27. Cyber-Security

The Third ◽

Cyber Espionage ◽

Information Domain ◽

Cyber Risk

This chapter examines the implications of cyber-security for national security. It first provides the necessary technical background on why the information infrastructure is inherently insecure, how computer vulnerabilities are conceptualized, who can exploit them, and how. In particular, it considers definitions and concepts relevant to information security, such as cyberspace, Big Data, and hacking. It then describes three interconnected cyber-security discourses: the first is about computer viruses and worms; the second deals with the interrelationship between cyber-crime and cyber-espionage; the third is concerned with the double-edged sword of fighting wars in the information domain and the need for critical infrastructure protection. Based on this, the chapter evaluates a range of protection measures from each of the three discourses. It concludes by suggesting that the level of cyber-risk is generally exaggerated.

Cyber security training for critical infrastructure protection: A literature review

Computer Science Review ◽

10.1016/j.cosrev.2021.100361 ◽

2021 ◽

Vol 40 ◽

pp. 100361

Author(s):

Nabin Chowdhury ◽

Vasileios Gkioulos

Keyword(s):

Literature Review ◽

Cyber Security ◽

Critical Infrastructure ◽

Security Training

Enhancing relationships between criminology and cybersecurity

Journal of Criminology ◽

10.1177/00048658211003925 ◽

2021 ◽

pp. 000486582110039

Author(s):

Benoît Dupont ◽

Chad Whelan

Keyword(s):

National Security ◽

Cyber Security ◽

Data Networks ◽

Cyber Crime ◽

Broad Concept ◽

Diverse Field ◽

Computer Scientists ◽

Control And Prevention ◽

Prevention Activities ◽

The Moment

‘Cybercrime’ is an umbrella concept used by criminologists to refer to traditional crimes that are enhanced via the use of networked technologies (i.e. cyber-enabled crimes) and newer forms of crime that would not exist without networked technologies (i.e. cyber-dependent crimes). Cybersecurity is similarly a very broad concept and diverse field of practice. For computer scientists, the term ‘cybersecurity’ typically refers to policies, processes and practices undertaken to protect data, networks and systems from unauthorised access. Cybersecurity is used in subnational, national and transnational contexts to capture an increasingly diverse array of threats. Increasingly, cybercrimes are presented as threats to cybersecurity, which explains why national security institutions are gradually becoming involved in cybercrime control and prevention activities. This paper argues that the fields of cyber-criminology and cybersecurity, which are segregated at the moment, are in much need of greater engagement and cross-fertilisation. We draw on concepts of ‘high’ and ‘low’ policing ( Brodeur, 2010 ) to suggest it would be useful to consider ‘crime’ and ‘security’ on the same continuum. This continuum has cybercrime at one end and cybersecurity at the other, with crime being more the domain of ‘low’ policing while security, as conceptualised in the context of specific cybersecurity projects, falls under the responsibility of ‘high’ policing institutions. This unifying approach helps us to explore the fuzzy relationship between cyber- crime and cyber- security and to call for more fruitful alliances between cybercrime and cybersecurity researchers.

Maturity and Process Capability Models and Their Use in Measuring Resilience in Critical Infrastructure Protection Sectors

Transportation Systems and Engineering ◽

10.4018/978-1-4666-8473-7.ch025 ◽

2015 ◽

pp. 506-526

Author(s):

Clemith J. Houston Jr. ◽

Douglas C. Sicker

Keyword(s):

Risk Management ◽

Cyber Security ◽

Critical Infrastructure ◽

Process Capability ◽

Maturity Models ◽

Management Capabilities ◽

Use Of Models ◽

Measurement Capabilities

This paper provides a literature review and survey of maturity and process capability models, Critical Infrastructure Protection (CIP) tools and frameworks to identify strategies for assessing and measuring resilience and risk management capabilities, with a specific focus on the electricity generating sector. The focus is on the use of models such as CERT-RMM, and others, as a means of addressing challenges associated with cyber security and risk management. Foundational concepts, terminology and definitions are provided; examples of maturity and process capability models are presented and discussed, tools that enable process capability and resilience are identified, including those specific to the electricity generating sector. The evolution of models and how they have addressed challenges is presented, in addition to the characteristics and differences of models and the growth in domains where they can be used. The benefits of the application of process capability and maturity models in maintaining and enhancing resilience and cyber security protection is supported in this paper and recommendations for research opportunities that may yield further insight and measurement capabilities are offered.

