Chapter

Major Themes in the Literature of Cybersecurity and Public–Private Partnerships; A Focus on Financial Institutions

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Throughout the existing literature on information sharing between public and private partnerships (PPPs), many contemporary authors define the basic premise of what specifically constitutes a public and private partnership. These partnerships exist as there is a common need among organizations to share information to prevent a wide variety of criminal activities. Specific information sharing between organizations may focus on attackers, victims, incidents, or vulnerabilities. To better understand why public–private partnerships are essential, it is imperative to assess the cyber-threat environment both public and private organization have to deal with on a daily basis. This chapter offers a current literature and contemporary sources published within the last five years on public–private partnerships in cybersecurity. The intent of this literature review was to offer both academics as well as practitioners an overview of the current state of public–private partnerships against an evolving cyber-threat environment. This chapter contains eight sections-themes found within the literature; (1) Critical infrastructure protection, (2) Legal and organizational barriers to information sharing, (3) Public Safety’s role in cybercrime and cybersecurity incidents, (4) Public sector and government roles and responsibilities, (5) International public and private initiatives, (6) Private sector, (7) The corporate and private security domain, (8) The importance of technology.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

ResearchGate has not been able to resolve any citations for this publication.
Article
Full-text available
Purpose The purpose of this paper is to adopt an organisational network perspective to examine the structural properties underpinning the design and governance of multi-agency fusion centres and related environments, focussing particularly on how they are formed and internally managed. Design/methodology/approach The authors conducted several focus groups and follow-up interviews with executive and operational members of Australia’s principal fusion centres and related environments. Findings The authors argue that in order to understand the internal dynamics of fusion centres, and the ways in which they form and function, the analysis of interrelationships between partners and potential partners is critical. The authors have demonstrated that a network model can assist in this type of analysis. For example, hub-and-spoke network structures appear to be a particularly effective solution to the centralisation-density trade-off for such inter-agency networks. Originality/value The authors use a novel approach that combines a goal-oriented network framework with the existing literature on fusion centres to synthesise key features of the network structure of fusion centres and associated processes of information sharing.
Article
Full-text available
In the context of globalisation and privatisation, an emerging body of literature has applied the concept of an ‘assemblage’ to international relations and security studies. This article will argue that an assemblage framework provides the best means for understanding the complex configuration of cyber security actors, given that contemporary cyber security practices do not conform to the traditional public-private and global-local distinctions used in security studies and International Relations literature. With the configuration of cyber security actors, and the relationships between them in constant flux, an assemblage framework provides a means for understanding the contested, dynamic and diachronic nature of contemporary cyber security provision. While the concept of security assemblages is favoured in this article, the process and context in which the term has traditionally been used cannot be blindly imposed on the issue of cyber security. This article will therefore propose a different model of how cyber security assemblages have developed and explain the implications this has on contemporary security dynamics.
Article
Full-text available
Cybersecurity sits at the intersection of public security concerns about critical infrastructure protection and private security concerns around the protection of property rights and civil liberties. Public-private partnerships have been embraced as the best way to meet the challenge of cybersecurity, enabling cooperation between private and public sectors to meet shared challenges. While the cybersecurity literature has focused on the practical dilemmas of providing a public good, it has been less effective in reflecting on the role of cybersecurity in the broader constitution of political order. Unpacking three accepted conceptual divisions between public and private, state and market, and the political and economic, it is possible to locate how this set of theoretical assumptions shortcut reflection on these larger issues. While public-private partnerships overstep boundaries between public authority and private right, in doing so they reconstitute these divisions at another level in the organization of political economy of liberal democratic societies.
Article
Full-text available
The governance of cyber-security risks is seen as increasingly important to the security of the nation. However, cyber-security risks are characterized by a fundamental uncertainty, which poses a great challenge to their governance and calls for new modes of organizing security politics. Public–private partnerships (PPPs) are often seen as the answer to this challenge by enhancing flexibility and robustness through knowledge-sharing. Engaging with the literature on PPPs and the Danish practice on cyber security, we show how PPPs involve controversies over different threat realities of cyber security. This plays out as controversies over what is considered threatened, the scope of the issue and the kind of expertise to be mobilized. Arguing that PPPs on security are not defined narrowly by short-sighted strategic self-interest but also loyalty and commitment, we suggest that the innovative potential of such PPPs lie not in a possible consensus on a common purpose and threat reality, but in the ability to embrace divergent definitions and approaches to cyber security. Acknowledging the corporate interests and loyalty, we suggest a move towards the notion of partnering through dissent.
