A Comparative Study on Cybersecurity Act Implemented in the United States and China

학위논문 (석사) -- 서울대학교 대학원 : 국제대학원 국제학과(국제지역학전공), 2020. 8. 신성호.The past decade in cyberspace witnessed state-mediated attack in pursuance of accomplishing ones political end. Once limited to opportunistic private criminal groups, the concept of cyberattack transformed into a countrys important means to bolster national security and further propagate national stance in cyberspace. Henceforth, cyberspace emerges as compelling security realm. When compared to traditional security environment, judging the situation is convoluted on account of the unique characteristics of cyberspace. Under the amorphous nature of cyberspace, if anything, nations become more nationalized. The nature of cyber realm characterized by innate openness and hyper-connectivity will trigger structural change in cybersecurity landscape. Thus the thesis argues that although nations will actively interact and engage in collective initiatives fueled by the rising voice of forming global governance for cybersecurity, the overriding state sovereignty in the end would breed discord in the cyber era. Every move in cyberspace rests upon a nations political end thereby taking account of geopolitical interests assumes greater importance since invisible borderline matters. Given the nations inclination to utilize cyber capabilities for political ends, what happens in conventional security realm can also occur in cyberspace. The thesis chooses the US and China, allegedly Group of Two (G2), to study how both country take governmental measures vis-à-vis cybersecurity. Two great powers, with no doubt, are the pioneers in this emerging security realm. Not only both actively engage in building up cyber capabilities but also actively engage in appealing for cooperation to its allies. By conducting a comparative study on Cybersecurity Act of 2015 in the US and Cybersecurity Law of the PRC in 2016, the thesis aims to demonstrate how G2 implement legal regulation to safeguard domestic information infrastructure amidst the rising cyber threats posed by both state and non-state actors. In doing so, the thesis will research how respective country exerts its national interests in cyberspace while cooperate with other countries to defend global security. The thesis will add a new dimension on current cybersecurity studies by filling the gaps in previous literature. The thesis will contribute in understanding Sino-US relation regarding hegemonic competition in cyberspace and further propose the prospects of nations in the cyber era.지난 십 년의 사이버환경은 정치적 목적을 이루기 위한 수단으로써 국가 주도의 사이버공격이 주를 이룬다. 한때 기회주의적 범죄집단에 국한된 사이버공격은 이제 한 국가의 정치적 목적 달성, 사이버 공간에서의 정치적 선전의 중요한 수단으로 이용된다. 이에 따라 사이버공간은 그 귀추가 주목되는 신(新)안보영역으로 급부상하고 있다. 전통적 안보 영역과 비교했을 때 사이버공간의 독특한 특성으로 말미암아 사이버안보 환경을 가늠하는 것은 훨씬 복잡하다. 개방성과 초연결성으로 특징되는 무정형의 사이버 공간에서 역설적이게도 국가는 더욱 국가주의적인 경향을 보인다. 안전한 사이버안보 환경 수립을 위해 글로벌거버넌스 구축의 필요성에 더해 각 국가들이 공동의 이니셔티브를 위해 협력함에도 불구하고 더 우선시되는 주권국가의 이익은 사이버공간이라는 신(新)안보 영역에서의 갈등을 초래할 것이다. 이는 궁극적으로 사이버안보 전망의 구조적 변화를 부추긴다. 사이버공간 하에 한 국가의 정치적 행위가 결국 특수한 목적에 달려있음에 기인해 이 신(新)안보 영역의 이해에 앞서 지정학적 이익관계의 이해가 요구된다. 사이버 역량을 한 국가의 정치적 목적 달성의 수단으로 이용하려는 지난 십 년의 경향은 전통적 안보영역 차원에서 발생하던 일이 사이버공간에 또한 발생할 수 있음을 시사한다. 본 논문은 미국과 중국이 사이버안보 관련 어떠한 정부차원의 조치를 취하는 지 연구함에 목적을 둔다. 양국은 사이버 역량 발전에 국가적 투자를 아끼지 않을 뿐 아니라 동맹국들에게도 협력을 촉구하며 사이버공간이라는 신(新)안보영역에 가장 적극성을 띠는 국가이다. 미국의 2015년 사이버안보법과 중국의 2016년 사이버보안법을 비교 연구해 본 논문은 양국이 국내의 정보 인프라 보호를 위해 어떠한 법적 규제를 마련했는지 살펴보고자 한다. 또한 각국이 사이버공간에서 어떻게 국익을 행사하며 동시에 범지구적 차원의 사이버안보를 위해 어떠한 협력 매커니즘을 추구하는지 연구한다. 본 논문은 사이버안보를 미∙중 경쟁구도의 관점에서 재해석하며 더 나아가 거시적으로 사이버안보를 전망한다는 점에서 현재의 사이버안보 연구에 기여한다.I. Introduction 1 1. Research Background 1 2. Argument Overview 3 3. Significance of the topic 5 4. Methodology 8 II. Literature Review 10 1. Sino-US relation and Cybersecurity 10 2. Previous studies on cybersecurity 16 3. Cybersecurity and relevant legal regulation 25 a. The United States 25 b. China 29 4. Limitations of prior research 32 III. The United States 34 1. An overview of national security and cyberspace 34 a. Cybersecurity environment 34 b. Cybersecurity strategy guideline 37 2. Information security and regulatory regime 41 a. Definition of Critical Information Infrastructure 41 b. The evolution of discussion on information security 45 3. Cybersecurity Act of 2015 48 IV. China 51 1. An overview of national security and network security 51 a. The development process of informatization 51 b. Cybersecurity strategy guideline 54 2. Network security and regulatory regime 57 a. Cybersecurity environment 57 b. Definition of Critical Information Infrastructure and regulatory regime 59 3. Cybersecurity Law of the PRC 62 V. Analysis 64 1. Thesis findings 64 a. The US model of protecting homeland cybersecurity 66 b. Chinese model of controlling mainland network security 68 2. Implications and prospects of nations in the cyber era 69 a. Cybersecurity as a shared problem 69 b. Race to cyber supremacy 72 VI. Conclusion 75 Bibliography 78 Abstract in Korean 91Maste

