Transaction Search Form: please type in any of the fields below.
Date: November 22, 2024 Fri
Time: 11:56 am
Time: 11:56 am
Results for cybersecurity
54 results foundAuthor: Burd, Steffani A. Title: The Impact of Information Security in Academic Institutions on Public Safety and Security: Assessing the Issues and Developing Solutions for Policy and Practice Summary: From the abstract: "Academic institutions face a barrage of information security incidents such as data theft, malicious software infections, hacks into their computer networks, and infiltration of other entities via their networks. Adverse impacts of these incidents include compromised private data and intellectual property, substantial financial losses, and potential threats to critical infrastructure, public safety, and national security. Despite these issues, little research has been conducted at the policy, practical theoretical levels, and few policies and cost-effective controls have been developed. The purpose of this research study was to address the need for objective data and to develop a practical roadmap for policy and practice. Study design incorporated quantitative field survey, qualitative interview, and empirical network analysis methods." Details: New York: Columbia University Teachers College, 2006 Source: Year: 2006 Country: United States URL: Shelf Number: 115361 Keywords: CybersecurityPublic Safety |
Author: U.S. Department of Homeland Security. Office of Inspector General Title: DHS Needs to Improve the Security Posture of Its Cybersecurity Program Systems Summary: Cyber threats pose a significant risk to economic and national security. In response to these threats, the President, legislators, experts, and others have characterized cybersecurity, or measures taken to protect a computer or computer system against unauthorized access or attack, as a pressing national security issue. The National Cyber Security Division (NCSD) was established to serve as the national focal point for addressing cybersecurity issues in the public and private sectors. The United States Computer Emergency Readiness Team (US-CERT), created under NCSD, is responsible for compiling and analyzing information about cybersecurity incidents and providing timely technical assistance to operators of agency information systems regarding security incidents. The team provides response support and defense against cyber attacks for the federal civil executive branch; disseminates reasoned and actionable cybersecurity information to the public; and facilitates information sharing with state and local government, industry, and international partners. This audit focused on the security of the systems that US-CERT uses to accomplish its cybersecurity mission. Overall, NCSD has implemented adequate physical security and logical access controls over the cybersecurity program systems used to collect, process, and disseminate cyber threat and warning information to the public and private sectors. However, a significant effort is needed to address existing security issues in order to implement a robust program that will enhance the cybersecurity posture of the federal government. To ensure the confidentiality, integrity, and availability of its cybersecurity information, NCSD needs to focus on deploying timely system security patches to mitigate risks to its cybersecurity program systems, finalizing system security documentation, and ensuring adherence to departmental security policies and procedures. The report makes 10 recommendations to the Director, NCSD. NCSD has already begun to take the actions to implement them. National Protection and Programs Directorate (NPPD)’s response is summarized and evaluated in the body of this report and included, in its entirety, as Appendix B. Details: Washington, DC: U.S. Department of Homeland Security, 2010. 30p. Source: Internet Resource: Accessed September 14, 2010 at: http://www.dhs.gov/xoig/assets/mgmtrpts/OIG_10-111_Aug10.pdf Year: 2010 Country: United States URL: http://www.dhs.gov/xoig/assets/mgmtrpts/OIG_10-111_Aug10.pdf Shelf Number: 119796 Keywords: Computer CrimesCybercrimesCybersecurityHomeland Security |
Author: Bajaj, Kamlesh Title: The Cybersecurity Agenda: Mobilizing for International Action Summary: Cyberspace comprises IT networks, computer resources, and all the fixed and mobile devices connected to the global Internet. A nation’s cyberspace is part of the global cyberspace; it cannot be isolated to define its boundaries since cyberspace is borderless. This is what makes cyberspace unique. Unlike the physical world that is limited by geographical boundaries in space—land, sea, river waters, and air—cyberspace can and is continuing to expand. Increased Internet penetration is leading to growth of cyberspace, since its size is proportional to the activities that are carried through it. Cyberspace merges seamlessly with the physical world. So do cyber crimes. Cyber attackers can disrupt critical infrastructures such as financial and air traffic control systems, producing effects that are similar to terrorist attacks in the physical space They can also carry out identity theft and financial fraud; steal corporate information such as intellectual property; conduct espionage to steal state and military secrets; and recruit criminals and others to carry out physical terrorist activities. Anyone can exploit vulnerabilities in any system connected to the Internet and attack it from anywhere in the world without being identified. As the Internet and new technologies grow, so do their vulnerabilities. Knowledge about these vulnerabilities and how to exploit them are widely available on the Internet. During the development of the global digital Internet and communications technology (ICT) infrastructure, the key considerations were interoperability and efficiency, not security. The explosion of mobile devices continues to be based on these insecure systems of Internet protocols. It is increasingly cheap to launch cyber attacks, but security systems are getting more and more expensive. This growing asymmetry is a game changer. It has another dimension, too—individuals, terrorists, criminal gangs, or smaller nations can take on much bigger powers in cyberspace, and through it, in the physical world, as well. The effects of attacks on critical infrastructure such as electricity and water supplies are similar to those that would be caused by weapons of mass destruction, without the need for any physical attacks. Proving attribution in cyberspace is a great challenge. In most cases, it is extremely difficult to attribute cyber attacks to nation-states, collecting irrefutable evidence. The very nature of botnets and zombies makes it difficult to do so, leading to the conclusion that “the Internet is the perfect platform for plausible deniability.” Nations are developing cyber attack capabilities with a view to dominating cyberspace. However, unilateral dominance in cyberspace is not achievable by any country. But uncontrolled growth of cyber attack capabilities—in effect, cyber attack proliferation — is an increasingly troubling phenomenon. Yet another disturbing reality is that cyber attacks can be launched ever more easily, and propagated faster using the same broadband that nations are building for global e-commerce. Finally, the consequences of a cyber attack are more likely to be indirect and more uncertain than most scenarios currently envision; we may not always recognize the damage inflicted by cyber attackers. Cybersecurity is a global problem that has to be addressed globally by all governments jointly. No government can fight cybercrime or secure its cyberspace in isolation. Cybersecurity is not a technology problem that can be ‘solved’; it is a risk to be managed by a combination of defensive technology, astute analysis and information warfare, and traditional diplomacy. Cyber attacks constitute an instrument of national policy at the nexus of technology, policy, law, ethics, and national security. Such attacks should spur debate and discussion, without any secrecy, both inside and outside governments at national and international levels. This is all the more so because of the growing number of significant actors not tied to, or even loosely affiliated with, nation-states. Over the last few months, events in cyberspace such as the GhostNet attacks on governments and large multinational corporations, whether to steal intellectual property or attack free speech, bear this out. They are not restricted by geographical borders or national laws. There is an added dimension to this problem: the infrastructures are owned and operated by the private sector, and cyberspace passes through various legal jurisdictions all over the world. Each government has to engage in supporting its private sector for cybersecurity through effective public-private partnership (PPP) models, with clearly-defined roles for government and industry. Because cyberspace is relatively new, legal concepts for ‘standards of care’ do not exist. Should governments create incentives to generate collective action? For example, they could reduce liability in exchange for improved security, or introduce tax incentives, new regulatory requirements, and compliance mechanisms. Nations have to take appropriate steps in their respective jurisdictions to create necessary laws, promote the implementation of reasonable security practices, incident management, and information sharing mechanisms, and continuously educate both corporate and home users about cybersecurity. International cooperation is essential to securing cyberspace. When it comes to tracking cyber criminals, it is not only the laws dealing with cyber crimes that must exist in various countries, but the collection of appropriate cyber forensics data in various jurisdictions and their presentation in courts of law, which are essential to bring criminals to justice in sovereign countries. Details: Washington, DC: EastWest Institute, 2010. 24p. Source: Internet Resource: Accessed October 13, 2010 at: http://www.ewi.info/system/files/Bajaj_Web.pdf Year: 2010 Country: International URL: http://www.ewi.info/system/files/Bajaj_Web.pdf Shelf Number: 119942 Keywords: Computer CrimesCybercrimeCybersecurityInternet Crimes |
Author: Theohary, Catherine A. Title: Terrorist Use of the Internet: Information Operations in Cyberspace Summary: The Internet is used by international insurgents, jihadists, and terrorist organizations as a tool for radicalization and recruitment, a method of propaganda distribution, a means of communication, and ground for training. Although there are no known reported incidents of cyberattacks on critical infrastructure as acts of terror, this could potentially become a tactic in the future. There are several methods for countering terrorist and insurgent information operations on the Internet. The federal government has organizations that conduct strategic communications, counterpropaganda, and public diplomacy activities. The National Framework for Strategic Communication guides how interagency components are to integrate their activities. However, these organizations may be stovepiped within agencies, and competing agendas may be at stake. This report does not discuss technical and Internet architecture design solutions. Some may interpret the law to prevent federal agencies from conducting “propaganda” activities that may potentially reach domestic audiences. Others may wish to dismantle all websites that are seen to have malicious content or to facilitate acts of terror, while some may have a competing interest in keeping a site running and monitoring it for intelligence value. Key issues for Congress: • Although the Comprehensive National Cybersecurity Initiative addresses a federal cybersecurity strategy and departmental roles and responsibilities, overclassification, competing equities, and poor information sharing between agencies hinder implementation of a national cybersecurity strategy. (See “Federal Government Efforts to Address Cyberterrorism.”) • Federal agencies have interpreted the United States Information and Educational Exchange Act of 1948 (22 U.S.C. § 1461), also known as the Smith-Mundt Act, as creating a “firewall” between foreign and domestic audiences, limiting U.S. government counterpropaganda activities on the Internet. (See “Institutional Constraints.”) • Some agencies favor monitoring and surveillance of potentially harmful websites, while others would shut them down entirely. (See “Intelligence Gain/Loss Calculus.”) • Different agency approaches to combating terrorists’ use of the Internet and different definitions and strategies for activities such as information operations (IO) and strategic communications (SC) create an oversight challenge for Congress. (See “Counterpropaganda: Strategic Communications, Public Diplomacy, and Information Operations.”) Cybersecurity proposals from the 111th Congress such as S. 3480, which contained controversial provisions labeled by the media as the Internet “Kill Switch,” are likely to be reintroduced in some form in the 112th Congress. (See “Congressional Activity.”) With growing interest in strategic communications and public diplomacy, there may also be an effort to revise the Smith- Mundt Act. Details: Washington, DC: Congressional Research Services, 2011. 19p. Source: Internet Resource: R41674: Accessed March 22, 2011 at: http://www.fas.org/sgp/crs/terror/R41674.pdf Year: 2011 Country: United States URL: http://www.fas.org/sgp/crs/terror/R41674.pdf Shelf Number: 121095 Keywords: CybercrimeCybersecurityInternet CrimesTerrorismTerrorists |
Author: Sommer, Peter Title: Reducing Systemic Cybersecurity Risk Summary: This report is part of a broader OECD study into ―Future Global Shocks, examples of which could include a further failure of the global financial system, large-scale pandemics, escape of toxic substances resulting in wide-spread long-term pollution, and long-term weather or volcanic conditions inhibiting transport links across key intercontinental routes. The authors have concluded that very few single cyber-related events have the capacity to cause a global shock. Governments nevertheless need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate. There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services. In addition, reliable Internet and other computer facilities are essential in recovering from most other large-scale disasters. Details: Paris: Organisation for Economic Co-operation and Development, 2011. 119p. Source: Internet Resource: Accessed May 11, 2011 at: http://www.oecd.org/dataoecd/57/44/46889922.pdf Year: 2011 Country: International URL: http://www.oecd.org/dataoecd/57/44/46889922.pdf Shelf Number: 121708 Keywords: Computer CrimesCybercrimeCybersecurityInternet |
Author: Connolly, Chris Title: An Overview of International Cyber-Security Awareness Raising and Educational Initiatives Summary: This study presents a comparative study of international Cyber-Security awareness training and educational initiatives. The report examined 68 international initiatives. This project has consisted of two research components: Component 1 – Comparative analysis of international initiatives: The first component was a comparative analysis of the approaches taken internationally to provide awareness raising and educational activities designed to empower the general and small business community with respect to Cyber-Security risks. This study examined a selection (68 in total) of initiatives in 11 jurisdictions. This study is not intended to represent an exhaustive study of every initiative in every jurisdiction. There has been a focus on English language initiatives – although 13 French and German initiatives were included in the study. Australian initiatives and resources were not included in this study. Component 2 – Campaign evaluations: The second component was an analysis of the literature used to support the implementation of these strategies as well as literature that evaluates the effectiveness of Cyber-Security education and awareness raising programs. This involved the examination of the only 2 initiatives (out of 68) where an evaluation had been conducted – plus 5 evaluations of similar campaigns in other fields (such as cyber-safety). This study is reporting on evaluations that are available and not evaluating campaigns per se. Details: Canberra: Australian Communications and Media Authority, 2011. 100p. Source: Internet Resource: Accessed July 28, 2011 at: http://www.acma.gov.au/webwr/_assets/main/lib310665/galexia_report-overview_intnl_cybersecurity_awareness.pdf Year: 2011 Country: International URL: http://www.acma.gov.au/webwr/_assets/main/lib310665/galexia_report-overview_intnl_cybersecurity_awareness.pdf Shelf Number: 122191 Keywords: Computer CrimesCybercrimeCybersecurity |
Author: Shachtman, Noah Title: Pirates of the ISPs: Tactics for Turning Online Crooks Into International Pariahs Summary: At the beginning of the 19th century, piracy was an ongoing threat and an accepted military tactic. By the end of the century, it was taboo, occurring solely off the shores of failed states and minor powers. The practice of hijacking did not vanish entirely, of course; it is flourishing now on the world’s computer networks, costing companies and consumers countless billions of dollars. Cybercrime today seems like a nearly insoluble problem, much like piracy was centuries ago. There are steps, however, that can be taken to curb cybercrime’s growth—and perhaps begin to marginalize the people behind it. Some of the methods used to sideline piracy provide a useful, if incomplete, template for how to get it done. Shutting down the markets for stolen treasure cut off the pirates’ financial lifeblood; similar pushes could be made against the companies that support online criminals. Piracy was eventually brought to heel when nations took responsibility for what went on within its borders. Based on this precedent, cybercrime will only begin to be curbed when greater authority — and accountability — is exercised over the networks that form the sea on which these modern pirates sail. In this new campaign, however, private companies, not governments, will have to play the central role, as Harvard’s Tyler Moore and others have suggested. After all, the Internet is not a network of governments; it is mostly an amalgam of businesses that rely almost exclusively on handshake agreements to carry data from one side of the planet to another. The vast majority of the Internet’s infrastructure is in the hands of these 5,000 or so Internet Service Providers (ISPs) and carrier networks, as is the ability to keep crooks off that infrastructure. If this relatively small group can be persuaded to move against online criminals, it will represent an enormous step towards turning these crooks into global pariahs. The most productive thing ISPs can do to curb crime is put pressure on the companies that support and abet these underground enterprises. Currently, registration companies sell criminals their domain names, like “thief.com.” Hosting firms provide the server space and Internet Protocol addresses needed to make malicious content online accessible. But without ISPs, no business, straight or crooked, gets online. A simple statistic underscores the ISPs’ role as a critical intermediary: just 10 ISPs account for around 30 percent of all the spam-spewing machines on the planet. ISPs are well aware of which hosting companies, for example, are the most friendly to criminals; lists of these firms are published constantly. But,currently, ISPs have little motivation to cut these criminal havens off from the rest of the Internet. There is no penalty for allowing illicit traffic to transit over their networks. If anything, there is a strong incentive for maintaining business-as-usual: the hosting company that caters to crooks also has legitimate customers, and both pay for Internet access. So ISPs often turn a blind eye, even though the worst criminal havens are well-known. That is where government could help. It could introduce new mechanisms to hold hosting companies liable for the damage done by their criminal clientele. It could allow ISPs to be held liable for their criminal hosts. It could encourage and regulate ISPs to share more information on the threats they find. Government could also encourage more private businesses to come clean when they are victimized. Today, just three in ten organizations surveyed by the security firm McAfee report all of their data breaches. That not only obscures the true scope of cybercrime; it prevents criminals and criminal trends from being caught earlier. Government can alter that equation by expanding the requirements to report data breaches. It could require its contractors to purchase network security insurance, forcing companies to take these breaches more seriously. And it can pour new resources into and craft new strategies for disrupting criminals’ support networks. These steps will serve as important signals that America will no longer tolerate thieves and con artists operating on its networks. After all, 20 of the 50 most crime-friendly hosts in the world are American, according to the security researchers at HostExploit. As the United States gets serious in curbing these criminals, it can ask more from — and work more closely with — other countries. China, for instance, sees itself as the world’s biggest victim of cybercrime, even as it remains a hotbed for illicit activity. Not coincidentally, China is also only partially connected to the global community of ISPs. Dialogues to bring the Chinese closer into the fold will not only make it easier to marginalize cybercriminals; it will build momentum for broader negotiations on all sorts of Internet security issues. Details: Washington, DC: John L. Thornton China Center at Brookings, 2011. 44p. Source: Internet Resource: Cyber Security #1: Accessed August 26, 2011 at: http://www.brookings.edu/~/media/Files/rc/papers/2011/0725_cybersecurity_shachtman/0725_cybersecurity_shachtman.pdf Year: 2011 Country: International URL: http://www.brookings.edu/~/media/Files/rc/papers/2011/0725_cybersecurity_shachtman/0725_cybersecurity_shachtman.pdf Shelf Number: 122561 Keywords: Computer CrimeCybercrimeCybersecurityInternet Crimes |
