norm entrepreneurs in the context of the stability and security of cyberspace. We explore the tensions between current literature on cyber norms and the role of private actors as potential norm entrepreneurs in global cybersecurity. In an attempt to determine the position of private actors in this field, we turn to practices such as corporate diplomacy and lobbying as avenues for highlighting the methods in which corporations engage in international policymaking in general, and cyber norms in particular. We look at Microsoft’s case to unpack the company’s role in the normative development of cybersecurity globally. We analyse documents containing the company’s policies and strategies, and argue that these efforts consist of an attempt to influence global public policies on cybersecurity. In conclusion, we note that, notwithstanding these efforts, the lack of coordination between different aspects of norm-making processes illustrates the challenges facing the advancement of international cyber norms.

The Rise of Cyber Diplomacy ASEAN’s Perspective in Cyber Security

Recent decades have seenhow information technology have shaed global politics tothe extent that defense and security experts claim it to be the beginning of a new era in warfare. Many foreign countries have begun to include cyber threat as a defining factor in international security space, which also concludes the importance of cyber security in foreign policy. In the regional framework, ASEAN has promoted small but meaningful step to ensure cyber security. The paper focuses on the concept of cyber diplomacy in ASEAN and the development of cyber security in Southeast Asia to cope with the present security challenges.

PENINGKATAN KEAMANAN SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) PADA SMART GRID SEBAGAI INFRASTRUKTUR KRITIS

<p class="Abstract"><em><span lang="EN-US">SCADA (Supervisory Control and Data Acquisition) systems as the control unit of the smart grid has been used in almost various industries around the world in terms of automation systems. Smart grid technology combines the energy infrastructure and telecommunications and Internet networks. The system provides the operational ease and efficiency in the industry. However, the system has a lot of vulnerabilities in information security aspects that can have a major impact for the industry and even the economy. This study tried to design in building a smart grid cyber security, it includes the strategies that must be done and the information security system architecture to be built. The study was conducted qualitative in-depth interviews, focus group discussions and direct observation. Results of this research is the design strategy recommendations ddalam development of smart grid cyber security. Recommendation results of this study also intended as a suggestion-making framework for smart grid cyber security as a reference implementation of the smart grid in Indonesia.</span></em></p>

IEEE Cybersecurity Development SecDev 2016

IEEE Cybersecurity Development SecDev 2016

IEEE SecDev 2016: Prioritizing Secure Development

It's clear that developers, researchers, and practitioners need a venue to discuss design approaches and tools for how to build security in and significantly reduce the introduction of vulnerabilities. Great progress is being made in the academic security research community, but the research results aren't transitioning to the engineering and development communities to the necessary extent and at the necessary speed. To address this critical need, the IEEE Cybersecurity Initiative is introducing a new event that aims to expand interactions and bridge the gap between cybersecurity research and development: the IEEE Cybersecurity Development Conference (SecDev).

The cyber arms race is accelerating – what are the consequences?

ABSTRACTNation-states are in the midst of an accelerating cyber arms race. This development has several political and strategic implications that pose the need to find specifically political answers. What is often forgotten or neglected is the increasing importance of understanding cyberspace as a political domain and cyberpolitics is needed more than ever before. The current developments in cybersecurity and cyberwarfare certainly have a number of implications but the aim of this article is to explore five consequences which are critical when evaluating both political and military aspects of cyberwarfare and its political future: the race for talented people; the need to develop a proportionate political response framework before a disruptive or destructive cyber incident occurs; the increasing necessity to expose some cyber capabilities in order to strengthen cyber deterrence; the importance of integrating physical and digital domains in order to be able to operate in the combined cyber–physical environment; and the requirement for deeper international cooperation.

Cyber Forensics in a Post Stuxnet World

Computer forensics Masters student James Moos reports on the development of cyber security and forensics for industrial control systems in a post Stuxnet era.

Cyberattacks on Critical Infrastructure and Potential Sustainable Development Impacts

Because of advancement in information and communication technologies, modern infrastructure systems are currently operated, monitored and controlled by automated systems such as distributed process control networks and supervisory control and data acquisition. Such systems will make the critical infrastructures in any country vulnerable to failures caused by either operational failures or to potential cyberattacks similar to Stuxnet and Night Dragon. The objective of this paper is to shed the light on the synergy between cybersecurity and sustainable development in relation to the potential social, economic, and environment consequences of potential cybersecurity attacks on critical infrastructures. Examples of both operational and cybersecurity incidents are shown including their sustainable development implications.

