scholarly journals Cybersecurity: Toward a Meaningful Policy Framework

2018 ◽  
Author(s):  
Peter M. Shane
Keyword(s):  
Cyber Security ◽  
Security Policy ◽  
Legal Framework ◽  
Public Understanding ◽  
Policy Framework ◽  
Military Effectiveness ◽  
The Public ◽  
Trade Offs ◽  
National Debate ◽  
Sharing Responsibility

This critique of Karson K. Thompson’s note, "Not Like an Egyptian: Cybersecurity and the Internet Kill Switch Debate," argues that the U.S. lacks a framework of laws and regulations, "smart" or otherwise, that adequately incentivizes the parties with the greatest capacity to improve our cyber security to do so. It attributes the poor state of U.S. cyber policy to the "bewildering array of overlapping responsibilities" scattered among government offices and departments; the difficult imperative of sharing responsibility among military and civilian authorities; the fact that most of the networks (and the dependent critical infrastructures) that need protecting are in private hands; and the lack of public understanding of the kinds of regulation that are necessary or appropriate. The essay argues that meaningful progress towards an adequate legal framework depends on a broad national debate aimed at defining the public good with regard to cyber-security, and the inevitable trade-offs among security, privacy, productivity, economic growth, organizational flexibility, military effectiveness, government transparency, and accountability that must be confronted in making sensible cyber-security policy.

Cyber-Search and Cyber-Seizure

2014 ◽  
pp. 471-514
Author(s):  
Catherine B. Lotrionte
Keyword(s):  
Cyber Security ◽  
Security Policy ◽  
Computer Systems ◽  
Fourth Amendment ◽  
Legal Framework ◽  
Executive Branch ◽  
Electronic Communications ◽  
Cyber Threats ◽  
Individual Privacy ◽  
The Government

This chapter discusses the nature of cyber threats against government and private computer systems, describing some steps the government has taken and the challenges involved in protecting those systems. The chapter argues that a national security approach for cyber security policy is the most promising option for preventing these cyber threats while operating within the domestic legal framework. After a review of the President's constitutional authorities to protect the nation from traditional threats, the chapter concludes that the President has some power to monitor Internet communications in transit within the United States when the communications threaten the welfare of the nation. The chapter recommends that this authority be augmented by Congressional action through legislation. The President's powers in cyber security, even given Congressional support, however, are still restrained by the protections the Fourth Amendment provides for traditional forms of communication and individual privacy. Although there is limited Fourth Amendment precedent in the area of cyber security, the well-established exceptions to the Fourth Amendment requirements, based on consent, special governmental needs and the reasonableness of the search or seizure, provide a legal basis for executive branch action to protect critical infrastructures and their computer systems. As the Courts have long held, these exceptions allow the government to conduct searches or seizures without being bound by all of the requirements of the Fourth Amendment. If the government develops its cyber security policy in line with these exceptions, this chapter argues the government can both protect critical computer systems and operate within Fourth Amendment doctrine that recognizes the legitimacy of privacy in electronic communications.

Good Governance and Virtue in South Africa's Cyber Security Policy Implementation

2015 ◽  
Vol 5 (1) ◽  
pp. 19-29 ◽  
Author(s):  
Oliver Burmeister ◽  
Jackie Phahlamohlaka ◽  
Yeslam Al-Saggaf
Keyword(s):  
Cyber Security ◽  
Security Policy ◽  
Ethical Issues ◽  
Good Governance ◽  
Policy Framework ◽  
Cyber Attack ◽  
Ethical Perspective ◽  
National Interests ◽  
Nation States ◽  
Arabic And English

Good governance from an ethical perspective in cyberdefence policy has been seen in terms of duty and consequentialism. Yet the negotiated view of virtue ethics can also address how nation states mitigate the risks of a cyber attack to their national interests and to prepare for a cyber offence in response to an attack. A discourse analysis of the “0x Omar”-Israeli conflict of 2012, as reported in the Arabic and English media and on the Internet, is used to explore ethical issues that this case raises and to examine how the risks posed could be mitigated in relation to relevant elements of the South African cybersecurity policy framework. Questions raised include: At what point does the policy require a nation state to prepare for a cyber offence in response to a cyber attack? Ethically, how are such actions consistent with the principle of good governance?

Good Governance and Virtue in South Africa's Cyber Security Policy Implementation

2018 ◽  
pp. 325-336
Author(s):  
Oliver Burmeister ◽  
Jackie Phahlamohlaka ◽  
Yeslam Al-Saggaf
Keyword(s):  
Cyber Security ◽  
Security Policy ◽  
Ethical Issues ◽  
Good Governance ◽  
Policy Framework ◽  
Cyber Attack ◽  
Ethical Perspective ◽  
National Interests ◽  
Nation States ◽  
Arabic And English

Good governance from an ethical perspective in cyberdefence policy has been seen in terms of duty and consequentialism. Yet the negotiated view of virtue ethics can also address how nation states mitigate the risks of a cyber attack to their national interests and to prepare for a cyber offence in response to an attack. A discourse analysis of the “0x Omar”-Israeli conflict of 2012, as reported in the Arabic and English media and on the Internet, is used to explore ethical issues that this case raises and to examine how the risks posed could be mitigated in relation to relevant elements of the South African cybersecurity policy framework. Questions raised include: At what point does the policy require a nation state to prepare for a cyber offence in response to a cyber attack? Ethically, how are such actions consistent with the principle of good governance?