Author: Friedman, Allan Title: Economic and Policy Frameworks for Cybersecurity Risks Summary: Congress and the Obama administration have advanced dozens of proposals addressing cybersecurity. While many of these bills propose admirable policies, they often attempt to address a wide range of issues under a poorly matched set of frameworks. This paper offers three observations built around a framework of risk management to help focus the discussion. First, we caution against conflating different threats simply because they all involve information technology. Crime, espionage and international conflict are very different threats, and grouping them together can lead to poorly framed solutions. Second, we argue that looking at cybersecurity from the perspective of economics can offer important insight into identifying important policy opportunities. Finally, we suggest a series of governance frameworks that can be used in a complementary fashion to address many of the issues discussed. Details: Washington, DC: Center for Technology Innovation, Brookings, 2011. 24p. Source: Internet Resource: Accessed September 20, 2011 at: http://www.brookings.edu/~/media/Files/rc/papers/2011/0721_cybersecurity_friedman/0721_cybersecurity_friedman.pdf Year: 2011 Country: United States URL: http://www.brookings.edu/~/media/Files/rc/papers/2011/0721_cybersecurity_friedman/0721_cybersecurity_friedman.pdf Shelf Number: 122796 Keywords: Cybercrime (U.S.)CybersecurityRisk Management |
Author: Ponemon Institute Title: Second Annual Cost of Cyber Crime Study: Benchmark Study of U.S. Companies Summary: Sponsored by ArcSight, an HP company, this report presents the findings of the Second Annual Cost of Cyber Crime Study. This year’s study is based on a representative sample of 50 organizations in various industry sectors. While our research focused on organizations located in the United States, many are multinational corporations. For consistency purposes, our benchmark sample consists of only larger-sized organizations (i.e., more than 700 enterprise seats). Despite widespread awareness of the impact of cybercrime, cyber attacks continue to occur frequently and result in serious financial consequences for businesses and government institutions. Key takeaways from this report include: Cyber crimes can do serious harm to an organization’s bottom line. We found that the median annualized cost of cyber crime for 50 organizations in our study is $5.9 million per year, with a range of $1.5 million to $36.5 million each year per company. This represents an increase in median cost of 56 percent from our first cyber cost study published last year. Cyber attacks have become common occurrences. The companies in our study experienced 72 successful attacks per week and more than one successful attack per company per week. This represents an increase of 44 percent from last year’s successful attack experience. The most costly cyber crimes are those caused by malicious code, denial of service, stolen devices and web-based attacks. Mitigation of such attacks requires enabling technologies such as SIEM and enterprise governance, risk management and compliance (GRC) solutions. Similar to last year, the purpose of this benchmark research is to quantify the economic impact of cyber attacks and observe cost trends over time. We believe a better understanding of the cost of cyber crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack. Cyber attacks generally refer to criminal activity conducted via the Internet. These attacks can include stealing an organization’s intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet and disrupting a country’s critical national infrastructure. Recent well-publicized cyber attacks – for instance, Wikileaks, Epsilion, Sony, Citibank, Boeing, Google, and RSA – have affected private and public sector organizations. As described above, our goal is to be able to quantify with as much accuracy as possible the costs incurred by organizations when they have a cyber attack. In our experience, a traditional survey approach would not capture the necessary details required to extrapolate cyber crime costs. Therefore, we decided to pursue field-based research that involved interviewing senior-level personnel and collecting details about actual cyber crime incidents. Approximately nine months of effort was required to recruit companies, build an activity-based cost model, collect source information and analyze results. This research culminated with the completion of case studies involving 50 organizations. The focus of our project was the direct, indirect and opportunity costs that resulted from the loss or theft of information, disruption to business operations, revenue loss and destruction of property, plant and equipment. In addition to external consequences of the cyber crime, the analysis attempted to capture the total cost spent on detection, investigation, containment, recovery and after-the-fact or “ex-post” response. Details: Traverse City, MI: Ponemon Institute, 2011. 30p. Source: Internet Resource: Accessed September 20, 2011 at: http://www.arcsight.com/collateral/whitepapers/2011_Cost_of_Cyber_Crime_Study_August.pdf Year: 2011 Country: United States URL: http://www.arcsight.com/collateral/whitepapers/2011_Cost_of_Cyber_Crime_Study_August.pdf Shelf Number: 122797 Keywords: Crimes Against BusinessesCybercrimesCybersecurityInternet Crimes |
Author: Tehan, Rita Title: Cybersecurity: Authoritative Reports and Resources Summary: Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated by individuals, as well as countries. Targets have included government networks, military defenses, companies, or political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomatic or industrial espionage, or intimidating political activists. In addition, national borders mean little or nothing to cyberattackers, and attributing an attack to a specific location can be difficult, which also makes a response problematic. Congress has been actively involved in cybersecurity issues, holding hearings every year since 2001. There is no shortage of data on this topic: government agencies, academic institutions, think tanks, security consultants, and trade associations have issued hundreds of reports, studies, analyses, and statistics. This report provides links to selected authoritative resources related to cybersecurity issues. This report includes information on • “Legislation” • “Hearings in the 112th Congress” • “Executive Orders and Presidential Directives” • “Data and Statistics” • “Cybersecurity Glossaries” • “Reports by Topic” • Government Accountability Office (GAO) reports • White House/Office of Management and Budget reports • Military/DoD • Cloud Computing • Critical Infrastructure • National Strategy for Trusted Identities in Cyberspace (NSTIC) • Cybercrime/Cyberwar • International • Education/Training/Workforce • Research and Development (R&D) • “Related Resources: Other Websites” Details: Washington, DC: Congressional Research Service, 2012. 55p. Source: Internet Resource: R42507: Accessed April 30, 2012 at: http://www.fas.org/sgp/crs/misc/R42507.pdf Year: 2012 Country: United States URL: http://www.fas.org/sgp/crs/misc/R42507.pdf Shelf Number: 125104 Keywords: Cybercrime (U.S.)Cybersecurity |
Author: Robinson, Elly Title: Parental involvement in preventing and responding to cyberbullying Summary: This paper outlines definitions and statistics related to cyberbullying, differences between cyberbullying and offline bullying, and parents’ roles and involvement in preventing and responding to cyberbullying incidents. The aim of the paper is to inform practitioners and other professionals of ways to help parents clarify their roles, and provide them with the tools to help their teenage children engage in responsible online behaviour. Details: Melbourne, Victoria, Australia: Child Family Community Australia, Australian Institute of Family Studies, 2012. 11p. Source: CFCA Paper No. 4 2012: Internet Resource: Accessed June 7, 2012 at http://www.aifs.gov.au/cfca/pubs/papers/04/cfca04.pdf Year: 2012 Country: Australia URL: http://www.aifs.gov.au/cfca/pubs/papers/04/cfca04.pdf Shelf Number: 125337 Keywords: Bullying (Australia)Crime PreventionCyberbullying (Australia)CybersecurityParents |
Author: KPMG, Assurance & Advisory Services Center Title: E-Commerce and Cyber Crime: New Strategies for Managing the Risks of Exploitation Summary: At the turn of the millennium, one would be hard-pressed to find a competitive and thriving organisation that does not rely upon communications and other information technologies as an enabler of its activities. No longer incidental to the workings of an organisation, technology is integral to business today. At the same time, however, the very “digital nervous system,” as Bill Gates terms it, that enables and improves our lives at work and at home also creates enormous new risks, many of which organisations may not perceive or have not yet considered. The complexity of modern enterprises, their reliance on technology, and the heightened interconnectivity among organisations that is both a result and a driver of e-business— these are rapidly evolving developments that create widespread opportunities for theft, fraud, and other forms of exploitation by offenders both outside and inside an organisation. With the growth of e-business, internal and external perpetrators can exploit traditional vulnerabilities in seconds. They can also take advantage of new weaknesses—in the software and hardware architectures that now form the backbone of most organisations. In a networked environment, such crimes can be committed on a global basis from almost any location in the world, and they can significantly affect an organisation’s overall well-being. As businesses grow and partner, systems become increasingly sophisticated and less dependent on human intervention. Monitoring individual behaviour becomes more difficult (though certainly more important); and vulnerability to electronic crime grows as organisations are increasingly connected to, and reliant on, individuals and systems they do not directly control. Most organisations are alert to the risks posed by electronic viruses such as the May 2000 “I Love You” virus, which spawned a number of derivative viruses and is estimated to have cost businesses and governments upward of $10 billion dollars. Many, however, remain unaware of the extent to which they can be harmed by a wide variety of cyber misbehaviour that may originate with their own employees or partners. As organisations develop and refine their e-business strategies, they need to consider the issues that influence the confidentiality, integrity, and availability of their data. In this context, they need to know how they can be affected by the new risks of e-crime and how inadequate preparation could leave them open to an attack that could easily diminish the value of their businesses. This white paper focuses on how organisations can use a comprehensive cyber defence program to turn e-crime preparedness into a new competitive advantage. It describes the business risks now evolving rapidly in the electronic marketplace. It discusses how some attacks take place as well as how some organisations are beginning to protect themselves, both to deter and respond to attacks and to avert further damage once an exploitation has taken place. Finally, this document examines how the scope and nature of e-crime is expected to change and how organisations can prepare to meet those new challenges. Details: New York: KPMG, 2000. 32p. Source: Internet Resource: Accessed September 13, 2012 at http://www.uazuay.edu.ec/bibliotecas/e-marketing/E-Commerce%20and%20Cyber%20Crime.pdf Year: 2000 Country: United States URL: http://www.uazuay.edu.ec/bibliotecas/e-marketing/E-Commerce%20and%20Cyber%20Crime.pdf Shelf Number: 126333 Keywords: Computer CrimesCosts of CrimeCybercrimesCybersecurity |
Author: Ponemon Institute Title: 2012 Cost of Cyber Crime Study: Germany Summary: This is the first year the study was conducted in Germany to better understand the economic impact a cyber attack can have on an organization. The benchmark study is based on a representative sample of 43 organizations in various industry sectors. The first Cost of Cyber Crime Study was conducted in the US in 2010 and is now in its third year. Cyber attacks generally refer to criminal activity conducted via the Internet. These attacks can include stealing an organization’s intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet and disrupting a country’s critical national infrastructure. In Germany, theft of information and revenue losses create the highest costs for organizations following a cyber attack. Details: Traverse City, MI: Ponemon Institute, 2012. 30p. Source: Internet Resource: Accessed October 22, 2012 at http://www.hpenterprisesecurity.com/news/download/2012-cost-of-cyber-crime-study-germany Year: 2012 Country: United States URL: http://www.hpenterprisesecurity.com/news/download/2012-cost-of-cyber-crime-study-germany Shelf Number: 126774 Keywords: Costs of Crime (Germany)Cybercrimes (Germany)CybersecurityInternet Crimes |
Author: Klimburg, Alexander, ed. Title: National Cyber Security Framework Manual Summary: As stated in the Strategic Concept for the Defence and Security of the Members of the North Atlantic Treaty Organisation of November 2010, NATO Member States have recognised that malicious cyber activities ‘can reach a threshold that threatens national and Euro-Atlantic prosperity, security and stability’.1 In order to assure the security of NATO’s territory and populations, the Alliance has committed to continue fulfilling its essential core tasks, inter alia, to deter and to defend against emerging security challenges, such as cyber threats.2 The revised NATO Policy on Cyber Defence of 8 June 2011 focuses NATO on the protection of its own communication and information systems in order to perform the Alliance’s core tasks of collective defence and crisis management.3 However, as cyber threats transcend State borders and organisational boundaries, the policy also stresses the need for cooperation of the Alliance with NATO partner countries, private sector and academia.4 NATO Member States reinforced the importance of international cooperation by stating in the Chicago Summit Declaration of May 2012 t hat ‘[t]o address the cyber security threats and to improve our common security, we are committed to engage with relevant partner countries on a case-by-case basis and with international organisations [...] in order to increase concrete cooperation.’5 Against this background, it is of paramount importance to increase the level of protection against cyber threats and to steadily improve the abilities to appropriately address cyber threats by Allies and NATO’s partner countries. The ‘National Cyber Security Framework Manual’ addresses national cyber security stakeholders in NATO Member States or NATO partner countries, including leaders, legislators, regulators and Internet Service Providers. It will serve as a guide to develop, improve or confirm national policies, laws and regulations, decisionmaking processes and other aspects relevant to national cyber security. Hence, this Manual will support NATO’s goal of enhancing the ‘common security’ with regard to ‘cyber security threats’, as expressed by the Allies in the aforementioned Chicago Summit Declaration. The implementation, maintenance and improvement of national cyber security comprises a range of elements. These can address strategic documents of political nature, laws, regulations, organisational and administrative measures, such as communication and crisis management procedures within a State, but also purely technical protection measures. Furthermore, awareness raising, training, education, exercises and international cooperation are important features of national cyber security. Thus, the aspects to be considered reach from the strategic through the administrative or operational to the tactical level. This Manual addresses all of those levels in the various sections, shows different possibilities of approaches to national cyber security, and highlights good practices within national cyber security strategies and techniques. This approach is based on the reasoning that States have different features and prerequisites with regard to their legal framework, historical and political contexts, governmental structure, organisational structures, crisis management processes, and mentality. Therefore, this Manual cannot provide a ‘blueprint’ which would be feasible and useful for all States, but rather shows diverse aspects and possibilities to be considered in the course of drafting a national cyber security strategy. Due to its rather academic approach – although being of practical use – and the incorporation of military aspects, the Manual differs from publications with a similar goal and target audience. Details: Tallinn, Estonia: NATO Cooperative Cyber Defence Centre of Excellence, 2012. 253p. Source: Internet Resource: Accessed April 5, 2013 at: http://www.ccdcoe.org/publications/books/NationalCyberSecurityFrameworkManual.pdf Year: 2012 Country: International URL: http://www.ccdcoe.org/publications/books/NationalCyberSecurityFrameworkManual.pdf Shelf Number: 128289 Keywords: CybercrimeCybersecurityInternet CrimeTerrorism |
Author: Australia. Parliament. Joint Select Committee on Cyber-Safety Title: Cybersafety for Seniors: A Worthwhile Journey. Second Interim Report Summary: Cyber technology has developed dramatically in the last 20 years and the internet and other new communications technologies have infiltrated lives in ways which would not have been imagined only a few years ago. Australians are now communicating with government, business, family and friends, as well as shopping and banking, online. While many senior Australians may have been reluctant to venture into the cyber world initially, seniors are now the fastest growing online user group in the country. Anyone who uses the internet is vulnerable to cyber security threats but the Committee found that seniors are particularly vulnerable for several reasons. Additionally, seniors are attractive targets for criminals because many seniors own substantial assets and have access to life savings and their superannuation. In many cases, seniors are looking for opportunities to invest their money, so they might be receptive to scams and fraudulent investment opportunities. The Committee spoke to seniors who have enthusiastically embraced the internet and other communications technology, and who act safely online. However, the Committee also received a lot of evidence showing that there are many senior Australians who either are not using the internet at all, or are using it with caution, because they are afraid of becoming involved in cyber security issues. Additionally, many are now too embarrassed to admit to family and others that they have no knowledge of the internet and no idea how they would go about ‘getting online’. For these seniors, education and training will be their key to becoming cyber savvy and cyber safe. Paradoxically, it is often the seniors who could most benefit from being online in their own home—that is, the geographically isolated or those who are housebound through disability or for other reasons—who have been left behind and are not yet online. Many of these seniors are hesitant to venture into the cyber world, if indeed they even knew how to do so. The Committee found that there is a lot of help available for seniors who want to go online, particularly in the more populated parts of the country. Many seniors’ groups, public libraries and government departments around the nation are helping seniors start the journey towards being cyber savvy. Some seniors’ clubs are teaching computing with a cybersafety component and some also teach dedicated cybersafety courses. The Universities of the Third Age are experiencing very high demand for their computer courses. Public libraries around the nation are doing an impressive job of helping seniors to safely use email, smartphones, social networking and to access government sites and services. Over 2,000 Broadband for Seniors kiosks are located around the nation offering free internet access and training for seniors. The Committee has made 13 recommendations in this unanimous report which should help improve cybersafety for senior Australians. Details: Canberra: Australian Parliament, 2013. 194p. Source: Internet Resource: Accessed April 25, 2013 at: http://apo.org.au/research/cybersafety-seniors-worthwhile-journey Year: 2013 Country: Australia URL: http://apo.org.au/research/cybersafety-seniors-worthwhile-journey Shelf Number: 128436 Keywords: Computer CrimeCubercrime (Australia)CybersecurityInternet Crime |
