Cybercrimes in the aftermath of COVID-19: Present concerns and future directions

Cybercrimes are broadly defined as criminal activities carried out using computers or computer networks. Given the rapid and considerable shifts in Internet use and the impact of the COVID-19 pandemic on cybercrime rates, online behaviours have attracted increased public and policy attention. In this article, we map the landscape of cybercrime in the UK by first reviewing legislation and policy, as well as examine barriers to reporting and address investigative challenges. Given the indisputable rise in cybercrime and its mental health impacts, we propose a four-facet approach for research and practice in this field with an eye to systemic shifts and strategies to combat cybercrime holistically: community alliances and social support, state intervention, and infrastructural sensitivity to user diversity. Lastly, empirical evidence from research guides the design of data-driven technology and provision of advice/interventions to provide a safer digital landscape — hence the importance for more informative research

Cybersecurity: mapping the ethical terrain

This edited collection examines the ethical trade-offs involved in cybersecurity: between security and privacy; individual rights and the good of a society; and between the types of burdens placed on particular groups in order to protect others. Foreword Governments and society are increasingly reliant on cyber systems. Yet the more reliant we are upon cyber systems, the more vulnerable we are to serious harm should these systems be attacked or used in an attack. This problem of reliance and vulnerability is driving a concern with securing cyberspace. For example, a ‘cybersecurity’ team now forms part of the US Secret Service. Its job is to respond to cyber-attacks in specific environments such as elevators in a building that hosts politically vulnerable individuals, for example, state representatives. Cybersecurity aims to protect cyberinfrastructure from cyber-attacks; the concerning aspect of the threat from cyber-attack is the potential for serious harm that damage to cyber-infrastructure presents to resources and people. These types of threats to cybersecurity might simply target information and communication systems: a distributed denial of service (DDoS) attack on a government website does not harm a website in any direct way, but prevents its normal use by stifling the ability of users to connect to the site. Alternatively, cyber-attacks might disrupt physical devices or resources, such as the Stuxnet virus, which caused the malfunction and destruction of Iranian nuclear centrifuges. Cyber-attacks might also enhance activities that are enabled through cyberspace, such as the use of online media by extremists to recruit members and promote radicalisation. Cyber-attacks are diverse: as a result, cybersecurity requires a comparable diversity of approaches. Cyber-attacks can have powerful impacts on people’s lives, and so—in liberal democratic societies at least—governments have a duty to ensure cybersecurity in order to protect the inhabitants within their own jurisdiction and, arguably, the people of other nations. But, as recent events following the revelations of Edward Snowden have demonstrated, there is a risk that the governmental pursuit of cybersecurity might overstep the mark and subvert fundamental privacy rights. Popular comment on these episodes advocates transparency of government processes, yet given that cybersecurity risks represent major challenges to national security, it is unlikely that simple transparency will suffice. Managing the risks of cybersecurity involves trade-offs: between security and privacy; individual rights and the good of a society; and types of burdens placed on particular groups in order to protect others. These trade-offs are often ethical trade-offs, involving questions of how we act, what values we should aim to promote, and what means of anticipating and responding to the risks are reasonably—and publicly—justifiable. This Occasional Paper (prepared for the National Security College) provides a brief conceptual analysis of cybersecurity, demonstrates the relevance of ethics to cybersecurity and outlines various ways in which to approach ethical decision-making when responding to cyber-attacks

UK cyber security and critical national infrastructure protection

This article is intended to aid the UK government in protecting the UK from cyber attacks on its Critical National Infrastructure. With a National Cyber Security Centre now being established and an updated National Cyber Security Strategy due in 2016, it is vital for the UK government to take the right approach. This article seeks to inform this approach by outlining the scope of the problems Britain faces and what action the UK government is taking to combat these threats. In doing so, it offers a series of recommendations designed to further help mitigate these threats, drive up cyber resiliency and aid recovery plans should they be required. It argues that complete engagement and partnership with private sector owner–operators of Critical National Infrastructure are vital to the success of the government's National Cyber Security Strategy. It makes the case that for cyber resiliency to be fully effective, action is needed at national and global levels requiring states and private industry better to comprehend the threat environment and the risks facing Critical National Infrastructure from cyber attacks and those responsible for them. These are problems for all developed and developing states

European Crime Prevention monitor 2016: Organised Crime

In this sixth monitor, the European Crime Prevention Network focusses on organised crime. Organised crime is a threat to citizens, businesses, state institutions as well as the economy as a whole. It not only menaces peace and human security, it also undermines economic, social, cultural, political and civil development of societies around the world and violates human rights. Organised crime is a broad, complex and multifaceted phenomenon which can touch upon various areas of life. Organised crime covers a wide range of phenomena, including trafficking in drugs, firearms and even persons. At the same time, organised crime groups exploit human mobility to smuggle migrants and undermine financial systems through money laundering. Therefore, it is not easy to get an overview of this phenomenon. To amend this, this monitor report provides an overview of the relevant existing data available on ‘organised crime’ at the EU level and also focuses on the main trends and levels op perceptions, experiences and recorded levels of ‘organised crime’ in the EU Member States