Chapter
Full-text available
There was a time within even this author’s memory, when there was no cyberspace, no cybercrime of note, no viruses and no anti-virus software, no hacking and no hackers. Cyber-delinquency was unknown, criminals had to do their criminality in the physical world and academic research was done in libraries not ‘on-line’. The speed of banking in that far off time was pedestrian. During the Fifties, letters took weeks to arrive overseas, with anything more urgent being sent by costly telegram, over phone wires. In the intelligence world, the success of decoding Enigma and the entire field of de-encryption remained a secret, Alan Turing continued to be an unsung hero, and machine intelligence had very little acknowledged role, it was mainly human centred. In the Sixties, protest was on the streets and no-one, apart from traffic engineers, knew what networking meant. In just one lifetime, all that has changed and the pace of that change has rapidly accelerated too. The evolution of cyberspace has brought many advantages to societies once separated by distances but now able to communicate, bank, educate and socialize online and in real time. It has also brought many unanticipated dangers. Some, including radicalization, grooming, phishing, banking fraud, stalking, identity theft and denial of service attacks, are the stuff of daily news. Others, including the security and defence revolutions in military affairs, are much less discussed, despite the fact that the cyber-world originated and is firmly rooted in a military architecture of space based satellites and associated communications infrastructure. This chapter critically assesses some of the mythology of just who are the cyber bad guys, the extent to which these constructions are open to wider processes of perceptions management and the need to identify the rather more hidden agendas facilitated by emerging new capability sets in cyberspace and the so called ‘internet of things.’ That world is still tremendously Anglo-centric, notions of just whose security is being protected remain contested, and we are only at the beginning of a more global debate on big data and the challenge of meaningful governance.
Chapter
Full-text available
The growing body of knowledge on the structure of terrorist networks, their flexibility to adapt to very hostile environments and their resilience in the face of law enforcement disruption, has spawned the idea that “it takes a network to fight a network”. A number of counter-terrorism strategies have resulted from this new philosophy, which attempt to leverage the network paradigm in order to improve the responsiveness and effectiveness of security bureaucracies. However, this chapter argues that some of the risks (or costs) inherent to the adoption of this nodal approach have been underestimated – or plainly ignored, despite their serious implications on the democratic governance of security. Three crucial dilemmas (the trust, information and legality dilemmas) faced by counter-terrorism networks will help explain why adversarial isomorphism should be considered with great caution and why bureaucracies should not be discarded from the counter-terrorism toolbox.
Technical Report
Full-text available
The EP3R (European Public-Private Partnership for Resilience) was established in 2009 and was the very first attempt at Pan-European level to use a Public-Private Partnership (PPP) to address cross-border Security and Resilience concerns in the Telecom Sector. The EP3R participants initiated many discussions, saw a lot of commitment, and produced interesting conclusions. It also revealed some further needs in the security and resilient field and also some gaps to be filled in order to reach a higher maturity level of the Telecom Sector. The EP3R closed down in April 2013, after 4 years of existence and practically 3 years of operations. The impact of the very first European Public -Private Partnership for Resilience had to be assessed and lessons had to be drawn for future similar initiatives and other funded actions for improving European resilience.
Article
Full-text available
Based on a case study of the role of private financial institutions in the fight against terrorist financing, this article examines the rationales for, and actual results of, public-private partnerships in counterterrorism. It shows that there is still a lack of appreciation of the roles that regular private business play, both willingly and unwillingly, in the fight against terrorism. As profit, rather than security, maximizers, private sector actors may decide to take certain security risks rather than addressing them directly, which in contrast is expected from public agencies. As a consequence, public-private partnerships have not been the silver bullet that the representatives of public agencies had hoped for since 9/11. In fact, to many private sector representatives, they are more akin to public-private dictatorships.
Thesis
This thesis presents a behavioral economics contribution to the security of information systems. It focuses on security information sharing (SIS) between operators of critical infrastructures, such as systemic banks, power grids, or telecommunications. SIS is an activity by which these operators exchange cybersecurity-relevant information, for instance on vulnerabilities, malwares, data breaches, etc. Such information sharing is a low-cost and efficient way by which the defenders of such infrastructures can enhance cybersecurity. However, despite this advantage, economic (dis)incentives, such as the free-rider problem, often reduce the extent to which SIS is actually used in practice. This thesis responds to this problem with three published articles. The first article sets out a theoretical framework that proposes an association between human behavior and SIS outcomes. The second article further develops and empirically tests this proposed association, using data from a self-developed psychometric survey among all participants of the Swiss Reporting and Analysis Centre for Information Assurance (MELANI). SIS is measured by a dual approach (intensity and frequency), and hypotheses on five salient factors that are likely associated with SIS outcomes (attitude, reciprocity, executional cost, reputation, trust) are tested. In the third article, policy recommendations are presented in order to reduce executional costs, which is found to be significantly and negatively associated with SIS. In conclusion, this thesis proposes multiple scientific and practical contributions. It extends the scientific literature on the economics of cybersecurity with three contributions on the human factor in SIS. In addition, regulators will find many recommendations, particularly in the area of governance, to support SIS at the legislative level. This thesis also offers many avenues for practitioners to improve the efficiency of SIS, particularly within Information Sharing and Analysis Centers (ISACs) in charge of producing Cyber Threat Intelligence in order to anticipate and prevent cyberrisks.
