Cybersecurity: mapping the ethical terrain

This edited collection examines the ethical trade-offs involved in cybersecurity: between security and privacy; individual rights and the good of a society; and between the types of burdens placed on particular groups in order to protect others. Foreword Governments and society are increasingly reliant on cyber systems. Yet the more reliant we are upon cyber systems, the more vulnerable we are to serious harm should these systems be attacked or used in an attack. This problem of reliance and vulnerability is driving a concern with securing cyberspace. For example, a ‘cybersecurity’ team now forms part of the US Secret Service. Its job is to respond to cyber-attacks in specific environments such as elevators in a building that hosts politically vulnerable individuals, for example, state representatives. Cybersecurity aims to protect cyberinfrastructure from cyber-attacks; the concerning aspect of the threat from cyber-attack is the potential for serious harm that damage to cyber-infrastructure presents to resources and people. These types of threats to cybersecurity might simply target information and communication systems: a distributed denial of service (DDoS) attack on a government website does not harm a website in any direct way, but prevents its normal use by stifling the ability of users to connect to the site. Alternatively, cyber-attacks might disrupt physical devices or resources, such as the Stuxnet virus, which caused the malfunction and destruction of Iranian nuclear centrifuges. Cyber-attacks might also enhance activities that are enabled through cyberspace, such as the use of online media by extremists to recruit members and promote radicalisation. Cyber-attacks are diverse: as a result, cybersecurity requires a comparable diversity of approaches. Cyber-attacks can have powerful impacts on people’s lives, and so—in liberal democratic societies at least—governments have a duty to ensure cybersecurity in order to protect the inhabitants within their own jurisdiction and, arguably, the people of other nations. But, as recent events following the revelations of Edward Snowden have demonstrated, there is a risk that the governmental pursuit of cybersecurity might overstep the mark and subvert fundamental privacy rights. Popular comment on these episodes advocates transparency of government processes, yet given that cybersecurity risks represent major challenges to national security, it is unlikely that simple transparency will suffice. Managing the risks of cybersecurity involves trade-offs: between security and privacy; individual rights and the good of a society; and types of burdens placed on particular groups in order to protect others. These trade-offs are often ethical trade-offs, involving questions of how we act, what values we should aim to promote, and what means of anticipating and responding to the risks are reasonably—and publicly—justifiable. This Occasional Paper (prepared for the National Security College) provides a brief conceptual analysis of cybersecurity, demonstrates the relevance of ethics to cybersecurity and outlines various ways in which to approach ethical decision-making when responding to cyber-attacks

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Multinational perspectives on information technology from academia and industry

As the term \u27information technology\u27 has many meanings for various stakeholders and continues to evolve, this work presents a comprehensive approach for developing curriculum guidelines for rigorous, high quality, bachelor\u27s degree programs in information technology (IT) to prepare successful graduates for a future global technological society. The aim is to address three research questions in the context of IT concerning (1) the educational frameworks relevant for academics and students of IT, (2) the pathways into IT programs, and (3) graduates\u27 preparation for meeting future technologies. The analysis of current trends comes from survey data of IT faculty members and professional IT industry leaders. With these analyses, the IT Model Curricula of CC2005, IT2008, IT2017, extensive literature review, and the multinational insights of the authors into the status of IT, this paper presents a comprehensive overview and discussion of future directions of global IT education toward 2025

Democracy and Digital Authoritarianism: An Assessment of the EU’s External Engagement in the Promotion and Protection of Internet Freedom. College of Europe EU Diplomacy Paper 01/2020

The past decade has seen a gradual global increase in digital authoritarianism. Internet shutdowns, online censorship, mass surveillance and violations of privacy rights have all become more frequent in parts of the world where citizens are not guaranteed sufficient digital rights. The task of defending, promoting and protecting internet freedom is becoming increasingly relevant for the European Union (EU) − for internal digital and cybersecurity policies as well as for the EU’s external promotion of democracy and human rights. Whilst much has been written about the various internal policies which establish and protect internet freedom within the European Union and its member states, the EU’s external engagement in this field remains critically under-researched. To what extent does the EU engage externally in the promotion and protection of internet freedom? This paper answers this question by covering a wide variety of policy fields including human rights and democracy promotion, digital policy, enlargement and neighbourhood policy, development cooperation and trade policy. Whereas the EU faces a limited opportunity to shape global norms with regard to internet freedom or to change the course of digitally authoritarian states, it has demonstrated several strengths which deserve not to be overlooked. These include, for example, the externalisation of internal data protection and policies and the provision of direct support and protection for civil society. Despite facing significant obstacles, the promotion and protection of internet freedom has become an important area of the EU’s external action which is only set to become more relevant in the coming years

Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

Technological Change in the Retirement Transition and the Implications for Cybersecurity Vulnerability in Older Adults

Retirement is a major life transition, which leads to substantial changes across almost all aspects of day-to-day life. Although this transition has previously been seen as the normative marker for entry into older adulthood, its influence on later life has remained relatively unstudied in terms of technology use and cybersecurity behaviours. This is problematic as older adults are at particular risk of becoming victims of cyber-crime. This study aimed to investigate which factors associated with the retirement transition were likely to increase vulnerability to cyber-attack in a sample of 12 United Kingdom based older adults, all of whom had retired within the past 5 years. Semi-structured, one to one interviews were conducted and subsequently analysed using thematic analysis. Six themes were identified referring to areas of loss in: social interaction, finances, day-to-day routine, feelings of competence, sense of purpose, and technology support structures. We discuss the implications of these losses for building cyber-resilience in retirees, with suggestions for future research

National Security Space Launch

The United States Space Force’s National Security Space Launch (NSSL) program, formerly known as the Evolved Expendable Launch Vehicle (EELV) program, was first established in 1994 by President William J. Clinton’s National Space Transportation Policy. The policy assigned the responsibility for expendable launch vehicles to the Department of Defense (DoD), with the goals of lowering launch costs and ensuring national security access to space. As such, the United States Air Force Space and Missile Systems Center (SMC) started the EELV program to acquire more affordable and reliable launch capability for valuable U.S. military satellites, such as national reconnaissance satellites that cost billions per satellite. In March 2019, the program name was changed from EELV to NSSL, which reflected several important features: 1.) The emphasis on “assured access to space,” 2.) transition from the Russian-made RD-180 rocket engine used on the Atlas V to a US-sourced engine (now scheduled to be complete by 2022), 3.) adaptation to manifest changes (such as enabling satellite swaps and return of manifest to normal operations both within 12 months of a need or an anomaly), and 4.) potential use of reusable launch vehicles. As of August 2019, Blue Origin, Northrop Grumman Innovation Systems, SpaceX, and United Launch Alliance (ULA) have all submitted proposals. From these, the U.S. Air Force will be selecting two companies to fulfill approximately 34 launches over a period of five years, beginning in 2022. This paper will therefore first examine the objectives for the NSSL as presented in the 2017 National Security Strategy, Fiscal Year 2019, Fiscal Year 2020, and Fiscal Year 2021 National Defense Authorization Acts (NDAA), and National Presidential Directive No. 40. The paper will then identify areas of potential weakness and gaps that exist in space launch programs as a whole and explore the security implications that impact the NSSL specifically. Finally, the paper will examine how the trajectory of the NSSL program could be adjusted in order to facilitate a smooth transition into new launch vehicles, while maintaining mission success, minimizing national security vulnerabilities, and clarifying the defense acquisition process.No embargoAcademic Major: EnglishAcademic Major: International Studie

Learning from Trump and Xi? Globalization and innovation as drivers of a new industrial policy. Bertelsmann GED Focus 2020

Technological innovations are essential drivers of longterm and sustainable growth. Accordingly, there currently is a debate in Germany and the EU as to whether a new, strategic industrial policy can be an answer to the complex dynamics of digitization. Products of this discussion are, for example, the Industrial Strategy 2030 published by the Federal Ministry for Economic Affairs and Energy in November 2019 and the Franco-German Manifesto for a European Industrial Policy for the 21st Century. The focus here is on the question of how the EU and its member states can maintain their innovative and thus competitive ability in the face of diverse challenges. However, there is no standard recipe for building and expanding the innovative capacity of an economy. Different countries rely on different strategies that can be equally successful. An important distinguishing feature is the role of the state. A clear example of divergent innovation models are China and the USA. Although both countries have completely different approaches to an innovation-promoting industrial policy, both models are characterized by major technological successes. With an analysis of the Chinese and American innovation system, this study highlights the main features and success factors of both innovation models and discusses whether and to what extent these factors are transferable to the European and German case. Five fields of action for an innovation-promoting industrial policy in the EU and Germany emerge from this analysis • Implementation of a long-term innovation strategy • Expansion of venture capital • Expansion of cluster approaches at EU level • Thinking and strengthening of cybersecurity at EU level • Creation of uniform and fair conditions for competition In addition to these fields of action, which are relevant both for the EU and for individual member states, industrial policy measures in the following three areas could be useful for Germany. In particular: • Improvement of framework conditions for research and development • Gearing the education and research system more strongly towards entrepreneurship and innovation • State as a pioneer and trailblazer in new technologies In their implementation, however, strategic European and German industrial policies face a trade-off between the protection and promotion of legitimate self-interests on the one hand and the defense against economically damaging protectionism and ill-considered state interventionism on the other. The so-called “mission orientation” can make a significant contribution here: Accordingly, industrial policy should serve to address specific societal challenges (e. g. globalization, digitization, demographic change, climate change) and be coherently targeted towards these objectives. Furthermore, industrial policy is to be driven in parallel by different actors. Above all, it is a joint task of business and politics to enable a competitive business location where the state ensures good competition- promoting framework conditions and the private actors implement concrete actions

