Transaction Search Form: please type in any of the fields below.
Date: April 30, 2024 Tue
Time: 3:15 am
Time: 3:15 am
Results for cyber security
31 results foundAuthor: Knake, Robert K. Title: Internet Governance in an Age of Cyber Insecurity Summary: This report briefly examines the technological decisions that have enabled both the Internet’s spectacular success and its troubling vulnerability to attack. Arguing that the United States can no longer cede the initiative on cyber issues to countries that do not share its interests, it outlines an agenda that the United States can pursue in concert with its allies on the international stage. Details: Washington, DC: Council on Foreign Relations, 2010. 48p. Source: Internet Resource: Council Special Report No. 56: Accessed September 6, 2010 at: http://www.cfr.org/publication/22832/internet_governance_in_an_age_of_cyber_insecurity.html Year: 2010 Country: United States URL: http://www.cfr.org/publication/22832/internet_governance_in_an_age_of_cyber_insecurity.html Shelf Number: 119746 Keywords: Computer CrimesCyber SecurityCybercrimeCyberterrorismInternet Crimes |
Author: Schreier, Fred Title: Cyber Security: The Road Ahead Summary: The open Internet has been a boon for humanity. It has not only allowed scientists, companies and entities of all sorts to become more effective and efficient. It has also enabled an unprecedented exchange of ideas, information, and culture amongst previously unconnected individuals and groups. It has completely revolutionized on a global scale how we do business, interact and communicate. Cyberspace is defined by its ubiquitous connectivity. However, that same connectivity opens cyberspace to the greatest risks. As networks increase in size, reach, and function, their growth equally empowers law-abiding citizens and hostile actors. An adversary need only attack the weakest link in a network to gain a foothold and an advantage against the whole. Seemingly localized disruptions can cascade and magnify rapidly, threaten other entities and create systemic risk. However, vulnerabilities in cyberspace are real, significant and growing rapidly. Critical national infrastructure; intelligence; communications, command and control; commerce and financial transactions; logistics; consequence management; and emergency preparedness are wholly dependent on networked IT systems. Cyber security breaches, data and intellectual property theft know no limits. They affect everything from personal information to national secrets. This paper looks at the way these problems are likely to develop, as well as at some of the ways they may best be tackled at the national and international level. Details: Geneva: Geneva Centre for the Democratic Control of Armed Forces, 2011. 53p. Source: Internet Resource: DCAF Horizon 2015 Working Paper No. 4: Accessed February 14, 2011 at: http://www.dcaf.ch/Publications/Publication-Detail?lng=en&id=126370 Year: 2011 Country: International URL: http://www.dcaf.ch/Publications/Publication-Detail?lng=en&id=126370 Shelf Number: 120755 Keywords: Cyber SecurityCybercrimesInternet CrimesInternet Security |
Author: Saadawi, Tarek Title: Cyber Infrastructure Protection Summary: The Internet, as well as other telecommunication networks and information systems, have become an integrated part of our daily lives, and our dependency upon their underlying infrastructure is ever-increasing. Unfortunately, as our dependency has grown, so have hostile attacks on the cyber infrastructure by network predators. The lack of security as a core element in the initial design of these information systems has made common desktop software, infrastructure services, and information networks increasingly vulnerable to continuous and innovative breakers of security. Worms, viruses, and spam are examples of attacks that cost the global economy billions of dollars in lost productivity. Sophisticated distributed denial of service (DDoS) attacks that use thousands of web robots (bots) on the Internet and telecommunications networks are on the rise. The ramifications of these attacks are clear: the potential for a devastating largescale network failure, service interruption, or the total unavailability of service. Yet many security programs are based solely on reactive measures, such as the patching of software or the detection of attacks that have already occurred, instead of proactive measures that prevent attacks in the first place. Most of the network security configurations are performed manually and require experts to monitor, tune security devices, and recover from attacks. On the other hand, attacks are getting more sophisticated and highly automated, which gives the attackers an advantage in this technology race. A key contribution of this book is that it provides an integrated view and a comprehensive framework of the various issues relating to cyber infrastructure protection. It covers not only strategy and policy issues, but it also covers social, legal, and technical aspects of cyber security as well. Details: Carlisle, PA: U.S. Army War College, Strategic Studies Institute, 2011. 324p. Source: Internet Resource: Accessed May 18, 2011 at: www.strategicstudiesinstitute.army.mil/pubs/download.cfm?q=1067 Year: 2011 Country: United States URL: Shelf Number: 121739 Keywords: Communications SecurityComputer CrimesCyber SecurityCybercrimeInformation SecurityInternet Crimes |
Author: U.S. Government Accountability Office Title: Department of Homeland Security: Progress Made and Work Remaining in Implementing Homeland Security Missions 10 Years after 9/11 Summary: The events of September 11, 2001, led to profound changes in government policies and structures to confront homeland security threats. Most notably, the Department of Homeland Security (DHS) began operations in 2003 with key missions that included preventing terrorist attacks from occurring in the United States, and minimizing the damages from any attacks that may occur. DHS is now the third-largest federal department, with more than 200,000 employees and an annual budget of more than $50 billion. Since 2003, GAO has issued over 1,000 products on DHS's operations in such areas as border and transportation security and emergency management, among others. As requested, this report addresses DHS's progress in implementing its homeland security missions since it began operations, work remaining, and issues affecting implementation efforts. This report is based on GAO's past and ongoing work, supplemented with DHS Office of Inspector General reports, with an emphasis on reports issued since 2008. GAO also analyzed information provided by DHS in July and August 2011 on recent actions taken in response to prior work. Since it began operations in 2003, DHS has implemented key homeland security operations and achieved important goals and milestones in many areas to create and strengthen a foundation to reach its potential. As it continues to mature, however, more work remains for DHS to address gaps and weaknesses in its current operational and implementation efforts, and to strengthen the efficiency and effectiveness of those efforts to achieve its full potential. DHS's accomplishments include developing strategic and operational plans; deploying workforces; and establishing new, or expanding existing, offices and programs. For example, DHS (1) issued plans to guide its efforts, such as the Quadrennial Homeland Security Review, which provides a framework for homeland security, and the National Response Framework, which outlines disaster response guiding principles; (2) successfully hired, trained, and deployed workforces, such as a federal screening workforce to assume security screening responsibilities at airports nationwide; and (3) created new programs and offices to implement its homeland security responsibilities, such as establishing the U.S. Computer Emergency Readiness Team to help coordinate efforts to address cybersecurity threats. Such accomplishments are noteworthy given that DHS has had to work to transform itself into a fully functioning department while implementing its missions--a difficult undertaking that can take years to achieve. While DHS has made progress, its transformation remains high risk due to its management challenges. Examples of progress made and work remaining include: Border security. DHS implemented the U.S. Visitor and Immigrant Status Indicator Technology program to verify the identities of foreign visitors entering and exiting the country by processing biometric and biographic information. However, DHS has not yet determined how to implement a biometric exit capability and has taken action to address a small portion of the estimated overstay population in the United States (individuals who legally entered the country but then overstayed their authorized periods of admission). Aviation security. DHS developed and implemented Secure Flight, a program for screening airline passengers against terrorist watchlist records. DHS also developed new programs and technologies to screen passengers, checked baggage, and air cargo. However, DHS does not yet have a plan for deploying checked baggage screening technologies to meet recently enhanced explosive detection requirements, a mechanism to verify the accuracy of data to help ensure that air cargo screening is being conducted at reported levels, or approved technology to screen cargo once it is loaded onto a pallet or container. Emergency preparedness and response. DHS issued the National Preparedness Guidelines that describe a national framework for capabilities-based preparedness, and a Target Capabilities List to provide a national-level generic model of capabilities defining all-hazards preparedness. DHS is also finalizing a National Disaster Recovery Framework, and awards preparedness grants based on a reasonable risk methodology. However, DHS needs to strengthen its efforts to assess capabilities for all-hazards preparedness, and develop a long-term recovery structure to better align timing and involvement with state and local governments' capacity. Chemical, biological, radiological and nuclear (CBRN) threats. DHS assessed risks posed by CBRN threats and deployed capabilities to detect CBRN threats. However, DHS should work to improve its coordination of CBRN risk assessments, and identify monitoring mechanisms for determining progress made in implementing the global nuclear detection strategy. GAO's work identified three themes at the foundation of DHS's challenges. This report contains no new recommendations. Details: Washington, DC: GAO, 2011. 225p. Source: Internet Resource: GAO-11-881: Accessed September 12, 2011 at: http://www.gao.gov/new.items/d11881.pdf Year: 2011 Country: United States URL: http://www.gao.gov/new.items/d11881.pdf Shelf Number: 122718 Keywords: Aviation SecurityCounter-TerrorismCyber SecurityHomeland Security (U.S.)ImmigrationMaritime SecurityRisk ManagementTerrorismTransportation Security |