Article
Cyberspace is a new domain of operation, with its own characteristics. Cyber weapons differ qualitatively from kinetic ones: They generate effects by non-kinetic means through information, technology, and networks. Their properties, opportunities, and constraints are comparable to the qualitative difference between conventional and nuclear weapons. New weapons and their target sets in a new domain raise a series of unresolved policy challenges at the domestic, bilateral, and international levels about deterrence, attribution, and response. They also introduce new risks: uncertainty about unintended consequences, expectations of efficacy, and uncertainty about both the target’s and the international community’s response. Cyber operations offer considerable benefits for states to achieve strategic objectives both covertly and overtly. However, without a strategic framework to contain and possibly deter their use, make state and non-state behavior more predictable in the absence of reciprocal norms, and limit their impact, an environment where states face persistent attacks that nonetheless fall below the threshold of armed conflict presents a policy dilemma that reinforces collective insecurity.
Article
One of the most pressing challenges with policing online fraud relates to jurisdiction. Policing is traditionally based on territoriality, but the internet has changed this. Offenders in one country can target a victim in a second country, who is requested to send money to a third or fourth country. This article examines online fraud victims’ reporting to police. Specifically, it demonstrates the misconceptions that exist regarding jurisdiction, namely the relationship between the Australian Federal Police and state/territory police. A clear disconnect emerges between understandings and expectations of who can investigate what relating to online fraud. The Australian Cybercrime Online Reporting Network’s establishment in 2014 is a positive step but this has not fixed the issue entirely. Overall, the article argues that the jurisdictional challenges experienced by police are not understood by victims, and improvement is needed regarding awareness of victims and police alike, to reduce unnecessary, additional trauma to victims.
Article
There are well-documented examples of successful, mutually beneficial collaborations in supply chains; however, the failure rate of collaborations that are initiated is surprisingly high. This research focuses on one cornerstone of a successful collaboration, information sharing. The idea is to help companies who are considering a collaborative opportunity to evaluate the value of the information that would be shared so efforts are only expended on potential collaborations that have an acceptable reward for the risk. This proposed methodology is an optimality-based approach that uses game theory and considers information sharing in both the competition-cooperation and coopetition environments. Value is first assigned to information along several dimensions that allows payoff matrices to be constructed. Using these, Nash equilibrium and Pareto optimality are used to provide insights for decision makers.
Preprint
This contribution is the first to explore in depth the various financial services sector organizations focused on cybersecurity and critical infrastructure protection. We first discuss how governance over security and the protection of critical infrastructure has increased the focus on the role of public-private partnerships (PPPs) in addressing issues of cybersecurity. We continue by highlighting three sector-led bodies—the Financial Services Information Sharing and Analysis Center, the Financial Services Sector Coordinating Council, and the Financial Systemic Analysis and Resilience Center—and how each facilitates PPPs to address cyber challenges primarily in the areas of information sharing, policy coordination, and threat analytics, respectively. The chapter concludes with a discussion of lessons learned and remarks on future research avenues in the area of cybersecurity governance. These lessons include: 1) validation of the PPP model, with some important caveats, 2) the need to extend PPPs beyond information sharing to address systemic risks, and 3) the limitations of PPPs in regulated industries like finance.
Article
Cybercrimes, or offenses enabled by technology, affect computer systems and people and prove difficult to pursue through traditional criminal justice strategies due to jurisdictional challenges and legal hurdles. As a result, corporations and industry have begun to play a role in mitigating various forms of cybercrime. This article examines what constitutes cybercrime and the successes and limitations of law enforcement in combatting these offenses. I present a detailed discussion of efforts by industry and regulatory bodies to deter cybercrime. Finally, I consider and discuss the risks and challenges that traditional criminal justice system operations face moving forward.
