Japan's Changing Cybersecurity Landscape

Japan's cybersecurity efforts have been lacking compared to other advanced economies, but the country is now taking more aggressive steps to address this deficiency

Regulating Healthcare Robots: Maximizing Opportunities While Minimizing Risks

Some of the most dynamic areas of robotics research and development today are healthcare applications. Robot-assisted surgery, robotic nurses, in-home rehabilitation, and eldercare robots\u27 are all demonstrating rapidly iterating innovation. Rising healthcare labor costs and an aging population will increase demand for these human surrogates and enhancements. However, like many emerging technologies, robots are difficult to place within existing regulatory frameworks. For example, the federal Food, Drug, and Cosmetic Act (FD&C Act) seeks to ensure that medical devices (few of which are consumer devices) are safe, the HIPAA Privacy and Security Rules apply to data collected by health care providers (but not most consumer-facing hardware or software developers), and state licensing statutes oversee the conduct of doctors and nurses who, heretofore, have all been human beings

Development Status of Digital Economy in Northeast Asian Countries and China’s Opportunities

With the vigorous development of digital technology, the development of the digital economy has become an important component of the global economy. Against the background of negative growth of major global economies hit hard by the COVID-19 epidemic, the steadily rising digital economy has become a key force to boost the global economy and an important engine to promote global economic development. Northeast Asian countries should use the dividends released by the digital economy to promote the coordinated development of digital technology innovation within the region, respond to technological revolution and industrial transformation, and build new international competitive advantages. This article provides a detailed overview of the current development status of digital economy in various countries in Northeast Asia, analyzes the challenges faced by countries in the region in developing cross-border digital economic and trade cooperation from three aspects: political mutual trust, digital divide, and network security. It further proposes to build a cross-border digital service trade platform in Northeast Asia, establish a China North Russia Far East digital free trade zone, so as to promote the deepening of cooperation and common development in digital trade within the region

EU Data Governance: Preserving Global Privacy in the Age of Surveillance

The thesis explores the EU’s Global Data Protection Regulation (GDPR), its human rights approach to data privacy, and its diffusion around the world. It asks the question: why would any nation, authoritarian or democratic, adopt Europe’s data privacy framework as a model for their country’s data governance? Accessing the theoretical frameworks of the Brussels Effect and the New Interde-pendence Approach, the research considers country case studies on China, Japan, and the US, comparing the different motivations and structural conditions that dictate how these three countries have adopted and adapted the GDPR framework. It finds a vastly different set of conditions for adopting the GDPR data privacy framework, none of which can be explained fully by either the Brussels Effect or the New Interdependence Approach. It also finds that none of the three countries embrace the language of human rights in their data privacy legislation. Of all the three countries, Japan has converged most closely with the GDPR in letter and spirit over time. While China’s legislation bears all the key features of the GDPR, the de facto reality is that data privacy regulation is a tool of state control. The United States case shows how a changing global environment forced the U.S. legislators to retreat from their market-driven approach to data governance in the direction of GDPR-like regulation