Author: Bronk, Christopher Title: Risk-Intelligent Governance in the Age of Cyberthreats Summary: Cybersecurity is an issue of foremost interest for policymakers in the world's government, corporations, nongovermental organizations, academic institutions, and other associations. However, remedy for the myriad cyberthreats and vulnerabilities continues to elude technologists and policymakers alike. In this paper, we consider the concept of cyberrisk intelligence, a general concept of understanding the varied phenomena that impact an organization's capacity to secure its digital communitions and resources from eavesdropping, theft, or attack. We also consider the deeper economics of information held and transmitted in digital form and how those economics may alter thinking on risk modeling. Finally, we offer guidance on how organizations and entire sectors of business activity may want to alter their thinking on cybersecurity issues beyond a technological framing to include an informational perspective aligned with business activities. Details: Houston, TX: Rice University, James A. Baker III Institute for Public Policy, 2013. 16p. Source: Internet Resource: Risk Intelligence Series Issue No. 23: Accessed May 2, 2013 at: http://bakerinstitute.org/publications/ITP-pub-RiskIntelligentGovernance-042613.pdf Year: 2013 Country: International URL: http://bakerinstitute.org/publications/ITP-pub-RiskIntelligentGovernance-042613.pdf Shelf Number: 128600 Keywords: CybercrimeCybersecurityRisk Assessment |
Author: Collins, Matthew L. Title: Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations Summary: This is the sixth entry in the Spotlight On series published by the CERT®Insider Threat Center. Each entry focuses on a specific area of threat to organizations from their current or former employees, contractors, or business partners and presents analysis based on hundreds of actual insider threat cases cataloged in the CERT insider threat database. This entry in the series focuses on insiders who stole intellectual property (IP), such as source code, scientific formulas, engineering drawings, strategic plans, or proposals, from their organizations to benefit a foreign entity. This technical note defines IP and insider theft of IP, explains the criteria used to select cases for this examination, gives a snapshot of the insiders involved in these cases, and summarizes some of the cases themselves. Finally, it provides recommendations for mitigating the risk of similar incidents of insider threat. Details: Pittsburgh, PA: Carnegie Mellon University, Software Engineering Institute, 2013. 18p. Source: Internet Resource: TECHNICAL NOTE CMU/SEI-2013-TN-009; Accessed May 28, 2013 at: http://www.sei.cmu.edu/reports/13tn009.pdf Year: 2013 Country: United States URL: http://www.sei.cmu.edu/reports/13tn009.pdf Shelf Number: 128834 Keywords: CybercrimeCybersecurityEspionageInformation SecurityInsider ThreatIntellectual PropertyInternet Crimes |
Author: Center for Strategic and International Studies Title: The Economic Impact of Cybercrime and Cyber Espionage Summary: Is cybercrime, cyber espionage, and other malicious cyber activities what some call “the greatest transfer of wealth in human history,” or is it what others say is a “rounding error in a fourteen trillion dollar economy?” The wide range of existing estimates of the annual loss—from a few billion dollars to hundreds of billions—reflects several difficulties. Companies conceal their losses and some are not aware of what has been taken. Intellectual property is hard to value. Some estimates relied on surveys, which provide very imprecise results unless carefully constructed. One common problem with cybersecurity surveys is that those who answer the questions “self-select,” introducing a possible source of distortion into the results. Given the data collection problems, loss estimates are based on assumptions about scale and effect— change the assumption and you get very different results. These problems leave many estimates open to question. In this initial report we start by asking what we should count in estimating losses from cybercrime and cyber espionage. We can break malicious cyber activity into six parts: • The loss of intellectual property and business confidential information • Cybercrime, which costs the world hundreds of millions of dollars every year • The loss of sensitive business information, including possible stock market manipulation • Opportunity costs, including service and employment disruptions, and reduced trust for online activities • The additional cost of securing networks, insurance, and recovery from cyber attacks • Reputational damage to the hacked company Put these together and the cost of cybercrime and cyber espionage to the global economy is probably measured in the hundreds of billions of dollars. To put this in perspective, the World Bank says that global GDP was about $70 trillion in 2011. A $400 billion loss—the high end of the range of probable costs—would be a fraction of a percent of global income. But this begs several important questions about the full benefit to the acquirers and the damage to the victims from the cumulative effect of cybercrime and cyber espionage. Details: Santa Clara, CA: McAfee, 2013. 20p. Source: Internet Resource: Accessed August 6, 2013 at: http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf Year: 2013 Country: International URL: http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf Shelf Number: 129556 Keywords: Costs of CrimeCybercrimeCybersecurityEspionageInternet Crime |
Author: Ablon, Lillian Title: Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar Summary: Markets are good because they facilitate economic efficiency, but when that efficiency facilitates criminal activity, such "black markets" can be deemed harmful. Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets in both the tools (e.g., exploit kits) and the take (e.g., credit card information). As with most things, intent is what can make something criminal or legitimate, and there are cases where goods or services can be used for altruistic or malicious purposes (e.g., bulletproof hosting and zero-day vulnerabilities). This report describes the fundamental characteristics of these markets and how they have grown into their current state in order to give insight into how their existence can harm the information security environment. Understanding the current and predicted landscape for these markets lays the groundwork for follow-on exploration of options that could minimize the potentially harmful influence these markets impart. This report assumes the reader has a basic understanding of the cyber, criminal, and economic domains, but includes a glossary to supplement any gaps. This report should be of interest to cybersecurity, information security, and law enforcement communities. It was sponsored by Juniper Networks as part of a multiphase study on the future security environment. Details: Santa Monica, CA: RAND, 2014. 83p. Source: Internet Resource: Accessed April 19, 2014 at: https://www.rand.org/content/dam/rand/pubs/research_reports/RR600/RR610/RAND_RR610.pdf Year: 2014 Country: International URL: https://www.rand.org/content/dam/rand/pubs/research_reports/RR600/RR610/RAND_RR610.pdf Shelf Number: 132082 Keywords: Black MarketsComputer CrimesCybercrimesCybersecurityHackersIllegal MarketsInternet Crime |
Author: Connery, David Title: The Commonwealth's Part in the fight Against Organised Crime: It's worth doing more Summary: Organised crime is a significant threat to Australia's society and economy, and Australian governments already devote much attention and resources to combating it. This attention includes a new initiative to enhance Commonwealth - state law enforcement cooperation: an anti-gangs squad. The new squad will bring a range of new information sources to help state police forces in practical and direct ways. It will be welcome and is likely to enhance the existing effort against organised crime. But there's another area where the Commonwealth could show leadership: by helping all Australian jurisdictions to build capability to counter organised crime. Capability is simply the mixture of people, equipment, processes and training that gives an organisation the potential to achieve its mission. But capability development, as it's known, is an active process that requires money and attention. After making the case for the Commonwealth to do more in the area of organised crime, and outlining the role and function of the Australian Government's anti-gangs squad initiative, this paper proposes two options for how the government could promote nationwide capability development in this area. The first is to expand the function and resources given to the Senior Officers Group on Organised Crime (SOG on OC) so that it has the funds and support to make a plan for new, nationally consistent capability. This option would cost around $18 million a year and require an expansion of the committee. The second option is to extend the remit of the Australia - New Zealand Counter-Terrorism Committee. This option would leverage the extensive (but not complete) overlap between the needs of countering terrorism and countering organised crime. Of the two options, expanding and funding the SOG on OC, using money from proceeds-of-crime or unexplained wealth confiscations, is suggested as a good first step because it involves the least amount of change. But it should be only an interim step. What should also occur at the same time is an extensive review of the interjurisdictional governance arrangements for domestically oriented security challenges in Australia. The review should aim to minimise the current duplications among committees and enhance the effectiveness of the Commonwealth-state partnerships in areas including crime fighting, counterterrorism, emergency management and cybersecurity. Details: Australian Strategic Policy Institute, 2013. 12p. Source: Internet Resource: Accessed May 17, 2014 at: https://www.aspi.org.au/publications/the-commonwealths-part-in-the-fight-against-organised-crime/SR61_Organised_crime.pdf Year: 2014 Country: Australia URL: https://www.aspi.org.au/publications/the-commonwealths-part-in-the-fight-against-organised-crime/SR61_Organised_crime.pdf Shelf Number: 132379 Keywords: Counter-TerrorismCriminal GangsCybersecurityOrganized Crime (Australia)Partnerships |
Author: Libicki, Martin C. Title: Hackers Wanted: An Examination of the Cybersecurity Labor Market Summary: There is a general perception that there is a shortage of cybersecurity professionals within the United States, and a particular shortage of these professionals within the federal government, working on national security as well as intelligence. Shortages of this nature complicate securing the nation's networks and may leave the United States ill-prepared to carry out conflict in cyberspace. RAND examined the current status of the labor market for cybersecurity professionals - with an emphasis on their being employed to defend the United States. This effort was in three parts: first, a review of the literature; second, interviews with managers and educators of cybersecurity professionals, supplemented by reportage; and third, an examination of the economic literature about labor markets. RAND also disaggregated the broad definition of "cybersecurity professionals" to unearth skills differentiation as relevant to this study. In general, we support the use of market forces (and preexisting government programs) to address the strong demand for cybersecurity professionals in the longer run. Increases in educational opportunities and compensation packages will draw more workers into the profession over time. Cybersecurity professionals take time to reach their potential; drastic steps taken today to increase their quantity and quality would not bear fruit for another five to ten years. By then, the current concern over cybersecurity could easily abate, driven by new technology and more secure architectures. Pushing too many people into the profession now could leave an overabundance of highly trained and narrowly skilled individuals who could better be serving national needs in other vocations. Details: Santa Monica, CA: RAND, 2014. 106p. Source: Internet Resource: Accessed July 3, 2014 at: http://www.rand.org/pubs/research_reports/RR430.html Year: 2014 Country: International URL: http://www.rand.org/pubs/research_reports/RR430.html Shelf Number: 132617 Keywords: Computer CrimeCyberattacksCybercrime (U.S.)CybersecurityInternet CrimeNational SecurityTerrorism |
Author: Ponemon Institute Title: The Impact of Cybercrime on Business. Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Summary: Cyber criminals today are increasingly leveraging malware, bots and other forms of sophisticated threats to attack organizations for various reasons, including financial gain, business disruption or political agendas. In many cases, cybercriminals often target multiple sites and organizations to increase the likelihood of an attack's initial success and viral spread. With new variants of malware being generated on a daily basis, many companies struggle to fight these threats separately and the majority of attacks are often left undetected or unreported. In addition, cybercriminals are no longer isolated amateurs. They belong to well-structured organizations with money, motivation and goals, often employing highly skilled hackers that execute targeted attacks. Such organizations can deploy considerable threat intelligence, time and resources in order to execute attacks that can cost cybercrime victims significant amounts of money. Unfortunately, this trend is only growing more complex as businesses experience a surge in Web 2.0 use, mobile computing and the cloud, creating more channels of communication and vulnerable entry points into the network. Conducted by Ponemon Institute and sponsored by Check Point Software Technologies, we are pleased to present the findings of The Impact of Cybercrime on Business. The purpose of the study is to better understand the likelihood, frequency and magnitude targeted threats have on organizations across all company sizes and industries, and to understand how IT practitioners are addressing the risk for future remediation and precautions. In this study we surveyed 2,618 highly experienced business leaders and IT security practitioners located in the United States, United Kingdom, Germany, Hong Kong and Brazil. Respondents were asked to focus on five of the most prevalent types of attacks: botnets, Advanced Persistent Threats (APTs), denial of service (DoS) attacks, viruses, worms and trojans and social engineering attacks to evaluate what impact they have on businesses, including their level of risk, motivations, types of information compromised and cost. As the study will show, there are significant differences in practices and perceptions among IT practitioners in all five countries. Details: Traverse City, MI: Ponemon Institute, 2012. 21p. Source: Internet Resource: Accessed November 12, 2014 at: http://www.ponemon.org/local/upload/file/Impact_of_Cybercrime_on_Business_FINAL.pdf Year: 2012 Country: International URL: http://www.ponemon.org/local/upload/file/Impact_of_Cybercrime_on_Business_FINAL.pdf Shelf Number: 134061 Keywords: Computer CrimesCrimes Against BusinessesCybercrimeCybersecurityInternet Crimes |
Author: Financial Industry Regulatory Authority Title: Report on Cybersecurity Practices Summary: Like many organizations in the financial services and other sectors, broker-dealers (firms) are the target of cyberattacks. The frequency and sophistication of these attacks is increasing and individual broker-dealers, and the industry as a whole, must make responding to these threats a high priority. This report is intended to assist firms in that effort. Based on FINRA's 2014 targeted examination of firms and other related initiatives, the report presents FINRA's latest work in this critical area. Given the rapidly evolving nature and pervasiveness of cyberattacks, it is unlikely to be our last. A variety of factors are driving firms' exposure to cybersecurity threats. The interplay between advances in technology, changes in firms' business models, and changes in how firms and their customers use technology create vulnerabilities in firms' information technology systems. For example, firms' Web-based activities can create opportunities for attackers to disrupt or gain access to firm and customer information. Similarly, employees and customers are using mobile devices to access information at broker-dealers that create a variety of new avenues for attack. The landscape of threat actors includes cybercriminals whose objective may be to steal money or information for commercial gain, nation states that may acquire information to advance national objectives, and hacktivists whose objectives may be to disrupt and embarrass an entity. Attackers, and the tools available to them, are increasingly sophisticated. Insiders, too, can pose significant threats. This report presents an approach to cybersecurity grounded in risk management to address these threats. It identifies principles and effective practices for firms to consider, while recognizing that there is no one-size-fits-all approach to cybersecurity. Key points in the report include: 00 A sound governance framework with strong leadership is essential. Numerous firms made the point that board- and senior-level engagement on cybersecurity issues is critical to the success of firms' cybersecurity programs. 00 Risk assessments serve as foundational tools for firms to understand the cybersecurity risks they face acrosacross the range of the firm's activities and assets-no matter the firm's size or business model. 00 Technical controls, a central component in a firm's cybersecurity program, are highly contingent on firms' individual situations. Because the number of potential control measures is large and situation dependent, FINRA discusses only a few representative controls here. Nonetheless, at a more general level, a defense-in-depth strategy can provide an effective approach to conceptualize control implementation. 00 Firms should develop, implement and test incident response plans. Key elements of such plans include containment and mitigation, eradication and recovery, investigation, notification and making customers whole. 00 Broker-dealers typically use vendors for services that provide the vendor with access to sensitive firm or client information or access to firm systems. Firms should manage cybersecurity risk exposures that arise from these relationships by exercising strong due diligence across the lifecycle of their vendor relationships. 00 A well-trained staff is an important defense against cyberattacks. Even well-intentioned staff can become inadvertent vectors for successful cyberattacks through, for example, the unintentional downloading of malware. Effective training helps reduce the likelihood that such attacks will be successful. 00 Firms should take advantage of intelligence-sharing opportunities to protect themselves from cyber threats. FINRA believes there are significant opportunities for broker-dealers to engage in collaborative self defense through such sharing. Details: Washington, DC: FINRA, 2015. 46p. Source: Internet Resource: Accessed March 18, 2015 at: https://www.finra.org/sites/default/files/p602363%20Report%20on%20Cybersecurity%20Practices_0.pdf Year: 2015 Country: International URL: https://www.finra.org/sites/default/files/p602363%20Report%20on%20Cybersecurity%20Practices_0.pdf Shelf Number: 134961 Keywords: Computer SecurityCybercrimeCybersecurityFinancial CrimesInternet CrimeRisk Assessment |