Author: Cooper, Andrew F. Title: "Remote" in the Easter Caribbean: The Antigua-US WTO Internet Gambling Case Summary: The structure of the multilateral trading system is widely assumed to contain bias towards big actors, unevenly distributing access to the key processes of the system. Small countries, including Caribbean states, have long focused their attention on physical merchandise, while the US has taken on the role of disciplinarian, confronting countries that they perceive to be in violation of the General Agreement on Trade in Services (GATS). Brought to the WTO by Antigua, the Internet remote gambling case has challenged standard assumptions about the workings of the international trading system in the WTO context. A small country appearing to take the US on by itself, Antigua claimed the American government failed to live up to its commitment under GATS regarding “recreational services.” While Antigua argued for fairness in the WTO system, the US adopted a prohibitionist attitude to Internet remote gambling, citing domestic moral standards. Underwritten by the highly globalized Internet remote gambling industry, this case exemplifies what a small state can do to respond to dynamic changes imposed by globalization, confirming that small countries can sometimes punch above their weight in international relations. Details: Waterloo, Canada: The Centre for International Governance Innovation, 2008. 20p. Source: Caribbean Paper No. 4: Internet Resource: Accessed October 14, 2012 at http://hawk.ethz.ch/serviceengine/Files/ISN/56005/ipublicationdocument_singledocument/3e124b09-23dd-4c00-9056-e32bb4c9b4dc/en/CP_4.pdf Year: 2008 Country: International URL: http://hawk.ethz.ch/serviceengine/Files/ISN/56005/ipublicationdocument_singledocument/3e124b09-23dd-4c00-9056-e32bb4c9b4dc/en/CP_4.pdf Shelf Number: 126702 Keywords: Cyber SecurityGambling (Antigua)Internet Security |
Author: Poolen, W.J. Title: Intentional Disintegration of Cybercriminal Networks: Approaches in Network Strategic Security Modeling Summary: This thesis assesses whether network strategic security models can be used for disintegration of cybercriminal networks. Strategic models are conceptualized as methods for security intervention that use network mathematical algorithms to define sets of targets in a hostile network that seem crucial to attack in order to disintegrate a cybercriminal network. Two strategic models are constructed that are associated with different types of targets in cybercriminal networks. One model focusses on hubs (computer devices, human operators and other nodes that interact within a network); the other model focusses on the exchange connections between clusters of interacting nodes. After elaboration of the strategic models a set of cases of cybercriminal interventions is invoked to investigate how the theoretical models contribute to real life intervention. In reflection on the cases and theory the main issue that becomes apparent is that the strategic models do not adequately take in account the ability of targeted networks to react to disintegration attempts. The notion of network resilience is considered and a subsequent theoretical attempt interprets network resilience as an effect of the relations that a network maintains with its resource networks. Networks are perceived to be embedded and interconnected in a network environment in which they exchange resources. Finally, a broadening of the theoretical understanding towards the multilayered aspects of a network is suggested to gain a more adequate perspective for network strategic security interventions. Details: Amsterdam: Vrije Universiteit,, 2012. 69p. Source: Internet Resource: Thesis: Accessed November 9, 2012 at: http://www.screenwork.nl/PDF/20120910_masterthesis_webversie.pdf Year: 2012 Country: International URL: http://www.screenwork.nl/PDF/20120910_masterthesis_webversie.pdf Shelf Number: 126899 Keywords: Computer CrimeComputer SecurityCriminal NetworksCyber SecurityCybercrimesCybercriminal Networks |
Author: Great Britain. Comptroller and Auditor General Title: The UK Cyber Security Strategy: Landscape Review Summary: A National Audit Office review of the Government’s strategy for cyber security indicates that, although it is at an early stage, activities are already beginning to deliver benefits. The cost of cyber crime to the UK is currently estimated to be between £18 billion and £27 billion. Business, government and the public must therefore be constantly alert to the level of risk if they are to succeed in detecting and resisting the threat of cyber attack. The UK Cyber Security Strategy, published in November 2011, set out how the Government planned to deliver the National Cyber Security Programme through to 2015, committing £650 million of additional funding. Building on ten years’ experience of seeking to protect government information, systems and networks, the strategy placed greater emphasis on the role of the public and industry in helping secure the UK against attacks and also the opportunities to UK business from a growing market in cyber security. Among progress reported so far, the Serious Organised Crime Agency repatriated more than 2.3 million items of compromised card payment details to the financial sector in the UK and internationally since 2011, preventing a potential economic loss of more than £500 million. In the past year, moreover, the public reported to Action Fraud over 46,000 reports of cyber crime, amounting to £292 million worth of attempted fraud. The NAO identifies six key challenges faced by the Government in implanting its cyber security strategy in a rapidly changing environment. These are the need to influence industry to protect and promote itself and UK plc; to address the UK’s current and future ICT and cyber security skills gap; to increase awareness so that people are not the weakest link; to tackle cyber crime and enforce the law; to get government to be more agile and joined-up; and to demonstrate value for money. The NAO recognizes, in particular, that there are some challenges in establishing the value for money of the cyber security strategy. There is the conceptual problem that, if cyber attacks do not occur, it will be difficult to establish the extent to which that was down to the success of the strategy. There is also the challenge of determining the relative contribution to overall success or otherwise of different components of the strategy. And there is the challenge of assigning a value to the overall outcome, to set against the cost of the strategy. The Government has work underway to measure the benefits of the strategy. The report is designed to set the scene in an area likely to be of continuing interest to the Committee of Public Accounts. Although the Committee has not specifically examined the issue of cyber security, it raised concerns about cyber security in relation to the government’s plans for smart meters, which will enable energy suppliers to collect meter readings over the internet, as well as pointing to a lack of detail on cyber security plans in the Government’s 2011 ICT strategy. Details: London: National Audit Office, 2013. 43p. Source: Internet Resource: Accessed February 15, 2013 at: http://www.nao.org.uk/publications/1213/cyber_security.aspx Year: 2013 Country: United Kingdom URL: http://www.nao.org.uk/publications/1213/cyber_security.aspx Shelf Number: 127624 Keywords: Computer CrimesCyber SecurityCybercrime (U.K.) |
Author: U.S. Government Accountability Office' Wilhausen, Gregory C. Title: Cybersecurity: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented Summary: Cyber attacks could have a potentially devastating impact on the nation’s computer systems and networks, disrupting the operations of government and businesses and the lives of private individuals. Increasingly sophisticated cyber threats have underscored the need to manage and bolster the cybersecurity of key government systems as well as the nation’s critical infrastructure. GAO has designated federal information security as a government-wide high-risk area since 1997, and in 2003 expanded it to include cyber critical infrastructure. GAO has issued numerous reports since that time making recommendations to address weaknesses in federal information security programs as well as efforts to improve critical infrastructure protection. Over that same period, the executive branch has issued strategy documents that have outlined a variety of approaches for dealing with persistent cybersecurity issues. GAO’s objectives were to (1) identify challenges faced by the federal government in addressing a strategic approach to cybersecurity, and (2) determine the extent to which the national cybersecurity strategy adheres to desirable characteristics for such a strategy. To address these objectives, GAO analyzed previous reports and updated information obtained from officials at federal agencies with key cybersecurity responsibilities. GAO also obtained the views of experts in information technology management and cybersecurity and conducted a survey of chief information officers at major federal agencies. Details: Washington, DC: GAO, 2013. 112p. Source: Internet Resource: GAO-13-187: Accessed February 16, 2013 at: http://www.gao.gov/assets/660/652170.pdf Year: 2013 Country: United States URL: http://www.gao.gov/assets/660/652170.pdf Shelf Number: 127647 Keywords: Computer CrimesComputer SecurityCritical Infrastructure SecurityCyber SecurityCybercrime (U.S.)Internet Crimes |
