Global Risks 2012, Seventh Edition

The World Economic Forum's Global Risks 2012 report is based on a survey of 469 experts from industry, government, academia and civil society that examines 50 global risks across five categories. The report emphasizes the singular effect of a particular constellation of global risks rather than focusing on a single existential risk. Three distinct constellations of risks that present a very serious threat to our future prosperity and security emerged from a review of this year's set of risks. Includes a special review of the important lessons learned from the 2011 earthquake, tsunami and the subsequent nuclear crisis at Fukushima, Japan. It focuses on therole of leadership, challenges to effective communication in this information age and resilient business models in response to crises of unforeseen magnitude

Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy

Most of the actions that fall under the trilogy of cyber crime, terrorism,and war exploit pre-existing weaknesses in the underlying technology.Because these vulnerabilities that exist in the network are not themselvesillegal, they tend to be overlooked in the debate on cyber security. A UKreport on the cost of cyber crime illustrates this approach. Its authors chose to exclude from their analysis the costs in anticipation of cyber crime, such as insurance costs and the costs of purchasing anti-virus software on the basis that "these are likely to be factored into normal day-to-day expenditures for the Government, businesses, and individuals. This article contends if these costs had been quantified and integrated into the cost of cyber crime, then the analysis would have revealed that what matters is not so much cyber crime, but the fertile terrain of vulnerabilities that unleash a range of possibilities to whomever wishes to exploit them. By downplaying the vulnerabilities, the threats represented by cyber war, cyber terrorism, and cyber crime are conversely inflated. Therefore, reassessing risk as a strategy for security in cyberspace must include acknowledgment of understated vulnerabilities, as well as a better distributed knowledge about the nature and character of the overhyped threats of cyber crime, cyber terrorism, and cyber war

Cyber threats, harsh environment and the European High North (EHN) in a human security and multi-level regulatory global dimension: Which framework applicable to critical infrastructures under “Exceptionally critical infrastructure conditions” (ECIC)?

Business opportunities in the European High North (EHN) are accompanied by the danger of cyber-threats, especially to critical infrastructures which in these Arctic regions become “extra critical” because of the harsh environmental climatic conditions and remoteness of distances. Critical infrastructures (CI) in the EHN are crucial for numerous sectors, such as the energy sector which is completely depended on digitalization, internet and computers’ commands. Such a new condition of extra criticality should also include human security concerns to avoid human disasters. An effective legal framework under “exceptionally critically infrastructure conditions” (ECIC) for this technology is important not only in terms of national legislation, but also in view of a regional, international and global networks character. This paper links for the first time, law, internet and cybersecurity, environment and society in a global human security dimension in a multi-regulatory contextual analysis. The aim is to trace the legal framework for response to a cyber-attack to critical infrastructure in the energy sector and takes Norway as a case study because this country is highly dependent on cyber technology and on critical infrastructures. The question of research is: using a human security focus in the case of cyber-threats under ECIC in the EHN, what ways can an assessment recommend to improve international, and regional law? Five analytical tasks are undertaken: 1) the concept of critical infrastructure vulnerability to cyber-attacks under “exceptionally critically infrastructure conditions” (ECIC) in the EHN with focus on the energy sector is explained in connection to the notion of human security, 2) a backdrop of regional and international collaboration is followed, 3) a trajectory of multilevel contextual analysis of the different sources of law and policy applicable to cyber-threats to CI is outlined, and 4) an examination of cooperation under the North Atlantic Treaty Organization (NATO)

A systemic review of the cybersecurity challenges in Australian water infrastructure management

Cybersecurity risks have become obstinate problems for critical water infrastructure management in Australia and worldwide. Water management in Australia involves a vast complex of smart technical control systems interconnected with several networks, making the infrastructure susceptible to cyber-attacks. Therefore, ensuring the use of security mechanisms in the control system modules and communication networks for sensors and actuators is vital. The statistics show that Australia is facing frequent cyber-attacks, most of which are either undetected or overlooked or require immediate response. To address these cyber risks, Australia has changed from a country with negligible recognition of attacks on critical infrastructure to a country with improved capability to manage cyber warfare. However, little attention is paid to reducing the risk of attacks to the critical water infrastructure. This study aims to evaluate Australia’s current cybersecurity attack landscape and the implemented controls for water infrastructure using a systematic literature review (SLR). This study also compares Australia in the context of global developments and proposes future research directions. The synthesis of the evidence from 271 studies in this review indicates the importance of managing security vulnerabilities and threats in SCADA water control systems, including the need to upgrade the contemporary water security architecture to mitigate emerging risks. Moreover, human resource development with a specific focus on security awareness and training for SCADA employees is found to be lacking, which will be essential for alleviating cyber threats to the water infrastructure in Australia

Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 1)