Author: Moens, Alexander Title: Cybersecurity Challenges for Canada and the United States Summary: The Internet was designed not with security in mind, but rather openness and the free flow of information. The resulting globally connected Internet has brought unprecedented levels of information and commercial exchange, contributed enormous gains to individual prosperity, and promoted and expanded individual liberty. Only in recent years have governments, militaries, industries, firms, and individuals come to grips with how to protect legitimate activity in cyberspace without compromising the Internet's open character. Overemphasizing security can restrict freedom and stifle entrepreneurial potential. Conversely, liberty in cyberspace without an appreciation of cybersecurity presents rising commercial and governmental costs as well as unacceptable threats to national security. One study on the economic costs of cyberespionage and other forms of cyberattack estimates the global costs at between $375 billion and $575 billion annually, and a range of nation-states, state-linked groups, and non-state actors are exploiting cyberspace to conduct espionage, military operations, and large-scale theft of intellectual property. Although there have been calls for international norms of behaviour and rules of the road in cyberspace, treaties and arms control as developed and understood in the conventional, nuclear, and chemical realm are not easily transferred to the domain of cyberspace. Nevertheless, the rule of consequences and of self-interest is in play, as is the logic of cost-benefit in escalation. Still, cyberattacks continue, increasing in quantity and quality, which is why resilience is the watchword of cyberspace. As in other zones of commerce and theatres of operation, Canada and the United States are deeply integrated in cyber-space. Canada draws a clear net benefit from close cooperation with the United States in cyberspace because both the nature of the evolving threat and the nature and cost of countering this threat are increasingly more difficult for a state to address on its own. At the same time, as it cooperates with the United States and other close allies, the Canadian government faces the challenge of finding a balance between security and the Canadian definition of freedom. As the powers of Canadian government agencies expand and coordination with US agencies and other allied agencies increases, the task of providing cybersecurity should not be left to the specialized agencies without a layer of oversight by elected representatives. As Canada updates its ability to deal with threats in cyberspace, it needs to enhance the ability of its representative government to oversee this important work. Details: Calgary, AB, Canada: Fraser Institute, 2015. 54p. Source: Internet Resource: Accessed April 1, 2015 at: http://www.fraserinstitute.org/uploadedFiles/fraser-ca/Content/research-news/research/publications/cybersecurity-challenges-for-canada-and-the-united-states.pdf Year: 2015 Country: Canada URL: http://www.fraserinstitute.org/uploadedFiles/fraser-ca/Content/research-news/research/publications/cybersecurity-challenges-for-canada-and-the-united-states.pdf Shelf Number: 135115 Keywords: CybercrimesCybersecurityInternet CrimesNational Security |
Author: Tehan, Rita Title: Cybersecurity: Authoritative Reports and Resources, by Topic Summary: This report provides references to analytical reports on cybersecurity from CRS, other government agencies, trade associations, and interest groups. The reports and related websites are grouped under the following cybersecurity topics: - Policy overview - National Strategy for Trusted Identities in Cyberspace (NSTIC) - Cloud computing and the Federal Risk and Authorization Management Program (FedRAMP) - Critical infrastructure - Cybercrime, data breaches, and data security - National security, cyber espionage, and cyberwar (including Stuxnet) - International efforts - Education/training/workforce - Research and development (R&D) In addition, the report lists selected cybersecurity-related websites for congressional and government agencies; news; international organizations; and other organizations, associations, and institutions. Details: Washington, DC: Congressional Research Services, 2015. 129p. Source: Internet Resource: R42507: Accessed April 1, 2015 at: http://fas.org/sgp/crs/misc/R42507.pdf Year: 2015 Country: United States URL: http://fas.org/sgp/crs/misc/R42507.pdf Shelf Number: 135117 Keywords: Cloud ComputingCybercrimesCybersecurityInternet Crimes |
Author: Chertoff, Michael Title: The Impact of the Dark Web on Internet Governance and Cyber Security Summary: With the Internet Corporation for Assigned Names and Numbers' contract with the United States Department of Commerce due to expire in 2015, the international debate on Internet governance has been re-ignited. However, much of the debate has been over aspects of privacy and security on the visible Web and there has not been much consideration of the governance of the "deep Web" and the "dark Web." The term deep Web is used to denote a class of content on the Internet that, for various technical reasons, is not indexed by search engines. The dark Web is a part of the deep Web that has been intentionally hidden and is inaccessible through standard Web browsers. A relatively known source for content that resides on the dark Web is found in the Tor network. Tor, and other similar networks, enables users to traverse the Web in near-complete anonymity by encrypting data packets and sending them through several network nodes, called onion routers. Like any technology, from pencils to cellphones, anonymity can be used for both good and bad. Users who fear economic or political retribution for their actions turn to the dark Web for protection. But there are also those who take advantage of this online anonymity to use the dark Web for illegal activities such as controlled substance trading, illegal financial transactions, identity theft and so on. Considering that the dark Web differs from the visible Web, it is important to develop tools that can effectively monitor it. Limited monitoring can be achieved today by mapping the hidden services directory, customer data monitoring, social site monitoring, hidden service monitoring and semantic analysis. The deep Web has the potential to host an increasingly high number of malicious services and activities. The global multi-stakeholder community needs to consider its impact while discussing the future of Internet governance. Details: Waterloo, ON: London: Centre for International Governance Innovation and the Royal Institute for International Affairs, 2015. 18p. Source: Internet Resource: Paper Series: No. 6: Accessed April 15, 2015 at: https://www.cigionline.org/sites/default/files/gcig_paper_no6.pdf Year: 2015 Country: International URL: https://www.cigionline.org/sites/default/files/gcig_paper_no6.pdf Shelf Number: 135233 Keywords: Computer CrimesCybercrimeCybersecurityDark WebInternet Crime |
Author: Heinl, Caitriona H. Title: Regional Cyber Security: Moving Towards a Resilient ASEAN Cyber Security Regime Summary: This paper outlines regional level cooperation efforts of the Association for Southeast Asian Nations (ASEAN) to counter serious cross-border cyber threats and identifies where gaps might exist, which require further and urgent consideration. It considers whether more might be done to create a comprehensive approach to cyber security in the ASEAN region. Finally, it aims to fill identified gaps by providing several recommendations for possible future development and implementation to create a resilient regional cyber security regime. Details: Singapore: S. Rajaratnam School of International Studies, 2013. 71p. Source: Internet Resource: RSIS Working Paper no. 263: Accessed May 28, 2015 at: http://www.rsis.edu.sg/wp-content/uploads/rsis-pubs/WP263.pdf Year: 2013 Country: Asia URL: http://www.rsis.edu.sg/wp-content/uploads/rsis-pubs/WP263.pdf Shelf Number: 129960 Keywords: Cybercrimes Cybersecurity |
Author: Hollywood, John Title: Using Future Internet Technologies to Strengthen Criminal Justice Summary: Future World Wide Web technologies commonly labeled as being part of Web 3.0 and Web 4.0 could substantially change how the criminal justice enterprise operates. These notably include Semantic Web technologies, intelligent agents, and the Internet of Things. In September 2014, RAND conducted an expert panel for the National Institute of Justice to discuss how the criminal justice community can take advantage of (and reduce the risks from) these emerging technologies. The top unifying theme from the panel was to leverage web technologies to improve information-sharing and protection across the criminal justice enterprise, and to address challenges that the new technologies raise. Another major theme was improving practitioners' knowledge of web technologies. Priorities included general education on key web technologies, and model policies and procedures for using them. A third theme was to improve the networking infrastructure needed to support web technologies (and other applications), especially for courts and corrections. Fourth, several needs became apparent related to leveraging wearable and embedded sensors (part of the Internet of Things), with an emphasis on using sensors to improve officer health and safety. Finally, panelists frequently noted the importance of civil rights, privacy rights, and cybersecurity protections in using the emerging technologies for criminal justice. While there were few needs about these topics specifically, panelists noted that more than half of the needs raised security, privacy, or civil rights concerns, or had implied requirements on these topics. Details: Santa Monica, CA: RAND, 2015. 32p. Source: Internet Resource: Accessed August 20, 2015 at: http://www.rand.org/content/dam/rand/pubs/research_reports/RR900/RR928/RAND_RR928.pdf Year: 2015 Country: United States URL: http://www.rand.org/content/dam/rand/pubs/research_reports/RR900/RR928/RAND_RR928.pdf Shelf Number: 136507 Keywords: CybersecurityPolice Technology Privacy |
Author: European Parliament. Directorate-General for Internal Policies. Policy Department C Citizens' Rights and Constitutional Affairs Title: Cybersecurity in the European Union and Beyond: Exploring the Threats and Policy Responses Summary: The European Commission published the European Union Cyber Security Strategy along with the accompanying proposal for a Network and Information Security (NIS) Directive in 2013. Since the proposal was published, the cybersecurity landscape has continued to evolve, leading to questions regarding the nature and seriousness of the cyberthreats faced by the European Union (EU), the capabilities of Member States to manage these threats and respond to incidents, and the effectiveness of these capabilities. At the time of writing, discussions about the content and scope of the proposed NIS Directive are continuing. This study of cybersecurity threats in the EU was commissioned by the European Parliament (EP). It has five objectives: 1. To identify key cyberthreats facing the EU and the challenges associated with their identification. 2. To identify the main cybersecurity capabilities in the EU. 3. To identify the main cybersecurity capabilities in the United States (US). 4. To assess the current state of transnational cooperation. 5. To explore perceptions of the effectiveness of the current EU response Details: Brussels: European Parliament, 2015. 152p. Source: Internet Resource: Accessed November 17, 2015 at: http://www.europarl.europa.eu/RegData/etudes/STUD/2015/536470/IPOL_STU(2015)536470_EN.pdf Year: 2015 Country: Europe URL: http://www.europarl.europa.eu/RegData/etudes/STUD/2015/536470/IPOL_STU(2015)536470_EN.pdf Shelf Number: 137310 Keywords: Cybercrimes CybersecurityInternet Crimes |
Author: European Parliament. Directorate-General for Internal Policies. Policy Department C: Citizzen's Rights and Constitutional Affairs Title: The Law Enforcement Challenges of Cybercrime: Are We Really Playing Catch-Up Summary: Cybercrime has become one of the key priorities for EU law enforcement agencies, as demonstrated by the establishment of the European Cybercrime Centre (EC3) in January 2013 and the development of specific European threat assessment reports in this field. High-profile criminal investigations such as the 'Silk Road' case, major data breaches or particularly nefarious hacks or malware attacks have been very much in the spotlight and widely reported in the media, prompting discussions and debates among policymakers and in law enforcement circles. Over the last few months, the cybercrime debate has specifically evolved around the issue of encryption and anonymisation. In this context, this Study argues that debates on the law enforcement challenge of cybercrime in the EU should steer clear both of doomsday scenarios that overstate the problem and scepticism that understates it, and that the key cybercrime concern for law enforcement is legal in nature rather than simply technical and technological. Indeed, the Study finds that the key challenge for law enforcement is the lack of an effective legal framework for operational activities that guarantees the fundamental rights principles enshrined in EU primary and secondary law. In order to address this core argument, this Study starts by analysing claims and controversies over the Internet 'going dark' on law enforcement (Section 2). It shows that these claims have been made for quite some time and should be considered as moral panics rather than accurate reflections of the challenges posed by cybercrime to law enforcement. Moreover, current controversies rehash older ones, conflating law enforcement concerns with intelligence-gathering and surveillance concerns. Without denying the fact that criminal activities do take place online, pose technical difficulties to law enforcement services and require the availability of specific capabilities, this section demonstrates that these difficulties do not impede criminal investigation to such an extent that exceptional means should be envisaged. While these technical aspects need to be considered, they raise issues related to policy and law rather than technology as such. The policy and law-related challenges are made greater by the fact that defining cybercrime is not an easy task. Very broad definitions have been adopted at the EU level, often leading to overlapping and sometimes conflicting mandates. Section 3 thus analyses the institutional architecture of EU cybercrime policy. It shows that the complexity of cybercrime measures and the expansive mandates and number of actors involved in their implementation make it difficult to ascertain and circumscribe the full scope of EU cybercrime policy. Whereas the Council of Europe (CoE) sought to codify cybercrime powers into an international convention, much of the EU's policy to fight cybercrime is based on non-legislative measures, including operational cooperation and ad hoc public-private partnerships. Furthermore, important distinctions and restrictions designed to ensure a 'separation of powers' between state agencies concerned with law enforcement (cyber-policing), civil protection (cybersecurity), national security (cyberespionage) and military force (offensive cyber capabilities) are harder to distinguish in the area of cybercrime, at both national and EU level. Section 3 underlines that, within this complex architecture, and with the blurring of the boundaries between those responsible for policing the Internet, for gathering intelligence from it, for conducting cyber-espionage against foreign targets, and for ensuring the safety of critical internet infrastructure, the European Parliament and civil society are largely excluded from policy development, impeding public scrutiny and accountability. This compounds the EP's existing problems in ensuring that fundamental rights and data protection are diligently protected in the area of justice and home affairs. In light of these gaps in oversight and accountability, Section 4 analyses in particular the challenge of jurisdiction, cooperation and fundamental rights safeguards. This section argues that operational challenges in cybercrime law enforcement do not change the obligation of EU institutions and Member States to ensure the safeguarding of EU fundamental rights in any operating framework of internal or transnational cooperation in law enforcement and criminal justice. Cybercrime law enforcement frequently cites the challenge of accessing and transferring data through existing Mutual Legal Assistance agreements. Yet practices taken outside of established legal channels cannot guarantee rights protections and run the risk of raising mistrust in the general public, the private sector and in transatlantic relations. Furthermore, across the spectrum of cybercrime prevention, investigation, and prosecution, the particular geography of the digital environment is said to complicate the traditional territorial foundations of law. Law enforcement bodies make continuous reference to the ways in which traditional legal structures stand in the way of operations. However, an updated legal framework designed to overcome these challenges should foreground fundamental rights concerns, which are essential to ensure due process and a necessary condition for the successful prosecution of cybercriminal offences. In light of these findings, the Study concludes with key recommendations for the European Parliament. In particular, to ensure that the Parliament is not marginalised altogether with respect to the implementation and review of EU cybercrime policies by the exercise of delegated powers, EU agency discretion and non-legislative decision-making bodies, further monitoring of EU council structures, Europol and international cooperation agreements is required (Recommendation 1). Moreover, the EP should ensure that the development of any cooperation/information-sharing framework guarantees the respect of fundamental rights (Recommendation 2). In light of the current discussions on a revised CoE Cybercrime Convention, the European Parliament should, further, ensure that the Convention's obligations are consistent with EU law and fundamental rights protections (Recommendation 3). The EP must also ensure that cybercrime is not used as a justification to undermine new information security protocols and the right to privacy in telecommunications, both of which are fundamental components of the functioning of the Internet (Recommendation 4). Finally, if European law enforcement agencies need to keep pace with technological change, it is imperative that training courses on cybercrime forensics and digital evidence include an applied fundamental rights component (Recommendation 5). Details: Brussels: European Parliament, 2015. 68p. Source: Internet Resource: Accessed November 17, 2015 at: http://www.europarl.europa.eu/RegData/etudes/STUD/2015/536471/IPOL_STU(2015)536471_EN.pdf Year: 2015 Country: Europe URL: http://www.europarl.europa.eu/RegData/etudes/STUD/2015/536471/IPOL_STU(2015)536471_EN.pdf Shelf Number: 137311 Keywords: CybercrimesCybersecurityInternet CrimesLaw EnforcementPolice Investigations |
Author: Adams, Samantha Title: The governance of cybersecurity: A comparative quick scan of approaches in Canada, Estonia, Germany, the Netherlands and the UK Summary: Society's increased dependency on networked technologies and infrastructures in nearly all sectors poses a new challenge to governments and other actors to ensure the sustainability and security of all things 'cyber'. Cybersecurity is a particularly complex field, where multiple public and private actors must work together, often across state borders, not only to address current weaknesses, but also to anticipate and prevent or pre-empt a number of different kinds of threats. This report examines how public policy and regulatory measures are used to organise such processes in five countries: Canada, Estonia, Germany, the Netherlands and the UK. Details: Tilburg, NETH: Tilburg University, Tilburg Institute for Law, Technology, and Society, 2015. 167p. Source: Internet Resource: Accessed March 30, 2016 at: https://pure.uvt.nl/ws/files/8719741/TILT_Cybersecurity_Report_Final.pdf Year: 2015 Country: International URL: https://pure.uvt.nl/ws/files/8719741/TILT_Cybersecurity_Report_Final.pdf Shelf Number: 138497 Keywords: Computer CrimeCybercrimeCybersecurityInternet Crime |
Author: McAfee Title: McAfee Labs Threats Report Summary: Our McAfee Labs 2016 Threats Predictions Report, published in late November, has been widely read and quoted in the media. Some of the most interesting media coverage comes from The Wall Street Journal, Good Morning America, Silicon Valley Business Journal, and CXO Today. The report includes both near- and long-term views of our cyber security future. And now, as winter's storms have passed, we have published the McAfee Labs Threats Report: March 2016. In this quarterly threats report, we highlight two Key Topics: Intel Security interviewed almost 500 security professionals to understand their views and expectations about the sharing of cyber threat intelligence. We learned that awareness is very high and that 97% of those who share cyber threat intelligence see value in it. We explore how the Adwind Java-based backdoor Trojan attacks systems through increasingly clever spam campaigns, leading to a rapid increase in the number of Adwind .jar file submissions to McAfee Labs. These two Key Topics are followed by our usual set of quarterly threat statistics. Details: Santa Clara, CA: McAfee Labs, 2016. 46p. Source: Internet Resource: Accessed March 31, 2016 at: http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf Year: 2015 Country: International URL: http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf Shelf Number: 138504 Keywords: Computer CrimeComputer SecurityCybercrimeCybersecurityInternet Crime |
