Cyber Infrastructure Protection: Vol. II

View the Executive SummaryIncreased reliance on the Internet and other networked systems raise the risks of cyber attacks that could harm our nation’s cyber infrastructure. The cyber infrastructure encompasses a number of sectors including: the nation’s mass transit and other transportation systems; banking and financial systems; factories; energy systems and the electric power grid; and telecommunications, which increasingly rely on a complex array of computer networks, including the public Internet. However, many of these systems and networks were not built and designed with security in mind. Therefore, our cyber infrastructure contains many holes, risks, and vulnerabilities that may enable an attacker to cause damage or disrupt cyber infrastructure operations. Threats to cyber infrastructure safety and security come from hackers, terrorists, criminal groups, and sophisticated organized crime groups; even nation-states and foreign intelligence services conduct cyber warfare. Cyber attackers can introduce new viruses, worms, and bots capable of defeating many of our efforts. Costs to the economy from these threats are huge and increasing. Government, business, and academia must therefore work together to understand the threat and develop various modes of fighting cyber attacks, and to establish and enhance a framework to assess the vulnerability of our cyber infrastructure and provide strategic policy directions for the protection of such an infrastructure. This book addresses such questions as: How serious is the cyber threat? What technical and policy-based approaches are best suited to securing telecommunications networks and information systems infrastructure security? What role will government and the private sector play in homeland defense against cyber attacks on critical civilian infrastructure, financial, and logistical systems? What legal impediments exist concerning efforts to defend the nation against cyber attacks, especially in preventive, preemptive, and retaliatory actions?https://press.armywarcollege.edu/monographs/1527/thumbnail.jp

Exploring the cybercrime capacity and capability of local law enforcement agencies in the United States

2021 Fall.Includes bibliographical references.The relentless pace of technological innovation has changed how people communicate, interact, and conduct business, creating new pathways and opportunities for people to commit crimes or engage in harmful behavior via the internet or digitally networked devices. Cybercrime is rapidly scaling up, leading many to predict that it will become the next significant global crisis (Krebs, 2021; Viswanathan & Volz, 2021; Zakaria, 2021). In the United States, local law enforcement agencies and their personnel stand at the frontlines of the cybercrime problem (Police Executive Research Forum, 2014). This dissertation project was inspired by several calls to action to explore and evaluate how law enforcement agencies are responding to the cybercrime problem (Holt & Bossler, 2014; Ngo & Jaishankar, 2017). The research conducted in this project aligns with and extends a small body of exploratory and evaluative research focusing on local law enforcement agencies and cybercrime (for example Harkin et al., 2018; Monaghan, 2020; Nowacki & Willits, 2016). By utilizing a mixed methods research design consisting of a survey and series of qualitative interviews this project helped address the research question: What is the current cybercrime capacity and capability of local law enforcement agencies in the United States? Findings from this project advance our knowledge about the cybercrime capacity and capability of local law enforcement agencies and contribute to strengthening law enforcement practice, policy, and future research. In total, 925 county and municipal agencies participated in this research project through a survey instrument called the Cybercrime Capacity and Capability Questionnaire (CCCQ©), with 855 agencies providing data usable for analysis. Additionally, 23 individuals representing 23 distinct agencies, who previously participated in the CCCQ, also participated in a series of semi-structured qualitative interviews. Multiple findings and recommendations were derived as a result of the participation by these agencies and individuals in this project. Several findings from this project aligned with or validated findings and recommendations from other recent studies (for example Harkin et al., 2018). Among the key findings from this project are that the cybercrime capacity and capability of local law enforcement agencies is deficient, despite trends at the local law enforcement agency level to allocate more resources to the cybercrime problem. This deficiency is noted both by response patterns on the CCCQ© and through comments supplied during the qualitative interviews. Lack of financial and personnel resources, especially technologically skilled and competent personnel, limited and/or outdated technological infrastructure, and problems leveraging partnerships and obtaining cooperation from private sector organizations are just a few of the challenges hampering the development of a more robust local law enforcement cybercrime capacity and capability. Results and insights from this research also illuminate the dynamic process of developing cybercrime capacity and capability. Result from this project indicate that caution should be exercised before assuming that cybercrime capacity and capability are solely a function of agency size. While this project substantiates other research that shows larger agencies are more likely to have cybercrime units, and also tend to have more resources, personnel, and equipment for cybercrime investigations, they do not necessarily have greater cybercrime capacity or capability. Cybercrime case volume appears to impact cybercrime capacity and capability such that large local law enforcement agencies, despite specialized cybercrime units and more resources allocated to cybercrime, may not be better off in managing cybercrime incidents or responding to cybercrime related issues than midsize and smaller local agencies. Personnel at larger agencies, despite having dedicated cybercrime units, more resources, and better equipment, may be at higher risk of burnout and other issues as a result. In short, extremely high cybercrime case volumes may undermine the capacity and capability of even the most robustly developed specialized cybercrime units, as well as the best equipped and resourced agencies. Given the pace at which the cybercrime problem is growing, this is a troubling finding. This project also highlights that cybercrime capacity and capability cannot be understood without accounting for the critical differences that external forces and contextual factors produce on local law enforcement agencies that, in turn, impact how those agencies function and adapt to new issues and challenges. For example, qualitative data from this project help us to understand the connections between the defund the police movement and the COVID-19 pandemic, both of which appear to be undermining the capacity and capability of local law enforcement agencies, and thus negatively impacting their cybercrime capacity and capability. As a result, cybercrime administrators and personnel at local law enforcement agencies in the U.S. may be experiencing similar challenges to their peers abroad (see Harkin et al. 2018). A number of directions for future research, improvement of the CCCQ©, and recommendations for improving police practice and policy such as developing uniform, and operationalizable cybercrime best practices and strengthening private sector compliance with law enforcement agency requests for data are also provided