Cyber security responsibilization:an evaluation of the intervention approaches adopted by the Five Eyes countries and China

Governments can intervene to a greater or lesser extent in managing the risks their citizens face. They can adopt a maximal intervention approach (e.g. COVID-19) or a handsoff approach, effectively “responsibilizing” their citizens (e.g. unemployment). To manage the cyber risk, governments publish cyber-related policies. The question that we wanted to answer was: “What intervention stances do governments adopt in supporting individual citizens managing their personal cyber risk?” We pinpointed the cyber-related responsibilities that several governments espoused, applying a “responsibilization” analysis. We identified those that applied to citizens, and thereby revealed their cyber-related intervention stances. Our analysis revealed that most governments adopt a minimal cyber-related intervention stance in supporting their individual citizens. Given the increasing number of successful cyber attacks on individuals, it seems time for the consequences of this stance to be acknowledged and reconsidered. We argue that governments should support individual citizens more effectively in dealing with cyber threats

UK cybercrime, victims and reporting : a systematic review

Individuals and organisations based in the United Kingdom often fall foul of cyber criminals. Unfortunately, these kinds of crimes are under-reported [66][115][123]. This under-reporting hampers the ability of crime fighting units to gauge the full extent of the problem, as well as their ability to pursue and apprehend cyber criminals [13][77]. To comprehend cybercrime under-reporting, we need to explore the nature of United Kingdom’s (henceforth: UK) cybercrime and its impact on UK-based victims. We investigated the entire landscape by carrying out a systematic literature review, covering both academic and grey literature. In our review, we sought to answer three research questions: (1) What characterises cybercrime in the UK? (2) What is known about UK cybercrime victims? and (3) What influences and deters cybercrime reporting in the UK? Our investigation revealed three types of reportable cybercrime, depending on the targets: (a) individuals, (b) private organisations, and (c) public organisations. Victimhood varies with various identified dimensions, such as: vulnerability aspects, psychological perspectives, age-related differences, and researcher attempts to model the victims of cybercrime. We also explored UK victims’ reported experiences in dealing with the consequences of falling victim to a cybercrime. In terms of cybercrime reporting, we identify three kinds of reporting: (a) Human-To-Human, (b) Human-To-Machine, and (c) Machine-To-Machine. In examining factors deterring reporting, we incorporate discussions of policing, and the challenges UK police forces face in coping with this relatively novel crime. Unlike traditional crimes, perpetrators possess sophisticated technological skills and reside outside of UK’s police jurisdiction. We discovered a strong social dimension to reporting incidence with the UK government‘s cyber responsibilization agenda likely playing a major role in deterring reporting. This strategy involves governments providing a great deal of advice and then expecting citizens to take care of their own cybersecurity. If they do not act on the advice, they should know that they will have to accept the consequences. Improvements in cybercrime reporting, to date, have been technologically focused. This neglects the social dimensions of cybercrime victimhood and does not acknowledge the reporting-deterring side effects of the UK's cyber responsibilization agenda. We conclude with suggestions for improving cybercrime reporting in the UK

Europeanization processes regarding matters of cybersecurity: The case of Portugal

In a world that receives technology with open arms, the issue of cybersecurity has increasingly become a daily reality and it is necessary to treat it as something essential for the protection of our online presence. Not only in terms of secure internet browsing practices, but also in the implementation of actions that are ready to tackle new and unknown threats: several countries have paid attention to these changes and modified their security policies. In this sense, we intend to use Europeanization in order to understand, in the sphere of European integration, how the European Union affects and influences its Member States in the formulation of measures related to the cybersecurity of its citizens. Hence, Portugal will be used as a case study. This choice stems from the fact that this country contains an unexplored volume of academic literature regarding the topic, in comparison with other larger ones. Therefore, the main objective of this work is precisely to provide a new view on how the EU has shaped the legislative process of a small country, but important nonetheless in its position on the European panorama.Tendo em conta um presente que abraça mais o tecnológico, a questão da cibersegurança tem-se tornado cada vez mais uma realidade diária e é necessário encará-la como algo essencial para a proteção da nossa presença online. Não só a nível de boas práticas de navegação na internet, mas também na implementação de ações prontas para combater novas e desconhecidas ameaças: vários são os países que prestaram atenção a estas mudanças e alteraram as suas políticas de segurança. Pretendemos neste sentido utilizar a Europeização para perceber, na esfera da integração europeia, como é que a União Europeia afeta e influencia os seus Estados-Membros na formulação de medidas relacionadas com a cibersegurança dos seus cidadãos. Seguidamente, é prestada uma atenção especial a Portugal, sendo utilizado como um caso de estudo. Esta escolha advém do facto deste país conter literatura académica ainda por explorar sobre o tema, em comparação com outros de maior dimensão. Sendo assim, o objetivo principal deste trabalho é precisamente proporcionar uma nova visão sobre como a UE tem moldado o processo legislativo de um país pequeno no seu tamanho, mas de qualquer forma importante na sua posição no panorama europeu