Author: Wittes, Benjamin Title: Sextortion: Cybersecurity, teenagers, and remote sexual assault Summary: This paper represents an effort to our knowledge the first to study in depth and across jurisdictions the problems of sextortion. In it, we look at the methods used by perpetrators and the prosecutorial tools authorities have used to bring offenders to justice. We hope that by highlighting the scale and scope of the problem, and the brutality of these cases for the many victims they affect, to spur a close look at both state and federal laws under which these cases get prosecuted. Our key findings include: - Sextortion is dramatically understudied. While it's an acknowledged problem both within law enforcement and among private advocates, no government agency publishes data on its prevalence; no private advocacy group does either. The subject lacks an academic literature. Aside from a few prosecutors and investigators who have devoted significant energy to the problem over time, and a few journalists who have written-often excellently- about individual cases, the problem has been largely ignored. - Yet sextortion is surprisingly common. We identified 78 cases that met our definition of the crime-and a larger number that contained significant elements of the crime but that, for one reason or another, did not fully satisfy our criteria. These cases were prosecuted in 29 states and territories of the United States and three foreign jurisdictions. - Sextortionists, like other perpetrators of sex crimes, tend to be prolific repeat players. Among the cases we studied, authorities identified at least 10 victims in 25 cases. In 13 cases, moreover, there were at least 20 identified victims. And in four cases, investigators identified more than 100 victims. The numbers get far worse if you consider prosecutorial estimates of the number of additional victims in each case, rather than the number of specifically identified victims. In 13 cases, prosecutors estimated that there were more than 100 victims; in two, prosecutors estimated that there had been "hundreds, if not thousands" of victims. - Sextortion perpetrators are, in the cases we have seen, uniformly male. Victims, by contrast, vary. Virtually all of the adult victims in these cases are female, and adult sextortion therefore appears to be a species of violence against women. On the other hand, most sextortion victims in this sample are children, and a sizable percentage of the child victims turn out to be boys. - There is no consistency in the prosecution of sextortion cases. Because no crime of sextortion exists, the cases proceed under a hodgepodge of state and federal laws. Some are prosecuted as child pornography cases. Some are prosecuted as hacking cases. Some are prosecuted as extortions. Some are prosecuted as stalkings. Conduct that seems remarkably similar to an outside observer produces actions under the most dimly-related of statutes. - These cases thus also produce wild, and in in our judgment indefensible, disparities in sentencing. Many sextortionists, particularly those who prey on minors, receive lengthy sen - tences under child pornography laws. On the other hand, others-like Mijangos-receive sentences dramatically lighter than they would get for multiple physical attacks on even a fraction of the number of people they are accused of victimizing. In our sample, one perpetrator received only three years in prison for victimizing up to 22 young boys. 36 Another received only 30 months for a case in which federal prosecutors identified 15 separate victims. 37 - Sentencing is particularly light in one of two key circumstances: (1) when all victims are adults and federal pros - ecutors thus do not have recourse to the child pornography statutes, or (2) in cases prosecuted at the state level. - Sextortion is brutal. This is not a matter of playful consensual sexting-a subject that has received ample attention from a shocked press. Sextortion, rather, is a form of sexual exploitation, coercion, and violence, often but not always of children. In many cases, the perpetrators seem to take pleasure in their victims' pleading and protes - tations that they are scared and underage. In multiple cases we have reviewed, victims contemplate, threaten, or even attempt suicide-sometimes to the apparent pleasure of their tormentors. 38 At least two cases involve either a father or stepfather tormenting children living in his house. 39 Some of the victims are very young. And the impacts on victims can be severe and likely lasting. Many cases result, after all, in images permanently on the Internet on multiple child pornography sites following extended periods of coercion. - Certain jurisdictions have seen a disproportionate number of sextortion cases. This almost certainly reflects devoted investigators and prosecutors in those locales, and not a higher incidence of the offense. Rather, our data suggest that sextortion is taking place anywhere social media penetration is ubiquitous. The paper proceeds in several distinct parts. We begin with a literature review of the limited existing scholarship and data on sextortion. We then outline our methodology for collecting and analyzing data for the present study. We then offer a working definition of sextortion. In the subsequent section, we provide a sketch of the aggregate sta - tistics revealed by our data concerning the scope of the sextortion problem, and we examine the statutes used and sentences delivered in federal and state sextortion cases. We then turn to detailing several specific case studies in sextortion. In our last empirical section, we look briefly at the victim impact of these crimes. Finally, we offer several recommendations for policymakers, law enforcement, parents, teachers, and victims. Details: Washington, DC: Center for Technology Innovation, Brookings Institution, 2016. 47p. Source: Internet Resource: Accessed September 3, 2016 at: https://www.brookings.edu/wp-content/uploads/2016/05/sextortion1-1.pdf Year: 2016 Country: United States URL: https://www.brookings.edu/wp-content/uploads/2016/05/sextortion1-1.pdf Shelf Number: 140158 Keywords: Child PornographyComputer CrimeCybersecurityOnline VictimizationSex CrimesSextingSextortion |
Author: Wittes, Benjamin Title: Closing the sextortion sentencing gap: A legislative proposal Summary: On the surface, at least, the sextortion case of Joseph Simone seems far more egregious than does that of Joshua Blankenship. Simone was a wrestling coach at a prestigious preparatory high school in Providence, Rhode Island. He was charged with sextorting "numerous" minor males; prosecutors estimated that he had exploited at least 22 young boys through a social media manipulation scheme, pretending to be a young girl when soliciting initial nude images, and then threatening to release those initial images on Facebook if the boys did not perform more sex acts. Blankenship also ran a social media manipulation scheme - but in this instance, against a single minor female in Maryland, convincing her that she had broken the law herself by sending out a nude photo, and demanding more images in exchange for not telling the police. But Blankenship was sentenced in federal court, whereas Simone faced trial in state court in Rhode Island, specifically in the Providence Superior Court. The result? The man with at least 22 victims was sentenced to one year in prison and two more in home confinement. By contrast, Blankenship, who had only one victim, received 12 years in prison after pleading guilty to federal child exploitation charges. What sort of sentence does conduct like Simone's get a man in federal court? Another sextortionist, William T. Koch, was convicted in a federal court in Ohio on charges that he too extorted 20 minor males, with one victim as young as 11-years-old. Koch was sentenced to 20 years in prison on federal charges of extortion, exploitation of a minor, and receipt and distribution of child pornography. Sextortionists dont get to decide which jurisdiction prosecutes them. They do, however, get to choose their victims. And it matters a great deal which ones they choose. Mark Reynolds was sentenced to 14 years in prison on one federal charge of possession of child pornography for sextorting one minor female using a social media manipulation scheme. Contrast that with Adam Paul Savader, who sextorted between 15 and 45 adult women and received a paltry sentence of two-and-a-half years in federal prison. Savader was convicted on charges of interstate extortion and stalking. Reynolds received eleven-and-a-half years more in prison than did Savader, even though Savader potentially had up to 44 more victims. Federal law seems to care a great deal more about children than it does about adult women. Details: Washington, DC: Center for Technology Innovation, Brookings Institution, 2016. 18p. Source: Internet Resource: Accessed September 17, 2016 at: https://www.brookings.edu/wp-content/uploads/2016/05/sextortion2.pdf Year: 2016 Country: United States URL: https://www.brookings.edu/wp-content/uploads/2016/05/sextortion2.pdf Shelf Number: 147931 Keywords: Child Pornography Computer Crime Cybersecurity Online Victimization Sex Crimes Sexting SextortionSexual Violence |
Author: Libicki, Martin C. Title: The Defender's Dilemma: Charting a Course Toward Cybersecurity Summary: Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing. The rising tide of network intrusions has focused organizations' attention on how to protect themselves better. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses. A heuristic model was developed to demonstrate the various cybersecurity levers that organizations can control, as well as exogenous factors that organizations cannot control. Among the report's findings were that cybersecurity experts are at least as focused on preserving their organizations' reputations as protecting actual property. Researchers also found that organizational size and software quality play significant roles in the strategies that defenders may adopt. Finally, those who secure networks will have to pay increasing attention to the role that smart devices might otherwise play in allowing hackers in. Organizations could benefit from better understanding their risk posture from various actors (threats), protection needs (vulnerabilities), and assets (impact). Policy recommendations include better defining the role of government, and exploring information sharing responsibilities. Key Findings Common Knowledge Confirmed Security postures are highly specific to company type, size, etc.; and there often aren't good solutions for smaller businesses. Quarantining certain parts of an organization offline can be a useful option. Responding to the desire of employees to bring their own devices and connect them to the network creates growing dilemmas. Chief information security officers (CISOs) feel that attackers have the upper hand, and will continue to have it. Reasonable Suppositions Validated Customers look to extant tools for solutions even though they do not necessarily know what they need and are certain no magic wand exists. CISOs want information on the motives and methods of specific attackers, but there is no consensus on how such information could be used. Current cyberinsurance offerings are often seen as more hassle than benefit, only useful in specific scenarios, and providing little return. Surprising Findings A cyberattack's effect on reputation (rather than more direct costs) is the biggest cause of concern for CISOs. The actual intellectual property or data that might be affected matters less than the fact that any intellectual property or data is at risk. In general, loss estimation processes are not particularly comprehensive. The ability to understand and articulate an organization's risk arising from network penetrations in a standard and consistent matter does not exist and will not exist for a long time. Recommendations Know what needs protecting, and how badly protection is needed. It was striking how frequently reputation was cited by CISOs as a prime cause for cybersecurity spending, as opposed to protecting actual intellectual property. Knowing what machines are on the network, what applications they are running, what privileges have been established, and with what state of security is also crucial. The advent of smart phones, tablets, and so forth compounds the problem. Know where to devote effort to protect the organization. A core choice for companies is how much defense to commit to the perimeter and how much to internal workings. Consider the potential for adversaries to employ countermeasures. As defenses are installed, organizations must realize they are dealing with a thinking adversary and that measures installed to thwart hackers tend to induce countermeasures as hackers probe for ways around or through new defenses. Government efforts aren't high on CISO's lists, but governments should be prepared to play a role. By and large, CISOs we interviewed did not express much interest in government efforts to improve cybersecurity, other than a willingness to cooperate after an attack. Yet it seems likely that government should be able to play a useful role. One option is to build a body of knowledge on how systems fail (a necessary prerequisite to preventing failure), and then share that information. A community that is prepared to share what went wrong and what could be done better next time could produce higher levels of cybersecurity. Details: Santa Monica, CA: RAND, 2015. 162p. Source: Internet Resource: Accessed September 28, 2016 at: http://www.rand.org/content/dam/rand/pubs/research_reports/RR1000/RR1024/RAND_RR1024.pdf Year: 2015 Country: United States URL: http://www.rand.org/content/dam/rand/pubs/research_reports/RR1000/RR1024/RAND_RR1024.pdf Shelf Number: 140475 Keywords: Computer Crime Cyberattacks Cybercrime (U.S.) Cybersecurity Internet CrimeNational Security Terrorism |
Author: U.S. Federal Communications Commission Title: Cybersecurity Risk Reduction Summary: Cybersecurity is a top priority for the Commission. The rapid growth of network-connected consumer devices creates particular cybersecurity challenges. The Commission's oversight of our country's privately owned and managed communications networks is an important component of the larger effort to protect critical communications infrastructure and the American public from malicious cyber actors. The Commission is uniquely situated to comprehensively address this issue given its authority over the use of radio spectrum as well as the connections to, and interconnections between, commercial networks, which touch virtually every aspect of our economy. Other agencies have also begun looking at network-connected devices and the security implications they bring in certain industry segments. The Commission's rules include obligations for Internet Service Providers (ISPs) to take measures to protect their networks from harmful interconnected devices. These rules make clear that providers not only have the latitude to take actions to protect consumers from harm, but have the responsibility to do so. Reasonable network management must include practices to ensure network security and integrity, including by "addressing traffic harmful to the network," such as denial of service attacks. The Public Safety and Homeland Security’s (PSHSB or Bureau) cybersecurity initiatives build upon FCC rules that have, for decades, effectively evolved to balance security, privacy, and innovation within the telecommunications market. The U.S. telecommunications market leads the world as a consequence of this light touch, but surgical, approach. Commission staff actively work with stakeholders to address cyber challenges presented by today's end-to-end Internet environment. This environment is vastly different and more challenging than the legacy telecommunications security environment that preceded it. Today insecure devices, connected through wireless networks, have shut down service to millions of customers by attacking critical control utilities neither licensed nor directly regulated by the Commission. These attacks highlight that security vulnerabilities inherent in devices attached to networks now can have large-scale impacts. As the end-to-end Internet user experience continues to expand and diversify, the Commission's ability to reduce cyber risk for individuals and businesses will continue to be taxed. But shifting this risk oversight responsibility to a non-regulatory body would not be good policy. It would be resource intensive and ultimately drive dramatic federal costs and still most certainly fail to address the risk for over 30,000 communications service providers and their vendor base. The Commission must address these cyber challenges to protect consumers using telecommunications networks. Cyber risk crosses corporate and national boundaries, making it imperative that private sector leadership in the communications sector step up its responsibility and accountability for cyber risk reduction. In this vein, the Commission has worked closely with its Federal Advisory Committees (FAC), as well as with its federal partners and other stakeholders, to foster standards and best practices for cyber risk reduction. The Commission worked with the other regulatory agencies to create a forum whereby agency principals share best regulatory practices and coordinate our approaches for reducing cybersecurity risk. A rich body of recommendations, including voluntary best practices, is the result. Industry implementation of these practices must be part of any effort to reduce cybersecurity risk. The Commission, however cannot rely solely on organic market incentives to reduce cyber risk in the communications sector. As private actors, ISPs operate in economic environments that pressure against investments that do not directly contribute to profit. Protective actions taken by one ISP can be undermined by the failure of other ISPs to take similar actions. This weakens the incentive of all ISPs to invest in such protections. Cyber-accountability therefore requires a combination of market-based incentives and appropriate regulatory oversight where the market does not, or cannot, do the job effectively. PSHSB has developed a portfolio of programs to address cybersecurity risk in the telecommunications sector in a responsible manner. These initiatives include collaborative efforts with key Internet stakeholder groups; increased interagency cooperation; and regulatory solutions to address residual risks that are unlikely to be addressed by market forces alone. This white paper describes the risk reduction portfolio of the current Commission and suggests actions that would continue to affirmatively reduce cyber risk in a manner that incents competition, protects consumers, and reduces significant national security risks. Details: Washington, dC: Federal Communications Commission, 2017. 56p. Source: Internet Resource: Accessed February 11, 2017 at: http://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db0118/DOC-343096A1.pdf Year: 2017 Country: United States URL: http://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db0118/DOC-343096A1.pdf Shelf Number: 145022 Keywords: CybercrimeCybersecurityInternet CrimeInternet SecuritySupply ChainsTelecommunications |
Author: National Crime Agency (UK) Title: Pathways Into Cyber Crime Summary: The report, which is based on debriefs with offenders and those on the fringes of criminality, explores why young people assessed as unlikely to commit more traditional crimes get involved in cyber crime. The report emphasises that financial gain is not necessarily a priority for young offenders. Instead, the sense of accomplishment at completing a challenge, and proving oneself to peers in order to increase online reputations are the main motivations for those involved in cyber criminality. During his debrief, Subject 7, who was jailed for Computer Misuse Act and fraud offences, told officers, "..it made me popular, I enjoyed the feeling... I looked up to those users with the best reputations". The report identifies that some offenders begin by participating in gaming cheat websites and 'modding' (game modification) forums before progressing to criminal hacking forums. The assessment notes that off-the-shelf tools such as DDOS-for-hire services and Remote Access Trojans (RATs) are available with step by step tutorials at little to no cost to the user, making the skills barrier for entry into cyber crime lower than it has ever been. It also highlights that whilst there is no socio-demographic bias, with people across the country from different backgrounds among offenders, the average age of cyber criminals is significantly younger than other crime types. In 2015, the average age of suspects in NCA cyber crime investigations was 17 years old, compared to 37 in NCA drugs cases and 39 in NCA economic crime cases. Subject 1, a member of a hacking collective who sold DDoS tools and Botnet services, told officers that a warning from law enforcement would have made him stop his activities. The report also identifies education and opportunities to use skills positively as helpful in steering potential offenders towards a future career in cyber security. Details: London: NCA, 2017. 18p. Source: Internet Resource: Accessed April 28, 2017 at: http://www.nationalcrimeagency.gov.uk/publications/791-pathways-into-cyber-crime/f Year: 2017 Country: United Kingdom URL: http://www.nationalcrimeagency.gov.uk/publications/791-pathways-into-cyber-crime/f Shelf Number: 145184 Keywords: Computer CrimesComputer HackingCybercrimeCybersecurityInternet CrimesSocial Media |