Author: Clemente, Dave Title: Epub: Cyber Security and Global Interdependence: What Is Critical? Summary: The evolution of interconnection between infrastructure sectors has been accelerated by the spread of cyberspace, which has become the 'nervous system' linking them. There is no avoiding the security implications emerging at the intersection of cyberspace and infrastructure. As countries become more dependent on infrastructure distributed around the world, the growing complexity of interconnections makes it harder for authorities to identify what infrastructure is 'critical'. Improving risk management relies on using rigorous definitions of what infrastructure is 'critical', which enables more effective prioritization and protection of nodes and connection points. In this context, the ever-rising importance of data makes distinctions between 'physical' and 'information' infrastructure increasingly irrelevant. Societal resilience can be just as important as infrastructure resilience, and policy-makers should consider closely what levels of societal dependency on digital technologies are appropriate. Building public confidence in the security and governance of the critical infrastructure ecosystem is essential to avoid policy-making driven by reactive or narrow interests. Meeting these security challenges requires better shared understanding of what is critical between those who protect an organization and those who set its strategic direction. Better understanding of the economic and political incentives that guide stakeholders also reveals the scope for potential cooperation. Details: London: Chatham House, 2013. 46p. Source: Internet Resource: Accessed march 7, 2013 at: http://www.chathamhouse.org/publications/papers/view/189679 Year: 2013 Country: International URL: http://www.chathamhouse.org/publications/papers/view/189679 Shelf Number: 127867 Keywords: Cyber SecurityCybercrimesInfrastructure ProtectionInternet CrimesRisk Management |
Author: Muggah, Robert Title: A Fine Balance: Mapping Cyber (in)Security in Latin America Summary: This Strategic Paper examines the character and dynamics of cyber-crime and the ways in which it is being addressed in Latin America. A particular focus is on what might be described as “new criminality” emerging in cyberspace – organized criminal hacking, identity theft, advanced credit card fraud and online child exploitation. The Paper draws on a review of the public and grey literature from more than thirty countries and interviews with dozens of experts across the sub-continent to shed light on the present cyber-security and cyber-defence architecture being erected in Latin America. Overall, it finds that Latin America exhibits a heterogeneous landscape when it comes to cyber-crime. And while all countries have witnessed a surge in cyber-crime, threats and responses tend to be clustered in specific countries, such as Argentina, Brazil, Chile, Colombia, Cost Rica, the Dominican Republic and Mexico, where online populations and internet penetration rates are highest. This Strategic Paper finds that: • Latin American governments are only beginning to adopt laws, institutions and countermeasures to combat online criminality: At a regional level these efforts are being coordinated through the Organization of American States (OAS) and include harmonizing national legislation and adopting the Comprehensive Inter-American Strategy to Combat Threats to Cyber-Security; • Latin American country responses to cyber-crime are increasingly aligned: Most Latin American states are pursuing a 4-pillar strategy that includes: (i) the adoption of relevant legal frameworks; (ii) the creation of specialized law enforcement agencies; (iii) the formation of Computer Security Incident Response Teams (CSIRTs); and (iv) the establishment of specialized units within the executive branch of government; • Latin America´s civil society plays a major – if under-valued – role in cyber-security governance: Due to the decentralized character of the internet and overlapping forms of horizontal collaboration, civil society is in some cases far ahead of governments in assessing cyber-threats and formulating responses. Internationally, a number of non-governmental entities actually control systemic features of the worldwide web such as the attribution of domain names; and • Notwithstanding its comparative strengths and real exposure to cyber-threats, the private sector is less engaged in promoting and engaging in cyber-security across Latin America: Many larger corporations in the banking and services sectors are non-transparent about the scale of the threats they are facing. Owing to their desire to avoid loss in market share, they typically adopt low-key, periodic, and restricted actions. By contrast, companies involved in information technology manufacturing and services markets are more involved in supporting digital platforms designed to raise awareness. The Strategic Paper proceeds in several sections. The first section considers the conceptual gap which frustrates coherent approaches to addressing cyber-crime. While few experts dispute the risks presented by new forms of online criminality, there are no accepted definitions of cyber-crime, making it difficult to harmonize legislation and pursue investigations requiring transnational cooperation. Section two reviews the scale and dimensions of cyber-crime in Latin America, focusing primarily on the so-called new criminality. The third section provides a general review of regional approaches to containing cyber-crime, including legal conventions, guidelines and emerging practices, while Section four examines the operational responses of governments, private sector and non-governmental organizations. The final section offers some concluding reflections on future research directions. Details: Rio de Janeiro: Igarape Institute and The SecDev Foundation, 2012. 24p. Source: Internet Resource: Strategic Paper 2: Accessed March 20, 2013 at: http://igarape.org.br/wp-content/themes/igarape_v2/pdf/Strategic_Paper_02_23maio_WEB.pdf Year: 2012 Country: Central America URL: http://igarape.org.br/wp-content/themes/igarape_v2/pdf/Strategic_Paper_02_23maio_WEB.pdf Shelf Number: 128047 Keywords: Computer CrimesCyber SecurityCybercrime (Latin America)Internet Crime |
Author: Schjolberg, Judge Stein Title: Peace and Justice in Cyberspace. Potential new global legal mechanisms against global cyberattacks and other global cybercrimes Summary: In the prospect of an international criminal court lies the promise of universal justice. Without an international court or tribunal for dealing with the most serious cybercrimes of global concern, many serious cyberattacks will go unpunished. The most serious global cyberattacks in the recent year, have revealed that almost nobody is investigated and prosecuted, and nobody has been sentenced for those acts. Such acts need to be included in a global treaty or a set of treaties, and investigated and prosecuted before an international criminal court or tribunal. Cyberspace, as the fifth common space, after land, sea, air and outer space, is in great need for coordination, cooperation and legal measures among all nations. It is necessary to make the international community aware of the need for a global response to the urgent and increasing cyberthreats. Peace, justice and security in cyberspace should be protected by international law through a treaty or a set of treaties under the United Nations. The progressive developments of global cyberattacks, such as massive and coordinated attacks against critical information infrastructures of sovereign States, must necessitate an urgent response for a global treaty. Details: A Background Paper for EastWest Institute (EWI) Worldwide Cybersecurity Summit Special Interest Seminar: Harmonizing of Legal Frameworks for Cyberspace New Delhi, India October 30-31, 2012. 40p. Source: Internet Resource: Background Paper: Accessed June 1, 2013 at: http://cybersummit2012.com/sites/cybersummit2012.com/files/EWICybersecuritySummit.pdf Year: 2012 Country: International URL: http://cybersummit2012.com/sites/cybersummit2012.com/files/EWICybersecuritySummit.pdf Shelf Number: 128910 Keywords: Cyber SecurityCybercrimeInternet Crime |
Author: Negroponte, John D. Title: Defending an Open, Global, Secure, and Resilient Internet Summary: Over the course of the last four decades, the Internet has developed from an obscure government science experiment to one of the cornerstones of modern life. It has transformed commerce, created social and cultural networks with global reach, and become a surprisingly powerful vehicle for political organization and protest alike. And it has achieved all of this despite—or perhaps because of—its decentralized character. Throughout its public history, the Internet has been built and overseen by an international group of technical experts and government and user representatives committed to maintaining an open and unfettered global network. This vision, however, and the Internet to which it gave rise, is under threat from a number of directions. States are erecting barriers to the free flow of information to and through their countries. Even Western governments do not always agree on common content standards—the United States, for example, is more accepting of neo-Nazi content or Holocaust denial than are France or Germany. Other countries’ efforts to control the Internet have gone far beyond limiting hate speech or pornography. Iran, China, Saudi Arabia, Russia, and others have considered building national computer networks that would tightly control or even sever connections to the global Internet. State and nonstate actors, moreover, now regularly attack the websites and internal systems of businesses. Most of these attacks are for theft—cost estimates of intellectual property losses range as high as $500 billion