Protection of Australia in the Cyber Age

International Journal of Cyber Warfare and Terrorism ◽

10.4018/ijcwt.2011010104 ◽

2011 ◽

Vol 1 (1) ◽

pp. 35-40 ◽

Cited By ~ 2

Author(s):

Matthew Warren ◽

Shona Leitch

Keyword(s):

National Security ◽

Homeland Security ◽

Critical Infrastructure ◽

Security Policies ◽

Government Policies ◽

Security Threats ◽

Cyber Warfare ◽

Security Risks ◽

Infrastructure Protection

Australia has developed sophisticated national security policies and physical security agencies to protect against current and future security threats associated with critical infrastructure protection and cyber warfare protection. In this paper, the authors examine some common security risks that face Australia and how government policies and strategies have been developed and changed over time, for example, the proposed Australian Homeland Security department. This paper discusses the different steps that Australia has undertaken in relation to developing national policies to deal with critical infrastructure protection.

Maturity and Process Capability Models and Their Use in Measuring Resilience in Critical Infrastructure Protection Sectors

International Journal of Strategic Information Technology and Applications ◽

10.4018/ijsita.2014040104 ◽

2014 ◽

Vol 5 (2) ◽

pp. 44-63

Author(s):

Clemith J. Houston Jr. ◽

Douglas C. Sicker

Keyword(s):

Risk Management ◽

Cyber Security ◽

Critical Infrastructure ◽

Process Capability ◽

Management Capabilities ◽

Use Of Models ◽

Measurement Capabilities ◽

Provided Examples

This paper provides a literature review and survey of maturity and process capability models, Critical Infrastructure Protection (CIP) tools and frameworks to identify strategies for assessing and measuring resilience and risk management capabilities, with a specific focus on the electricity generating sector. The focus is on the use of models such as CERT-RMM, and others, as a means of addressing challenges associated with cyber security and risk management. Foundational concepts, terminology and definitions are provided; examples of maturity and process capability models are presented and discussed, tools that enable process capability and resilience are identified, including those specific to the electricity generating sector. The evolution of models and how they have addressed challenges is presented, in addition to the characteristics and differences of models and the growth in domains where they can be used. The benefits of the application of process capability and maturity models in maintaining and enhancing resilience and cyber security protection is supported in this paper and recommendations for research opportunities that may yield further insight and measurement capabilities are offered.

Problem Aspects of Legal Regulation of Public-Private Partnership in the Field of Critical Infrastructure Protection

Information Security of the Person, Society and State ◽

10.51369/2707-7276-2019-2-5 ◽

2019 ◽

pp. 40-50

Author(s):

Oleksandr Yermenchuk ◽

Maksym Palchyk

Keyword(s):

National Security ◽

Critical Infrastructure ◽

Legal Regulation ◽

International Experience ◽

Public Private Partnership ◽

Security Systems ◽

Private Partnership ◽

Defense Strategies ◽

Infrastructure Protection

This article provides systematic international experience of legal regulation of critical infrastructure protection in foreign jurisdictions. Some aspects of national critical infrastructure security systems of such as countries Germany, Spain, USA, and Denmark are described. The article determines that at national levels in different countries critical infrastructure protection is mainly regulated by national security strategies, defense strategies and other basic regulatory acts related to the functioning of critical infrastructure and its protection. The article considers aspects of legal regulation of relations in the sphere of public-private partnership and critical infrastructure protection in modern Ukraine. According to the results of the research, it has been established that in Ukraine there are documents of strategic character that regulate the implementation of public-private partnership, which should become a mutually beneficial factor that will facilitate mutual integration processes. Main directions for developing public-private partnership in the field of critical infrastructure protection in Ukraine have been suggested. Key words: public-private partnership, legal regulation, critical infrastructure, critical infrastructure protection, international experience.