Author: Lawrenson, Tim Title: Cyberattacks -- The Significance of the Threat and the Resulting Impact on Strategic Security Summary: Cyberspace is now so intrinsic to a modern state's economy that it is vital to protect it as part of that state's national security. However certain features of cyberspace make it an increasingly attractive attack domain. Despite some rather hysterical press headlines, this analysis shows that cybercrime is the principal threat, rather than cyberterror or cyberwarfare; albeit the growing scale of state-sponsored cybercrime is a concern because it carries an inherent risk of escalation into cyber (or conventional) warfare. A comprehensive, layered cyber-security strategy is needed to overcome some of the more problematic attractions of cyberspace as an attack domain. This strategy must improve actual system security as well as enhancing people's confidence in the resilience of the cyberenabled world. Details: London: Royal College of Defence Studies, 2011. 34p. Source: Internet Resource: Seaford House Paper: Accessed May 12, 2017 at: http://www.da.mod.uk/Publications/category/91/cyber-attacks-the-significance-of-the-threat-and-the-resulting-impact-on-strategic-security-15753 Year: 2011 Country: International URL: http://www.da.mod.uk/Publications/category/91/cyber-attacks-the-significance-of-the-threat-and-the-resulting-impact-on-strategic-security-15753 Shelf Number: 131353 Keywords: Cybercrime Cybersecurity |
Author: McAfee Title: Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity Summary: Cybercriminals have the advantage. This has been true since the internet was commercialized 20 years ago. The incentives for cybercrime have made it a big business and a dynamic marketplace. Defenders are hard pressed to keep up. Misaligned incentives explain much of this - both within organizations and between attackers and defenders in cyberspace. Misaligned incentives between attackers and defenders mean that the decentralized market in which cybercriminals operate makes them adapt and innovate faster and more efficiently than defenders, whose incentives are shaped by bureaucracies and top-down decision making. Some of the advantage cybercriminals have over defenders is due to technology - we now all know that the internet was never designed to be secure. Some is due to policy. There are countries that tolerate, shelter, and maybe even encourage cybercrime. Governments and companies know they are at a disadvantage, but they are playing catch-up. Managing the risk posed by cyberthreats has become a priority, but the best criminals still seem able to stay ahead, even as companies allocate more resources to cybersecurity. This does not mean cybercrime will always win. It does mean that companies and governments will need to rethink how they measure, reward and incentivize defense. Markets send signals by creating prices and rewards, creating incentives for action. The cybercrime market is efficient, and the incentives for cybercriminals are clear and compelling. The same is not true for defenders. Criminals flourish in this market, but most defenders work in bureaucracies. In most companies, cybersecurity is the responsibility of a diverse range of groups and individuals using different (and sometimes conflicting) metrics for success. Incentives are not only misaligned between attackers and defenders, but within companies. To examine this misalignment of incentives, we conducted a survey of 800 respondents from companies ranging in size from 500 employees to more than 5,000 across five major industry sectors, including finance, healthcare, and the public sector. Our survey targeted respondents with executive level responsibility for cybersecurity, as well as operators that have technical and implementation responsibilities for cybersecurity. The results provide insight into how each group views cyber risk in making decisions about an organization's cyber-risk management strategy. Better calibrating the misaligned incentives we uncovered may yield a more coherent and effective cybersecurity posture for companies worldwide. Details: Santa Clara, CA: McAfee Security, Center for Strategic and International Studies, 2017. 34p. Source: Internet Resource: Accessed August 7, 2017 at: https://www.mcafee.com/us/resources/reports/rp-misaligned-tilting-playing-field.pdf Year: 2017 Country: International URL: https://www.mcafee.com/us/resources/reports/rp-misaligned-tilting-playing-field.pdf Shelf Number: 146755 Keywords: Computer CrimeCybercrimeCybersecurityInternet Crime |
Author: Hemmings, John Title: Safeguarding our Systems: Managing Chinese Investment into the UK's Digital and Critical National Infrastructure Summary: - China's investment into Western advanced economies -- including that of the UK -- is increasing and changing in scope surging from EUR 14 billion in 2015 to EUR 20 billion in 2016, a 44% jump. More than 60% of the value of deals has been by state-owned enterprises, indicating this push is led by state strategy than commercial interests. - In 2016, China invested $11.15 billion into the UK. More than double the amount in 2015 and the most in any one year going back to 2005. - China's economic strategy, Made in China: 2025, might threaten the long-term survival of UK businesses unless some sort of government protection is afforded to them or unless China affords British businesses more access to China's home market. - Because of cyber vulnerabilities, critical national infrastructure will be at the forefront of any future war. - The current review system could be improved and rationalised: -- It has allowed access to the UK's digital and critical infrastructure with elements of China's defence industrial concerns -- It has allowed deals that have affected the UK's closest military allies -- It allows for domestic and foreign pressure on the government of the day -- A formal investment screening regime is both necessary and desirable to protect the UK's economic interests and its national security. - A new regime should be built, which is adequately resourced to carry out the difficult task of tracking foreign direct investment (FDI) into the sensitive parts of the UK's economy. - The new regime should begin to coordinate more closely with the UK's closet military and intelligence-sharing allies, including the Five Eyes partners and NATO member states. - Any new regime should carry out its review process in a judicious but swift manner so that foreign investment in the UK is not hampered or harmed. This report suggests that the regime should be sufficiently able to pass its decisions within 30 days of receiving an inquiry. - Ideally, any regime should be overseen by a special committee in Parliament to ensure that it is sufficiently funded and resourced to carry out its activities, and that it is carrying them out in a legal, expedient and sufficient manner. Details: London: Henry Jackson Society, 2017. 54p. Source: Internet Resource: Accessed August 7, 2017 at: http://henryjacksonsociety.org/wp-content/uploads/2017/07/Safeguarding-Our-Systems-Report-FINAL-Digital.pdf Year: 2017 Country: United Kingdom URL: http://henryjacksonsociety.org/wp-content/uploads/2017/07/Safeguarding-Our-Systems-Report-FINAL-Digital.pdf Shelf Number: 146764 Keywords: CybersecurityHomeland SecurityInfrastructure SecurityNational Security |
Author: Hakmeh, Joyce Title: Cybercrime and the Digital Economy in the GCC Countries Summary: Online activity and the use of digital technology have grown rapidly in the Gulf Cooperation Council (GCC) states. Albeit with certain variations between countries, this has helped to boost prospects for a 'digital transformation' in which states and cities in the region could become international hubs for digital services. Such a shift offers a significant opportunity in the context of policy agendas to diversify the region's hydrocarbon-dependent economies. At the same time, however, digital growth has increased the GCC's vulnerability to cybercrime. While the incidence, spread and effects of cybercrime in the region are difficult to measure precisely, a number of trends and figures suggest that cybercrime is growing rapidly and that the region has become a magnet for such crime. The rise in cybercrime has occurred in spite of heavy investment by GCC states in cyber protection, and the adoption of various measures including legislation. Cybercrime threatens growth of the digital economy. It shakes trust in the foundations of digital commerce, and in the 'smart infrastructure' of interconnected devices, adaptive systems and other digital technologies which governments in the region are developing - and which they aspire to expand. A number of factors suggest that the incidence, scale and impact of cybercrime are likely to increase further in the future. The first is the prospect of rapid growth in the digital economy, reflecting the prominence of digital strategies in the plans of GCC governments. A second factor is the high speed of technology adoption, which makes it hard for policy to keep pace with rising cybercrime and evolving criminal methods. A third factor is the expected convergence of technologies as the 'Internet of Things' (IoT) expands and develops, potentially creating new risk exposures via huge numbers of networked devices. In short, the GCC region will likely find itself both continuing to grapple with the existing challenges of cybercrime and facing ever-evolving risks as a result of ongoing technological innovation. Cybercrime is pervasive and cannot be completely eradicated. However, governments can limit its impact by creating a resilient overall economy and robust institutions, and by investing in deterrent capacity. Legislative frameworks play an intrinsic role in this process. In this context, it is important to consider whether existing GCC countermeasures - including legislation - are fit for purpose, or whether an overhaul is needed. This research paper offers an overall picture of the state of the digital economy in the GCC, and of progress to date in the region's attempted digital transformation. It also seeks, in particular, to highlight shared regional cybercrime challenges and their impact. The paper surveys the extent and effectiveness of existing measures - including legal instruments - for countering cybercrime, and proposes improvements to the policy regime and areas for potential intergovernmental cooperation. Although the focus is mainly on the GCC in aggregate, the paper also takes into account variations between the six countries in terms of digital development, the prevalence of cybercrime, and the nature and extent of countermeasures available. Details: London: Chatham House, 2017. 20p. Source: Internet Resource: Accessed August 7, 2017 at: https://www.chathamhouse.org/sites/files/chathamhouse/publications/research/2017-06-30-cybercrime-digital-economy-gcc-hakmeh.pdf Year: 2017 Country: United Kingdom URL: https://www.chathamhouse.org/sites/files/chathamhouse/publications/research/2017-06-30-cybercrime-digital-economy-gcc-hakmeh.pdf Shelf Number: 146772 Keywords: Computer CrimesCybercrimeCybersecurityInternet Crimes |
Author: Parraguez Kobek, Luisa Title: The State of Cybersecurity in Mexico: An Overview Summary: The cost of cybercrime incidents in the world has gone from US$3 trillion in early 2015 to a projected US$6 trillion by 2021. Luis Almagro, the Secretary General of the OAS, acknowledged that information and communication technologies (ICTs) and its multiple uses continue to evolve at a rapid pace in the region and countries are highly vulnerable to potentially devastating cyberattacks. Mexico's economy and geostrategic location is an attractive target for illicit cyber activities. On the one hand, it is enjoying considerable Foreign Direct Investment (FDI) and a solid GDP growth and on the other, it is still relatively vulnerable in cybersecurity and cyber defense. Mexico ranks as the second country in Latin America with the most cyberattacks, with a 40% growth in the number of attacks between 2013 and 2014, and approximately 10 million victims in 2014. Cybersecurity, sustainability and resilience are not only necessary for Mexico's safekeeping but they are also important factors in its social and economic development. Mexico needs to engage with its national, regional and international partners to combine resources, multi-stakeholder initiatives and facilitate information sharing to ensure its security in cyberspace. Details: Washington, DC: Wilson Center, Mexico Institute, 2017. 23p. Source: Internet Resource: Accessed September 11, 2017 at: https://www.wilsoncenter.org/sites/default/files/cybersecurity_in_mexico_an_overview.pdf Year: 2017 Country: Mexico URL: https://www.wilsoncenter.org/sites/default/files/cybersecurity_in_mexico_an_overview.pdf Shelf Number: 147207 Keywords: Computer CrimesCosts of CrimeCybercrimeCybersecurityInternet Crimes |
Author: Great Britain. HM Government Title: National Cyber Security Strategy 2016-2021 Summary: The National Cyber Security Strategy 2016 to 2021 sets out the government's plan to make Britain secure and resilient in cyberspace. The UK is one of the world's leading digital nations. Much of our prosperity now depends on our ability to secure our technology, data and networks from the many threats we face. Yet cyber attacks are growing more frequent, sophisticated and damaging when they succeed. So we are taking decisive action to protect both our economy and the privacy of UK citizens. Our National Cyber Security Strategy sets out our plan to make Britain confident, capable and resilient in a fast-moving digital world. Over the lifetime of this five-year strategy, we will invest L1.9 billion in defending our systems and infrastructure, deterring our adversaries, and developing a wholesociety capability - from the biggest companies to the individual citizen. From the most basic cyber hygiene, to the most sophisticated deterrence, we need a comprehensive response. We will focus on raising the cost of mounting an attack against anyone in the UK, both through stronger defences and better cyber skills. This is no longer just an issue for the IT department but for the whole workforce. Cyber skills need to reach into every profession. The new National Cyber Security Centre will provide a hub of world-class, user-friendly expertise for businesses and individuals, as well as rapid response to major incidents. Government has a clear leadership role, but we will also foster a wider commercial ecosystem, recognising where industry can innovate faster than us. This includes a drive to get the best young minds into cyber security. The cyber threat impacts the whole of our society, so we want to make very clear that everyone has a part to play in our national response. It's why this strategy is an unprecedented exercise in transparency. We can no longer afford to have this discussion behind closed doors. Ultimately, this is a threat that cannot be completely eliminated. Digital technology works because it is open, and that openness brings with it risk. What we can do is reduce the threat to a level that ensures we remain at the vanguard of the digital revolution. This strategy sets out how. Details: London: HM Government, 2017. 80p. Source: Internet Resource: Accessed September 13, 2017 at: https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021 Year: 2017 Country: United Kingdom URL: https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021 Shelf Number: 147232 Keywords: Computer CrimeCybercrimeCybersecurityInternet CrimesNational Security |
Author: Jones, Chris Title: Market Forces: The development of the EU Security-Industrial Complex Summary: Despite the economic crisis, EU funding for new security tools and technologies will double in the 2014-20 period compared to the previous 6 years. The biggest winners have been the "homeland security" industry whose influence on European policy continues to grow, constructing an ever more militarised and security-focused Europe. While the European Union project has faltered in recent years, afflicted by the fall-out of the economic crisis, the rise of anti-EU parties and the Brexit vote, there is one area where it has not only continued apace but made significant advances: Europe's security policies have not only gained political support from across its Member States but growing budgets and resources too. The increased securitisation of the European Union has relevance not only for its Member States but for the world which will be affected by the measures, technologies and strategies being developed, sold and deployed. The emergence of 'security' as the EU's increasingly default response to complex social and ecological crises is also significant given the current political context of rising authoritarian parties and governments all-too-willing to use the latest security tools to maintain and extend power. This report digs deep into the EU's funding of its security strategy. It shows that between 2014 and 2020, a total of at least L11 billion has been allocated to budgets directed towards security measures - L3.8 billion to the Internal Security Fund (ISF), L1.7 billion to the European Security Research Programme, L3.1 billion to the Asylum, Migration and Integration Fund (which has numerous uses in the context of security policy) and some L2.4 billion for EU home affairs agencies such as Europol and Frontex. While still a small amount in comparison to the EU's total budget of "1 trillion between 2014 and 2020, it is a significant development given that a decade ago the bloc had no dedicated budgets for security, justice or home affairs. The report's investigation of the different budgets also draws out the big picture of where the funding is going and what it is helping to construct: an all-encompassing vision of security that seeks to combat a seemingly limitless number of "threats" ranging from terrorism to petty crime, and which displays a marked tendency of treating the entire population (European and especially non-European) as potential objects of suspicion that must be surveyed and if necessary detained, obstructed or even killed. This vision has been propelled by military and security corporations whose profits depend on a world of suspicions, fears and threats - and who have not only been major beneficiaries of EU security spending, but have also been given an unprecedented role in designing the security research programme. In a 2009 report by Statewatch and TNI, we warned that EU's security, research and development policies were "coalescing around a high-tech blueprint for a new kind of security". We summed up the vision in the title of the report, NeoConOpticon, to capture the metaphor of an all-seeing prison combined with the increasingly neoconservative, corporate-led vision of the EU's security and defence policies. It warned that we were "turning a blind eye to the start of a new kind of arms race, one in which all the weapons are pointing inwards". That report examined the early years of EU security strategies, from 2003 to 2008, and focused on the beginnings of the European Security Research Programme (ESRP) and the 85 projects it had funded up to that point. Market Forces focuses on the development of EU security policies and budgets through the 2007-13 period and their successors, which were launched in 2014 and will run until 2020. These include the ESRP, which funds research to develop new technologies for law enforcement, border control, cybersecurity and critical infrastructure protection and leans heavily towards technologies and techniques initially deployed or favoured by military forces: drones, data-mining tools, large-scale surveillance systems, biometric recognition and automated behaviour analysis tools. It also explicitly seeks to develop "dual-use" technologies for both civil and military use. The report also analyses the Internal Security Fund (ISF), distributed to EU Member States to enhance the powers of law enforcement and border control agencies (including through numerous new surveillance and analysis systems). The aim - albeit not yet realised - is that EU funds pay for both the development of new technologies and their subsequent purchase at EU or national level, creating a self-fulfilling loop of supply and demand. Despite warnings and public concerns over the direction of the EU's security strategy, the journey towards a world of ubiquitous public-private surveillance and control systems continues, for the time being, largely unabated. The report is divided into three sections: the first provides a summary of the early development of the European Security Research Programme, its incorporation into the EU's formal research agenda, and the concurrent development and implementation of EU policies and budgets in the area of justice and home affairs from 2007 to 2013. The second section looks at the institutions, corporations and organisations involved in the development and ongoing implementation of the EU's security research agenda and security policies, and the ways in which private interests have long-managed to successfully shape the public policy and research agenda. The third section looks at current EU security policies and budgets. It seeks to provide a general overview of aims and objectives of current policies, the funds available for implementing them, and which organisations have so far been the chief beneficiaries. The EU's security agenda is now so sprawling and complex that no one report can cover every aspect of it, but there are a few key themes that are worth drawing out here. Details: Amsterdam: Transnational Institute, 2017. 90p. Source: Internet Resource: Accessed September 18, 2017 at: https://www.tni.org/files/publication-downloads/marketforces-report-tni-statewatch.pdf Year: 2017 Country: Europe URL: https://www.tni.org/files/publication-downloads/marketforces-report-tni-statewatch.pdf Shelf Number: 147371 Keywords: Border SecurityCybersecurityHomeland SecurityLaw Enforcement TechnologySecurity PolicySurveillanceTerrorism |