per year. Other activities are related to sabotage or espionage. Hacking and defacing websites or social media feeds is a frequently used tool of political competition, while destructive programs such as Stuxnet are becoming increasingly sophisticated. Such activities can be expected to become more commonplace as critical systems become more interconnected and financial and technical barriers to entry for cyber activities fall further. A balkanized Internet beset by hostile cyber-related activities raises a host of questions and problems for the U.S. government, American corporations, and American citizens. The Council on Foreign Relations launched this Task Force to define the scope of this rapidly developing issue and to help shape the norms, rules, and laws that should govern the Internet. The Task Force recommends that the United States develop a digital policy framework based on four pillars. First, it calls on the U.S. government to share leadership with like-minded actors, including governments, private companies, and NGOs, to develop a global security framework based on a common set of principles and practices. Next, the Task Force recommends that all future trade agreements between the United States and its trading partners contain a goal of fostering the free flow of information and data across national borders while protecting intellectual property and individual privacy. Third, the Task Force urges the U.S. government to define and actively promote a vision of Internet governance that involves emerging Internet powers and expands and strengthens governance processes that include representatives of governments, private industry, and civil society. Finally, the report recommends that U.S.-based industry work rapidly to establish an industry-led approach to counter current and future cyberattacks. The United States needs to act proactively on these fronts, lest it risk ceding the initiative to countries whose interests differ significantly from its own. The Task Force further argues for greater public debate in the United States about cyber capabilities as instruments of national security. Some forty countries, including the United States, either have or are seeking cyber weapons. Greater public scrutiny and discussion will, among other things, help define the conditions under which cyber weapons might be used—conditions which should likely be highly limited in scope and subject to substantial oversight. Details: New York: Council on Foreign Relations, 2013. 125p. Source: Internet Resource: Independent Task Force Report No. 70: Accessed August 19, 2013 at: http://www.cfr.org/cybersecurity/defending-open-global-secure-resilient-internet/p30836 Year: 2013 Country: United States URL: http://www.cfr.org/cybersecurity/defending-open-global-secure-resilient-internet/p30836 Shelf Number: 129640 Keywords: Cyber SecurityCybercrime (U.S.)Internet Crime |
Author: Hartwig, Robert P. Title: Cyber Risks: The Growing Threat Summary: Amid a rising number of high profile mega data breaches-most recently at eBay, Target and Neiman Marcus-government is stepping up its scrutiny of cyber security. This is leading to increased calls for legislation and regulation, placing the burden on companies to demonstrate that the information provided by customers and clients is properly safeguarded online. Despite the fact that cyber risks and cyber security are widely acknowledged to be a serious threat, many companies today still do not purchase cyber risk insurance. However, this is changing. Recent legal developments underscore the fact that reliance on traditional insurance policies is not enough, as companies face growing liabilities in this fast-evolving area. Specialist cyber insurance policies have been developed by insurers to help businesses and individuals protect themselves from the cyber threat. Market intelligence suggests that the types of specialized cyber coverage being offered by insurers are expanding in response to this fast-growing market need. There is also growing evidence that in the wake of the Target data breach and other high profile breaches, the number of policies is increasing, and that insurance has a key role to play as companies and individuals look to better manage and reduce their potential financial losses from cyber risks in future. Details: Insurance Information Institute, 2014. 27p. Source: Internet Resource: White Paper: Accessed July 23, 2014 at: http://www.iii.org/sites/default/files/docs/pdf/paper_cyberrisk_2014.pdf Year: 2014 Country: United States URL: http://www.iii.org/sites/default/files/docs/pdf/paper_cyberrisk_2014.pdf Shelf Number: 132740 Keywords: Computer CrimeCyber SecurityCybercrimeIdentity TheftInternet Crime |
Author: Lawrenson, Tim Title: Cyberattacks -The Significance of the Threat and the Resulting Impact on Strategic Security Summary: Cyberspace is now so intrinsic to a modern state's economy that it is vital to protect it as part of that state's national security. However certain features of cyberspace make it an increasingly attractive attack domain. Despite some rather hysterical press headlines, this analysis shows that cybercrime is the principal threat, rather than cyberterror or cyberwarfare; albeit the growing scale of state-sponsored cybercrime is a concern because it carries an inherent risk of escalation into cyber (or conventional) warfare. A comprehensive, layered cyber-security strategy is needed to overcome some of the more problematic attractions of cyberspace as an attack domain. This strategy must improve actual system security as well as enhancing people's confidence in the resilience of the cyber-enabled world. Details: London: Royal College of Defence Studies, 2011. 31p. Source: Internet Resource: Thesis: Seaford House Paper 2010/11: Accessed August 22, 2014 at: http://www.da.mod.uk/colleges/rcds/publications/seaford-house-papers/2011-seaford-house-papers/shp11lawrenson.pdf/view Year: 2011 Country: International URL: http://www.da.mod.uk/colleges/rcds/publications/seaford-house-papers/2011-seaford-house-papers/shp11lawrenson.pdf/view Shelf Number: 131353 Keywords: Computer SecurityCyber SecurityCybercrimeInternet Crimes |
Author: Oxford Economics Title: Cyber-attacks: Effects on UK Companies Summary: Gary Becker's seminal 1968 paper on the economics of crime shaped the way economists think about crime policy and is still applied in many contexts today. Becker explored the decision making function of rational criminal actors, suggesting that criminals choose to engage in illicit activity based on their own assessment of the costs and benefits. Rational criminal actors weigh up the potential yield from a criminal act, the risk of being caught and the severity of the punishment. The decision making process of state-sponsored cyber-attacks differs from that of ordinary criminals in important ways, which may potentially limit the direct applicability of the traditional economic models of crime such as Becker's. State-sponsored attackers are characterised by the very fact that a "non-profit" state entity is involved (as opposed to Becker's individual "for profit" criminals), potential information asymmetry, a perception of immunity from prosecution and the intangible value attributed to acts of patriotism (which does not figure in traditional economic approaches to crime, such as Becker's). At the same time, there is value in understanding the economic theory of crime, as advanced by Becker. States are unlikely to change their activities in the short term, particularly because of non-pecuniary/distorted concepts of returns. However they may do so in the long term, especially if deterred by adequate security measures and changes in operational procedures, (i.e. if the costs of cyber-attacks rise) and as they realise that the returns to cyber-attacks may be mixed at best . This again points to a need for firms to understand the nature of - and threat posed by - current attacks, so as to raise the costs of cyber-attacks for nation-state perpetrators in order to help deter future attacks. Apart from the implications for individual firms, cyber-attacks impact on the UK economy as a whole in two major ways: - Increasing the cost of doing business - Distorting the pattern of long run investment ("dynamic effects") Survey work on the nature of cyber-attacks in the UK undertaken by Oxford Economics and the Ponemon Institute found the following: - Cyber-attacks are a common problem. 60% of respondents had experienced a cyber-attack within the last 12 months. - Loss estimates were highest for damage to reputation/branding. All other costs were reported with raw averages around the $2 million mark, with adjusted means slightly under half that and medians of $175,000. However, the raw average reputation/branding loss estimate was $2.9 million. - Intellectual property and commercially sensitive data is stolen in all sectors, but by no means happens to everyone. With this in mind it is interesting to note that 80% of respondents reported that they had not experienced any IP or commercially sensitive information loss in the last 24 months. - The majority of firms who did suffer a loss of IP or commercially sensitive information felt they were damaged by it. 61% said that they had experienced a loss of competitive advantage due to the loss of IP. 59% said that they had experienced a loss of competitive advantage due to the loss of commercially sensitive information. - The most common loss of competitive advantage came in the shape of "compromised negotiations or business ventures" (31%), followed by the "appearance of copied products or practise" (20%) and the "emergence of new competition" (19%). - While only a minority of companies suffer IP/commercially sensitive information losses, the cost of such losses is considerably higher than is the case for "day to day" losses. The adjusted mean loss of IP was valued at $13.2 million and the adjusted mean loss of commercially sensitive business information was valued at $12.8 million. In addition to the survey of UK firms, which identifies the direct costs incurred as a result of cyber-attacks, Oxford Economics has undertaken an event study to analyse the potential reputational loss firms may suffer. As a proxy for reputational damage we use negative stock market returns that may be experienced immediately around the public disclosure of a cyber-attack. Although further confirmatory analysis would be useful, our results suggest that publicised cyber-attacks do generally have impacts on stock market valuations and, by extension, upon corporate reputations. If this is the case, it means that the investment companies make in IT security to prevent these attacks may maintain shareholder value for these companies. Details: Oxford, UK: Oxford Economics, 2014. 79p. Source: Internet Resource: Accessed September 25, 2014 at: http://www.cpni.gov.uk/documents/publications/2014/oxford-economics-cyber-effects-uk-companies.pdf?epslanguage=en-gb Year: 2014 Country: United Kingdom URL: http://www.cpni.gov.uk/documents/publications/2014/oxford-economics-cyber-effects-uk-companies.pdf?epslanguage=en-gb Shelf Number: 133418 Keywords: Commercial CrimesComputer CrimesCosts of CrimeCrimes Against BusinessesCyber SecurityCybercrime (U.K.)Economic AnalysisEconomic Crimes |
