WILLINGNESS TO PARTNER IN PUBLIC-PRIVATE PARTNERSHIP FOR CYBERSECURITY OF CRITICAL INFRASTRUCTURE

Public-private partnerships (PPPs) are crucial for securing critical infrastructure (CI) against cyber-attacks, yet little is known about how public and private organizations develop willingness to partner for CI cybersecurity. This research addressed this gap through a qualitative, multiple-case analysis of four PPPs related to cybersecurity, each involving two organizations and an additional, follow-up PPP. The research developed a process model that challenges the conventional view of willingness as fixed or static and proposes a new perspective that captures the process of constructing willingness. The research highlights the usefulness of activity theory in exploring this concept and presents the process model that describes this new understanding of willingness. Constructing willingness to partner is an activity path commencing with a catalyst that prompts relational partnering activities and generates partnering frames of emulation, insight, and connection, along with emerging commitments. These commitments generate intangible partnering resources including competence, reputation, and social capital, which support the construction of willingness to partner. The activity path comprises three subprocesses: initiating interaction, generating commitment, and legitimizing partnering. This research enhances the literature on PPPs and CI cybersecurity by offering a detailed description of how public and private organizations construct willingness to partner.Chief Warrant Officer Four, United States ArmyApproved for public release. Distribution is unlimited

ECHO Information sharing models

As part of the ECHO project, the Early Warning System (EWS) is one of four technologies under development. The E-EWS will provide the capability to share information to provide up to date information to all constituents involved in the E-EWS. The development of the E-EWS will be rooted in a comprehensive review of information sharing and trust models from within the cyber domain as well as models from other domains

Current capabilities, requirements and a proposed strategy for interdependency analysis in the UK

The UK government recently commissioned a research study to identify the state-of-the-art in Critical Infrastructure modelling and analysis, and the government/industry requirements for such tools and services. This study (Cetifs) concluded with a strategy aiming to bridge the gaps between the capabilities and requirements, which would establish interdependency analysis as a commercially viable service in the near future. This paper presents the findings of this study that was carried out by CSR, City University London, Adelard LLP, a safety/security consultancy and Cranfield University, defense academy of the UK

Cybersecurity: Risks, Progress, and the Way Forward in Latin America and the Caribbean

This report, prepared in collaboration with the Inter-American Development Bank (IDB) and the Global Cyber Security Capacity Centre of the University of Oxford, analyzes the cybersecurity capacity of OAS member states and encourages countries to implement the most up-to-date standards in cybersecurity, while protecting the fundamental rights of their people. As in the previous edition, the study analyzes the cyber maturity of each country in the five dimensions identified in the Cybersecurity Capacity Maturity Model for Nations (CMM): (i) Cybersecurity Policy and Strategy; (ii) Cyberculture and Society; (iii) Cybersecurity Education, Training, and Skills; (iv) Legal and Regulatory Frameworks; and (v) Standards, Organizations, and Technologies. The progress made in the region—much of it with the support of the OAS—is evident. The 2016 report, for example, indicated that four out of five countries lacked cybersecurity strategies or a critical infrastructure protection plan. By the beginning of 2020, 12 countries had approved national cybersecurity strategies, including Colombia (2011 and 2016), Panama (2013), Trinidad and Tobago (2013), Jamaica (2015), Paraguay (2017), Chile (2017), Costa Rica (2017), Mexico (2017), Guatemala (2018), Dominican Republic (2018), Argentina (2019), and Brazil (2020), with several others in progress. With regard to data collection and validation carried out by our member states, the report represents an overview of the complex and changing universe of cyberspace. We hope that this study provides a perspective that allows us to appreciate where we are, that enables us to make decisions based on evidence, and that improves our collective understanding of the challenges and opportunities implied by cybersecurity in our region. The information and analysis in this report will help all stakeholders—governments, private sector, academia, and civil society—to work to build a safer, more resilient, and productive cyberspace in our hemisphere

Ontology‐driven perspective of CFRaaS

A Cloud Forensic Readiness as a Service (CFRaaS) model allows an environment to preemptively accumulate relevant potential digital evidence (PDE) which may be needed during a post‐event response process. The benefit of applying a CFRaaS model in a cloud environment, is that, it is designed to prevent the modification/tampering of the cloud architectures or the infrastructure during the reactive process, which if it could, may end up having far‐reaching implications. The authors of this article present the reactive process as a very costly exercise when the infrastructure must be reprogrammed every time the process is conducted. This may hamper successful investigation from the forensic experts and law enforcement agencies perspectives. The CFRaaS model, in its current state, has not been presented in a way that can help to classify or visualize the different types of potential evidence in all the cloud deployable models, and this may limit the expectations of what or how the required PDE may be collected. To address this problem, the article presents the CFRaaS from a holistic ontology‐driven perspective, which allows the forensic experts to be able to apply the CFRaaS based on its simplicity of the concepts, relationship or semantics between different form of potential evidence, as well as how the security of a digital environment being investigated could be upheld. The CFRaaS in this context follows a fundamental ontology engineering approach that is based on the classical Resource Description Framework. The proposed ontology‐driven approach to CFRaaS is, therefore, a knowledge‐base that uses layer‐dependencies, which could be an essential toolkit for digital forensic examiners and other stakeholders in cloud‐security. The implementation of this approach could further provide a platform to develop other knowledge base components for cloud forensics and security

Best Practices for Critical Information Infrastructure Protection (CIIP): Experiences from Latin America and the Caribbean and Selected Countries

Over the past few decades, Latin America and the Caribbean (LAC) has witnessed numerous changes in its development, with most being beneficial. Positive changes relate to sizable growth and expansion of the region’s network infrastructure sectors, such as transport, energy, and information and communications technologies (ICT), among others. In many cases, ICT interconnects these critical infrastructures, creating substructures referred to as critical information infrastructures (CIIs). This publication is written to provide insights to the strategic thinking behind the creation of the national critical information infrastructure protection (CIIP) frameworks. It also builds its recommendations on in-depth analysis of the best CIIP practices around the world, with consideration of the region-specific landscape to originate a base line from which further development can be delineated