Author: U.S. National Institute of Justice Title: Sharing Ideas & Resources to Keep Our Nation's Schools Safe! Volume IV Summary: Apps. Databases. Tiplines. Videos. Educational campaigns. Throughout the United States, schools, law enforcement agencies and communities keep on coming together, continuing to create innovative and groundbreaking solutions to the persistent problems of violence, bullying, security breaches, gang tensions and social media abuse. The National Institute of Justice (NIJ) and the Justice Technology Information Center (JTIC), part of the National Law Enforcement and Corrections Technology Center (NLECTC) System, bring you more of these solutions in this fourth volume of Sharing Ideas and Resources to Keep Our Nation's Schools Safe. We want you to know about the people who are searching for, and finding, positive ways to address these problems. We want to tell you about the technologies and strategies that are working across the country, and we want to hear from you about what's going on in your area. In addition to the success stories that fill the three previous volumes in this series, we continually post new ones on SchoolSafetyInfo.org, the JTIC website dedicated to school safety news, information and technology. In addition to downloadable files of Volumes I, II and III, our site includes links to a wide range of resources and materials produced at the federal, state and association levels, and provides access to school safety-related publications and videos from NIJ and the NLECTC System. You can also learn about School Safe - JTIC's Security and Safety Assessment App for Schools, and obtain instructions on how to download it. In this fourth volume, you will read about an educational video on cybersafety produced by a concerned law enforcement officer in Georgia; new approaches to training implemented by the Indiana State Police and the campus police at the University of Massachusetts-Amherst; a free campus safety app developed by a team of students at the University of Michigan; an educational campaign produced by high school students in Connecticut; and a number of other school-community-law enforcement collaborative projects. Details: Washington, DC: National Law Enforcement and Corrections Technology Center, 2016. 104p. Source: Internet Resource: Accessed September 19, 2017 at: https://justnet.org/pdf/00-Sharing%20Resources_Vol4_FINAL_508_06282016.pdf Year: 2016 Country: United States URL: https://justnet.org/pdf/00-Sharing%20Resources_Vol4_FINAL_508_06282016.pdf Shelf Number: 147395 Keywords: CybercrimeCybersecuritySchool Bullying School Crime School Resource Officers School Safety School Security School Violence |
Author: Economist Intelligence Unit Title: Safe Cities Index 2017: Security in a rapidly urbanising world Summary: In many respects it's the very success of cities, in their role as global social and economic hubs, that makes them more vulnerable. As rural residents head for the city in developing countries-which for purposes here we define as non-OECD countries, with the exception of Singapore-and wealthy global capitals draw in international talent, vast demographic shifts are creating cities with previously unimagined population sizes. In 2016, there were 31 megacities-cities with more than 10m inhabitants. This is projected to rise to 41 by 2030. And size matters. While cities generate economic activity, the security challenges they face expand and intensify as their populations rise. These include growing pressure on housing supply (prompting the spread of slums) and services such as healthcare, transport, and water and power infrastructure. Man-made risks are also growing. As tragic recent events in European cities such as London, Paris and Barcelona have demonstrated, high profile, wealthy urban centres are becoming targets for terrorist activities. And as income divides widen, growing inequalities can create tensions that contribute to violent outbursts such as the 2011 London riots. Meanwhile, another major shift has come to the fore: the rapid deployment of digital technologies in pursuit of the so-called "smart city". The technologies no doubt bring benefits. As part of Internet of Things (IoT) technologies, sensors collect and wirelessly transmit data from physical objects, delivering new insights into city operations and permitting remote and more efficient management of infrastructure and services. Connecting apartments and office buildings to the electricity grid via smart meters, for example, delivers energy efficiency and cost savings. And with the spread of closed-circuit televisions (CCTVs) and webcams around cities, technologies such as artificial intelligence and data analytics can greatly enhance the capabilities of law enforcement agencies to combat urban crime and terrorism. Yet the rush to embrace smart city technologies also creates vulnerabilities if investments in digital technologies are not accompanied by commensurate investments in cyber security. Wealthy cities are making investments, albeit to varying degrees, but security often comes lower on the list of spending priorities for cities with already stretched finances. The consequences of neglecting cyber security could be dire. For example, if hackers were to shut down the power supply, an entire city would be left in chaos. This prospect is something city officials now need to plan against. Cities are also defined by the complex, interlinked nature of their systems and infrastructure. This complexity has a bearing on safety. For example, experts are uncovering links between the quality of housing and the health of citizens. And while terrorist attacks are what make headlines, traffic accidents are a greater day-to-day danger for urban residents. Natural forces are also coming in to play as climate change poses new risks to cities, with extreme weather events becoming an even greater threat, as illustrated by the devastation Hurricane Harvey just delivered to Houston, Texas. The 2017 Safe Cities Index retains the four categories of security from the 2015 version- digital, health, infrastructure and physical. However, we have added six new indicators and expanded the index to cover 60 cities, up from 50 in 2015. Details: London: The Economist, 2017. 44p. Source: Internet Resource: Accessed February 2, 2018 at: https://dkf1ato8y5dsg.cloudfront.net/uploads/5/82/safe-cities-index-eng-web.pdf Year: 2017 Country: International URL: https://dkf1ato8y5dsg.cloudfront.net/uploads/5/82/safe-cities-index-eng-web.pdf Shelf Number: 148969 Keywords: CitiesCybersecuritySecurityUrban AreasUrban Crime |
Author: Economist Intelligence Unit Title: Safe Cities Index 2015: Assessing urban security in the digital age Summary: Cities are already home to a majority of people on the planet. The current level of urbanisation ranges from 82% of the population in North America to 40% in Africa. But all regions are expected to follow this trend towards greater urbanisation over the next three decades. Lagos, the most populous city Nigeria, is predicted to double in size in the next 15 years. However, cities should not take continued population growth for granted. As the UN's latest World Urbanisation Prospects study points out, some cities have experienced population decline because of, among other things, low fertility rates, economic contraction and natural disasters. The population of Seoul, the capital of South Korea, has shrunk by 800,000 since 1990. Likewise, the safety of cities can ebb and flow. New York recorded a record high of 2,245 homicides in 1990, equating to six murders per day. Since then the population has grown by over 1m people, while homicide rates have fallen. The murder rate in 2013 stood at 335, a historic low, moving New York below Chicago-a city with under one-third of New York's population. As some threats recede, others mature. The frequency of terrorism and natural disasters has changed the nature of urban safety: power, communications and transport systems must be robust and able to withstand new external shocks. Meanwhile, new risks emerge. Cyber risk has accompanied the advent of the digital age. Urban safety is therefore a critical issue that is set to become even more important over time. Securing public safety means addressing a wide-and evolving-range of risks. The Safe Cities Index aims to capture this complexity. The Index tracks the relative safety of a city across four categories: digital security, health security, infrastructure safety and personal safety. The Index's key findings include the following. l Tokyo tops the overall ranking. The world's most populous city is also the safest in the Index. The Japanese capital performs most strongly in the digital security category, three points ahead of Singapore in second place. Meanwhile, Jakarta is at the bottom of the list of 50 cities in the Index. The Indonesian capital only rises out of the bottom five places in the health security category (44). l Safety is closely linked to wealth and economic development. Unsurprisingly, a division emerges in the Index between cities in developed markets, which tend to fall into the top half of the overall list, and cities in developing markets, which appear in the bottom half. Significant gaps in safety exist along these lines within regions. Rich Asian cities (Tokyo, Singapore and Osaka) occupy the top three positions in the Index, while poorer neighbours (Ho Chi Minh City and Jakarta) fill two of the bottom three positions. l However, wealth and ample resources are no guarantee of urban safety. Four of the five Middle Eastern cities in the Index are considered high-income, but only one makes it into the top half of the Index: at 25 Abu Dhabi is 21 places above Riyadh at number 46. Similar divides between cities of comparable economic status exist elsewhere. Seoul is 23 positions below Tokyo in the overall ranking (and 46 places separate the two on digital security). l US cities perform most strongly in the digital security category, while Europe struggles. New York is the only US city to make it into the top ten of the overall index (at 10). However, it is third for digital security, with three of the four other US cities in the Index (Los Angeles, San Francisco and Chicago) joining it in the top ten. Meanwhile, European cities perform relatively poorly. London, at 16, is the highest-ranking European entry in the digital security index; Rome is the lowest, at 35. l Leaders in digital security must not overlook real-world risks. Los Angeles falls from 6th place in digital security to 23rd for personal safety. San Francisco suffers a similar drop, falling from 8th to 21st. For these cities-both home to high-tech industries-a focus on technology and cyber security does not seem to be matched by success in combating physical crime. Urban safety initiatives need to straddle the digital and physical realms as the divide between them blurs. l Technology is now on the frontline of urban safety, alongside people. Data are being used to tackle crime, monitor infrastructure and limit the spread of disease. As some cities pursue smarter methods of preventing- rather than simply reacting to-these diverse security threats, a lack of data in emerging markets could exacerbate the urban safety divide between rich and poor. Nonetheless, investment in traditional safety methods, such as bolstering police visibility, continues to deliver positive results from Spain to South Africa. l Collaboration on safety is critical in a complex urban environment. Now that a growing number of essential systems are interconnected, city experts stress the need to bring together representatives from government, business and the community before threats to safety and security strike. Some cities have appointed an official to co-ordinate this citywide resilience. With the evolution of online threats transcending geographical boundaries, such co-ordination will increasingly be called for between cities. l Being statistically safe is not the same as feeling safe. Out of the 50 cities, only Zurich and Mexico City get the same rank in the overall index as they do in the indicator that measures the perception of safety among their citizens. Urban citizens in the US, for instance, tend to feel less safe than they should, based on their city's position in the Index. The challenge for city leaders is to translate progress on safety into changing public perceptions. But cities also aspire to be attractive places to live in. So smart solutions, such as intelligent lighting, should be pursued over ubiquitous cameras or gated communities. Details: London: The Economist, 2015. 42p. Source: Internet Resource: Accessed February 5, 2018 at: https://dkf1ato8y5dsg.cloudfront.net/uploads/5/82/eiu-safe-cities-index-2015-white-paper-1.pdf Year: 2015 Country: International URL: https://dkf1ato8y5dsg.cloudfront.net/uploads/5/82/eiu-safe-cities-index-2015-white-paper-1.pdf Shelf Number: 148988 Keywords: Cities Cybersecurity SecurityUrban Areas Urban Crime |
Author: Council of Economic Advisors Title: The Cost of Malicious Cyber Activity to the U.S. Economy Summary: This report examines the substantial economic costs that malicious cyber activity imposes on the U.S. economy. Cyber threats are ever-evolving and may come from sophisticated adversaries. Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate. Importantly, cyberattacks and cyber theft impose externalities that may lead to rational underinvestment in cybersecurity by the private sectorrelative to the socially optimal level of investment. Firms in critical infrastructure sectors may generate especially large negative spillover effects to the wider economy. Insufficient data may impair cybersecurity efforts. Successful protection against cyber threats requires cooperation across firms and between private and public sectors. Overall: - We estimate that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. - Malicious cyber activity directed at private and public entities manifests as denial of service attacks, data and property destruction, business disruption (sometimes for the purpose of collecting ransoms) and theft of proprietary data, intellectual property, and sensitive financial and strategic information. - Damages from cyberattacks and cyber theft may spill over from the initial target to economically linked firms, thereby magnifying the damage to the economy. - Firms share common cyber vulnerabilities, causing cyber threats to be correlated across firms. The limited understanding of these common vulnerabilities impedes the development of the cyber insurance market. - Scarce data and insufficient information sharing impede cybersecurity efforts and slow down the development of the cyber insurance market. - Cybersecurity is a common good; lax cybersecurity imposes negative externalities on other economic entities and on private citizens. Failure to account for these negative externalities results in underinvestment in cybersecurity by the private sector relative to the socially optimal level of investment. - Cyberattacks against critical infrastructure sectors could be highly damaging to the U.S. economy. Details: Washington, DC: The Council, 2018. 62p. Source: Internet Resource: Accessed March 8, 2018 at: https://www.whitehouse.gov/wp-content/uploads/2018/02/The-Cost-of-Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf Year: 2018 Country: United States URL: https://www.whitehouse.gov/wp-content/uploads/2018/02/The-Cost-of-Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf Shelf Number: 149400 Keywords: Computer Crime Cybercrime CybersecurityEconomics of Crime Financial Crimes Internet Crimes |
Author: Big Brother Watch Title: Cyber attacks in local authorities: How the quest for big data is threatening cyber security Summary: Local authorities are holding ever-expanding troves of personal information about citizens. Under the banner of data-driven government, they are seeking to actively gather more information about people. So-called 'smart cities' are armed with sensors and cameras that amass data about citizens, introducing a new level of everyday surveillance in the UK. This accumulation of big data evokes not only concerns about ethics, rights and violations of privacy, but also about how equipped councils are to protect citizens' sensitive data. The number of serious cyber attacks is forecasted to significantly rise in the near future, making cyber security risks a clear priority. But is cyber security being appropriately prioritized by local authorities, or is more data collection the main focus of their digital strategies? Based on Freedom of Information requests, Big Brother Watch found that UK local authorities have experienced in excess of 98 million cyber attacks over 5 years. This means that there are at least 37 attempted breaches of UK local authorities every minute. In addition, at least 1 in 4 councils experienced a cyber security incident - that is, an actual security breach - between 2013 - 2017. While some councils have taken measures to face the ever growing threat from cyber attacks, especially the areas of staff training and reporting of successful cyber attacks need urgent attention. In 2015, Big Brother Watch exposed how local authorities commit 4 data breaches a day, predominantly caused by human error. 1 Surprisingly, our current investigation reveals that little action has been taken to increase staff awareness and education in these matters. We found that 75% of local authorities do not provide mandatory training in cyber security awareness for staff and 16% do not provide any training at all. Considering that the majority of successful cyber attacks start with phishing emails aimed at unwitting staff, 2 negligence in staff training is very concerning and only indicative of the low priority afforded to cyber security issues. Our findings further reveal that 25 local authorities experienced losses or breaches of data in the past five years as a result of cyber security incidents. Yet, 56% of councils who failed to protect data from cyber security threats did not even report the incidents. Big Brother Watch urges local authorities to review their policies with a view to mitigating the risks of cyber security incidents that threaten the security of citizens' invaluable data. 1. Local authorities must appropriately prioritize their cyber security. Instead of investing in surveillance technologies, councils should invest resources on the development of cyber security strategies and the training of staff. 2. Cyber security incidents should be consistently reported. Local authorities need to establish a simple protocol that allows them to report incidents to the right authorities, whether the police, Information Commissioner's Office or the National Cyber Security Centre. This would ensure that threats are dealt with appropriately and that authorities' propensity to attacks is monitored. Furthermore, local authorities should utilise the National Cyber Security Centre's definitions of cyber attacks and cyber security incidents to ensure consistent reporting. 3. All staff should receive mandatory training in cyber security. Cyber attacks are not only designed to breach computer systems, but also to exploit humans who are often the weakest cyber security link. The ability to identify threats must not be reserved to ICT specialists but spread throughout the staff body. With large and ever-increasing volumes of data at stake, all local authority staff should have basic cyber security awareness. Details: London: Big Brother Watch, 2018. 66p. Source: Internet Resource: Accessed May 3, 2018 at: https://bigbrotherwatch.org.uk/wp-content/uploads/2018/02/Cyber-attacks-in-local-authorities.pdf Year: 2018 Country: United Kingdom URL: https://bigbrotherwatch.org.uk/wp-content/uploads/2018/02/Cyber-attacks-in-local-authorities.pdf Shelf Number: 150032 Keywords: Computer CrimesCybercrimeCybersecurityInternet Crime |