Creating and Strengthening Cybersecurity in the Republic of Moldova

Like most of the countries, Republic of Moldova faced the need of protecting its cyberspace against emerging cybersecurity threats. The lack of coordination between responsible institutions, established cybersecurity mechanisms, and well-trained specialists made private companies and public institutions an easy target for cyber attacks performed by malicious actors like hacktivist groups, terrorist organisations and state-sponsored companies. The consequences of such attacks damage reputation, business processes and affect the image of the country on the international scene. This article shares the experience of Moldova in the efforts of planning and building cybersecurity. It is written from the point of view of Moldova’s Cybersecurity Centre – CERT-GOV-MD, whose governmental status and active involvement in national cybersecurity development processes allow to provide a broad overview of different situations, in which Moldova and its state institutions found themselves, and the problems faced along the road to achieving the stated goal. In this regard, the article covers the period from the initiation of building cybersecurity until the most current results.

Regional Cybersecurity: Moving Toward a Resilient ASEAN Cybersecurity Regime

Anumber of international and regional organizations, bodies, and forums are working on cybersecurity issues.1 Given that international cooperation is to some extent required to deal effectively with the cross-border nature of cyber-related threats, this article examines efforts in the Association of Southeast Asian Nations (ASEAN) region to counter these challenges. To date, national and regional efforts to adopt comprehensive cybersecurity strategies have been slow and fragmented. Similarly, the efforts of the ten ASEAN member states to adopt both national and comprehensive regional frameworks for cybersecurity have so far been piecemeal.2 Because governments and institutions will be required to foresee emerging trends and adapt quickly to new realities in order to preempt cyber incidents, this article envisages greater cooperation on cybersecurity among ASEAN and its members through the adoption of new structures and novel ways of thinking that complement national initiatives and international efforts. Further, regional cooperation efforts could encourage both collective security and the greater development of national cybersecurity measures.Cyber-related threats are creating increasingly serious risks for the global economy as well as for national and international security. The European Union (EU), for example, considers cyber threats as having the potential to reduce stability and competitiveness,3 while the U.S. intelligence community's worldwide threat assessment for 2013 ranks cyber threats first, ahead of terrorism, transnational organized crime, and the proliferation of WMDs.4 This marks the first time since September 11 that international terrorism does not rank first in the U.S. intelligence community's assessment of global threats to national security.5This article finds that the current lack of cohesiveness in ASEAN's approach to cybersecurity detracts from regional security and undermines the proper functioning of a single market. Given the body's goal to establish the ASEAN Community by 2015, cohesive efforts to comprehensively tackle cybersecurity issues are crucial and in the shared interests of ASEAN members. The article concludes that the digital divide between developed and developing countries need not delay regional cooperation; rather, it is essential for ASEAN to enhance its overall resilience to serious cyber-related threats and collectively tackle common global cybersecurity challenges. Doing so would complement ASEAN's ambitions to create a successful single market and production base, buttress connectivity, and strategically enhance the body's position in the evolving regional architecture. In addition, it would support both wider regional and international cooperation on cybersecurity.Although the ultimate objective of a comprehensive framework is a more resilient regional architecture for cybersecurity, given the limitations of ASEAN, the measures that are more likely to be attained in the shorter term are those that complement the aims of the ASEAN Economic Community and ASEAN Socio-Cultural Community.This article is organized as follows:* pp. 135-37 examine why ASEAN is significant in terms of global cybersecurity issues.* pp. 137-40 examine the increasing probability of cyber threats in Asia.* pp. 141-45 address the digital divide both between ASEAN members and between ASEAN and other states.* pp. 146-49 outline current official ASEAN documents and measures on cybersecurity.* pp. 149-55 offer several policy options for ASEAN to create a more robust regional cybersecurity regime.* The appendices provide non-exhaustive lists of cyber incidents in the ASEAN region since 2012, official ASEAN documents related to cybersecurity, and ASEAN national computer emergency response teams (CERT).WHY ASEAN IS IMPORTANT FOR GLOBAL CYBERSECURITYASEAN is a particularly significant region in terms of international cybersecurity issues. …

An evaluation strategy of state security level from the risk of external cyber influence