Post-Westgate SWAT : C4ISTAR Architectural Framework for Autonomous Network Integrated Multifaceted Warfighting Solutions Version 1.0 : A Peer-Reviewed Monograph

Police SWAT teams and Military Special Forces face mounting pressure and challenges from adversaries that can only be resolved by way of ever more sophisticated inputs into tactical operations. Lethal Autonomy provides constrained military/security forces with a viable option, but only if implementation has got proper empirically supported foundations. Autonomous weapon systems can be designed and developed to conduct ground, air and naval operations. This monograph offers some insights into the challenges of developing legal, reliable and ethical forms of autonomous weapons, that address the gap between Police or Law Enforcement and Military operations that is growing exponentially small. National adversaries are today in many instances hybrid threats, that manifest criminal and military traits, these often require deployment of hybrid-capability autonomous weapons imbued with the capability to taken on both Military and/or Security objectives. The Westgate Terrorist Attack of 21st September 2013 in the Westlands suburb of Nairobi, Kenya is a very clear manifestation of the hybrid combat scenario that required military response and police investigations against a fighting cell of the Somalia based globally networked Al Shabaab terrorist group.Comment: 52 pages, 6 Figures, over 40 references, reviewed by a reade

Pragmatic, Not Liberal Peace? Examining the State of Research on Brazil’s Engagement in International Peace Operations