Author: Children's Society Title: Safety Net: Cyberbullying's impact on young people's mental health: Inquiry report Summary: Key findings Under-age use of social media is commonplace - Despite most major social media companies - including Facebook, Twitter, Snapchat, YouTube and Instagram - specifying that users must be 13 years old to have an account, we found that 61% of young people had a first account at age 12 or under. Children and young people are using social media for longer periods and using multiple profiles - Our survey indicated that nearly half (44%) of children and young people spend more than three hours per day on social media, whilst almost 1 in 10 (9%) reported always using social media overnight between midnight and 6am. There is a connection between intensive social media use and mental ill health - Thirty eight percent of young people reported that social media has a negative impact on how they feel about themselves, compared to 23% who reported that it has a positive impact. This was exacerbated for girls, with 46% of girls stating that social media had a negative impact on their self-esteem. Cyberbullying - a new form of bullying - Although our inquiry found that offline bullying remains the most common form of bullying, it is clear that cyberbullying is distinct and potent, particularly due to its potential to be relentless. Children and young people are particularly vulnerable to the effects of cyberbullying - Children and young people who are currently experiencing a mental health problem are more than three times more likely to have been bullied online in the last year. The steps being taken by social media companies in response to cyberbullying are inconsistent and inadequate - Throughout the course of the inquiry, we heard a number of examples from social media companies about positive initiatives they have established to respond to abusive content online, such as cyberbullying, as well as promoting the mental health of their users. Young people concluded that social media companies' current responses to cyberbullying are inadequate - There is an appetite among young people for greater interventions to disrupt cyberbullying, with 83% of young people saying that social media companies should do more to tackle cyberbullying on their platforms. There is a perceived lack of consequences for those who engage in bullying behaviour - Young people told the inquiry that they feel as though the onus is on the person who is experiencing cyberbullying to act. They spoke of a perceived lack of consequences for those who engage in bullying behaviour online, in a way there is not in the offline world. Social media companies need to do more to promote positive mental health and well-being - Young people overwhelmingly told the inquiry that they wanted social media companies to do more to promote positive mental health and interactions on their platforms. - Eighty two percent of young people thought social media companies should do more to promote mental health. Details: London: Children's Society, 2018. 72p. Source: Internet Resource: Accessed May 7, 2018 at: https://www.childrenssociety.org.uk/sites/default/files/social-media-cyberbullying-inquiry-full-report_0.pdf Year: 2018 Country: United Kingdom URL: https://www.childrenssociety.org.uk/sites/default/files/social-media-cyberbullying-inquiry-full-report_0.pdf Shelf Number: 150089 Keywords: Child ProtectionComputer CrimesCyberbullyingCybercrimeCybersecurityInternet CrimesOnline VictimizationSocial Media |
Author: Saalman, Lora, ed. Title: Integrating Cybersecurity and Critical Infrastructure: National, Regional and International Approaches Summary: There seems to be a consensus that cyberattacks resulting in damage to critical infrastructure, such as hospitals and power grids, are a common threat. However, there is a great deal of disagreement on how to define the parameters of and escalation within this arena. In this volume, six experts from industry, government, academia and the legal sector delve deeper into several key target areas of cybersecurity and critical infrastructure-namely system integrity, the role of the private sector and legal frameworks. Their essays provide a baseline for understanding how these issues are unfolding at the national level in Japan, at the regional level in Europe and at the international level under the United Nations. Contents 1. Introduction 2. System integrity and the national level 3. Private sector and the regional level 4. Legal frameworks and the international level 5. Conclusions Details: Solna, Sweden: Stockholm International Peace Research Institute, 2018, 58p. Source: Internet Resource: Accessed May 7, 2018 at: https://www.sipri.org/sites/default/files/2018-04/integrating_cybersecurity_0.pdf Year: 2018 Country: International URL: https://www.sipri.org/sites/default/files/2018-04/integrating_cybersecurity_0.pdf Shelf Number: 150091 Keywords: Critical InfrastructureCybercrimeCybersecurityNational Security |
Author: Finlay, Brian D. Title: Public Threats, Private Solutions: Meeting Nonproliferation Challenges with the Force of the Market Summary: The rapid pace and geographic breadth of technology innovation; the rapidity and volume of international trade; globalized business practices from outsourcing to offshoring and supply-chaining; the atomization of government interests and bureaucratic organization; and the inherent inability of governments to act at the speed of 21st-century commerce: these are but a few factors negatively influencing our ability to manage the lengthening global proliferation supply chain. The net result has been the global diffusion of the "means of production" of weapons of mass destruction (WMD) at the very moment that the traditional instruments of control are being challenged by downward budgetary pressures in government, complex cost-benefit calculations by political leaders, and a rapid evolution of the nature and modalities of the proliferation threat. These realities necessitate the advent of new approaches that better match and ultimately defeat emerging avenues for proliferation threats. Governments can no longer be solitary nonproliferation activists. The end of the last millennium brought with it a host of challenges that transcend national borders and institutional and conceptual boundaries: 9/11 and the rise of non-state actors, global disease pandemics, economic crises, and climate change. Globalization has clearly yielded a more uncertain and potentially dangerous world. A rapid increase in the movement of goods and people around the world has fueled a concomitant rise in illicit trade and a surge in profits to global gray and black markets. In 2012 the United Nations (UN) Secretary General's report noted that while over 500 million maritime containers move around the world every year, accounting for 90 percent of international trade, only 2 percent of these containers are physically inspected for contraband on an annual basis. In 2009, the UN Office on Drugs and Crime (UNODC) estimated that transnational organized crime generates $870 billion a year, an amount equal to 1.5 percent of the global gross domestic product and six times the amount of official development assistance. More recent estimates put this number even higher, at closer to $3 trillion annually. Cybercrime, for which private industry bears most of the cost, is also surging. Cyber activities have increased by 26 percent since 2012, and reportedly now cost victims $11.56 million per year. And successive reports by the UN Sanctions Committees on North Korea and Iran demonstrate the widespread exploitation of private industry as both a witting and unwitting facilitator of proliferation. For security analysts, the conclusion is clear: globalization has made the world a far less safe and predicable place. Yet these grand challenges resulting from globalization have also yielded heretofore unimagined technological, economic, and development opportunities in virtually every corner of the globe. For instance, thanks in large measure to globalization, extreme poverty has declined significantly over the last two decades. In 1990, nearly half of the population in the developing world lived on less than $1.25 a day. Today, that proportion has dropped to just 14 percent - the largest mass migration from poverty in human history. For most of the planet's population, globalization and technology diffusion are rightly celebrated as truly life-changing - and in many cases life-saving - phenomena. Details: Washington, DC: Stimson Center, 2016. 40p. Source: Internet Resource: Accessed May 10, 2018 at: https://www.stimson.org/sites/default/files/file-attachments/public-threats-private-solutions.pdf Year: 2016 Country: International URL: https://www.stimson.org/sites/default/files/file-attachments/public-threats-private-solutions.pdf Shelf Number: 150134 Keywords: Black MarketsCybercrimeCybersecurityIllicit TradeOrganized CrimeSecuritySupply Chains |
Author: Birkeland, Jane Title: Extremist Use of Social Media: Balancing Privacy and National Cybersecurity Summary: Social media is used by extremists, terrorists, activists, and ordinary people. The complexity of tackling extremist use of social media lies in balancing the privacy of civilians and US national security interests. Currently, there is a lack of comprehensive policy across industry and government to effectively manage extremist usage-providing a unique dilemma in dealing with extremist use patterns for online recruiting and communication efforts, while maintaining privacy and security for ordinary citizens. We have sought to propose solutions to this dilemma through research of the following aspects of social media usage: - Recruitment and communication efforts between extremists and citizens - Private industry's efforts to balance between online security and privacy - Existing constitutional rights, government policies, and organizations relevant to addressing extremist use of social media - Civil society's role in keeping the government accountable for citizen rights in relation to cybersecurity-related policies Through our research, we found an overall lack of coordination and communication between industry and government, which creates grey areas in current policy and law. The following recommendations have been made to effectively address extremist use of social media: - Civil Society Interaction o Sponsor ad-campaigns that seek to raise awareness of extremist contact via social media and how to approach and report such situations o Begin the education of children and young adults, focusing on internet safety and online extremism o Create an official summit that includes industry and civil society to enhance cybersecurity discourse. - Industry Interaction o Take into account what industry has already implemented when creating new policy o Maintain that the removal of extremist accounts stays in the hands of industry o Allow the legal collection of necessary information by the government and law enforcement if the person(s) in question present a clear and present danger In this report, we will outline extremist use patterns of social media and explore the balance of civilian privacy with national security. We will then address existing government responses to extremist use patterns and end with civil society's role in keeping government accountable to the people it serves. We will lastly demonstrate that the afore summarized recommendations are the best way to effectively address extremist use patterns of social media for fundraising and communication efforts. Details: Seattle: Henry M. Jackson School of International Studies, University of Washington, 2017. 100p. Source: Internet Resource: Task Force Report 2017: Accessed May 10, 2018 at: https://jsis.washington.edu/wordpress/wp-content/uploads/2017/12/Task-Force-B-Report_2017_Beyer.pdf Year: 2017 Country: United States URL: https://jsis.washington.edu/wordpress/wp-content/uploads/2017/12/Task-Force-B-Report_2017_Beyer.pdf Shelf Number: 150141 Keywords: CybercrimeCybersecurityExtremistsNational SecuritySocial MediaTerrorists |
Author: Ackerman, Gary Title: On the Horizon: Security Challenges at the Nexus of State and Non-State Actors and Emerging/Disruptive Technologies Summary: Innovation and new technologies have many positive attributes and provide significant improvement to humanity, much that is likely unforeseen at the time of initial discovery. The unpredictability of the technology trajectories can lead to significant negative consequences. This white paper aims to discuss the massive leaps in innovation and understand what this means for national security. The articles are briefly summarized below. In Chapter 1, entitled "Third Offset Implications for Homeland Security: Tranquility or Turbulence," Robert McCreight states that the overall future trajectory of modern technologies hinges on a fairly imperfect and periodically naive grasp of dual-use science and technology and what it portends for our planet and its inhabitants. He goes on to say that one immediate concern is to determine not only how it is affecting our current way of life, geopolitics, the economy, social stability, governance, security, and the ordinary functions and determinants of the natural world around us, but also weigh the downstream consequences of technology growth, diversity, and convergence on all of those things ten to twenty years on. If advanced dual-use technologies hold the potential for a vast array of unanticipated threats in the next few years, we will need effective doctrine, strategy, and deterrence measures. He asks a key question: How to begin to establish criteria which guarantees that humans retain ultimate control, management, and direction of advanced dual-use technologies and thereby thwart untoward and dangerous outcomes arising from their mix of expected and unexpected outcomes. He advances five possible criteria for wrestling with the emergence of ADUCT (advanced dual-use convergent technologies) in a manner that sketches out an approach for the short term and allows flexibility for modifications and improvements along the way over the next decade. Gina Ligon and Michael Logan in Chapter 2, "Malevolent Innovation: Novelty and Effectiveness in Terror Attacks," state that terrorism provides a model context for examining creativity, as the need for survival and innovation pervades these destructive and malevolent groups. Despite this, creativity and innovation remain underdeveloped concepts in terrorism research. One reason for this is the limited empirical data about this phenomenon, making it unclear which tenets of creativity research hold versus which do not translate in the domain of terrorism. The present effort overcomes this by examining the dimensions of malevolent innovation in a large sample of terrorist attacks. To anticipate adversary threats, it is critical that we examine all of the possible combinations of VEO innovation developed in the past. This particular effort can provide planners with exemplars of the highest levels of VEO innovation across a large dataset of violent extremist organizations, providing a comprehensive look at what is possible and what should be prevented. Don Rassler in Chapter 3 "Back to the Future: The Islamic State, Drones, and Future Threats" states that the Islamic State is an irony of sorts, as while the organization looks to, is inspired by, and seeks to recreate the past certain aspects of the group's behavior also provide a window into conflicts of the future. A key case study in this regard is the Islamic State's drone program, and specifically how the group "overcame technical and cost asymmetries," and creatively developed a novel and scalable drone-based weapons system "constructed from commercial components that challenged - at least for a period of time - states' ability to respond." He goes on to state that the Islamic State's drone accomplishments speak to, and have a number of important implications regarding, the character and style of future threats that are either constructed around or that significantly leverage dual-use commercial technologies. He concludes by stating to stay ahead of the issue, and to better prepare for a future that will almost certainly be typified by the proliferation of other hybrid threats that leverage and/or repurpose commercial systems in dangerous ways, the United States should identify the pathways and methods that allowed the Islamic State to acquire and scale its fleet of quad-copter drones in the first place, and trace the evolution of functional threat streams. Bennett Clifford in Chapter 4, "Exploring Pro-Islamic State Instructional Material on Telegram," makes several key observations: - English-speaking supporters of the Islamic State (ISIS) use the messaging application Telegram to distribute a range of information, including instructional material - manuals and guides designed to aid operatives with step-by-step procedures for providing assistance to the group. - Channel administrators distribute whichever manuals they believe can be of aid to aspiring operatives, regardless of its ideological background. - Telegram's internal file-sharing features and lax approach to content moderation allow channel administrators to create repositories of instructional information within Telegram channels. - While attack-planning manuals available on Telegram channels understandably pose a large concern for counter-terrorism authorities, operational security and cyber-security manuals are also frequently distributed, relatively easy to implement, and help operatives successfully conduct activities in support of terrorist groups while minimizing the risk of detection or apprehension. In Chapter 5 entitled "Examining the Present and Future Role of Cybercrime-as-a-Service in Terror and Extremism," Thomas Holt makes the case that the rise of online illicit markets that enable the sale of cybercrime tools and stolen personal information have made it possible for individuals to engage in technically sophisticated forms of crime regardless of level of computer skill. Ideological and terror groups over the last decade have expressed an interest in cyber-attacks as a means to cause harm, though it is not clear how much ability they have to perform such attacks. As a result, cybercrime markets may engender their attacks, though it is not clear how often this may occur, or what conditions would lead to their use. He provides recommendations for policy and research to disrupt cybercrime markets and improve our knowledge of ideologically-motivated cyber-attackers generally. - Cybercrime markets generate millions of dollars in revenue and enable non-technical actors to perform sophisticated attacks. - They may provide a point of entry for ideologically-motivated extremists and terrorists to engage in cyber-attacks. - These markets can be disrupted through traditional law enforcement investigations, and may also be affected through other extra-legal efforts such as Sybil attacks. - Research is needed on the radicalization process of ideologically-motivated actors who engage in cyber-attacks, and how this differs from those who have engaged in physical attacks. Rebecca Earnhardt and Gary Ackerman in Chapter 6 entitled "Modelling Terrorist Technology Transfer," make the point that while technology transfer occurs as a part of routine life, the topic remains relatively understudied in the terrorism literature. As terrorists engage in increasingly lethal and technologically sophisticated attacks, the concern surrounding terrorists acquiring cutting-edge weaponry and related technologies is accumulating. They go on to describe the Terrorist Technology Transfer (T3) project which provides a first cut at addressing this critical operational gap in knowledge through the exploration of extant technology transfer literature, construction of the first iteration of the T3 Model, and illustrative application of the model to an emerging technological threat. They conclude by stating the T3 project indicates the promise of having not only research, but also operational and policy impacts. It raises the possibility of providing government stakeholders, including intelligence, law enforcement, military, and policy agencies with a variety of insights and operational tools In Chapter 7, "Hacking the Human Body: The Cyber-Bio Convergence," Rebecca Earnhardt makes the point that the increasing convergence between the fields of biosecurity and cybersecurity may result in consequences that analysts have yet considered. Biotechnology use and expertise expansion beyond practitioners have stoked concerns about a wide range of traditional biosecurity issues including shielding the outputs from advanced gene editing systems or protecting university lab data storage systems. As biotechnology advances, including digitization and automation of systems that were once localized and only accessible to those directly involved on related research, biosecurity and cybersecurity fields continue to intersect. She concludes by stating a fully-fledged research project would explore the cyber security risk factors that are cited commonly as key vulnerabilities, and filter these cyber security risk factors through an adversary technology adoption decision making and motivational analysis. In Chapter 8 entitled "Evolving Human and Machine Interdependence in Conflict: Advantages, Risks, and Conundrums," R. E. Burnett makes several key points: - Emerging science and technology will continue to disrupt customary characteristics of political and kinetic conflicts among states and non-state actors. - The increasing complex interdependence between humans and machines is one area for particular examination. - We cannot reliably predict whether or not human roles will rapidly give way to a more dominant robotic style of war, so we must prepare for a variety of futures, per the Scharre/Horowitz autonomy typologies. - Humans involved with machines that operate at vastly greater speeds and volumes of data will further create problems of cognitive demand for the human soldier that need to be examined. - We must investigate this not only in terms of technical performance, but also from a more holistic perspective, to include the social, political, and psychological dimensions of the soldier and of the citizen. Details: Washington, DC: U.S. Department of Homeland Security2019. 67p. Source: Internet Resource: A Strategic Multilayer Assessment (SMA) Periodic Publication: Accessed May 4, 2019 at: https://nsiteam.com/social/wp-content/uploads/2019/04/DoD_DHS-On-the-Horizon-White-Paper-_FINAL.pdf Year: 2019 Country: United States URL: https://nsiteam.com/social/wp-content/uploads/2019/04/DoD_DHS-On-the-Horizon-White-Paper-_FINAL.pdf Shelf Number: 155659 Keywords: BiosecurityCybercrimeCybersecurityDronesEmerging TechnologiesExtremismHomeland SecurityRadicalismTerrorismViolent Extremism |