CROSS-BORDER DATA TRANSFER REGULATION: A COMPARATIVE STUDY OF CHINA AND EUROPE

With the so-called Industry 4.0 revolution ongoing, end-to-end digitalisation of all assets and integration into a digital ecosystem led the world to the unprecedented increases in connectivity and global flows. Cross-border data flow has become the cornerstone of the cross-border economy, especially for digital products. Without cross-border data flow, there will be no transactions. As a result, governments have started updating the data-related policies, such as restrictive measures for data cross-border flows or rules to mandate local data storage. Against this background, this study focuses on emerging research topics, starting with contemporary public policies on the cross-border data transfer. The objective is to examine whether the policymakers from both regions could better achieve their goals of promoting digital economy by establishing a mutual understanding with the industrial entities, while maintaining the balance between the protection of personal information and the innovation in digital markets. For that purpose, this research explores the historical development of data transfer regulatory measures in China, the EU and the U.S., studied the specific challenges they are encountering in the data globalisation era. Part I studied the evolvement of the CBDT rules. It is pointed out that the CBDT regulation is a technology-led phenomenon yet not novel. It is an emerging threat to privacy posed by the development of technology, thus attracted the scrutiny from the public and the authorities. The CBDT regulation reflects the enforcement of national jurisdiction in the cyberspace, which does not enjoy an indisputable general consensus in the contemporary international law. The rulemaking of CBDT cannot avoid the controversial debate over the legitimacy of state supervision of the network. CBDT regulation is originated from the protection of personal data in the EU, yet the disagreement with regard to its philosophy is derived from the conflict of different legislative values, that is, different legislators have different understandings of the freedom of free flow of information and the right to personal information. The author also questioned the rationale of the EU data transfer rules by discussing the target validity of the current rules, that is, the target validity for data protection. Part II compared the EU and China\u2019s data protection laws as well as the CBDT rules respectively. Challenges that CBDT restriction measures might face are listed, since the data transborder transmission is not a legislative measure by nature. In the process of rulemaking and implementation existed dual pressures from domestic and abroad, categorised as technological, international legislative and theoretical challenges. Theoretically, Cyberspace does not have a boundary similar to a physical space, the theoretical premise that the EU CBDT rules ignored is that the state must control the transborder transmission of data by setting the borders. Thus, for China, two aspects must be addressed: is there an independent cyberspace law, and where is the boundary between the virtual and real world. International legislative challenges arise from the oversea data access of the U.S. government. The EU CBDT framework has limited impact when facing such data access under the cover of FISA and CLOUD Act of the U.S. Particularly, this dissertation discussed the potentials for a free flow of data transfer mechanism between the EU and China. It is worth exploring the possibility for a region-based bilateral collaboration, such as a free trade zone in China, to seek for the EU Commission\u2019s recognition of adequate level of protection of personal information. For general data-intensive entities, binding corporate rules and standard contractual clauses are still the preferrable approaches. Part III examines the data protection implementation and data transfer compliance in the context of the HEART project. By analysing the use-cases the HEART deployed, as well as the architecture that it proposed, Chapter 6 studies the privacy-enhancing measures from both the organisational and technical perspectives. Specifically, the data classification system and dynamic data security assessments are proposed. Chapter 7 studied the use case of federated recommender system within the HEART platform and its potentials for the promotion of GDPR compliance. The recommender system is thoroughly analysed under the requirements of the GDPR, including the fundamental data processing principles and threat assessment within the data processing

Winter 2016

https://scholar.rose-hulman.edu/rose_echoes/1095/thumbnail.jp

The importance to manage data protection in the right way: Problems and solutions

Information and communication technology (ICT) has made remarkable impact on the society, especially on companies and organizations. The use of computers, databases, servers, and other technologies has made an evolution on the way of storing, processing, and transferring data. However, companies access and share their data on internet or intranet, thus there is a critical need to protect this data from destructive forces and from the unwanted actions of unauthorized users. This thesis groups a set of solutions proposed, from a company point of view, to reach the goal of \u201cManaging data protection\u201d. The work presented in this thesis represents a set of security solutions, which focuses on the management of data protection taking into account both the organizational and technological side. The work achieved can be divided into set of goals that are obtained particularly from the needs of the research community. This thesis handles the issue of managing data protection in a systematic way, through proposing a Data protection management approach, aiming to protect the data from both the organizational and the technological side, which was inspired by the ISO 27001 requirements. An Information Security Management System (ISMS) is then presented implementing this approach, an ISMS consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization\u2019s information security to achieve business objectives, The goal of ISMS is to minimize risk and ensure continuity by pro-actively limiting the impact of a security breach. To be well-prepared to the potential threats that could occur to an organization, it is important to adopt an ISMS that helps in managing the data protection process, and in saving time and effort, minimizes cost of any loss. After that, a comprehensive framework is designed for the security risk management of Cyber Physical Systems (CPSs), this framework represents the strategy used to manage the security risk management, and it falls inside the ISMS as a security strategy. Traditional IT risk assessment methods can do the job (security risk management for a CPS); however, and because of the characteristics of a CPS, it is more efficient to adopt a solution that is wider than a method that addresses the type, functionalities and complexity of a CPS. Therefore, there is a critical need to follow a solution that breaks the restriction to a traditional risk assessment method, and so a high-level framework is proposed, it encompasses wider set of procedures and gives a great attention to the cybersecurity of these systems, which consequently leads to the safety of the physical world. In addition, inside the ISMS, another part of the work takes place, suggesting the guidelines to select an applicable Security Incident and Event Management (SIEM) solution. It also proposes an approach that aims to support companies seeking to adopt SIEM systems into their environments, suggesting suitable answers to preferred requirements that are believed to be valuable prerequisites a SIEM system should have; and to suggest criteria to judge SIEM systems using an evaluation process composed of quantitative and qualitative methods. This approach, unlike others, is customer driven which means that customer needs are taken into account when following the whole approach, specifically when defining the requirements and then evaluating the suppliers\u2019 solutions. At the end, a research activity was carried out aiming classify web attacks on the network level, since any information about the attackers might be helpful and worth a lot to the cyber security analysts. And so, using network statistical fingerprints and machine learning techniques, a two-layers classification system is designed to detect the type of the web attack and the type of software used by the attackers