Author: NetNames Title: Behind the Cyberlocker Door: A Report on How Shadowy Cyberlocker Businesses Use Credit Card Companies to Make Millions Summary: Digital theft of copyrighted content, has surged as for-profit pirate sites continue making money by illegally distributing movies, music, TV shows and other content. Cyberlockers are among the most profitable content theft sites, but very little research has been conducted to determine how much money they are pocketing by illegally distributing the work of content creators. As a society, we can no longer shrug off content theft as the isolated activity of high school and college students who want to watch a movie or listen to music for free. Recent reports, this one by NetNames and one earlier this year by MediaLink, lay bare the truth that content theft is big business, raking in hundreds of millions of dollars a year - essentially bleeding the Internet for profit while making it less attractive for generations to come. Content theft harms not only creators whose products are stolen and legitimate distributors that are forced to compete with cyberlockers who pay nothing for the content that drives their business. It also hurts consumers who pay the price for "free" content in a reduction of quality choices as revenues are reduced, and may be subjected to identity theft and malware that cyberlockers are associated with. New research by NetNames has demonstrated that: - It's easy to profit on the Internet when you leverage other people's creative works. In fact, it is possible you could make millions of dollars doing so. - There is a compelling difference between the business models of rogue cyberlockers that peddle in content theft and legitimate cloud storage services. - Malware is a serious issue when it comes to content theft. - Major brands are victimized by content thieves who leverage these brands to make their own rogue sites seem legitimate. - That all it takes for bad operators to succeed is for the facilitators of commerce - payment processors and the advertising industry, among other stakeholders- to do nothing. In the NetNames research, for example, MasterCard and Visa could be used to buy subscriptions on almost all the cyberlockers. The question is what we do about it. It's going to take concerted action by the Internet and the payment processors, advertising industries, consumers, public interest groups, Internet safety organizations and responsible government officials to address this corrosive issue that threatens our basic trust in our online world. Details: London: Digital Citizens Alliance, 2014. 50p. Source: Internet Resource: Accessed October 30, 2014 at: http://www2.itif.org/2014-netnames-profitability.pdf Year: 2014 Country: International URL: http://www2.itif.org/2014-netnames-profitability.pdf Shelf Number: 133832 Keywords: Computer CrimesComputer SecurityCredit CardsCyber SecurityCybercrimesDigital PiracyIntellectual Property TheftInternet Crimes |
Author: Panda Security Title: The Cyber-Crime Black Market: Uncovered Summary: Many of us in the team at Panda Security spend a lot of time traveling and attending all types of events: from specialized IT industry fairs and congresses, to those aimed at businesses, end-users, etc. Yet even though it is becoming more common to hear about the arrest of hackers that steal information and profit from it in many different ways, there are still many members of the public, not necessarily dedicated to IT security, who ask us: "Why would anyone want to steal information from me? I don't have anything of interest..." Another factor to bear in mind is that today's profit-oriented malware is designed to steal data surreptitiously, so the first indication that you have been a victim is when you get your bank or Paypal account statement. Moreover, there is a general perception that this problem only affects home users, and that businesses are immune. The result of our research, as you will read below, shows that this is not the case: Today nobody - neither home users nor businesses- is safe from confidential data theft (and the consequent fraud). This is despite the increased effort in recent years to improve awareness and education in IT security, initiated by governmental agencies in many countries, and of course, thanks to the security industry as a whole, along with other institutions, organizations, media, blogs, etc., who have been assisting with the task for some time now. Although we don't have precise data, we believe that this nefarious business has expanded with the economic crisis. Previously it was in no way easy to locate sites or individuals dedicated to this type of business, yet now it's relatively simple to come across these types of offers on underground forums. Details: Madrid: Panda Security, 2011. 44p. Source: Internet Resource: Accessed February 18, 2015 at: http://www.wgains.com/Assets/Attachments/The-Cyber-Crime-Black-Market.pdf Year: 2011 Country: International URL: http://www.wgains.com/Assets/Attachments/The-Cyber-Crime-Black-Market.pdf Shelf Number: 134636 Keywords: Computer CrimeComputer SecurityCyber SecurityCybercrimeInternet CrimeInternet Security |
Author: Nolan, Andrew Title: Cybersecurity and Information Sharing: Legal Challenges and Solutions Summary: Over the course of the last year, a host of cyberattacks has been perpetrated on a number of high profile American companies. The high profile cyberattacks of 2014 and early 2015 appear to be indicative of a broader trend: the frequency and ferocity of cyberattacks are increasing, posing grave threats to the national interests of the United States. While considerable debate exists with regard to the best strategies for protecting America's various cyber-systems and promoting cybersecurity, one point of general agreement amongst cyber-analysts is the perceived need for enhanced and timely exchange of cyber-threat intelligence both within the private sector and between the private sector and the government. Nonetheless, there are many reasons why entities may opt to not participate in a cyber-information sharing scheme, including the potential liability that could result from sharing internal cyber-threat information with other private companies or the government. More broadly, the legal issues surrounding cybersecurity information sharing - whether it be with regard to sharing between two private companies or the dissemination of cyber-intelligence within the federal government - are complex and have few certain resolutions. In this vein, this report examines the various legal issues that arise with respect to the sharing of cybersecurity intelligence, with a special focus on two distinct concepts: (1) sharing of cyberinformation within the government's possession and (2) sharing of cyber-information within the possession of the private sector. With regard to cyber-intelligence that is possessed by the federal government, the legal landscape is relatively clear: ample legal authority exists for the Department of Homeland Security (DHS) to serve as the central repository and distributor of cyber-intelligence for the federal government. Nonetheless, the legal authorities that do exist often overlap, perhaps resulting in confusion as to which of the multiple sub-agencies within DHS or even outside of DHS should be leading efforts on the distribution of cyber-information within the government and with the public. Moreover, while the government has wide authority to disclose cyber-intelligence within its possession, that authority is not limitless and is necessarily tied to laws that restrict the government's ability to release sensitive information within its possession. With regard to cyber-intelligence that is possessed by the private sector, legal issues are clouded with uncertainty. A private entity that wishes to share cyber-intelligence with another company, an information sharing organization like an Information Sharing and Analysis Organization (ISAO) or an Information Sharing and Analysis Centers (ISAC), or the federal government may be exposed to civil or even criminal liability from a variety of different federal and state laws. Moreover, because of the uncertainty that pervades the interplay between laws of general applicability - like federal antitrust or privacy law - and their specific application to cyberintelligence sharing, it may be very difficult for any private entity to accurately assess potential liability that could arise by participating in a sharing scheme. In addition, concerns may arise with regard to how the government collects and maintains privately held cyber-intelligence, including fears that the information disclosed to the government could (1) be released through a public records request; (2) result in the forfeit of certain intellectual property rights; (3) be used against a private entity in a subsequent regulatory action; or (4) risk the privacy rights of individuals whose information may be encompassed in disclosed cyber-intelligence. The report concludes by examining the major legislative proposal - including the Cyber Intelligence Sharing and Protection Act (CISPA), Cybersecurity Information Sharing Act (CISA), and the Cyber Threat Sharing Act (CTSA) - and the potential legal issues that such laws could prompt. Details: Washington, DC: Congressional Research Service, 2015. 62p. Source: Internet Resource: R43941: Accessed April 25, 2015 at: http://www.fas.org/sgp/crs/intel/R43941.pdf Year: 2015 Country: United States URL: http://www.fas.org/sgp/crs/intel/R43941.pdf Shelf Number: 135398 Keywords: Cyber SecurityCybercrime (U.S.)Information SharingIntelligence GatheringInternet Crime |