Book
This book comprises an authoritative and accessible edited collection of chapters of substantial practical and operational value. For the very first time, it provides security practitioners with a trusted reference and resource designed to guide them through the complexities and operational challenges associated with the management of contemporary and emerging cybercrime and cyberterrorism (CC/CT) issues. Benefiting from the input of three major European Commission funded projects the book's content is enriched with case studies, explanations of strategic responses and contextual information providing the theoretical underpinning required for the clear interpretation and application of cyber law, policy and practice, this unique volume helps to consolidate the increasing role and responsibility of society as a whole, including law enforcement agencies (LEAs), the private sector and academia, to tackle CC/CT. This new contribution to CC/CT knowledge follows a multi-disciplinary philosophy supported by leading experts across academia, private industry and government agencies. This volume goes well beyond the guidance of LEAs, academia and private sector policy documents and doctrine manuals by considering CC/CT challenges in a wider practical and operational context. It juxtaposes practical experience and, where appropriate, policy guidance, with academic commentaries to reflect upon and illustrate the complexity of cyber ecosystem ensuring that all security practitioners are better informed and prepared to carry out their CC/CT responsibilities to protect the citizens they serve.
Article
Existing organizational cultures among agencies in the intelligence community serve as barriers to information sharing. These cultures are characterized by secrecy and limited disclosure of information. Their practices of limited information distribution and existing extensive compartmentalization of information serve as impediments to information exchange between agencies in the intelligence community. To remedy this, changes in the organizational cultures of agencies in the intelligence community are required.Without a change in organizational culture, the culture of information sharing envisioned by the reforms that have occurred in the intelligence community post-9/11 will not be realized.
Chapter
There are several reasons to consider cybersecurity risks for companies and personal information. Companies can be attacked and are exposed to hacking and comments that affect their reputation, their brand and the security of their employees. The assets of the organization are the employees, connected computing devices, external users, services and applications, social networks, communications systems and all of the information transmitted and/or stored in the cyber environment. Personal and familiar information is also exposed as children use social networks, we share the computer and cloud at home and the profiles we use are not always secured, showing a lot of information that reveals aspects of our private life, without talking about the Wi-Fi penetration and information theft (pictures, bank accounts, documents, etc.). The Spanish National Cybersecurity Strategy is the framework of an integrated model based on involvement, coordination and harmonization of all stakeholders and state resources in public-private partnerships, along with the participation of citizens. In order to do this, a strong coordination of the various government agencies, as well as adequate public-private cooperation initiatives to be able to reconcile and promote the exchange of information are required. Private investigation professionals, working within the law, and using technology, forensic methodologies, and cyber intelligence procedures help in finding the offenders and getting the proofs for trials and lawsuits.
Article
This article reports on preliminary findings and recommendations of a cross-discipline project to accelerate international business-to-business automated sharing of cyber-threat intelligence, particularly IP addresses. The article outlines the project and its objectives and the importance of determining whether IP addresses can be lawfully shared as cyber threat intelligence. The goal of the project is to enhance cyber-threat intelligence sharing throughout the cyber ecosystem. The findings and recommendations from this project enable businesses to navigate the international legal environment and develop their policy and procedures to enable timely, effective and legal sharing of cyber-threat information. The project is the first of its kind in the world. It is unique in both focus and scope. Unlike the cyber-threat information sharing reviews and initiatives being developed at country and regional levels, the focus of this project and this article is on business-to-business sharing. The scope of this project in terms of the 34 jurisdictions reviewed as to their data protection requirements is more comprehensive than any similar study to date. This article focuses on the sharing of IP addresses as cyber threat intelligence in the context of the new European Union (EU) data protection initiatives agreed in December 2015 and formally adopted by the European Council and Parliament in April 2016. The new EU General Data Protection Regulation (GDPR) applies to EU member countries, a major focus of the international cyber threat sharing project. The research also reveals that EU data protection requirements, particularly the currently applicable law of the Data Protection Directive 95/46/EC (1995 Directive) (the rules of which the GDPR will replace in practice in 2018), generally form the basis of current data protection requirements in countries outside Europe. It is expected that this influence will continue and that the GDPR will shape the development of data protection internationally. In this article, the authors examine whether static and dynamic IP addresses are “personal data” as defined in the GDPR and its predecessor the 1995 Directive that is currently the model for data protection in many jurisdictions outside Europe. The authors then consider whether sharing of that data by a business without the consent of the data subject, can be justified in the public interest so as to override individual rights under Articles 7 and 8(1) of the Charter of Fundamental Rights of the European Union, which underpin EU data protection. The analysis shows that the sharing of cyber threat intelligence is in the public interest so as to override the rights of a data subject, as long as it is carried out in ways that are strictly necessary in order to achieve security objectives. The article concludes by summarizing the project findings to date, and how they inform international sharing of cyber-threat intelligence within the private sector.
