The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Кибербезопасность в образовательных сетях

The paper discusses the possible impact of digital space on a human, as well as human-related directions in cyber-security analysis in the education: levels of cyber-security, social engineering role in cyber-security of education, “cognitive vaccination”. “A Human” is considered in general meaning, mainly as a learner. The analysis is provided on the basis of experience of hybrid war in Ukraine that have demonstrated the change of the target of military operations from military personnel and critical infrastructure to a human in general. Young people are the vulnerable group that can be the main goal of cognitive operations in long-term perspective, and they are the weakest link of the System.У статті обговорюється можливий вплив цифрового простору на людину, а також пов'язані з людиною напрямки кібербезпеки в освіті: рівні кібербезпеки, роль соціального інжинірингу в кібербезпеці освіти, «когнітивна вакцинація». «Людина» розглядається в загальному значенні, головним чином як та, що навчається. Аналіз надається на основі досвіду гібридної війни в Україні, яка продемонструвала зміну цілей військових операцій з військовослужбовців та критичної інфраструктури на людину загалом. Молодь - це вразлива група, яка може бути основною метою таких операцій в довгостроковій перспективі, і вони є найслабшою ланкою системи.В документе обсуждается возможное влияние цифрового пространства на человека, а также связанные с ним направления в анализе кибербезопасности в образовании: уровни кибербезопасности, роль социальной инженерии в кибербезопасности образования, «когнитивная вакцинация». «Человек» рассматривается в общем смысле, в основном как ученик. Анализ представлен на основе опыта гибридной войны в Украине, которая продемонстрировала изменение цели военных действий с военного персонала и критической инфраструктуры на человека в целом. Молодые люди являются уязвимой группой, которая может быть главной целью когнитивных операций в долгосрочной перспективе, и они являются самым слабым звеном Систем

Digital Architecture as Crime Control

This paper explains how theories of realspace architecture inform the prevention of computer crime. Despite the prevalence of the metaphor, architects in realspace and cyberspace have not talked to one another. There is a dearth of literature about digital architecture and crime altogether, and the realspace architectural literature on crime prevention is often far too soft for many software engineers. This paper will suggest the broad brushstrokes of potential design solutions to cybercrime, and in the course of so doing, will pose severe criticisms of the White House\u27s recent proposals on cybersecurity. The paper begins by introducing four concepts of realspace crime prevention through architecture. Design should: (1) create opportunities for natural surveillance, meaning its visibility and susceptibility to monitoring by residents, neighbors, and bystanders; (2) instill a sense of territoriality so that residents develop proprietary attitudes and outsiders feel deterred from entering a private space; (3) build communities and avoid social isolation; and (4) protect targets of crime. There are digital analogues to each goal. Natural-surveillance principles suggest new virtues of open-source platforms, such as Linux, and territoriality outlines a strong case for moving away from digital anonymity towards psuedonymity. The goal of building communities will similarly expose some new advantages for the original, and now eroding, end-to-end design of the Internet. An understanding of architecture and target prevention will illuminate why firewalls at end points will more effectively guarantee security than will attempts to bundle security into the architecture of the Net. And, in total, these architectural lessons will help us chart an alternative course to the federal government\u27s tepid approach to computer crime. By leaving the bulk of crime prevention to market forces, the government will encourage private barricades to develop - the equivalent of digital gated communities - with terrible consequences for the Net in general and interconnectivity in particular

Insider Threat Prevention in the US Banking System

Insider threats have been a major problem for the US banking sector in recent years, costing billions of dollars in damages. To combat this, the implementation of effective cybersecurity measures is essential. This paper investigates the current state of insider threats to banks in the U.S., the associated costs, and the potential measures that can be taken to mitigate this risk. The development of a framework for the adoption of cybersecurity measures within the banking industry is the primary emphasis in order to stop fraud and lessen financial losses. Through a detailed examination of the literature, in-depth interviews with experts in the banking sector, and case studies of existing cybersecurity measures, this paper provides a comprehensive overview of the problem and potential remedies. Analysis of the research reveals that identity and access management, data encryption, and secure authentication are key components of any cybersecurity strategy. Furthermore, it is recommended that banks increase their technical capabilities and improve their employee awareness and training. The study concludes with a series of suggestions for enhancing banking industry cybersecurity and eventually reducing the danger of insider attacks. This paper explores the topic of insider threats in the US banking industry and presents cybersecurity measures to prevent fraud. Insider threats from people with access to sensitive data and systems present serious hazards to the banking industry, resulting in monetary losses, reputational harm, and compromised data integrity