Author: Jeffray, Calum Title: Underground Web: The Cybercrime Challenge. Summary: The two papers in this Special Report examine the central role that cybercrime plays in modern society and how technological developments create new opportunities for criminals to exploit. Calum Jeffray's paper, Caught in the net: the law enforcement response to international cybercrime, surveys the strategic cybercrime landscape and illustrates that, despite calls for law enforcement to 'do more' to prevent and investigate cybercrime, the agencies involved are often hampered in acting due to jurisdictional issues or the complexity of the investigations. Tobias Feakin's paper, Cryptomarkets - illicit goods in the darknet, examines the emergence of the 'darknet', where trading in illicit goods and services in online black markets has become increasingly commonplace and exacerbates the problems that law enforcement already faces - tracing and prosecuting illegal activities online. Details: Barton, ACT: AUS: Australian Strategic Policy Institute, International Cyber Policy Centre, 2015. 16p. Source: Internet Resource: Special Report: Accessed May 4, 2015 at: https://www.aspi.org.au/publications/underground-web-the-cybercrime-challenge/SR77_Underground_web_cybercrime.pdf Year: 2015 Country: International URL: https://www.aspi.org.au/publications/underground-web-the-cybercrime-challenge/SR77_Underground_web_cybercrime.pdf Shelf Number: 135504 Keywords: Black MarketsCyber SecurityCybercrimeIllegal TradingIllicit GoodsInternet Crimes |
Author: Tjong Tjin Tai, Eric Title: Duties of care and diligence against cybercrime Summary: - The present report is an exploratory investigation of whether contributory parties other than criminals and private individuals may have legal duties to help combat cybercrime. The scope is limited to four jurisdictions (The Netherlands, U.S.A., Brazil, and Czech Republic) and three specific topics of cybercrime: security of hardware and software, ransomware, and DDoS attacks. The focus is on a legal analysis, preceded by a brief factual description, and closing with tentative suggestions for improvement. - The causes and incidence of the three topics of cybercrime discussed in this research are tied up with global networks of communication, whereby purely local national government intervention may be insufficient to effectively fight cybercrime. In the relevant literature it is generally suggested that public-private partnerships would be required for combating cybercrime. - The approach of duties of care and diligence is a regulatory mechanism in which the focus is on private action with public encouragement. It relies on fostering practices that develop their own implicit standards and culture. - Specific parties such as Internet Service Providers (ISPs), software vendors, and businesses that are the victim of cybercrime are, in principle, well positioned to take actions against cybercrime. Albeit significant effort is taken by many companies, these efforts as a whole do not appear to have sufficient effect. The existing standards for action appear to be insufficiently specific. In addition, particular companies within these categories may do less than is possible, due to several causes. - ISPs in general have no legal duty to act to take preventive actions against cybercrime. They are generally exempt from liability as long as they remain passive to the content they transmit. Voluntary action by ISPs is to some extent discouraged by legal principles such as the rights to privacy and freedom of expression and the principle of net neutrality. The Netherlands has relatively detailed administrative rules regarding ISPs, compared to other jurisdictions. - Software vendors may have a limited duty to provide secure software, but their actual liability is insignificant as the result of limitation clauses. An exception is Brazil, which does have a form of product liability for software. Vendors have economic disincentives (a premium on being first to market with new functionality, and lack of user discrimination towards software security) against spending more effort for increasing software security. There is no administrative supervision for the software sector in general. - Businesses have, to some extent, a legal duty to prevent security breaches and unavailability of service through DDoS attacks. Customers have limited remedies to businesses that breach their obligations. Further action by businesses may find obstacles in a lack of security awareness or sense of urgency, limits to perceived benefits of additional security efforts, and lack of expertise. Details: Tilberg, NETH: Tilburg University, 2015. 208p. Source: Internet Resource: Accessed July 13, 2015 at: https://www.gccs2015.com/sites/default/files/documents/Bijlage%202%20-%20Duties%20of%20care%20and%20diligence%20against%20cybercrime%20(1).pdf Year: 2015 Country: International URL: https://www.gccs2015.com/sites/default/files/documents/Bijlage%202%20-%20Duties%20of%20care%20and%20diligence%20against%20cybercrime%20(1).pdf Shelf Number: 136014 Keywords: Cyber SecurityCybercrimeInternet CrimeInternet Security |
Author: Australia. Auditor General Title: Cyber Attacks: Securing Agencies' ICT Systems Summary: 1. Governments, businesses and individuals increasingly rely on information and communications technology (ICT) in their day-to-day activities, with rapid advances continuing to be made in how people and organisations communicate, interact and transact business through ICT and the Internet. In the government sector, ICT is used to deliver services, store and process information, and enable communications, with a consequent need to protect the privacy, security and integrity of information maintained on government systems. 2. Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion. In the government sector, the Australian Signals Directorate (ASD) has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 were considered serious enough to warrant a Cyber Security Operations Centre response. 3. The protection of Australian Government systems and information from unauthorised access and use is a key responsibility of agencies, having regard to their business operations and specific risks. In the context of a national government, those risks can range from threats to national security through to the disclosure of sensitive personal information. Unauthorised access through electronic means, also known as cyber intrusions, can result from the actions of outside individuals or organisations. Individuals operating from within government may also misuse information which they are authorised to access, or may inappropriately access and use government information holdings. 4. For some years, the Australian Government has established both an overarching protective security policy framework, and promulgated specific ICT risk mitigation strategies and related controls, to inform the ICT security posture6 of agencies. In 2013, the Government mandated elements of the framework, in response to the rapid escalation, intensity and sophistication of cyber crime and other cyber security threats. Details: Canberra: Australian National Audit Office, 2014. 132p. Source: Internet Resource: Audit Report No. 50 2013-14: Accessed September 5, 2015 at: http://www.anao.gov.au/~/media/Files/Audit%20Reports/2013%202014/Audit%20Report%2050/AuditReport_2013-2014_50.pdf Year: 2014 Country: Australia URL: http://www.anao.gov.au/~/media/Files/Audit%20Reports/2013%202014/Audit%20Report%2050/AuditReport_2013-2014_50.pdf Shelf Number: 136699 Keywords: Cyber SecurityCybercrimeInternet CrimesInternet SecurityNational Security |
Author: Baylon, Caroline Title: Cyber Security at Civil Nuclear Facilities: Understanding the Risks Summary: The report finds that the trend to digitization, when combined with a lack of executive-level awareness of the risks involved, means that nuclear plant personnel may not realize the full extent of their cyber vulnerability and are thus inadequately prepared to deal with potential attacks. Specific findings include: - The conventional belief that all nuclear facilities are 'air gapped' (isolated from the public internet) is a myth. The commercial benefits of internet connectivity mean that a number of nuclear facilities now have VPN connections installed, which facility operators are sometimes unaware of. - Search engines can readily identify critical infrastructure components with such connections. - Even where facilities are air gapped, this safeguard can be breached with nothing more than a flash drive. - Supply chain vulnerabilities mean that equipment used at a nuclear facility risks compromise at any stage. - A lack of training, combined with communication breakdowns between engineers and security personnel, means that nuclear plant personnel often lack an understanding of key cyber security procedures. - Reactive rather than proactive approaches to cyber security contribute to the possibility that a nuclear facility might not know of a cyber attack until it is already substantially under way. In the light of these risks, the report outlines a blend of policy and technical measures that will be required to counter the threats and meet the challenges. Details: London: Chatham House, 2015. 53p. Source: Internet Resource: Accessed November 16, 2015 at: https://www.chathamhouse.org/sites/files/chathamhouse/field/field_document/20151005CyberSecurityNuclearBaylonBruntLivingstoneUpdate.pdf Year: 2015 Country: International URL: https://www.chathamhouse.org/sites/files/chathamhouse/field/field_document/20151005CyberSecurityNuclearBaylonBruntLivingstoneUpdate.pdf Shelf Number: 137283 Keywords: Cyber SecurityNuclear Facilities |