Chapter
This chapter describes the fight against cybercrime from a European perspective. Law enforcement agencies always have had an important role when it comes to fighting crime. However, in this digital era, several problems hamper the effectiveness of the police combating crime. Therefore, the first part of this chapter describes the difficulties the police have in fighting cybercrime. The second part of the chapter focuses on one of the strategies to overcome some of these difficulties, namely forming alliances with private institutes. This joint-up approach is mostly realized by public–private partnerships (PPPs), consisting of formalized cooperation between governmental authorities and important stakeholders. Cooperation between governmental and private actors is no sinecure, as will appear from a public administration perspective. Successful cooperation depends on several factors, which will be theoretically described and practically illustrated. Conclusively, the discussion paragraph handles the common dilemma of the extent to which the government should play a leading role in the fight against (cyber) crime.
Article
Much of contemporary analysis treats the public and private sectors as two rather separate and fundamentally different realms. Many see one of the two sectors as inherently virtuous and the other as corrupt. The paper shows, in considerable detail, that the two sectors are deeply intertwined. It follows that we need a rather different framework to study state and society.
Chapter
In the intelligence community, there is now a tendency to treat terrorism and other global threats as demanding active involvement of businesses and other social communities. Private companies are called upon to manage issues of national security, including terrorism, climate change, and organized crime. The overall political aim is to make ‘the entire society’1 resilient against natural disasters and human-made catastrophes. The US Secretary of Homeland Security Janet Napolitano (2011) put it this way: [T]he homeland security enterprise extends far beyond DHS [Department of Homeland Security] and the federal government … it requires not just a ‘whole of government,’ but a ‘whole of nation’ approach. In some respects, local law enforcement, community groups, citizens, and the private sector play as much of a role in homeland security as the federal government. That is why I like to say that ‘homeland security starts with hometown security.’
Article
Today's Industrial Control Systems (ICSs) operating in critical infrastructures (CIs) are becoming increasingly complex; moreover, they are extensively interconnected with corporate information systems for cost-efficient monitoring, management and maintenance. This exposes ICSs to modern advanced cyber threats. Existing security solutions try to prevent, detect, and react to cyber threats by employing security measures that typically do not cross the organization's boundaries. However, novel targeted multi-stage attacks such as Advanced Persistent Threats (APTs) take advantage of the interdependency between organizations. By exploiting vulnerabilities of various systems, APT campaigns intrude several organizations using them as stepping stones to reach the target infrastructure. A coordinated effort to timely reveal such attacks, and promptly deploy mitigation measures is therefore required. Organizations need to cooperatively exchange security-relevant information to obtain a broader knowledge on the current cyber threat landscape and subsequently obtain new insight into their infrastructures and timely react if necessary. Cyber security operation centers (SOCs), as proposed by the European NIS directive, are being established worldwide to achieve this goal. CI providers are asked to report to the responsible SOCs about security issues revealed in their networks. National SOCs correlate all the gathered data, analyze it and eventually provide support and mitigation strategies to the affiliated organizations. Although many of these tasks can be automated, human involvement is still necessary to enable SOCs to adequately take decisions on occurring incidents and quickly implement counteractions. In this paper we present a collaborative approach to cyber incident information management for gaining situational awareness on interconnected European CIs. We provide a scenario and an illustrative use-case for our approach; we propose a system architecture for a National SOC, defining the functional components and interfaces it comprises. We further describe the functionalities provided by the different system components to support SOC operators in performing incident management tasks.
Article
The Internet threat landscape is fundamentally changing. A major shift away from hobby hacking toward well-organized cyber crime can be observed. These attacks are typically carried out for commercial reasons in a sophisticated and targeted manner, and specifically in a way to circumvent common security measures. Additionally, networks have grown to a scale and complexity, and have reached a degree of interconnectedness, that their protection can often only be guaranteed and financed as shared efforts. Consequently, new paradigms are required for detecting contemporary attacks and mitigating their effects. Today, many attack detection tasks are performed within individual organizations, and there is little cross-organizational information sharing. However, information sharing is a crucial step to acquiring a thorough understanding of large-scale cyber-attack situations, and is therefore seen as one of the key concepts to protect future networks. Discovering covert cyber attacks and new malware, issuing early warnings, advice about how to secure networks, and selectively distribute threat intelligence data are just some of the many use cases. In this survey article we provide a structured overview about the dimensions of cyber security information sharing. First, we motivate the need in more detail and work out the requirements for an information sharing system. Second, we highlight legal aspects and efforts from standardization bodies such as ISO and the National Institute of Standards and Technology (NIST). Third, we survey implementations in terms of both organizational and technological matters. In this regard, we study the structures of Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs), and evaluate what we could learn from them in terms of applied processes, available protocols and implemented tools. We conclude with a critical review of the state of the art and highlight important considerations when building effective security information sharing platforms for the future.