Der Literaturbericht bietet eine Kontextualisierung, Auswertung und kritische Diskussion der akademischen Debatte über die Herausbildung eines "brasilianischen Ansatzes der Friedenskonsolidierung". Seit den 2000er Jahren hat Brasilien zunehmend Truppen für UN-Friedensmissionen bereitgestellt, vor allem in Haiti und Sub-Sahara Afrika. Dabei hat Brasilien sich bewusst gegen das vorherrschende liberale Paradigma der Friedenskonsolidierung positioniert und betont einen pragmatischeren, demokratischeren und nachhaltigeren Ansatz, der lokale Eigenverantwortung, nicht-militärische Mittel und den Verzicht auf politische Konditionen in den Vordergrund stellt. Das Working Paper untersucht Motivationen, Paradigmen und die Operationalisierung des brasilianischen Engagements und ergründet so, wie weit die Idee eines "brasilianischen Ansatzes" trägt und wie zwangsbasiert bzw. zwanglos Brasilien im Vergleich zu traditionellen westlichen Akteuren handelt. Zunächst wird der Aufstieg Brasiliens im Rahmen der wissenschaftlichen Debatte über sogenannte rising powers kontextualisiert und die historische Entwicklung des brasilianischen Engagements in UN-Friedensmissionen nachgezeichnet. Auf dieser Basis werden die konzeptionellen und normativen Debatten über den security-development nexus und die Responsibility to Protect/Responsibility while Protecting näher beleuchtet und die Erfolge und Misserfolge des brasilianischen Engagements in zwei konkreten Fällen vergleichend analysiert: Haiti und Guinea-Bissau. Mit Blick auf die allgemeine Frage nach einem "brasilianischen Ansatz der Friedenskonsolidierung" ergibt die Analyse kein eindeutiges Bild, da Brasilien durchaus auf zwangsbasierte Maßnahmen zurückgreift, die seinem friedlicheren Diskurs widersprechen. Nichtsdestotrotz ist die Anerkennung der Friedensbemühungen Brasiliens, welche das liberale Paradigma der Friedenskonsolidierung sowohl herausfordern als auch imitieren, entscheidend, um die potenziell transformativen Auswirkungen Brasiliens und weiterer rising powers auf multilaterale Operationen zu messen. Dies erfordert jedoch zunächst, dass die Forschung die erheblichen Wissenslücken schließt, die mit Blick auf die konkreten Praktiken und Konsequenzen brasilianischer Friedenssicherungs- und Friedenskonsolidierungsmissionen "on the ground" bestehen.This literature review contextualizes, reviews, and critically discusses the scholarly debate surrounding the emergence of a "Brazilian way of peacebuilding." Since the 2000s, Brazil has increasingly contributed troops to UN-led peacekeeping missions, specifically in Haiti and Sub-Sahara Africa. Opposing the dominant liberal peacebuilding paradigm, Brazil has staged itself as an advocate, promoting a more pragmatic, democratic, and sustainable peacebuilding approach that emphasizes local ownership, non-conditionality, and non-militarization. Investigating, whether portrayals of a "Brazilian way" are substantial, and how coercive Brazil acts in comparison to traditional Western actors, the paper examines motivations, paradigms, and the operationalization of its peacekeeping and peacebuilding endeavors. It first situates Brazil in the larger debate on rising powers and traces the evolution of Brazil's engagement in UN peacekeeping. This then allows to zoom in on conceptual and normative debates surrounding the security-development nexus and Responsibility to Protect vs Responsibility while Protecting, and to comparatively assess the successes and failures of Brazil's engagements in two concrete cases: Haiti and Guinea-Bissau. Overall, the findings are ambiguous, as Brazil does resort to coercion, hence contradicting its exceptionalist, pacifist discourse. Nonetheless, recognition of Brazil's efforts to contest and simultaneously mimic liberal peacebuilding is crucial to measure Brazil's transformative impact on multilateral operations. This, however, requires scholars to fill the substantial gap in empirical research concerning the concrete practices and consequences of Brazilian peacekeeping and peacebuilding missions on the ground

