EU cybersecurity capacity building in the Mediterranean and the Middle East

Cyberthreats on the Rise The 2008 Report on the implementation of the European Security Strategy included “cybersecurity” for the first time among the priorities of the EU’s external action, stating that: “modern economies are heavily reliant on critical infrastructure including transport, communication and power supplies, but also the Internet.” If the EU Strategy for a Secure Information Society, adopted two years before, already addressed “cybercrime,” the proliferation of cyber-attacks “against private or government IT systems” gave the spread of cyber-capabilities a “new dimension, as a potential new economic, political and military weapon.” An EU Cybersecurity Strategy was adopted in 20132 followed, in 2016, by a first EU “Directive on Security of Network and Information Systems,” known as the “NIS Directive,” which harmonized the EU Member States’ legislations

Dynamic cyber-incident response

Permission to make digital or hard copies of this publication for internal use within NATO and for personal or educational use when for non-profi t or non-commercial purposes is granted providing that copies bear this notice and a full citation on the first page. Any other reproduction or transmission requires prior written permission by NATO CCD COE.Traditional cyber-incident response models have not changed significantly since the early days of the Computer Incident Response with even the most recent incident response life cycle model advocated by the US National Institute of Standards and Technology (Cichonski, Millar, Grance, & Scarfone, 2012) bearing a striking resemblance to the models proposed by early leaders in the field e.g. Carnegie-Mellon University (West-Brown, et al., 2003) and the SANS Institute (Northcutt, 2003). Whilst serving the purpose of producing coherent and effective response plans, these models appear to be created from the perspectives of Computer Security professionals with no referenced academic grounding. They attempt to defend against, halt and recover from a cyber-attack as quickly as possible. However, other actors inside an organisation may have priorities which conflict with these traditional approaches and may ultimately better serve the longer-term goals and objectives of an organisation

A return on investment: the future of police cooperation between Australia and Indonesia

This Special Report presents a strategy for the future relationship between Indonesia’s National Police—known as POLRI—and the Australian Federal Police (AFP). It draws on 60 interviews with current and retired police officers, officials from other Australian and Indonesian agencies, and academic experts in related fields. The report presents a strategy for the future POLRI–AFP relationship in two parts. The first paperexamines the near term to early 2015. POLRI and the AFP should first aim to restore full trust and cooperation in all relevant policing areas, especially in cybercrime. Early initiatives could include a 10‑year celebration for the Jakarta Centre for Law Enforcement Cooperation, workshops for future AFP and POLRI leaders, and a request for POLRI officers to support the AFP during the G20 meeting in November 2014. It would also be worth sponsoring an international ‘needs analysis’ for POLRI. Reinstating funding for the Law Enforcement Cooperation Program is needed to promote the AFP’s flexibility and responsiveness during this time. The second paper provides background, tracing the remarkable relationship between the Australian Federal Police and the Indonesian National Police from its early days, where the focus was on information sharing, through a journey into joint operations. The paper describes the numerous capability cooperation initiatives that the forces have undertaken, especially since 2002, and charts both successes and times where cooperation didn’t necessarily deliver as intended

Learning the lessons from the developed world: e-banking security in Nigeria

In the past decade banks invested heavily in internet technology so as to engage in e-business and e-commerce activities. However, this development exposed banks to threats, such as online fraud. Consequently, there was a need to adopt security measures and controls to mitigate such threats. Banks in developed countries have developed a level of ‘best practice’ to reduce such online threats. The objective of this study was to explore the extent to which banks in the developing world were benefitting from the experiences of banks in the developed world in terms of how they address online security threats. Case studies of two Nigerian Banks were undertaken using interviews and short questionnaire. The findings show respondents perceived the level of threats to e-banking in Nigeria to be low. When adopting e-banking security controls, the case study banks placed more emphasis on the technical dimension than the human dimension. Senior management commitment is a significant barrier to adopting best practice, which is highlighted in limited financial resources being provided for new investment in training or customer education. The study concludes that senior managers need to change their perceptions and priorities towards IT security to reduce the vulnerability of their e-banking services

Europe ́s Coherence Gap in External Crisis and Conflict Management The EU’s Integrated Approach between Political Rhetoric and Institutional Practice. November 2019