Article
Government strategies to reduce the vulnerability of privately owned and corporate assets depend primarily on private sector knowledge and action. The intensification of economical, technological and social processes of globalization adds the risk to critical infrastructure industries, that are becoming more interdependent. The threat of catastrophic terrorism has created a new relationship between national security and routine business decisions in private firms providing infrastructure services. Extraordinary levels of coordination is required between organizations, public and private to secure any improved level of prevention, response and recovery.
Article
Despite its centrality in the national cyber security strategies of the US and the UK, the public–private partnership is a nebulous arrangement, which is especially problematic in the context of critical infrastructure protection. Privately owned and operated critical infrastructure that is regarded as a potential national security vulnerability raises questions about the allocation of responsibility and accountability in terms of cyber security. As with many aspects of cyber security, this issue is often discussed with little reference to previous scholarship that could provide conceptual scaffolding. This article draws on the extensive literature on public–private partnerships in order to assess the tensions and challenges of this arrangement in national cyber-security strategies. It finds that there is a serious disjuncture in expectations from both ‘partners’. The government regards privately owned and operated critical infrastructure as a key element of national security but is reluctant to claim a mandate to oversee network security. At the same time, the private sector is not inclined to accept responsibility or liability for national cyber security. This challenge for governments to manage national cyber security raises questions about how well equipped these states are to promote their own security in the information age. Acknowledging the flaws in the ‘partnership’ is an essential step towards addressing them.
Article
Virtuous War is the first book to map the emergence and judge the consequences of a new military-industrial-media-entertainment network. James Der Derian takes the reader from a family history of war and genocide to new virtual battlespaces in the Mojave Desert, Silicon Valley, Hollywood and American universities. He tracks the convergence of cyborg technologies, video games, media spectacles, war movies, and do-good ideologies that produced a chimera of high-tech, low-risk 'virtuous wars'. In this newly updated edition, he reveals how a misguided faith in virtuous war to right the wrongs of the world instead paved the way for a flawed response to 9/11 and a disastrous war in Iraq. Blinded by virtue, emboldened by technological superiority, seized by a mimetic terror, the US blundered from one foreign fiasco to the next. Taking the long view as well as getting up close to the war machine, Virtuous War provides a compelling alternative to the partisan politics, instant analysis and technical fixes that currently bedevil US national security policy.
Article
Because of advancement in information and communication technologies, modern infrastructure systems are currently operated, monitored and controlled by automated systems such as distributed process control networks and supervisory control and data acquisition. Such systems will make the critical infrastructures in any country vulnerable to failures caused by either operational failures or to potential cyberattacks similar to Stuxnet and Night Dragon. The objective of this paper is to shed the light on the synergy between cybersecurity and sustainable development in relation to the potential social, economic, and environment consequences of potential cybersecurity attacks on critical infrastructures. Examples of both operational and cybersecurity incidents are shown including their sustainable development implications.
Article
Who did it? Attribution is fundamental. Human lives and the security of the state may depend on ascribing agency to an agent. In the context of computer network intrusions, attribution is commonly seen as one of the most intractable technical problems, as either solvable or not solvable, and as dependent mainly on the available forensic evidence. But is it? Is this a productive understanding of attribution? — This article argues that attribution is what states make of it. To show how, we introduce the Q Model: designed to explain, guide, and improve the making of attribution. Matching an offender to an offence is an exercise in minimising uncertainty on three levels: tactically, attribution is an art as well as a science; operationally, attribution is a nuanced process not a black-and-white problem; and strategically, attribution is a function of what is at stake politically. Successful attribution requires a range of skills on all levels, careful management, time, leadership, stress-testing, prudent communication, and recognising limitations and challenges.
Article
Countries are creating strategies to defend themselves from cyberwar and cyberespionage in response to cyber attacks such as Stuxnet, Flame and the use of social media in national conflicts. Nations are grouping in blocs for these strategies along traditional international-relations lines. Combating cybercrime is becoming more difficult, and less important, as a result, since potential partners in crime-fighting must increasingly treat each other as cyber opponents. Canada should not abandon potential partnerships with China, Russia and their allies because of increased cyberwarfare concerns. Canada should strive for a middle ground that that will allow Canada to cooperate with every country as long as that cooperation advances the Canadian interest in a more secure cyberspace for Canadians.
