A Strategic Decision for Information Security

A utilização de recursos informáticos é a estratégia mais comum à maioria das organizações para gerirem os seus ativos e propriedade intelectual. Esta decisão estratégica implica a sua exposição ao exterior através de canais de comunicação (infraestrutura de dados). McDermott e Redish (1999), descrevem a terceira lei de Newton como o princípio da ação - reação, as organizações ao exporem a sua infraestrutura ao exterior despoletaram, como reação, estranhos quererem aceder à sua infraestrutura para diversos fins, seja como puro divertimento, detetarem fragilidades ou, mais relevante para este trabalho, roubarem ativos/propriedade intelectual e criarem uma disrupção no serviços. As organizações sentem necessidade de se protegerem contra estes estranhos/ataques ao implementarem estratégias de segurança, mas a realidade é que as linhas de defesa da rede são permeáveis e as arquiteturas de segurança não são suficientemente dinâmicas para travar as ameaças existentes. Uma estratégia de segurança informática baseada na tecnologia “Deception” poderá permitir de uma forma rápida detetar, analisar e defender as redes organizacionais contra-ataquesem tempo real. Esta tecnologia “Deception” poderá oferecer informações precisas sobre “malware” e atividades maliciosas não detetadas por outros tipos de defesa cibernética. Este trabalho pretende explorar esta estratégia recente baseada em “Deception”, que pretende ser diferenciadora face à panóplia de dispositivos/software de segurança informática existentes. Como resultados, pretende-se elaborar uma análise onde as organizações possam perceber a tecnologia “Deception” nas suas vertentes da eficácia, eficiência e o seu valor estratégico para que, eventualmente, a possam utilizar para suportar/adicionar valor a uma decisão de estratégia de segurança informática.The use of Information Technology (IT) resources are the common approach for most organizations so they assets and intellectual property are properly managed. This strategic decision implies its exposure to the outside world through the data infrastructure. McDermott and Redish (1999), described the third Newton’s law as the principle of action- reaction, when organizations expose their infrastructure to the outside world and, as a response, strangers want to access their infrastructure for various purposes, either as pure fun, detect weaknesses or, more relevant for this work, steal assets/intellectual property. Organizations feel the need to protect themselves against these strangers/attacks by implementing security strategies, but truly, the network's first defense lines are permeable, and the security architectures are not dynamic enough to face existing or future threats. A Deception-based technology could enable the organizations to quickly detect, analyze and defend organizational networks against real-time attacks. Deception technology may provide accurate information on malware and malicious activity not detected by other types of cyber defense. This work intends to explore a new technology, Deception, that claims a differentiation when compared with the range of existing information security suite. The types of cyber-threats and their materialization could be relevant to the information technology and risk analysis. Thus, the intent is to elaborate an analysis where organizations can understand the Deception technology, his effectiveness, and strategic value so they can, eventually, use it to support/add value to a decision regarding information security strategy

Cross Domain IW Threats to SOF Maritime Missions: Implications for U.S. SOF

As cyber vulnerabilities proliferate with the expansion of connected devices, wherein security is often forsaken for ease of use, Special Operations Forces (SOF) cannot escape the obvious, massive risk that they are assuming by incorporating emerging technologies into their toolkits. This is especially true in the maritime sector where SOF operates nearshore in littoral zones. As SOF—in support to the U.S. Navy— increasingly operate in these contested maritime environments, they will gradually encounter more hostile actors looking to exploit digital vulnerabilities. As such, this monograph comes at a perfect time as the world becomes more interconnected but also more vulnerable

Technological Innovation, Data Analytics, and Environmental Enforcement

Technical innovation is ubiquitous in contemporary society and contributes to its extraordinarily dynamic character. Sometimes these innovations have significant effects on the state of the environment or on human health and they have stimulated efforts to develop second order technologies to ameliorate those effects. The development of the automobile and its impact on life in the United States and throughout the world is an example. The story of modern environmental regulation more generally includes chapters filled with examples of similar efforts to respond to an enormous array of technological advances. This Article uses a different lens to consider the role of technological innovation. In particular, it considers how technological advances have the potential to shape governance efforts in the compliance realm. The Article demonstrates that such technological advances – especially new and improved monitoring capacity, advances in information dissemination through e-reporting and other techniques, and improved capacity to analyze information – have significant potential to transform governance efforts to promote compliance. Such transformation is likely to affect not only the “how” of compliance promotion, but also the “who.” Technological innovation is likely to contribute to new thinking about the roles key actors can and should play in promoting compliance with legal norms. The Article discusses some of the potential benefits of these types of technological innovation in the context of the Environmental Protection Agency (EPA)’s ongoing efforts to improve its compliance efforts by taking advantage of emerging technologies. We also identify some of the pitfalls or challenges that agencies such as EPA need to be aware of in opening this emerging bundle of new tools and making use of them to address real-world environmental needs