Cybersecurity for Manufacturers: Securing the Digitized and Connected Factory

As manufacturing becomes increasingly digitized and data-driven, manufacturers will find themselves at serious risk. Although there has yet to be a major successful cyberattack on a U.S. manufacturing operation, threats continue to rise. The complexities of multi-organizational dependencies and data-management in modern supply chains mean that vulnerabilities are multiplying. There is widespread agreement among manufacturers, government agencies, cybersecurity firms, and leading academic computer science departments that U.S. industrial firms are doing too little to address these looming challenges. Unfortunately, manufacturers in general do not see themselves to be at particular risk. This lack of recognition of the threat may represent the greatest risk of cybersecurity failure for manufacturers. Public and private stakeholders must act before a significant attack on U.S. manufacturers provides a wake-up call. Cybersecurity for the manufacturing supply chain is a particularly serious need. Manufacturing supply chains are connected, integrated, and interdependent; security of the entire supply chain depends on security at the local factory level. Increasing digitization in manufacturing— especially with the rise of Digital Manufacturing, Smart Manufacturing, the Smart Factory, and Industry 4.0, combined with broader market trends such as the Internet of Things (IoT)— exponentially increases connectedness. At the same time, the diversity of manufacturers—from large, sophisticated corporations to small job shops—creates weakest-link vulnerabilities that can be addressed most effectively by public-private partnerships. Experts consulted in the development of this report called for more holistic thinking in industrial cybersecurity: improvements to technologies, management practices, workforce training, and learning processes that span units and supply chains. Solving the emerging security challenges will require commitment to continuous improvement, as well as investments in research and development (R&D) and threat-awareness initiatives. This holistic thinking should be applied across interoperating units and supply chains.National Science Foundation, Grant No. 1552534https://deepblue.lib.umich.edu/bitstream/2027.42/145442/1/MForesight_CybersecurityReport_Web.pd

Ensuring American Manufacturing Leadership Through Next-Generation Supply Chains

Suppliers now account for 50-70 percent of a typical manufacturer’s final production value. How U.S. manufacturers manage their supply chains has been the key to offshoring production and will be the key to rebuilding a robust manufacturing sector. Traditional purchasing practices, in which buying decisions are based on the lowest unit cost with acceptable quality and delivery, drove much of the shift to Asian suppliers. As Asian capabilities progressed, a more diverse range of products were imported from Asia, mostly China. Some U.S. suppliers responded by building production facilities or contracting production in China, while others, unable to compete, failed. The number of U.S. manufacturing establishments, 292,825 in 2015, has declined by more than 41,000 since 2005. A growing number of U.S. manufacturers, however, have recognized that this model of supply chain management does not provide a sustainable competitive advantage. If their products are made in the same factories as those of their competitors, product differentiation too often has become superficial. Regaining a competitive edge requires a different approach to managing suppliers, one in which the total supply chain is managed to maximize value. Suppliers are treated as partners, contributing design and engineering ideas. Manufacturing capacity, production planning, and delivery schedules are closely coordinated. Rather than a strict focus on low unit price, broader considerations of cost, flexibility, consistency, and risk minimization—collectively known as Total Cost of Ownership—drives purchasing decisions, at least for high-value parts and components. Many specific tools and techniques for building strong supplier partnerships have been created, and could be more widely used with appropriate training and information sharing.National Science Foundation, Grant No. 1552534https://deepblue.lib.umich.edu/bitstream/2027.42/145153/1/SupplyChainReport_Digital_FINAL_reduced.pdfDescription of SupplyChainReport_Digital_FINAL_reduced.pdf : Repor