Chapter
All critical infrastructures are dependent on computer information infrastructures for management, control, and communications. The government defines a critical infrastructure as, …systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety… (DHS 2012). Critical information infrastructure (CII) facilities use special equipment to control or manage telecommunications, air transportation, the financial sector, the electric power grid and many other services important for the economy and daily activity. Cyber attacks against these and other critical infrastructure facilities can potentially disrupt services over widespread areas and long times. Critical infrastructure equipment systems have unique security vulnerabilities that can make them appear to be relatively easy targets for cyber espionage or cyber sabotage. Examples of cyber attacks aimed at CII facility equipment vulnerabilities include malicious computer programs called Flame and Stuxnet, which were reportedly created by the U.S. and Israel for cyber espionage and sabotage against critical nuclear industrial facilities in Iran. In the U.S., officials have expressed warnings that cyber attacks by nations, criminals, or extremists and terrorists could soon overtake traditional violent terrorist attacks as the top threat to U.S. National Security (Nakashima, Senate Ready to take up cybersecurity bill that critics say is too weak, 2012). This chapter explores emerging cyberterrorism threats to critical information infrastructures. There is discussion of the special cyber vulnerabilities found in industrial control systems that operate critical infrastructure facilities. These special vulnerabilities help make important critical infrastructures look like easy targets for possible cyberterrorist attacks. This is followed by a description of malicious zero-day exploits, which provide sophisticated stealth characteristics that can help to secretly insert malicious code into critical infrastructure systems for espionage and for cyber sabotage. Hackers and cyber experts may knowingly or unknowingly sell these zero-day exploits and malicious code to extremists or terrorist groups. Governments and businesses may also use the stealth features of zero-day exploit code to insert malicious cyber code into critical infrastructures of businesses or nations which may later be activated for cyber sabotage. As Western governments continue to use pre-emptive cyber strikes to enforce unilateral policy decisions, this may encourage retaliatory cyberattacks from extremists or terrorists that target critical infrastructures in the West. Analysis of the code for Flame and Stuxnet has been shared widely among teams of researchers and teams of hackers in several countries, and copies of the code have become an open repository for re-usable malicious technology. It is likely that extremists and terrorists may now also have access to copies of the malicious technologies available in this repository that can be used as models for future cyberterrorist attacks directed against critical infrastructures in Western nations.
Article
Critical Infrastructure Protection seeks to enhance the physical and cyber-security of key public and private assets and mitigate the effects of natural disasters, industrial accidents and terrorist attacks. In 2009, several Canadian governments published the National Strategy and Action Plan for Critical Infrastructure (NS&AP), a framework for governments and the owners and operators of critical infrastructure - largely in the private sector - to collaborate on the security and increased resiliency of Canada's critical assets. Drawing on the social science risk literature, audits, and a three-year research and education project, this article argues that the strategy of relationship building, collaborative risk management and information sharing is under-developed and limited by market competition, incompatible institutional cultures, and legal, logistical and political constraints. The NS&AP should better delineate risks and identify how governments can work with industry, and acknowledge the paradox between trust and transparency, the role of small- and medium-sized enterprise, and how risk management processes can vary. © The Institute of Public Administration of Canada/L'Institut d'administration publique du Canada 2013.
Article
Purpose – This paper aims to map out multi-agency partnerships in the UK information assurance (UKIA) network in the UK. Design/methodology/approach – The paper surveyed members of the UKIA community and achieved a 52 percent response rate ( n =104). The paper used a multi-dimensional scaling (MDS) technique to map the multi-agency cooperation space and factor analysis and ordinary least squares regression to identify predictive factors of cooperation frequency. Qualitative data were also solicited via the survey and interviews with security managers. Findings – Via the quantitative measures, the paper locates gaps in the multi-agency cooperation network and identifies predictors of cooperation. The data indicate an over-crowded cybersecurity space, problems in apprehending perpetrators, and poor business case justifications for SMEs as potential inhibitors to cooperation, while concern over certain cybercrimes and perceptions of organisational effectiveness were identified as motivators. Practical implications – The data suggest that the neo-liberal rationality that has been evoked in other areas of crime control is also evident in the control of cybercrimes. The paper concludes divisions exist between the High Policing rhetoric of the UK's Cyber Security Strategy and the (relatively) Low Policing cooperation outcomes in “on the ground” cyber-policing. If the cooperation outcomes advocated by the UK Cyber Security Strategy are to be realised, UKIA organisations must begin to acknowledge and remedy gaps and barriers in cooperation. Originality/value – This paper provides the first mixed-methods evidence on the multi-agency cooperation patterns amongst the UKIA community in the UK and highlights significant gaps in the network.