Technological Innovation, Data Analytics, and Environmental Enforcement

Technical innovation is ubiquitous in contemporary society and contributes to its extraordinarily dynamic character. Sometimes these innovations have significant effects on the state of the environment or on human health and they have stimulated efforts to develop second order technologies to ameliorate those effects. The development of the automobile and its impact on life in the United States and throughout the world is an example. The story of modern environmental regulation more generally includes chapters filled with examples of similar efforts to respond to an enormous array of technological advances. This Article uses a different lens to consider the role of technological innovation. In particular, it considers how technological advances have the potential to shape governance efforts in the compliance realm. The Article demonstrates that such technological advances – especially new and improved monitoring capacity, advances in information dissemination through e-reporting and other techniques, and improved capacity to analyze information – have significant potential to transform governance efforts to promote compliance. Such transformation is likely to affect not only the “how” of compliance promotion, but also the “who.” Technological innovation is likely to contribute to new thinking about the roles key actors can and should play in promoting compliance with legal norms. The Article discusses some of the potential benefits of these types of technological innovation in the context of the Environmental Protection Agency (EPA)’s ongoing efforts to improve its compliance efforts by taking advantage of emerging technologies. We also identify some of the pitfalls or challenges that agencies such as EPA need to be aware of in opening this emerging bundle of new tools and making use of them to address real-world environmental needs

Commodity or Currency: Cryptocurrency Valuation in Bankruptcy and the Trustee\u27s Recovery Powers

Cryptocurrencies have rapidly grown to global prominence over the past decade, inspiring new forms of investments and transactions among entrepreneurs and business novices alike. The rise of cryptocurrencies has naturally led to a rise in businesses and individuals in possession of cryptocurrency assets declaring bankruptcies. The cryptocurrency assets then become part of the bankruptcy estate. As a result, bankruptcy courts are struggling with whether cryptocurrencies are currencies or commodities, a classification that has broad implications for the recovery and valuation of cryptocurrency assets in the event of fraudulent and preferential transfers. This Note argues that bankruptcy courts should treat cryptocurrencies like commodities because this largely eliminates valuation problems when the trustee can recover the cryptocurrency asset itself. A commodity classification, however, will not entirely prevent valuation problems in cases of fraudulent and preferential transfers where physical recovery is not possible. This Note further argues that in cases where bankruptcy courts cannot recover the asset and must therefore recover its value, courts should value the cryptocurrency asset as of the date of the bankruptcy petition

Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 1)

In 2014 NATO’s Center of Excellence-Defence Against Terrorism (COE-DAT) launched the inaugural course on “Critical Infrastructure Protection Against Terrorist Attacks.” As this course garnered increased attendance and interest, the core lecturer team felt the need to update the course in critical infrastructure (CI) taking into account the shift from an emphasis on “protection” of CI assets to “security and resiliency.” What was lacking in the fields of academe, emergency management, and the industry practitioner community was a handbook that leveraged the collective subject matter expertise of the core lecturer team, a handbook that could serve to educate government leaders, state and private-sector owners and operators of critical infrastructure, academicians, and policymakers in NATO and partner countries. Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency is the culmination of such an effort, the first major collaborative research project under a Memorandum of Understanding between the US Army War College Strategic Studies Institute (SSI), and NATO COE-DAT. The research project began in October 2020 with a series of four workshops hosted by SSI. The draft chapters for the book were completed in late January 2022. Little did the research team envision the Russian invasion of Ukraine in February this year. The Russian occupation of the Zaporizhzhya nuclear power plant, successive missile attacks against Ukraine’s electric generation and distribution facilities, rail transport, and cyberattacks against almost every sector of the country’s critical infrastructure have been on world display. Russian use of its gas supplies as a means of economic warfare against Europe—designed to undermine NATO unity and support for Ukraine—is another timely example of why adversaries, nation-states, and terrorists alike target critical infrastructure. Hence, the need for public-private sector partnerships to secure that infrastructure and build the resiliency to sustain it when attacked. Ukraine also highlights the need for NATO allies to understand where vulnerabilities exist in host nation infrastructure that will undermine collective defense and give more urgency to redressing and mitigating those fissures.https://press.armywarcollege.edu/monographs/1951/thumbnail.jp

Cassandra\u27s Curse or Cassandra\u27s Triumph: Three Tales of Intellectual Property Revised

Cassandra’s curse, which assured that her prophesies will come true, but that no one would ever believe her, evokes three major predictions in regard to Intellectual Property in the information era. First, the information era requires no “Law of the Horse”, as phrased by Judge Easterbrook, as a sound law of intellectual property be applicable to digital technologies as well, instead of creating new law for every new step in technology’s evolution. Secondly, Lessig’s seminal “code is law” reframed this dilemma, in reference to private conglomerates versus legislative authority. Thirdly, John Perry Barlow, in his ʻDeclaration of the Independence of Cyberspace’ predicted that selling information, i.e.: wine, will not require any bottles, namely, IP Law. Prima facie, Perry Barlow was over optimistic. Justice Eastbrook succumbed to “The Law of the Horse” in ProCD v. Zeidenberg, in which he preferred the legitimation of the new era’s contract, i.e.: shrink-wrap licenses, over Copyright Law paradigms, and Lessig, who advocated for governmental legal interference, ended up confronting the Digital Millennium Copyright Act (“DMCA”) with partial success in Lenz v. Universal Music Corp. Yet, parallel to the legal axis that led to “code is law” by creating a “para-copyright” through the DMCA and the EU Digital Single Market Directive (“DSM”), that are backed by the monolithic vocabulary of the Enlightenment era, the evolution of the audience axis, that leans on Postmodernist vocabulary, as seen through the “Cultural Dominant” media design in Western culture major stages, from the Greek tragedies to the recent case of Bel-Air (film), defies the former. Hence, tacitly, code creates a new law; not from the superior layer of imposed legislation downward, but from the users’ undercurrent of creativity upward. The transformation of Cassandra’s curse into Cassandra’s triumph will assure that we live free of fear of imaginary bottles, with the ability to create our cultural code as our law of the horse