An Approach to Governance of CyberSecurity in South Africa

2014 ◽  
pp. 1583-1597
Author(s):  
Joey Jansen van Vuuren ◽  
Louise Leenen ◽  
Jackie Phahlamohlaka ◽  
Jannie Zaaiman
Keyword(s):  
South Africa ◽  
South African ◽  
Cyber Security ◽  
Security Policy ◽  
Critical Infrastructure ◽  
Holistic Approach ◽  
Governance Structure ◽  
Policy Framework ◽  
The Uk ◽  
And Control

A government has the responsibility to provide, regulate and maintain national security, which includes human security for its citizens. Recent declarations from the UK and USA governments about setting up cybersecurity organisations and the appointment of cyber czars reflect a global recognition that the Internet is part of the national critical infrastructure that needs to be safeguarded and protected. Although the South African government approved a draft National Cyber Security Policy Framework in March 2012, the country still needs a national cybersecurity governance structure in order to effectively control and protect its cyber infrastructure. Whilst various structures have been established to deal with cybersecurity in South Africa, they are inadequate and implementation of the policy is still in the very early stages. Structures need to be in place to set the security controls and policies and also to govern their implementation. It is important to have a holistic approach to cybersecurity, with partnerships between business, government and civil society put in place to achieve this goal. This paper investigates different government organisational structures created for the control of national cybersecurity in selected countries of the world. The main contribution is a proposed approach that South Africa could follow in implementing its proposed cybersecurity policy framework, taking into account the challenges of legislation and control of cybersecurity in Africa, and in particular, in South Africa.

Cyber-Search and Cyber-Seizure

2012 ◽  
pp. 308-351
Author(s):  
Catherine B. Lotrionte
Keyword(s):  
Cyber Security ◽  
Security Policy ◽  
Computer Systems ◽  
Fourth Amendment ◽  
Legal Framework ◽  
Executive Branch ◽  
Electronic Communications ◽  
Cyber Threats ◽  
Individual Privacy ◽  
The Government

This chapter discusses the nature of cyber threats against government and private computer systems, describing some steps the government has taken and the challenges involved in protecting those systems. The chapter argues that a national security approach for cyber security policy is the most promising option for preventing these cyber threats while operating within the domestic legal framework. After a review of the President’s constitutional authorities to protect the nation from traditional threats, the chapter concludes that the President has some power to monitor Internet communications in transit within the United States when the communications threaten the welfare of the nation. The chapter recommends that this authority be augmented by Congressional action through legislation. The President’s powers in cyber security, even given Congressional support, however, are still restrained by the protections the Fourth Amendment provides for traditional forms of communication and individual privacy. Although there is limited Fourth Amendment precedent in the area of cyber security, the well-established exceptions to the Fourth Amendment requirements, based on consent, special governmental needs and the reasonableness of the search or seizure, provide a legal basis for executive branch action to protect critical infrastructures and their computer systems. As the Courts have long held, these exceptions allow the government to conduct searches or seizures without being bound by all of the requirements of the Fourth Amendment. If the government develops its cyber security policy in line with these exceptions, this chapter argues the government can both protect critical computer systems and operate within Fourth Amendment doctrine that recognizes the legitimacy of privacy in electronic communications.

scholarly journals Cybersecurity Policy Framework in Saudi Arabia: Literature Review

2021 ◽  
Vol 3 ◽  
Author(s):  
Nawaf Alhalafi ◽  
Prakash Veeraraghavan
Keyword(s):  
Saudi Arabia ◽  
Cyber Security ◽  
Smart City ◽  
Security Policy ◽  
Smart Cities ◽  
New Technology ◽  
Policy Framework ◽  
Cyber Threats ◽  
The Usa ◽  
City Model

Saudi Arabia has a goal of ensuring that it has at least two cities among the top 100 smart cities of the future. However, increasing connectivity and incorporation of smart solutions in cities still raises concerns over cyber security with threats arising daily including denial of services and phishing as some of the most significant. Saudi Arabia, therefore, needs a cybersecurity policy framework that will ensure effective protection for all stakeholders in the smart city from these cyber threats. User acceptance is foremost important in any new technology, including smart-cities. Due to ongoing cyber threats and in the absence of an efficient cyber policies, Saudi end-user community is not keen to accept newer technologies where their interaction with online medium is required. The proliferation of smart cities globally affords the opportunity to analyze and compare the efforts made in Saudi Arabia with other nations like the USA, India and Singapore which is the premier smart city model in the globe currently. This review looks at the similarities and differences between KSA’s cyber security policy framework with these three nations. The review will note some of the defining characteristics and approaches to cyber security in the smart cities of USA, India, and Singapore. After reviewing the current framework in Saudi Arabia, this paper will make suggestions such as updating Saudi’s cybercrime legislation like in the US or formulating a master cyber security plan as seen in Singapore that will improve KSA’s framework creating the best framework model for cyber security in its smart cities.