Conference Paper
Critical infrastructure and services in financial industry are important for our society and the financial industry starts to understand the topic beyond the normal and well maintained Business Continuity Management and Disaster Recovery Plans (BCM & DRP). Today, the international backbone financial infrastructures operate pretty well, but in the infrastructure towards clients, two issues are utmost critical for the banks: Drive By Download and Phishing; both are related to steeling identity and money via e-banking. This is one of the results achieved by the EU project Parsifal (Protection and Trust in Financial Infrastructure (Parsifal-Team, 2010), for compositing a research agenda for the cyber security of the financial industry.
Article
There is a public interest in ensuring that infrastructure systems are appropriately protected and prepared for disruptions. While infrastructure protection is usually viewed as a public responsibility, infrastructure risk management actually requires a high degree of cooperation between the public and private sectors, particularly in the sharing of information about risks to infrastructure. Discussions with Chief Security Officers across sectors of the US economy reveal the complexity of the task, as they describe at length the private sector’s requirements of multiples types of information about a range of potential threats. While the US government has established many mechanisms for sharing information, barriers remain that inhibit both the private and public partners from obtaining the information needed to protect infrastructure. Overcoming these barriers requires new thinking about the intelligence generation process, the mechanisms and practices upon which the process relies, and the responsibilities of those in the private sector who participate in it.
Article
Purpose The paper's aim is to demonstrate how organizations related to public security and safety can more effectively partner with private sector companies under the rubric of corporate social responsibility (CSR). Design/methodology/approach An analysis of actual cases of collaboration between such bodies and the private sector informs a suggested engagement approach. Findings A structured approach of engagement to the private sector for CSR support is possible if public safety entities understand how to effectively involve private sector organizations in their work. This includes clear tangible asks with demonstrable returns and an eye to understanding what effective CSR encompasses from an outcome perspective but also from the perspective of what drives the private sector to engage in CSR. Practical implications The paper lays out a point‐by‐point engagement strategy which could increase public‐private partnerships in the public safety arena. Social implications This paper is a clear indication of how and where public sector engagement with the private sector in areas of security are a win‐win combination and augment public security and the effectiveness of both public and private sector bodies concerned with this outcome. Originality/value This paper lays out in a clear and novel way a “how to” guide for effective engagement with the private sector to public bodies with a relatively limited experiential base for this form of engagement. It offers a means to significantly expand this form of collaboration to the benefit of society overall.
Article
The harvesting of financial intelligence by law enforcement and intelligence services through various forms of surveillance is now so prevalent that it has become a core feature of contemporary security practice. Not surprisingly, concerns have been raised regarding the intrusive nature of financial intelligence collection and the emerging challenges posed to liberty. This article, whilst written primarily from a UK perspective, considers the trade-offs that inevitably emerge when liberty and security collide. Above all it argues that such measures are a necessary consequence of a changing security environment and that effective counter measures inevitably come at a price. The value added from data surveillance by the state, when lawfully sanctioned, audited and regulated are in the interests of public safety and national security, deemed a price worth paying.
Article
For more than a decade, efforts have been underway to establish Public Private Partnerships (PPP) for Critical Infrastructure Protection (CIP). Due to issues arising in connection with their implementation, there has been increasing criticism in recent years questioning the usefulness of such PPP. However, cooperation between the state and the private corporate sector in CIP is not only useful, but inevitable. This paper will therefore sketch a new and above all broader approach to public private cooperation to help solve some of the problems that have become apparent. Based on the network approach developed by governance theory, it is argued that CIP policy should increasingly rest on self­-regulating and self­-organizing networks. Thus, the government's role would no longer consist in directing and monitoring, but of coordinating the networks and identifying instruments that can help motivate networks to meet the task of CIP.
Detect and block email threats with customer YARA rules
  • I Ahl
  • R Lyer
Corporate zones of cyber security (Doctoral dissertation)
  • K K Christensen
Canadian cybersecurity 2018; An anthology of CIO/CISO enterprise-level perspectives
  • W R Gordon
Cybersecurity for financial institutions: The integral role of information sharing in cyber-attack mitigation. North Carolina Banking Institute
  • A L Johnson
CSIS using new powers to disrupt terrorists since Bill C-51 became law
  • Cbc
Banks adopt military-style tactics to fight cybercrime
  • S Cowley