Author: European Commission. Directorate-General for Home Affairs Title: Cyber Security Summary: This report brings together the results of the Special Eurobarometer public opinion survey on "Cyber security" in the 28 European Union countries. Cybercrime is a borderless problem, consisting of criminal acts that are committed online by using electronic communications networks and information systems, including crimes specific to the Internet, online fraud and forgery, and illegal online content. Whilst the value of the cybercriminal economy as a whole is not precisely known, the losses are thought to represent billions of euros per year. The scale of the problem is itself a threat to law enforcement response capability - with more than 150,000 viruses and other types of malicious code in circulation and a million people victims of cybercrime every day. Given the development of cybercrime in recent years, the European Commission has designed a coordinated policy in close co-operation with European Union (EU) Member States and the other EU institutions. EU legislative actions contributing to the fight against cybercrime address issues such as attacks against information systems, online offensive material and child pornography, online privacy, and online fraud and counterfeiting. The aim of this survey is to understand EU citizens' experiences and perceptions of cyber security issues. The survey examines the nature and frequency of Internet usage; their awareness and experience of cybercrime; and the level of concern that they feel about this type of crime. The findings from this survey update a previous survey which was carried out in May-June 2013 (Special Eurobarometer 404). The 2014 survey repeats most of the questions asked in 2013 in order to provide insight into the evolution of knowledge, behaviour and attitudes towards cyber security in the European Union. Details: Luxembourg: European Commission, 2015. 171p. Source: Internet Resource: Special Eurobarometer 423: Accessed February 8, 2016 at: http://ec.europa.eu/public_opinion/archives/ebs/ebs_423_en.pdf Year: 2015 Country: Europe URL: http://ec.europa.eu/public_opinion/archives/ebs/ebs_423_en.pdf Shelf Number: 137810 Keywords: Computer CrimeCyber SecurityCybercrimeInternet CrimeInternet SafetyOnline Victimization |
Author: Simcox, Robin Title: "We Will Conquer Your Rome": A Study of Islamic State Terror Plots in the West Summary: The Islamic State (IS) presently controls significant amounts of land throughout Iraq and Syria. However, its ambitions are not restricted to this territory. Within days of announcing its 'Caliphat', the self-appointed 'Caliph Abu Bakr al-Baghdadi vowed that IS would eventually "conquer Rome". IS precursor groups and the individuals which have trained alongside them have displayed an interest in attacking the West for years. However, an audio message released on 21 September 2014, saw Abu Mohammed al-Adnani, an IS spokesman, attempt to ratchet up the threat. He instructed IS supporters to carry out attacks in the West - no matter how crude. There has subsequently been an increase in IS-linked plots that have emerged in the West. "We Will Conquer Your Rome:" A Study of Islamic State Terror Plots in the West by research fellow Robin Simcox studies all those that have been reported since the declaration of the 'Caliphate', and attempts to draw conclusions about any trends that may be developing. The report studies over a year's worth of Islamic State plots. It examines which countries were most commonly targeted; the age; nationality; background; terrorist training and combat experience of the perpetrators; relevance of the Internet; which sectors are most commonly targeted for attack; and assesses the extent to which the Islamic State directed, assisted or simply just inspired these plots. It concludes that since the declaration of IS's 'Caliphate', there have been, on average, over two plots related to IS that either are foiled or take place in the West every month. Details: London: The Henry Jackson Society, 2015. 59p. Source: Internet Resource: Accessed February 11, 2016 at: http://henryjacksonsociety.org/wp-content/uploads/2015/09/ISIS-brochure-Web.pdf Year: 2015 Country: International URL: http://henryjacksonsociety.org/wp-content/uploads/2015/09/ISIS-brochure-Web.pdf Shelf Number: 137847 Keywords: Cyber SecurityInternet CrimesIslamic StateTerrorismTerrorists |
Author: Australian Government Title: Australia's Cyber Security Strategy: Enabling innovation, growth and prosperity Summary: Strong cyber security is a fundamental element of our growth and prosperity in a global economy. It is also vital for our national security. It requires partnership involving governments, the private sector and the community. Being connected is now essential, creating new opportunities for innovation and growth for all Australians. To be competitive, businesses need to be online. But this also brings risks. Australia is increasingly a target for cybercrime and espionage. All of us- governments, businesses and individuals- need to work together to build resilience to cyber security threats and to make the most of opportunities online. To grow, Australia needs to innovate and further diversify its economy-to access new markets and new forms of wealth creation. We must embrace disruptive technologies; those that have the potential to fundamentally change traditional business models and the way people live and work. They will open up new possibilities for agile businesses in ways as yet unimagined. But the potential of digital technologies depends on the extent to which we can trust the internet and cyberspace. Getting cyber security right will mean we capture more of the opportunities the connected world offers. It will also make Australia a preferred place to do business. This in turn will boost our national prosperity. We can also expand our cyber security businesses and export capability. Australia's cyber security is built on a solid foundation. Our past investment has been strong. Recent Government initiatives such as the Australian Cyber Security Centre have lifted Government capabilities to a new level. Many of our larger businesses, particularly banks and telecommunications companies, have strong cyber security capabilities. Our future work will build on this platform. Details: Canberra: Office of the Prime Minister, 2016. 76p. Source: Internet Resource: Accessed April 26, 2016 at: https://cybersecuritystrategy.dpmc.gov.au/assets/img/PMC-Cyber-Strategy.pdf Year: 2016 Country: Australia URL: https://cybersecuritystrategy.dpmc.gov.au/assets/img/PMC-Cyber-Strategy.pdf Shelf Number: 138819 Keywords: Cyber SecurityCybercrimeInternet CrimeNational Security |
Author: Verizon Title: 2016 Data Breach Investigations Report Summary: Our ninth Data Breach Investigations Report (DBIR) pulls together incident data from 67 contributors around the world to reveal the biggest IT security risks you'll face. This year's dataset is made up of over 100,000 incidents, of which 3,141 were confirmed data breaches. Of these, 64,199 incidents and 2,260 breaches comprise the finalized dataset that was used in the analysis and figures throughout the report. We address the reasons for culling the dataset in Victim Demographics and provide additional details when we discuss motives in Breach Trends. Of course, we would never suggest that every last security event of 2015 is in this report. We acknowledge sample bias, and provide information about our methodology as well as links to resources that we encourage you to look into to help collect and analyze incident data within your own organization, in Appendix E. Details: New York?: Verizon, 2016. 85p. Source: Internet Resource: Accessed May 4, 2016 at: http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/ Year: 2016 Country: International URL: http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/ Shelf Number: 138913 Keywords: Cyber SecurityCybercrimeFinancial Crimes |
Author: Ponemon Institute Title: 2016 Cost of Data Breach Study: Global Analysis Summary: IBM and Ponemon Institute are pleased to release the 2016 Cost of Data Breach Study: Global Analysis. According to our research, the average total cost of a data breach for the 383 companies participating in this research increased from $3.79 to $4 million . The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $154 in 2015 to $158 in this year's study. In addition to cost data, our global study looks at the likelihood of a company having one or more data breach occurrences in the next 24 months. We estimate a 26 percent probability of a material data breach involving 10,000 lost or stolen records. According to this year's findings, organizations in Brazil and South Africa are most likely to have a material data breach involving 10,000 or more records. In contrast, organizations in Germany and Australia are least likely to experience a material data breach. In this year's study, 383 companies located in the following 12 countries participated: United States, United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India, the Arabian region (United Arab Emirates and Saudi Arabia), Canada and, for the first time, South Africa. All participating organizations experienced a data breach ranging from approximately 3,000 to slightly more than 101,500 compromised records . We define a compromised record as one that identifies the individual whose information has been lost or stolen in a data breach. Seven global megatrends in the cost of data breach research Over the many years studying the data breach experience of 2,013 organizations in every industry, the research has revealed the following seven megatrends. 