Educating the effective digital forensics practitioner: academic, professional, graduate and student perspectives

Over the years, digital forensics has become an important and sought-after profession where the gateway of training and education has developed vastly over the past decade. Many UK higher education (HE) institutions now deliver courses that prepare students for careers in digital forensics and, in most recent advances, cyber security. Skills shortages and external influences attributed within the field of cyber security, and its relationship as a discipline with digital forensics, has shifted the dynamic of UK higher education provisions. The implications of this now sees the route to becoming a digital forensic practitioner, be it in law enforcement or business, transform from on-the-job training to university educated, trained analysts. This thesis examined courses within HE and discovered that the delivery of these courses often overlooked areas such as mobile forensics, live data forensics, Linux and Mac knowledge. This research also considered current standards available across HE to understand whether educational programmes are delivering what is documented as relevant curriculum. Cyber security was found to be the central focus of these standards within inclusion of digital forensics, adding further to the debate and lack of distinctive nature of digital forensics as its own discipline. Few standards demonstrated how the topics, knowledge, skills and competences drawn were identified as relevant and effective for producing digital forensic practitioners. Additionally, this thesis analyses and discusses results from 201 participants across five stakeholder groups: graduates, professionals, academics, students and the public. These areas were selected due to being underdeveloped in existing literature and the crucial role they play in the cycle of producing effective practitioners. Analysis on stakeholder views, experiences and thoughts surrounding education and training offer unique insight, theoretical underpinnings and original contributions not seen in existing literature. For example, challenges, costs and initial issues with introducing graduates to employment for the employers and/or supervising practitioners, the lack of awareness and contextualisation on behalf of students and graduates towards what knowledge and skills they have learned and acquired on a course and its practical application on-the-job which often lead to suggestions of a lack of fundamental knowledge and skills. This is evidenced throughout the thesis, but examples include graduates: for their reflections on education based on their new on-the-job experiences and practices; professionals: for their job experiences and requirements, academics: for their educational practices and challenges; students: their initial expectations and views; and, the public: for their general understanding. This research uniquely captures these perspectives, bolstering the development of digital forensics as an academic discipline, along with the importance these diverse views play in the overall approach to delivering skilled practitioners. While the main contribution to knowledge within this thesis is its narrative focusing on the education of effective digital forensic practitioners and its major stakeholders, this thesis also makes additional contributions both academically and professionally; including the discussion, analysis and reflection of: - improvements for education and digital forensics topics for research and curriculum development; - where course offerings can be improved for institutions offering digital forensic degree programmes; - the need for further collaboration between industry and academia to provide students and graduates with greater understanding of the real-life role of a digital forensic practitioner and the expectations in employment; - continuous and unique challenges within both academia and the industry which digital forensics possess and the need for improved facilities and tool development to curate and share problem and scenario-based learning studies

