A Comparative Analysis of the National Cyber Security Strategies of Leading Nations

The rapid pace of technological developments in the area of information and communications technologies caused nations and peoples to be more reliant on cyber infrastructure to survive. Besides opportunities, the widespread use of information technology introduces new threats as well. Risks related to cyber security have started to threaten critical infrastructures, which are defined as assets that are essential for the functioning of a society and its economy. Cyber security has become one of the most serious national security concerns. In 2003 the United States was the first nation to prepare and publish a national cyber security strategy In the last ten years, 35 other nations have subsequently published their national cyber security strategy document. There are several aspects for national cyber security strategies. According to Luiijif and Healey (2012), there are five mandates of national cyber security: 1) Military cyber operations, 2) Counter cybercrime, 3) Intelligence/Counter intelligence, 4) Cyber security crisis management and critical infrastructure protection and 5) Internet governance and cyber diplomacy. In this study, the national cyber security strategies of France, Germany, The Netherlands, United Kingdom, United States and Turkey are examined and compared. Correlations between specific properties of the nation (economic power and political situation etc.) and focus and content of its cyber strategy were examined. The results of the study will provide guidance for nations that plan to prepare or update a national cyber security strategy

"The global telecommunications infrastructure: European Community (Union) telecommunications developments"

[From the Introduction]. Information, electronics, and telecommunication technologies promise to create communications networks of greatly expanded capacity capable of moving messages across interconnected wired and wireless systems almost anywhere in the world. Such global systems will profoundly affect the economic and social life of all countries. For those countries and economic sectors with a history of significant involvement in electronics, computers, multimedia, and telecommunications, early and timely deployment of state-of-the-art infrastructure may be a matter of prime importance. Many individual countries have made or are making changes intended to accelerate movement toward an information society, in large part because they recognize that a strategic competitive edge in the world economy will likely depend increasingly upon the availability, use, and exploitation of information. A major participant in the information race is the European Union (EU), formerly the European Community. The Commission of the European Union (Commission) has launched a strong push to adopt a common strategy for the creation of a European information society driven by a European information infrastructure. This strategy is aimed at bridging individual initiatives being pursued by EU Member States. [1. Member States now in the Union include the following: Belgium, Denmark, France, Germany, Greece, Ireland, Italy, Luxembourg, the Netherlands, Portugal, Spain, and the United Kingdom, Austria, Finland and Sweden joined the Union on January 1, 1995.1

Planned Adaptation in Design and Testing of Critical Infrastructure: The Case of Flood Safety in The Netherlands

In the Netherlands, dykes and other primary water defence works are assets that are essential to keep the society and economy functioning, by protecting against flooding from sea and rivers due to extreme events. Given that 55% of the country is at risk of flooding, primary water defence works belong to its critical infrastructure. Many factors influence the risk and impact of flooding. Besides physical factors (e.g., landscape design, climate change) also socio-economic factors (e.g., population, assets) are important. Given that these factors change and feature complex and uncertain behaviour in past and future, the design and regulation of this critical infrastructure will have to be flexible enough to be able to deal with such changes. ‘Planned Adaptation’ refers to regulatory programmes that plan for future changes in knowledge by producing new knowledge and revising rules at regular intervals. This study describes the emergence of the next generation of Dutch primary water defence infrastructure, which through the stepwise implementation of Planned Adaptation for design and testing of primary water defence works in the mid-1990s has moved beyond the Delta Works approach of 1953 and subsequent unplanned adaptations. This has prepared the ground for the recent introduction of Adaptive Delta Management, which makes an integral part of the new Delta Plan for the Netherlands that was published on 16 September 2014 and which is also analysed in this study

STOP-IT: strategic, tactical, operational protection of water infrastructure against cyberphysical threats

Water supply and sanitation infrastructures are essential for our welfare, but vulnerable to several attack types facilitated by the ever-changing landscapes of the digital world. A cyber-attack on critical infrastructures could for example evolve along these threat vectors: chemical/biological contamination, physical or communications disruption between the network and the supervisory SCADA. Although conceptual and technological solutions to security and resilience are available, further work is required to bring them together in a risk management framework, strengthen the capacities of water utilities to systematically protect their systems, determine gaps in security technologies and improve risk management approaches. In particular, robust adaptable/flexible solutions for prevention, detection and mitigation of consequences in case of failure due to physical and cyber threats, their combination and cascading effects (from attacks to other critical infrastructure, i.e. energy) are still missing. There is (i) an urgent need to efficiently tackle cyber-physical security threats, (ii) an existing risk management gap in utilities’ practices and (iii) an un-tapped technology market potential for strategic, tactical and operational protection solutions for water infrastructure: how the H2020 STOP-IT project aims to bridge these gaps is presented in this paper.Postprint (published version