1. Since first conducting this research, the cost of a data breach has not fluctuated significantly. This suggests that it is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies. 2. The biggest financial consequence to organizations that experienced a data breach is lost business. Following a data breach, organizations need to take steps to retain customers' trust to reduce the long-term financial impact. 3. Most data breaches continue to be caused by criminal and malicious attacks. These breaches also take the most time to detect and contain. As a result, they have the highest cost per record. 4. Organizations recognize that the longer it takes to detect and contain a data breach the more costly it becomes to resolve. Over the years, detection and escalation costs in our research have increased. This suggests investments are being made in technologies and in-house expertise to reduce the time to detect and contain. 5. Regulated industries, such as healthcare and financial services, have the most costly data breaches because of fines and the higher than average rate of lost business and customers. 6. Improvements in data governance programs will reduce the cost of data breach. Incident response plans, appointment of a CISO, employee training and awareness programs and a business continuity management strategy continue to result in cost savings. 7. Investments in certain data loss prevention controls and activities such as encryption and endpoint security solutions are important for preventing data breaches. This year's study revealed a reduction in the cost when companies participated in threat sharing and deployed data loss prevention technologies. Details: Traverse City, MI: Ponemon Institute, 2016. 32p. Source: Internet Resource: Accessed September 7, 2016 at: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03094WWEN Year: 2016 Country: International URL: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03094WWEN Shelf Number: 140233 Keywords: Computer Crimes Crimes Against Businesses Cyber Security Cybercrime |
Author: Diniz, Gustavo Title: Deconstructing Cyber Security in Brazil: Threats and Responses Summary: Brazil is doubling down on its cyber-security architecture while simultaneously consolidating its emerging power status. Although organized crime is one of the major threats to Brazilian cyberspace, resources are focused instead on military solutions better suited to the exceptional case of warfare. There is less emphasis on expanding law enforcement capabilities to identify and respond to cyber-crime and related digital malfeasance. Due to the absence of a unified government position on the issue or reliable data, Brazil has evolved an imbalanced approach to cyber-security. If Brazil is to re-balance its approach, it needs to fill knowledge gaps. At a minimum, policy makers require a better understanding of the strategies, tactics and resources of hackers and cyber-crime groups, the ways in which traditional crime is migrating online and the implications of new surveillance technologies. The government should also encourage a broad debate with a clear communications strategy about the requirements of cyber-security and what forms this might take. More critical reflection on the form and content of measured and efficient strategies to engage cyber threats is also needed. Improved coordination between state police forces to better anticipate and respond to cyber-crime is essential. If Brazil is to build a robust and effective cyber-security strategy, an informed debate must begin immediately. Details: Rio de Janeiro: Instituto Igarapé , 2014. 35p. Source: Internet Resource: Strategic Paper 11: Accessed March 4, 2017 at: https://igarape.org.br/wp-content/uploads/2014/11/Strategic-Paper-11-Cyber2.pdf Year: 2014 Country: Brazil URL: https://igarape.org.br/wp-content/uploads/2014/11/Strategic-Paper-11-Cyber2.pdf Shelf Number: 141328 Keywords: Computer CrimeCyber SecurityCybercrimeInternet CrimeSurveillance Technology |
Author: Biancotti, Claudia Title: Cyber attacks: Preliminary evidence from the Bank of Italy's business surveys Summary: This paper presents preliminary evidence on cyber risk in the Italian private sector based on the Bank of Italy's annual surveys of Italian industrial and service firms. The information collected, albeit only covering the incidence of cyber attacks and some aspects of security governance, is the first of its kind for Italy. The results are striking: even though a mere 1.5 per cent of businesses do not deploy any cyber-security measures, 30.3 per cent - corresponding to 35.6 per cent of total employees - report at least some damage from a cyber attack between September 2015 and September 2016. Once data are corrected to account for unwillingness to report or inability to detect attacks on the part of some respondents, these figures climb to 45.2 and 56 per cent respectively, with large, high-tech and internationally exposed businesses faring worse than average. The economy-wide risk level is likely to be higher still; the financial sector, healthcare, education and social care are excluded from the sample, but they are known from other sources to be particularly appealing to attackers. Details: Rome: Bank of Italy, 2017. 32p. Source: Internet Resource: Occasional Paper, no. 373: Accessed May 10, 2017 at: https://www.bancaditalia.it/pubblicazioni/qef/2017-0373/QEF_373.pdf?language_id=1 Year: 2017 Country: Italy URL: https://www.bancaditalia.it/pubblicazioni/qef/2017-0373/QEF_373.pdf?language_id=1 Shelf Number: 145393 Keywords: Computer CrimesComputer SecurityCrime Against BusinessesCyber SecurityCybercrime |
Author: Ponemon Institute Title: 2017 Cost of Cybercrime Study: Insights on the Security investment that Make a Difference Summary: With cyber attacks on the rise, successful breaches per company each year has risen more than 27 percent, from an average of 102 to 130. Ransomware attacks alone have doubled in frequency, from 13 percent to 27 percent, with incidents like WannaCry and Petya affecting thousands of targets and disrupting public services and large corporations across the world. One of the most significant data breaches in recent years has been the successful theft of 143 million customer records from Equifax- a consumer credit reporting agency-a cyber crime with devastating consequences due to the type of personally identifiable information stolen and knock-on effect on the credit markets. Information theft of this type remains the most expensive consequence of a cyber crime. Among the organizations we studied, information loss represents the largest cost component with a rise from 35 percent in 2015 to 43 percent in 2017. It is this threat landscape that demands organizations reexamine their investment priorities to keep pace with these more sophisticated and highly motivated attacks. To better understand the effectiveness of investment decisions, we analyzed nine security technologies across two dimensions: the percentage spending level between them and their value in terms of cost-savings to the business. The findings illustrate that many organizations may be spending too much on the wrong technologies. Five of the nine security technologies had a negative value gap where the percentage spending level is higher than the relative value to the business. Of the remaining four technologies, three had a significant positive value gap and one was in balance. So, while maintaining the status quo on advanced identity and access governance, the opportunity exists to evaluate potential over-spend in areas which have a negative value gap and rebalance these funds by investing in the breakthrough innovations which deliver positive value. Following on from the first Cost of Cyber Crime1 report launched in the United States eight years ago, this study, undertaken by the Ponemon Institute and jointly developed by Accenture, evaluated the responses of 2,182 interviews from 254 companies in seven countries-Australia, France, Germany, Italy, Japan, United Kingdom and the United States. We aimed to quantify the economic impact of cyber attacks and observe cost trends over time to offer some practical guidance on how organizations can stay ahead of growing cyber threats. Details: s.l.: Accenture, 2017. 56p. Source: Internet Resource: https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf Year: 2017 Country: United States URL: https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf Shelf Number: 149125 Keywords: Costs of Crime Crime Against BusinessesCrime StatisticsCyber SecurityCybercrime Internet Crime |
Author: Petrie, Elizabeth M. Title: Sharing Insider Threat Indicators: Examining the Potential Use of Swift's Messaging Platform to Combat Cyber Fraud Summary: Cyber actors are operating under a shared services model giving them access to infrastructure, tools, targets and the ability to monetise their exploits. As a result, organisations across industries must enhance communication channels to share threat information in order to pre-empt cyber fraud schemes. This requires both an ability to identify the patterns of behaviour that indicate cyber fraud activity is occurring and a platform for communicating potential threat information. The report "Sharing Insider Threat Indicators: Leveraging SWIFT's Messaging Platform to Combat Cyber Fraud" focuses on identifying the patterns of behaviour typically indicative of efforts by criminals to use insiders to cash out on fraudulent activity. The objective of this research is to explore the potential for organisations to use an existing telecommunication platform, such as SWIFT, to communicate cyber fraud threat information by establishing indicators of cashout behaviour, which could warn of cyber fraud activity. Details: London: Swift Institute, 2017. 33p. Source: Internet Resource: Accessed June 27, 2019 at: https://swiftinstitute.org/wp-content/uploads/2017/10/SIWP_2016-003_Insider_Cashout_Citi_American_University_final.pdf Year: 2017 Country: International URL: https://swiftinstitute.org/research/sharing-threat-indicators-of-cyber-fraud-via-intelligence-information-reports/ Shelf Number: 156723 Keywords: Cyber FraudCyber SecurityCybercrimeFinancial CrimeTelecommunications |