The European Union (EU) aspires to play a part in conflict prevention, crisis management and post-conflict peace- building through civil and/or military operations, through stabilisation efforts, and by building resilience at home and abroad. To bring this ambition to fruition, EU institutions have gradually expanded their ‘comprehensive approach to external conflict and crisis’ (CA) to become a full-fledged ‘integrated approach to conflict and crisis’ (IA).1 In their most basic form, CAs seek coordination and coherence in responding to external conflicts and crises by adopting a system-wide ‘whole-of-government approach’ (WGA). In their more elaborate form, IAs have incorpo- rated non-traditional security concepts, variously known as conflict transformation, (non-liberal) peacebuilding and human-security approaches. In their most expansive form, IAs may even be understood to apply to external action writ large

Expanding alliance: ANZUS cooperation and Asia–Pacific security

Is an alliance conceived as a bulwark against a resurgence of Japanese militarism and which cut its military and intelligence teeth in the Cold War is still relevant to today’s strategic concerns? Overview The alliance between Australia and the US, underpinned by the formal ANZUS Treaty of 1951, continues to be a central part of Australian defence and security thinking and an instrument of American policy in the Asia–Pacific. How is it that an alliance conceived as a bulwark against a resurgence of Japanese militarism and which cut its military and intelligence teeth in the Cold War is still relevant to today’s strategic concerns? The answer is partly—and importantly—that the core values of the ANZUS members are strongly aligned, and successive Australian governments and American presidential administrations have seen great value in working with like-minded partners to ensure Asia–Pacific security. Far from becoming a historical curiosity, today it’s not just relevant, but of greater importance than has been the case in the past few decades. To explore new ideas on how to strengthen the US–Australia alliance, ASPI conducted a high-level strategic dialogue in Honolulu in July this year. Discussions canvassed the future strategic environment; the forthcoming Australian Defence White Paper; budget, sovereignty and expectation risks; and cooperation in the maritime, land, air, cyber, space and intelligence domains. A key purpose of the Honolulu dialogue was to help ASPI develop policy recommendations on the alliance relationship for government. This report is the product of those discussions

The EU's dialogue on migration, mobility, and security with the Southern Mediterranean: filling the gaps in the global approach to migration. CEPS Liberty and Security in Europe, June 2011

Recent events in North Africa and the Mediterranean have had consequences in terms of human mobility, and are putting the foundations and components of EU’s migration policy under strain. The forthcoming European Council summit of 23-24 June 2011 is expected to determine ‘the orientations for further work’ under the Polish Presidency and the next JHA Trio Presidency Programme for the EU’s policies on crossborder migration in the Mediterranean and internal mobility within the scope of the Schengen regime. This paper constitutes a contribution to current and future EU policy discussions and responses on migration, mobility and security. It provides a synthesised selection of recommendations in these domains resulting from the research conducted by the Justice and Home Affairs (JHA) Section of the Centre for European Policy Studies (CEPS) during the last nine years of work. This Policy Brief argues that for the EU’s Global Approach to Migration to be able to satisfactorily address its unfinished elements and policy incoherencies, the Union needs to devise and develop common policy strategies focused on: first, new enforcement and independent evaluation mechanisms on the implementation of the European law on free movement, borders and migration, and the compatibility of EU member states and EU agencies’ actions with the EU Charter of Fundamental Rights. And second, the development of a kind of cooperation (dialogue) with third states that goes beyond security-centred priorities and that is solidly based on facilitating human mobility, consolidating fundamental rights and the general principles of the rule of law upon which the EU legal system is founded

A web of harms: serious and organised crime and its impact on Australian interests

Overview This report analyses serious, transnational and organised crime and the harms it causes to Australia’s interest, with the aim of reinvigorating a discussion of this critical matter amongst Australians. This web impacts on our national interests to the sum of an estimated $15 billion per year. That very conservative estimate includes costs to government through denied revenue and increased law enforcement costs. But there are also social, health and economic harms to individuals, community and business. The report poses a series of questions to be considered by the community, business and government

The European Union as a Cybersecurity Actor

The working paper discusses the challenges facing the European Union as it seeks to become a more active player in the field of cybersecurity. It outlines the concept of cybersecurity and the various approaches to cybersecurity governance. It then discusses the EU’s approach to cybersecurity issues, focusing on three elements: cybercrime, network and information security, and cyber-defence. Although a relative newcomer on the scene, the EU has made strides towards establishing a coherent policy framework across these areas. The EU is also developing a role in cyber defence, a field that has been largely left to the Member States. It finally analyses the external dimension of cybersecurity policy, and argues that the EU can influence the development of international norms. EU policy must also deal with the political and diplomatic dimension, especially as threats of state-sponsored cyber attacks increase