In industrialized countries, the task of protection level evaluation of its information and cyber infrastructure from the external cyber influence refers to the number of priority. The problem solving now is impossible without an integrated study of the systems cyber-security ability of these countries to counter such influence and its destructive effects. First of all it is caused by the continuous increase of the information, that circulates, accumulates and processed in the cyberspaces of these countries, and also by the increase of speed of its transmission, by the rapid development of new information and telecommunication technologies and general computerization, in particular, an access to the Internet, as well as the need to protect information from internal and external cyber threats and interferences. Taking the above mentioned into consideration, it was represented the strategy of actions which will give an opportunity: the first is to evaluate a level of state security from the risk of external cyber influence; the second is to obtain the quantitative value of Cyber Power Index , what characterizes the readiness of State objects cyberinfrastructure for safe operation under such conditions; thirdly, to establish requirements for the State systems development of cyber-security and to develop measures aimed to increase its effectiveness. It was established, that the level of cyber security awareness to attacks in cyberspace, mainly depends on the presence of implemented regulatory framework and the substantial technological infrastructure of the country, the condition of its socio-economic development, as well as the usage of information and communication technologies and systems by the country. For protection level evaluation it was offered to use the questionnaire method - one of the known methods of expert assessment.

Progress Is Infectious

Models in network science, public health, and immunology can and should inspire developments in cybersecurity but could also inspire nefarious players. It would be wise to explore this in future research sooner rather than later.

보안책임과 규제가 기업의 보안활동에 미치는 영향 분석

Many governments have tried to develop a liability and compliance law that can improve cyber security in a sustainable way. This paper explores whether a liability and compliance law is effective in motivating firms` information security activities. In particular, I empirically investigate the impact of the 2007 Electronic Financial Transaction Act (EFTA), a liability and compliance law in Korea, on the information security activities of financial institutions and services providers. In spite of various criticisms of the effectiveness of EFTA, the empirical findings of this study clearly show that EFTA is having a positive impact on information security activities. From these findings, this article concludes that a liability and compliance law is likely to contribute to a certain degree to the achievement of sustainable development of cyber security.

Intelligent Strategies or Smart Grid and Cyber Security

The Smart Grid Cyber Security technology faces several challenges in the 21st Century in the context of systems engineering. First, Smart Grid and Cyber Security development technology requires regular analysis and testing of its performance in the transition from Supervisory Control and Data Acquisition (SCADA) and the critical infrastructures it controls and monitors. Secondly, Smart Grid and Cyber Security technology is based on several premises including the efficiency of renewable energy versus traditional energy sources. Thirdly, Smart Grid and Cyber Security functions include the potential to provide accurate real-time prediction of the output energy for dynamic adjustments of the output based on the load demand from consumers. However, none of these address the greater challenge facing recent developments for the Smart Grid initiatives namely, intelligence and smart grid and cyber security performance. The integration of smart grid with cyber infrastructures is intended to provide cost-effective deployment and additional features in the functions. Smart Grid Cyber Security technology however, does not adequately address the intelligent, system design, data mining and accuracy of feedback input from load demands and cyberrelated issues of smart grids. This is significant for Critical Infrastructure Protection (CIP), Critical Energy Infrastructure Information Protection (CII) and Critical Energy Infrastructure Information Protection (CEII) and Data Privacy for Transmission of Sensitive Data. This research provides Intelligent Strategies for Smart Grid Cyber Security for the 21st Century and beyond.

Cybercriminal impacts on online business and consumer confidence

The information revolution, coupled with the strategic leveraging of the Internet, has exposed a number of relatively open societies to the dangers of cybercriminal and cyberterrorist acts, especially in commercial business transactions. With the development of e‐commerce, this commercial dark side has become known as cybercrime and has taken on many forms that affect the perceptions of the way we shop online. Corporations should realize that these threats to their online businesses have strategic implications to their business future and take proper measures to ensure that these threats are eliminated or significantly reduced so that consumer confidence in the Internet as an alternative means of shopping is maintained. These counter measures, coined as cybersecurity, have been developed to ensure the safety of consumer privacy and information and allow for a carefree shopping experience. There is need for the development of models that will allow corporations to study the effects of cybercrime on online consumer confidence and to counter through leveraging the benefits associated with the latest developments in cybersecurity. With these two facets of e‐commerce impacting the online consumer, corporations must ensure that the security measures taken will ultimately prevail to assure that consumers will continue to use the Internet to satisfy their shopping needs.