National Security and Critical Infrastructure Protection

International conference KNOWLEDGE-BASED ORGANIZATION ◽

10.2478/kbo-2019-0001 ◽

2019 ◽

Vol 25 (1) ◽

pp. 8-13

Author(s):

Adriana Alexandru ◽

Victor Vevera ◽

Ella Magdalena Ciupercă

Keyword(s):

United States ◽

National Security ◽

Critical Infrastructure ◽

The United States ◽

Critical Infrastructures ◽

Technological Advancement ◽

Normal Functioning ◽

Crisis Scenarios

Abstract The link between national security and the protection of critical infrastructure is vital to the progress of any society and its proper social functioning. The term critical infrastructure was developed by the United States in the 1990s and it has evolved in time; nowadays, most of the current definitions include the security dimension in their content. Along with its many benefits, the technological advancement has brought with it the diversification of threats that could lead to the malfunctioning of critical infrastructures. The new weapons of the 21st century and the new asymmetric threats constitute real dangers to the good functioning of every critical infrastructure. Once they may be interrupted, the normal functioning of the whole society would be endangered because of the domino effects it causes. In this article we will look at how the link between critical infrastructure and national security is reflected in national regulations and crisis scenarios, highlighting the main strengths and the existing legislative gaps along with discussing their applicability.

RISK MANAGEMENT IN THE FINANCIAL SECTOR OF UKRAINE IN THE CONTEXT OF CYBER THREATS AND POST-PANDEMIC ECONOMIC RECOVERY

INNOVATIVE ECONOMY ◽

10.37332/2309-1533.2021.3-4.3 ◽

2021 ◽

pp. 19-27

Author(s):

Nazar Demchyshak ◽

Anastasiia Shkyria

Keyword(s):

Risk Management ◽

National Security ◽

Cyber Security ◽

Financial Sector ◽

Cyber Attacks ◽

Cyber Threats ◽

The World ◽

Cyber Threat ◽

Security Index ◽

Cyber Risk

Purpose. The aim of the article is substantiation of approaches of domestic and foreign scientists to risk management in the financial sector of Ukraine in the context of cyber threats and the need to ensure national security and post-pandemic economic recovery. Methodology of research. General scientific and special methods of scientific research are used in the article, in particular: induction, deduction, scientific abstraction - to reveal the essence of the concepts of "cyber threat", “cyber security" and "digitalization"; statistical and graphical methods - to assess the current situation in the field of cyber defence in the world and the national cyber security index; methods of analysis and synthesis - in substantiating the conclusions of the research. Finding. Definitions of cyber risk, approaches to its interpretation and classification were considered. The importance of cyber security in the digitalization of the national economy was argued. The Strategy of Ukrainian Financial Sector Development until 2025 is analysed. The world statistics of frequency and losses due to cyber-attacks are studied and the cyber threats that caused the greatest losses in Ukraine are identified. The analysis of Ukraine’s positions in the National Cyber Security Index 2020 is carried out. The directions of cyber threat prevention that can be useful for Ukrainian companies are substantiated. Originality. The author’s definition of the term "cyber risk" is proposed, in which special attention in focused on the effects of cyber threats. The importance of cyber risk management in the conditions of inevitability of digitalization in the financial sector of Ukraine is substantiated. Approaches to the prevention of cyber-attacks, the implementation of which is necessary for the successful digital transformation of Ukraine, are proposed. Practical value. The results of the research will contribute to the formation of an effective risk management system in the financial sector of Ukraine in terms of digitalization of the financial space and post-pandemic recovery of the national economy. Key words: national security, cyber risk, cyber threat, cyber defence, digitalization, post-pandemic recovery, fintech.

Influence of time-dependent factors in the evaluation of critical infrastructure protection measures.

10.2172/937012 ◽

2008 ◽

Author(s):

W. A. Buehring ◽

M. E. Samsa

Keyword(s):

Critical Infrastructure ◽

Time Dependent ◽

Protection Measures ◽

Infrastructure Protection