scholarly journals Does Lebanon possess the capabilities to defend itself from cyber-theats? Learning from Estonia's experience

2019 ◽  
Author(s):  
◽  
Kristofas Barakat
Keyword(s):  
International Relations ◽  
National Security ◽  
Cyber Security ◽  
Security Policy ◽  
Legal Framework ◽  
Research Literature ◽  
Complex Nature ◽  
Profound Impact ◽  
Cyber Threats ◽  
Security Research

The growing danger of cyber-threats has forced many states to develop and strengthen their cyber-security capabilities. The complex nature of cyber-threats has a profound impact on traditional international relations, as many states today consider cyberspace as the greatest challenge to their national security. Research literature on cyberspace and cyber-threats is particularly limited in the case of Lebanon, despite Lebanon’s interesting cyber-threats history. The domination of traditional security dilemmas have restricted Lebanon from developing a successful cyber-security. The lack of attention and development for cyber-security has made Lebanon an appealing target for various actors to conduct their cyber-operations. The objective of the thesis is to determine whether Lebanon has the ability to defend itself from cyber-threats in spite of a missing cyber-security policy. The thesis offers an analysis of Lebanon’s current conditions with regard to cyber-security at various levels. The thesis employs the international legal framework on cybercrime, the Budapest Convention, in order to assess Lebanon’s capabilities to counter cyber-threats. Furthermore, this study utilizes Estonia, a small Baltic nation considered as one of the leaders in the field, as a comparative case to further examine Lebanon’s cyber-security and identify areas that would bolster Lebanon’s capabilities.

Estonia after the 2007 Cyber Attacks

2011 ◽  
Vol 1 (1) ◽  
pp. 24-34 ◽  
Author(s):  
Christian Czosseck ◽  
Rain Ottis ◽  
Anna-Maria Talihärm
Keyword(s):  
National Security ◽  
Cyber Security ◽  
Security Policy ◽  
Legal Framework ◽  
Cyber Attacks ◽  
Lessons Learned ◽  
Comprehensive Overview ◽  
Nation States ◽  
Information And Communication ◽  
Developed Nations

At the time of the state-wide cyber attacks in 2007, Estonia was one of the most developed nations in Europe regarding the ubiquitous use of information and communication technology (ICT) in all aspects of society. Relaying on the Internet for conducting a range of business transactions is common practice. But naturally, the more a society depends on ICT, the more it becomes vulnerable to cyber attacks. Unlike other research on the Estonian incident, this paper does not focus on the analysis of the events themselves. Instead, the authors examine Estonia’s cyber security policy and subsequent changes made in response to the cyber attacks. As such, the authors provide a comprehensive overview of the strategic, legal, and organisational changes based on lessons learned by Estonia after the 2007 cyber attacks. The analysis is based on a review of national security governing strategies, changes in the Estonia’s legal framework, and organisations with direct impact on cyber security. The paper discusses six important lessons learned and manifested in actual changes: each followed by a set of cyber security policy recommendations appealing to national security analysts as well as nation states developing their own cyber security strategy.

An Approach to Governance of CyberSecurity in South Africa

2012 ◽  
Vol 2 (4) ◽  
pp. 13-27 ◽  
Author(s):  
Joey Jansen van Vuuren ◽  
Louise Leenen ◽  
Jackie Phahlamohlaka ◽  
Jannie Zaaiman
Keyword(s):  
South Africa ◽  
Cyber Security ◽  
Security Policy ◽  
Critical Infrastructure ◽  
Holistic Approach ◽  
Governance Structure ◽  
Policy Framework ◽  
Security Controls ◽  
The Uk ◽  
And Control

A government has the responsibility to provide, regulate and maintain national security, which includes human security for its citizens. Recent declarations from the UK and USA governments about setting up cybersecurity organisations and the appointment of cyber czars reflect a global recognition that the Internet is part of the national critical infrastructure that needs to be safeguarded and protected. Although the South African government approved a draft National Cyber Security Policy Framework in March 2012, the country still needs a national cybersecurity governance structure in order to effectively control and protect its cyber infrastructure. Whilst various structures have been established to deal with cybersecurity in South Africa, they are inadequate and implementation of the policy is still in the very early stages. Structures need to be in place to set the security controls and policies and also to govern their implementation. It is important to have a holistic approach to cybersecurity, with partnerships between business, government and civil society put in place to achieve this goal. This paper investigates different government organisational structures created for the control of national cybersecurity in selected countries of the world. The main contribution is a proposed approach that South Africa could follow in implementing its proposed cybersecurity policy framework, taking into account the challenges of legislation and control of cybersecurity in Africa, and in particular, in South Africa.

Sign in / Sign up

Export Citation Format

Share Document