Strategies for Cybercrime Prevention in Information Technology Businesses

Cybercrime continues to be a devastating phenomenon, impacting individuals and businesses across the globe. Information technology (IT) businesses need solutions to defend and secure their data and networks from cyberattacks. Grounded in general systems theory and transformational leadership theory, the purpose of this qualitative multiple case study was to explore strategies IT business leaders use to protect their systems from a cyberattack. The participants included six IT business leaders with experience in cybersecurity or system security in the Midlands region of South Carolina. Data were collected using semistructured interviews and reviews of government standards documents; data were analyzed using thematic analysis. Three themes emerged from the study: (a) cybercrime prevention strategy; (b) cybersecurity awareness, training, and education; and (c) effective leadership. A key recommendation is for IT business leaders to ensure employees are current on cybersecurity awareness and defense techniques through regular training and education, use third-party vendors that are subject matter experts where they lack talent, and develop leaders with a transformational mindset. The implications for positive social change include the potential for IT business leaders and employees to become more proactive in learning and implementing effective cybercrime prevention strategies to keep their businesses profitable and support the needs of stakeholders and clients

Cyber Ethics 4.0 : Serving Humanity with Values

Cyber space influences all sectors of life and society: Artificial Intelligence, Robots, Blockchain, Self-Driving Cars and Autonomous Weapons, Cyberbullying, telemedicine and cyber health, new methods in food production, destruction and conservation of the environment, Big Data as a new religion, the role of education and citizens’ rights, the need for legal regulations and international conventions. The 25 articles in this book cover the wide range of hot topics. Authors from many countries and positions of international (UN) organisations look for solutions from an ethical perspective. Cyber Ethics aims to provide orientation on what is right and wrong, good and bad, related to the cyber space. The authors apply and modify fundamental values and virtues to specific, new challenges arising from cyber technology and cyber society. The book serves as reading material for teachers, students, policy makers, politicians, businesses, hospitals, NGOs and religious organisations alike. It is an invitation for dialogue, debate and solution

Cybercrimes and the Rule of Law in West-Africa: The Republic of Cote d’Ivoire as a Case-Study.

Since becoming independent nations in the 60s, West-African countries have enacted laws and regulations with the goals of ensuring peace and justice within their respective borders. On the paper, there was no difference between the justice systems of those newly independent nations and the justice systems of their former masters. Unfortunately, the rule of law in West-African nations since gaining independence, has not always been followed for a myriad of social, cultural, political, and economic reasons. Most justice systems in West-Africa including in Cote d’Ivoire are deeply corrupted, thus rendering the goal of a peaceful society through a fair justice system mute. With the emergence of a new type of crimes taking place in cyberspace, there has been a logical need to enact new laws to protect the public using the added information and communication technologies (ICT). Over the past few years, multiple cyber-legislations have sprung-up all over Africa including in Cote d’Ivoire. The fundamental question is to ask whether the enforcement of cybercrimes laws is more successful than the enforcement of traditional laws. The problem of the enforceability of these cybercrime legislations is compounded by the very nature of cyberspace which is “borderless.” Faced with the complexity of those computer crimes taking place in the virtual space, do West-African countries in general and specifically Cote d’Ivoire have the infrastructure, the knowledge, and the workforce to efficiently investigate and prosecute cybercrimes? This research tries to investigate, expose the theoretical inadequation between cybercrimes legislations and the enforcement capabilities of the Ivorian state, based on the deficiencies of enforcement of traditional laws and the need to stem the tide of corruption in general and specifically in the justice system. This research uses the case-study method because case studies are in-depth investigations of a single person, group, event, or community. Our findings have confirmed our assumptions that the enforcement of cybercrime laws is flawed due to the lack of proper equipment, skills of law enforcement personnel, even though the country has put in place many agencies to fight against cybercrimes. The social, cultural, political, and economical determinants that have always inhibited the fair and just enforcement of traditional laws is exerting the same kind of pressure on the capabilities of Law enforcement when it comes to the investigation and prosecution of cybercrimes in Cote d’Ivoire. This research, far from being exhaustive, needs a follow-up research in the future when the country retrieves its past stability and social peace which will allow a more open cooperation between researchers and the different authorities leading the fight against cybercrimes