Vulnerability reduction of infrastructure reconstruction projects

Various infrastructure segments of numerous countries have been repeatedly subjected to natural and man-made disasters. The potential reason of damaging infrastructure facilities and their services is resultant disaster risks due to natural or man-made hazards connect with vulnerable infrastructure facilities and vulnerable communities. The simplest way to prevent or mitigate disaster losses is addressing vulnerabilities. The main study based on which this paper was compiled aimed at exploring and investigating the vulnerabilities of infrastructures and communities benefited from infrastructures and possible solutions to overcome them. This paper presents the literature review conducted on vulnerabilities of infrastructures and empirical evidence collated on best possible DRR strategies to overcome such vulnerabilities of infrastructures. The main study was conducted using case study strategy and the expert interviews. This paper is entirely based on the data collated from the expert interviews conducted in Sri Lanka and United Kingdom. The expert interviews discovered various DRR strategies to overcome the vulnerabilities of the infrastructure project

Analysing road pricing implementation processes in the UK and Norway

Traditional transport policies of road expansion entail a relatively simple system of actors and processes around which expertise, knowledge, and skills which has built up over many decades. Some of the more radical Travel Demand Management measures, including urban road pricing, involve a complicated set of institutions, processes, people and procedures. Road pricing schemes often get delayed or abandoned due to controversy, disagreements, unanticipated problems and a whole host of other delaying factors. If they are implemented, they tend to be diluted and consequently become less effective. Strategic Niche Management (SNM) has previously been used to provide guidelines on the implementation of innovative transport technologies through setting up protected experimental settings (niches) in which actors learn about the design, user needs, social and political acceptability, and other aspects. Here SNM is modified to cover a policy approach through the analysis of road user charging case studies in the UK and Norway. A detailed analysis of the road user charging schemes in Bergen, Oslo, Durham and London is presented. Key factors identified include the role of stakeholder and user networks, the existence of a project champion, understanding the motivations and expectations of stakeholders and users, learning with regards to the regional context, and the change in perceptions associated with acceptance. Comparison between the four cases shows different approaches emerging from each country in implementing and ‘marketing’ of the policies. The paper concentrates on approaches such as: the purpose for introducing the policies, the involvement of users in the planning process and, the use of revenues for either providing alternative transport modes or financing road infrastructure. Key factors identified using the SNM framework include the role of stakeholder and user networks, the existence of a project champion, understanding the motivations and expectations of stakeholders and users, learning with regards to the regional context, and the change in perceptions associated with acceptance. This type of analysis could prove useful for transport planners envisaging the implementation of road pricing projects

The toll of the automobile

Animal-vehicle collisions are a common phenomenon worldwide, causing injury or death to millions of animals and hundreds of human passengers each year. Collision numbers can be significant to species conservation, wildlife management, traffic safety, as well as from an economic and political point of view, and should thus be evaluated from these different perspectives. In this thesis, I assess, evaluate, analyse and predict animal-vehicle collisions with respect to their extent, their effect on populations, and their broad and fine scale distribution. A questionnaire with Swedish drivers indicated that nationwide road traffic in 1992 may caused an annual loss in harvest of common game species of 7% to 97% and of 1% to 12% of estimated populations. Road mortality did not appear as an existential threat to most species, although in badgers (Meles meles), traffic probably is the largest single cause of death. A slow population growth rate coupled with a high proportion of adult badger road-kills is responsible for their sensitivity to road mortality. Provided that road mortality is additive, we predicted that losses due to nationwide traffic might already exceed birth rates and limit badger population growth. In roe deer (Capreolus capreolus) and moose (Alces alces), road mortality is of minor importance to the population. Broad-scale trends and patterns in collision numbers correlate with harvest and traffic volumes, thus providing a simple means to monitor the toll of road traffic. To predict local collision risks with these species, information on animal abundance and landscape composition, on road traffic parameters, and on the spatial coincidence of roads and landscape elements is needed. However, vehicle speed appeared as one of the most important factors determining collision risks with moose, underlining the influence of human factors on collision risks. Successful counteraction therefore requires an interdisciplinary approach that addresses both the animal and the driver in their shared environment

Towards Data Protection Compliance

Privacy and data protection are fundamental issues nowadays for every organization. This paper calls for the development of methods, techniques and infrastructure to allow the deployment of privacy-aware IT systems, in which humans are integral part of the organizational processes and accountable for their possible misconduct. In particular, we discuss the challenges to be addressed in order to improve organizations privacy practices, as well as the approach to ensure compliance with legal requirements and increasing efficiency