Ontology in Information Security

The past several years we have witnessed that information has become the most precious asset, while protection and security of information is becoming an ever greater challenge due to the large amount of knowledge necessary for organizations to successfully withstand external threats and attacks. This knowledge collected from the domain of information security can be formally described by security ontologies. A large number of researchers during the last decade have dealt with this issue, and in this paper we have tried to identify, analyze and systematize the relevant papers published in scientific journals indexed in selected scientific databases, in period from 2004 to 2014. This paper gives a review of literature in the field of information security ontology and identifies a total of 52 papers systematized in three groups: general security ontologies (12 papers), specific security ontologies (32 papers) and theoretical works (8 papers). The papers were of different quality and level of detail and varied from presentations of simple conceptual ideas to sophisticated frameworks based on ontology

Nations and Markets

Economics and security seem increasingly intertwined. Citing national security, states subject foreign investments to new scrutiny, even unwinding mergers like the purchase of Grindr or the creation of TikTok. The provision of 5G has become a diplomatic battleground – Huawei at its center. Meanwhile, states invoke national security to excuse trade wars. The U.S. invoked the GATT national security exception to impose steel and aluminum tariffs, threatening more on automotive parts. Russia invoked that provision to justify its blockade of Ukraine, as did Saudi Arabia and the UAE to excuse theirs of Qatar. And with the spread of COVID-19, states are invoking national security to scrutinize supply lines. Multiplying daily, such stories lead some observers to dub the era one of geoeconomics.Nonetheless, these developments remain difficult to judge and the relationship between economics and national security confused and slippery. Neither term is self-defining, and the same activities can be defined as either or both. The essay seeks clarity in the deeper logic of these labels, revealing a fundamental choice between the logics of markets and of state. Whether invoked to “secure” borders, privacy, health, the environment, or jobs, “national security” is a claim about the proper location of policymaking. Appeals to economics, with their emphasis on global welfare and global person-to-person relationships, are as well. The logics driving the current economics-national security dynamic represent paradigmatic, competing models for organizing individuals with different normative justifications and concerns. Resolving disputes, this essay argues, requires recognizing these root choices

Cyber Threat Actors for the Factory of the Future

The increasing degree of connectivity in factory of the future (FoF) environments, with systems that were never designed for a networked environment in terms of their technical security nature, is accompanied by a number of security risks that must be considered. This leads to the necessity of relying on risk assessment-based approaches to reach a sufficiently mature cyber security management level. However, the lack of common definitions of cyber threat actors (CTA) poses challenges in untested environments such as the FoF. This paper analyses policy papers and reports from expert organizations to identify common definitions of CTAs. A significant consensus exists only on two common CTAs, while other CTAs are often either ignored or overestimated in their importance. The identified motivations of CTAs are contrasted with the specific characteristics of FoF environments to determine the most likely CTAs targeting FoF environments. Special emphasis is given to corporate competitors, as FoF environments probably provide better opportunities than ever for industrial espionage if they are not sufficiently secured. In this context, the study aims to draw attention to the research gaps in this area

Power and Arms: The Diffusion of Military Innovations and Technology. A Comparative Historical Analysis of the Spread of Military Power After the Cold War and Consequences for the Norwegian Navy in the NATO Alliance

This thesis investigates the extensive puzzle of various influences on the diffusion of military power, meaning the spread of certain innovations, through the international system and the implications for international politics and the NATO alliance. Building on recent contributions to the studies of diffusion of military innovations, this thesis explores how and why certain innovations spread at a faster rate than others, through theoretical accounts of revolution in military affairs and adoption capacity theory, not only for discussing how military power diffuses through the international system as a whole, but also in relation to the case of sea power and modern warship innovations. According to previous literature, military technologies should spread fairly quickly because of structural pressures to emulate and the possibility to free-ride on research and development investments made by other states. Conversely, history offers numerous examples in which major military innovations spread neither quickly nor extensively. In order to explain this puzzle, the study intends to provide useful insights on states’ financial and organizational capacity to adopt and implement new military innovations, and what this imply for the NATO alliance. Through a comparative historical analysis, the mechanisms at play will be mapped out by applying process tracing and historical accounts, and moreover, empirically tested against the theoretical and analytical framework