Comprehensive Approach to Increase Cyber Security and Resilience

In this paper the initial results of the European project CAMINO in terms of the realistic roadmap to counter cyber crime and cyber terrorism are presented. The roadmap is built in accordance to so called CAMINO THOR approach, where cyber security is perceived comprehensively in 4 dimensions: Technical, Human, Organizational, and Regulatory

Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

Guide to Australia’s national security capability

This paper provides a single consolidated picture of the capabilities that enable Australia to achieve national security outcomes in a range of environments, including domestically, at the border, offshore and in cyberspace. Introduction The period since 2001 has been transformative for Australia’s national security and our national security challenges continue to evolve. To meet these challenges, we need new ways to coordinate and develop our capability and to shape the national security environment. Significant advances have been made in recent years to build greater collaboration and interoperability across the national security community. However, the increasing complexity of national security threats requires an even more consistent and connected approach to capability planning that complements existing individual agency arrangements. To that end, the Government has developed a security classified National Security Capability Plan to provide a single consolidated picture of the capabilities that enable Australia to achieve national security outcomes. This Guide offers an overview of Australia’s national security capability planning. It identifies the functions performed by the national security community and how these achieve the objectives outlined in the National Security Strategy (2013). Capability planning is one of the tools that support Government to better consider how capabilities can be directed to meet national security objectives. This ensures that capability investment is focussed and that Government can give appropriate consideration to redirecting existing capabilities to meet new or emerging risks and opportunities. It also highlights areas where agencies’ capabilities are interdependent, identifying focus areas for collaboration and interoperability. Having a better understanding of our capabilities will help us to make more informed decisions about what we need. Australia’s national security arrangements are underpinned by a number of agencies working across areas such as diplomacy, defence, development, border protection, law enforcement and intelligence. Australia’s national security agencies include: Attorney-General’s Department (AGD) Australian Agency for International Development (AusAID) Australian Crime Commission (ACC) Australian Customs and Border Protection Service (ACBPS) Australian Federal Police (AFP) Australian Security Intelligence Organisation (ASIO) Australian Secret Intelligence Service (ASIS) Australian Geospatial-Intelligence Organisation (AGO) Australian Signals Directorate (ASD) Department of Agriculture, Fisheries and Forestry (DAFF) Department of Defence (Defence) Department of Foreign Affairs and Trade (DFAT) Department of Health and Ageing (DoHA) Department of Immigration and Citizenship (DIAC) Department of Infrastructure and Transport (DIT) Department of the Prime Minister and Cabinet (PM&C) Office of National Assessments (ONA). The Capability Plan brings together, for the first time, a single view of the capabilities maintained by these agencies with the exception of Defence capabilities. Defence has a separate established capability planning process that includes the Defence White Paper (2013) and Defence Capability Plan (2012). Defence is a key contributor to Australia’s national security arrangements including leading the coordination and delivery of national security science and technology and works in close cooperation with other national security agencies. Defence capabilities will continue to be managed through existing mechanisms, principally the Defence Capability Plan. For the first time, the Capability Plan, and the accompanying Guide to Australia’s National Security Capability, presents a unified picture of the capabilities that exist across non-Defence national security agencies. Together with other strategic planning tools, this work informs the broader national security planning cycle and supports the objectives and implementation of overarching policy documents such as the National Security Strategy and the Australia in the Asian Century White Paper. The Capability Plan complements the Defence Capability Plan and does not seek to duplicate it. It should also be noted that the Guide has not been designed to signal specific initiatives or tender opportunities. Such processes will continue to be managed by individual agencies

Smart Grid Security: Threats, Challenges, and Solutions

The cyber-physical nature of the smart grid has rendered it vulnerable to a multitude of attacks that can occur at its communication, networking, and physical entry points. Such cyber-physical attacks can have detrimental effects on the operation of the grid as exemplified by the recent attack which caused a blackout of the Ukranian power grid. Thus, to properly secure the smart grid, it is of utmost importance to: a) understand its underlying vulnerabilities and associated threats, b) quantify their effects, and c) devise appropriate security solutions. In this paper, the key threats targeting the smart grid are first exposed while assessing their effects on the operation and stability of the grid. Then, the challenges involved in understanding these attacks and devising defense strategies against them are identified. Potential solution approaches that can help mitigate these threats are then discussed. Last, a number of mathematical tools that can help in analyzing and implementing security solutions are introduced. As such, this paper will provide the first comprehensive overview on smart grid security

Cyber protection activities for citizens in Poland compared to the EU

PURPOSE: The aim of the article is to present the legal solutions for cyber security in the European Union and in Poland, as well as to identify the cyber security challenges faced by individual countries, their institutions and society.DESIGN/METHODOLOGY/APPROACH: The article analyzes the activities undertaken at the national and international level to build IT security systems and assesses the activities in this area in Poland and Europe to date. Based on the data collected, the main obstacles to improving cyber security competence were identified, as well as proposals for action in the area under study. The research method adopted by the author is secondary research, based on the analysis of literature, research results and legal regulations on cyber security.FINDINGS: EU countries have taken a number of measures to increase security in this area, including the development of training programs and the construction of comprehensive educational programs on protection against cyber threats. Unfortunately, there is still a lack of cybersecurity education in Poland, especially for young people and seniors, groups that are particularly vulnerable due to lack of access to cybersecurity training provided by employers. Therefore, Poland should take more active measures to improve cybersecurity education, including through teacher training, the development of specialized educational programs, and the dissemination of knowledge on the safe use of new technologies. This is essential to ensure the digital security of institutions, businesses and citizens.PRACTICAL IMPLICATIONS: The critical conclusions presented in the article are a starting point for further research, including the education of those groups most exposed to digital threats, which will allow the development of a set of actions that will be necessary to increase the cyber security of citizens in Poland.ORIGINALITY/VALUE: The author pointed out the measures taken to raise the level of cyber security and the most important obstacles these measures face. The analysis of the problem points to the insufficient competence of citizens in the field of cyber security and the low effectiveness of educational programs to date, and the need for a stronger inclusion in the Polish cybersecurity system of active measures aimed at raising the level of digital competence among citizens, including competence in the area of digital security and resilience as key to the further development of the digital economy and digital society. The conclusions formulated in this article are a contribution to the discussion on building a comprehensive cyber security system in Poland.peer-reviewe