The Global Risks Report 2016, 11th Edition

Now in its 11th edition, The Global Risks Report 2016 draws attention to ways that global risks could evolve and interact in the next decade. The year 2016 marks a forceful departure from past findings, as the risks about which the Report has been warning over the past decade are starting to manifest themselves in new, sometimes unexpected ways and harm people, institutions and economies. Warming climate is likely to raise this year's temperature to 1° Celsius above the pre-industrial era, 60 million people, equivalent to the world's 24th largest country and largest number in recent history, are forcibly displaced, and crimes in cyberspace cost the global economy an estimated US$445 billion, higher than many economies' national incomes. In this context, the Reportcalls for action to build resilience – the "resilience imperative" – and identifies practical examples of how it could be done.The Report also steps back and explores how emerging global risks and major trends, such as climate change, the rise of cyber dependence and income and wealth disparity are impacting already-strained societies by highlighting three clusters of risks as Risks in Focus. As resilience building is helped by the ability to analyse global risks from the perspective of specific stakeholders, the Report also analyses the significance of global risks to the business community at a regional and country-level

Deterring Malicious Behavior in Cyberspace

Recent incidents reveal cyberattacks are being employed and honed in a systematic, coordinated fashion to achieve the objectives of malicious actors. Deterrence of the wide array of actors in cyberspace is difficult, since deterrence has to work in the mind of the attacker. Each attacker will weigh the effort of the attack against the expected benefit under their own criteria or rationality. This article analyzes whether the contemporary and complementary deterrence strategies of retaliation, denial, and entanglement are sufficient to deter malicious cyber actors or if the alternative of active cyberdefense is necessary and viable

A STUDY ON EFFECTIVE COUNTERMEASURES AGAINST CYBER ATTACKS IN SOUTH KOREA

Based on U.S. cybersecurity policy, this thesis proposes effective countermeasures for the Republic of Korea (ROK) to prepare for, deter, and recover from cyber threats posed by North Korea. This study identifies the most dangerous North Korean cyber strikes facing South Korea by reviewing several cases of North Korean cyberattacks, the ROK’s countermeasures, and the severity of the damage caused by the attacks. The study builds on the writings of academics and subject matter experts as well as publicly available government policy documents, although specifics on policy are limited due to national security concerns. In addition, the study acknowledges how the cybersecurity paradigm has shifted as a result of U.S. planning, reaction to, and establishment of follow-up measures for an attack of a similar type by a cyber superpower. The strategy of deterring an opponent's operations based on the past has evolved into a strategy of preparing for enemy attacks through information sharing and preemptive defense measures, and counterattack by rapid recovery and identification of the enemy through resilience and with tracking technologies. Although the ROK is a country with well-developed information technology, its cybersecurity knowledge, systems, and technology remain weak in comparison to North Korea's abilities. Consequently, it is conceivable that the ROK can respond effectively to North Korea’s cyber threats by applying the lessons learned from the United States.Major, Republic of Korea Air ForceApproved for public release. Distribution is unlimited

A Retrospective Analysis of Maritime Cyber Security Incidents

The maritime industry is undergoing a rapid evolution through the introduction of new technology and the digitization of existing services. At the same time, the digital attack surface is increasing, and incidents can lead to severe consequences. This study analyses and gives an overview of 46 maritime cyber security incidents from the last decade (2010-2020). We have collected information from open publications and reports, as well as anonymized data from insurance claims. Each incident is linked to a taxonomy of attack points related to onboard or off-ship systems, and the characteristics have been used to create a Top-10 list of maritime cyber threats. The results show that the maritime sector typically has incidents with low frequency and high impact, which makes them hard to predict and prepare for. We also infer that different types of attackers use a variety of attack points and techniques, hence there is no single solution to this problem.publishedVersio

Cyber defensive capacity and capability::A perspective from the financial sector of a small state

This thesis explores ways in which the financial sectors of small states are able todefend themselves against ever-growing cyber threats, as well as ways these states can improve their cyber defense capability in order to withstand current andfuture attacks. To date, the context of small states in general is understudied. This study presents the challenges faced by financial sectors in small states with regard to withstanding cyberattacks. This study applies a mixed method approach through the use of various surveys, brainstorming sessions with financial sector focus groups, interviews with critical infrastructure stakeholders, a literature review, a comparative analysis of secondary data and a theoretical narrative review. The findings suggest that, for the Aruban financial sector, compliance is important, as with minimal drivers, precautionary behavior is significant. Countermeasures of formal, informal, and technical controls need to be in place. This study indicates the view that defending a small state such as Aruba is challenging, yet enough economic indicators indicate it not being outside the realm of possibility. On a theoretical level, this thesis proposes a conceptual “whole-of-cyber” model inspired by military science and the VSM (Viable Systems Model). The concept of fighting power components and governance S4 function form cyber defensive capacity’s shield and capability. The “whole-of-cyber” approach may be a good way to compensate for the lack of resources of small states. Collaboration may be an only out, as the fastest-growing need will be for advanced IT skillsets