'The Objectifying Gaze': The Role of Adaptation in Perceptions of Gender on Television

For too long, adaptation studies has been limited to film and focused on adaptation as a product (i.e. the transformation of a novel into a film), but expanding the field to television and emphasizing the process of adaptation (i.e. how texts share meaning) invites critics to contemplate between television and society by considering the concepts of adaptation (e.g. doubling, architextuality, citation, and de(re)composing) that perpetuate stereotypes and myths about women across texts and spaces. My dissertation therefore expands the scope of research on gender representation in television by using adaptation theory to reveal the intertextual composition of portrayals of women. Many critics have examined intertextuality in film, and some in television, but none have evaluated the role that concepts of adaptation play in constructing representations of women in television, especially in the fields of justice, science, and technology. The main research question is: What is the impact of television on society? I argue that the relationship between television and society is influenced by intertextuality and apply Fredrickson and Roberts’ theory of objectification, in line with Mulvey’s famous concept of the male gaze, to demonstrate how concepts of adaptation enforce the objectifying gaze on women in television and reinforce mostly stereotypical gender roles. This dissertation is composed of an introduction, four chapters, and a conclusion. Using a case-study methodology, I analyze eight American drama television series that exercise adaptation and the gaze, with many passing references made to art, film, and literature that open the landscape of television to its intertextual roots: uncanny doubles in House of Cards and Orange Is the New Black, architexts between drama and detection in CSI: Cyber and Person of Interest, citations of trauma in Criminal Minds and Law and Order: Special Victims Unit, and de(re)compositions of media and society in Wisdom of the Crowd and The X-Files. Four key findings stand out from these case studies: (1) uncanny doubles manifest a spatiality of death around female and/or LGBT characters, (2) architexts between drama and detection form through play to debunk gender role stereotypes, (3) citations of torture make and maintain a visual style of terror on screen, and (4) de(re)compositions of media and society insulate the voyeuristic POV. These findings show that violence against women continues to be eroticized on prime-time, but that adaptation plays a role in making a spectacle of rape and other harms. Several original concepts emerge during the research process to describe the role that adaptation plays in shaping perceptions of gender, sexuality, and violence on television, including but not limited to: embodied detection, figural déjà vu, forensic adaptation, and ludic forensics. All told, this dissertation forges a new way of discussing gender representation by applying adaptation theory to television studies

Cyber defensive capacity and capability::A perspective from the financial sector of a small state

This thesis explores ways in which the financial sectors of small states are able todefend themselves against ever-growing cyber threats, as well as ways these states can improve their cyber defense capability in order to withstand current andfuture attacks. To date, the context of small states in general is understudied. This study presents the challenges faced by financial sectors in small states with regard to withstanding cyberattacks. This study applies a mixed method approach through the use of various surveys, brainstorming sessions with financial sector focus groups, interviews with critical infrastructure stakeholders, a literature review, a comparative analysis of secondary data and a theoretical narrative review. The findings suggest that, for the Aruban financial sector, compliance is important, as with minimal drivers, precautionary behavior is significant. Countermeasures of formal, informal, and technical controls need to be in place. This study indicates the view that defending a small state such as Aruba is challenging, yet enough economic indicators indicate it not being outside the realm of possibility. On a theoretical level, this thesis proposes a conceptual “whole-of-cyber” model inspired by military science and the VSM (Viable Systems Model). The concept of fighting power components and governance S4 function form cyber defensive capacity’s shield and capability. The “whole-of-cyber” approach may be a good way to compensate for the lack of resources of small states. Collaboration may be an only out, as the fastest-growing need will be for advanced IT skillsets