Revisiting the EU cybersecurity strategy: a call for EU cyber diplomacy

In December 2020, the European Union (EU) presented its new strategy on cybersecurity with the aim of strengthening Europe’s technological and digital sovereignty. The document lists reform projects that will link cybersecurity more closely with the EU’s new rules on data, algorithms, markets, and Internet services. However, it clearly falls short of the development of a European cyber diplomacy that is committed to both “strategic openness” and the protection of the digital single market. In order to achieve this, EU cyber diplomacy should be made more coherent in its supranational, demo­cratic, and economic/technological dimensions. Germany can make an important con­tribution to that by providing the necessary legal, technical, and financial resources for the European External Action Service (EEAS). (Autorenreferat

Roadmap for NIS education programmes in Europe:education

This document continues work from previous activities by suggesting training materials, scenarios and a way forward for implementing the EC roadmap for NIS education in Europe. In doing so, the Agency has recognised the heterogeneous landscape of Europe in this area

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Towards Conceptualizing EU Cybersecurity Law. ZEI Discussion Paper C253 2019

The European Union has a wide spectrum of legal instruments addressing various aspects of cybersecurity, ranging from electronic communication laws, data protection regulations through network and information security legislation to instruments dealing with cybercrime and recommendations on coordinated response to large scale cyber incidents – all this without having a commonly accepted definition of cybersecurity

Introduction: The expanded conception of security and institutions

This is the author accepted manuscript. The final version is available from CUP via the DOI in this recordIntroduction Security is a dynamic, context-dependent concept that is inevitably shaped by social conditions and practices. The socio-political perception of security threats influences our security policies relevant to political decisions about the design of social institutions specifically addressing those security concerns. Security is traditionally understood to be physical protection of national territory and its population from the destructive effects of warfare through military means. Social institutions including but not limited to national governing institutions, inter-governmental institutions and the military are all devices developed through human history to collectively address traditional security threats. Security is often considered to be an antithesis of the rule of law and civil liberty, justifying violation of rules and the restriction of freedom. However, the development of international law and the institutionalisation of international public authorities have contributed to the increased normalcy or containment of extra-legal responses to security threats. For example, the Charter of the United Nations (‘UN Charter’) provides institutionalised mechanisms as the means of regulating the behaviour of sovereign states and conflict among them. The nuclear non-proliferation regime establishes mechanisms for preventing the proliferation of nuclear weapons and facilitating the development of peaceful nuclear energy technology by institutionalising the asymmetric obligations between designated nuclear-weapon states and other non-nuclear-weapon states. Yet, towards the end of the Cold War the concept of security began to expand, which subsequently led to the proliferation of contemporary security issues such as economic security, environmental security, energy and resource security, health security and bio-security. The conception of security also took a dramatic turn following the 2001 terrorist attacks on New York and Washington, blurring the traditional boundaries between international security and national security threats. Those changes in the conception of security world-wide have tested the potential of existing institutions, such as the World Trade Organization (WTO), the World Health Organization (WHO), the International Maritime Organization (IMO), the Organization for Security and Co-operation in Europe (OSCE), the European Union (EU) and the Association of Southeast Asian Nations (ASEAN), to assume a new role in the changing security paradigms, both at international and domestic levels

Foundations for an Intelligence-driven Information Security Risk-management System

Information security risk management (ISRM) methods aim to protect organizational information infrastructure from a range of security threats by using the most effective and cost-efficient means. We reviewed the literature and found three common deficiencies in ISRM practice: 1) information security risk identification is commonly perfunctory, 2) information security risks are commonly estimated with little reference to the organization’s actual situation, and 3) information security risk assessment is commonly performed on an intermittent, non-historical basis. These deficiencies indicate that, despite implementing ISRM best-practice, organizations are likely to have inadequate situation awareness (SA) regarding their information security risk environments. This paper presents a management system design that organizations can use to support SA in their ISRM efforts

Combining Sociocultural Intelligence with Artificial Intelligence to Increase Organizational Cyber Security Provision through Enhanced Resilience

Although artificial intelligence (AI) and machine learning (ML) can be deployed to improve cyber security management, not all managers understand the different types of AI/ML and how they are to be deployed alongside the benefits associated with sociocultural intelligence. The aim of this paper was to provide a context within which managers can better appreciate the role that sociocultural intelligence plays so that they can better utilize AI/ML to facilitate cyber threat intelligence (CTI). We focused our attention on explaining how different approaches to intelligence (i.e., the intelligence cycle (IC) and the critical thinking process (CTP)) can be combined and linked with cyber threat intelligence (CTI) so that AI/ML is used effectively. A small group interview was undertaken with five senior security managers based in a range of companies, all of whom had extensive security knowledge and industry experience. The findings suggest that organizational learning, transformational leadership, organizational restructuring, crisis management, and corporate intelligence are fundamental components of threat intelligence and provide a basis upon which a cyber threat intelligence cycle process (CTICP) can be developed to aid the resilience building process. The benefit of this is to increase organizational resilience by more firmly integrating the intelligence activities of the business so that a proactive approach to cyber security management is achieved