The Three Laws: The Chinese Communist Party Throws Down the Data Regulation Gauntlet

Criticism of the Chinese Communist Party (CCP) runs a wide gamut. Accusations of human rights abuses, intellectual property theft, authoritarian domestic policies, disrespecting sovereign borders, and propaganda campaigns all have one common factor: the CCP’s desire to control information. Controlling information means controlling data. Lurking beneath the People’s Republic of China’s (PRC) tumultuous relationship with the rest of the world is the fight between nations to control their citizens’ data while also keeping it out of the hands of adversaries. The CCP’s Three Laws are its newest weapon in this data war. One byproduct of the CCP’s emphasis on controlling the narrative is that analyzing the PRC’s laws and policies requires reading between the lines—in the dark, by candlelight. Even the most informed analysis requires assumptions. The Three Laws are no different. Their broad language, drastic penalties, and sweeping scope rule out the traditional tools of statutory interpretation. Ordinary meaning, canons of construction, and legislative history are useless. In the PRC, the law means what the CCP says it means. To understand the Three Laws and predict the associated regulatory risks, lawyers, economists, and politicians alike must think and reason by analogy. This Note offers analyses, case studies, and recommendations that provide practitioners a solid framework to assess a company’s regulatory risk under the Three Laws. First, this Note outlines the guiding tenets of the CCP to understand the motivations behind the Three Laws. Next, it provides case studies of different companies’ relationships with the CCP. Realizing how the CCP has dealt with some of the largest companies in the world—Ant Group, Didi Chuxing, Apple, Tesla—is crucial to understanding the threat of future capricious CCP action. This Note then analyzes alleged CCP hacking campaigns and global influence building so the reader may better understand the types of actions that the CCP undertakes—and fears being done to it by others. Finally, this Note provides recommendations for companies with different levels of exposure to the CCP and its ability to enforce its laws. Ultimately, this Note provides the reader with a primer on an important geopolitical issue: the shadowy battle between the world’s great powers to control their citizens’ information, procure their adversaries’ data, and the ways that the law is being used to further these goals

YIELD TO PEDESTRIANS? EXAMINING INFRASTRUCTURE AND DEFENSIVE-MINDED METHODOLOGIES IN SECURING PEDESTRIAN-RICH ENVIRONMENTS

Urban municipalities feature pedestrian-rich environments with limited mitigation measures to prevent vehicle-caused pedestrian fatalities. Limited pedestrian protections represent an attractive target for nefarious actors to commit vehicle ramming attacks (VRA). There are defensive-minded methodologies that afford greater mitigation against deadly vehicle-versus-pedestrian collisions and VRAs in urban pedestrian-rich environments. This thesis examines the vulnerability of pedestrian-rich environments to vehicle-caused pedestrian fatalities and provide recommendations for stakeholders to better secure the environments. It also examines both the target hardening and protective security methodologies using a theoretical analysis model. By analyzing these defensive-minded methodologies, this thesis explores a homogenous framework for securing urban pedestrian-rich environments: the target hardening/protective security spectrum (THPSS). This thesis concludes with recommendations for urban municipalities to implement to better protect their respective pedestrian-rich environments from deadly vehicle-versus-pedestrian collisions and VRAs. This thesis provides recommendations to better secure outdoor dining establishments, street fairs, road races, and urban public parks from vehicle-caused fatalities.Civilian, New York City Police DepartmentApproved for public release. Distribution is unlimited