In 2014 NATO’s Center of Excellence-Defence Against Terrorism (COE-DAT) launched the inaugural course on “Critical Infrastructure Protection Against Terrorist Attacks.” As this course garnered increased attendance and interest, the core lecturer team felt the need to update the course in critical infrastructure (CI) taking into account the shift from an emphasis on “protection” of CI assets to “security and resiliency.” What was lacking in the fields of academe, emergency management, and the industry practitioner community was a handbook that leveraged the collective subject matter expertise of the core lecturer team, a handbook that could serve to educate government leaders, state and private-sector owners and operators of critical infrastructure, academicians, and policymakers in NATO and partner countries. Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency is the culmination of such an effort, the first major collaborative research project under a Memorandum of Understanding between the US Army War College Strategic Studies Institute (SSI), and NATO COE-DAT. The research project began in October 2020 with a series of four workshops hosted by SSI. The draft chapters for the book were completed in late January 2022. Little did the research team envision the Russian invasion of Ukraine in February this year. The Russian occupation of the Zaporizhzhya nuclear power plant, successive missile attacks against Ukraine’s electric generation and distribution facilities, rail transport, and cyberattacks against almost every sector of the country’s critical infrastructure have been on world display. Russian use of its gas supplies as a means of economic warfare against Europe—designed to undermine NATO unity and support for Ukraine—is another timely example of why adversaries, nation-states, and terrorists alike target critical infrastructure. Hence, the need for public-private sector partnerships to secure that infrastructure and build the resiliency to sustain it when attacked. Ukraine also highlights the need for NATO allies to understand where vulnerabilities exist in host nation infrastructure that will undermine collective defense and give more urgency to redressing and mitigating those fissures.https://press.armywarcollege.edu/monographs/1951/thumbnail.jp

Governance of Dual-Use Technologies: Theory and Practice

The term dual-use characterizes technologies that can have both military and civilian applications. What is the state of current efforts to control the spread of these powerful technologies—nuclear, biological, cyber—that can simultaneously advance social and economic well-being and also be harnessed for hostile purposes? What have previous efforts to govern, for example, nuclear and biological weapons taught us about the potential for the control of these dual-use technologies? What are the implications for governance when the range of actors who could cause harm with these technologies include not just national governments but also non-state actors like terrorists? These are some of the questions addressed by Governance of Dual-Use Technologies: Theory and Practice, the new publication released today by the Global Nuclear Future Initiative of the American Academy of Arts and Sciences. The publication's editor is Elisa D. Harris, Senior Research Scholar, Center for International Security Studies, University of Maryland School of Public Affairs. Governance of Dual-Use Technologies examines the similarities and differences between the strategies used for the control of nuclear technologies and those proposed for biotechnology and information technology. The publication makes clear the challenges concomitant with dual-use governance. For example, general agreement exists internationally on the need to restrict access to technologies enabling the development of nuclear weapons. However, no similar consensus exists in the bio and information technology domains. The publication also explores the limitations of military measures like deterrence, defense, and reprisal in preventing globally available biological and information technologies from being misused. Some of the other questions explored by the publication include: What types of governance measures for these dual-use technologies have already been adopted? What objectives have those measures sought to achieve? How have the technical characteristics of the technology affected governance prospects? What have been the primary obstacles to effective governance, and what gaps exist in the current governance regime? Are further governance measures feasible? In addition to a preface from Global Nuclear Future Initiative Co-Director Robert Rosner (University of Chicago) and an introduction and conclusion from Elisa Harris, Governance of Dual-Use Technologiesincludes:On the Regulation of Dual-Use Nuclear Technology by James M. Acton (Carnegie Endowment for International Peace)Dual-Use Threats: The Case of Biotechnology by Elisa D. Harris (University of Maryland)Governance of Information Technology and Cyber Weapons by Herbert Lin (Stanford University

Much Ado about Cyber-space: Cyber-terrorism and the Reformation of the Cyber-security

The threats residing in cyber-space are becoming well understood by policymakers and security experts alike. However, cyber-security defenses and strategies cannot solely be directed towards nation states, as non-governmental actors – such as transnational crime groups and terrorist organizations are becoming increasingly reliant upon internet technologies. Attacks on the digital components of the critical infrastructure, have the potential to unleash devastation on the United States. In a time when reliability and ethnicity of the National Security Administration, the Nation’s leading digital intelligence organization, are becoming increasingly questioned; defensive measures need to be improved to prevent future attacks and improve the security of infrastructure systems. This paper explores contemporary issues in cybersecurity and summarizes steps policymakers can take to combat emerging threats

Stunted Growth: Institutional Challenges to the Department of Homeland Security\u27s Maturation

Scholars have proposed numerous explanations as to why the Department of Homeland Security has struggled to mature as an organization and effectively conduct its core mission. We propose an alternative viewpoint that the department lacks key legal authorities and necessitates key organizational transfer in order to rationalize its portfolio. We examine these points through review of legal authorities in select mission areas and through a resource analysis of activities conducted throughout the federal government to execute the homeland security mission. The analysis leads to specific recommendations for transfers and authorities and suggestions as to how the political environment might coalesce around engendering these changes

An analysis of security issues in building automation systems

The purpose of Building Automation Systems (BAS) is to centralise the management of a wide range of building services, through the use of integrated protocol and communication media. Through the use of IP-based communication and encapsulated protocols, BAS are increasingly being connected to corporate networks and also being remotely accessed for management purposes, both for convenience and emergency purposes. These protocols, however, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations, relying on security through obscurity. Research has been undertaken into addressing the shortfalls of security implementations in BAS, however defining the threats against BAS, and detection of these threats is an area that is particularly lacking. This paper presents an overview of the current security measures in BAS, outlining key issues, and methods that can be improved to protect cyber physical systems against the increasing threat of cyber terrorism and hacktivism. Future research aims to further evaluate and improve the detection systems used in BAS through first defining the threats and then applying and evaluating machine learning algorithms for traffic classification and IDS profiling capable of operating on resource constrained BAS