Responding to cyberattacks: Prospects for the EU Cyber Diplomacy Toolbox. EPC Discussion paper, 18 March 2019

Malicious cyber activities have become a growing threat, a fact that has become more visible in recent years through several massive cyberattacks. While the European Union (EU) has been active in the field of cybersecurity for a number of years, it has not yet put in place diplomatic tools to respond to cyberattacks, nor has it attributed cyberattacks. However, EU member states have made progress in the development of a cyber diplomacy toolbox containing a number of measures, from preventive ones to the use of sanctions. This work needs to be finalised, so that the Union’s toolbox can become operational and used when needed

Cognitive Machine Individualism in a Symbiotic Cybersecurity Policy Framework for the Preservation of Internet of Things Integrity: A Quantitative Study

This quantitative study examined the complex nature of modern cyber threats to propose the establishment of cyber as an interdisciplinary field of public policy initiated through the creation of a symbiotic cybersecurity policy framework. For the public good (and maintaining ideological balance), there must be recognition that public policies are at a transition point where the digital public square is a tangible reality that is more than a collection of technological widgets. The academic contribution of this research project is the fusion of humanistic principles with Internet of Things (IoT) technologies that alters our perception of the machine from an instrument of human engineering into a thinking peer to elevate cyber from technical esoterism into an interdisciplinary field of public policy. The contribution to the US national cybersecurity policy body of knowledge is a unified policy framework (manifested in the symbiotic cybersecurity policy triad) that could transform cybersecurity policies from network-based to entity-based. A correlation archival data design was used with the frequency of malicious software attacks as the dependent variable and diversity of intrusion techniques as the independent variable for RQ1. For RQ2, the frequency of detection events was the dependent variable and diversity of intrusion techniques was the independent variable. Self-determination Theory is the theoretical framework as the cognitive machine can recognize, self-endorse, and maintain its own identity based on a sense of self-motivation that is progressively shaped by the machine’s ability to learn. The transformation of cyber policies from technical esoterism into an interdisciplinary field of public policy starts with the recognition that the cognitive machine is an independent consumer of, advisor into, and influenced by public policy theories, philosophical constructs, and societal initiatives

‘Unpacking’ technical attribution and challenges for ensuring stability in cyberspace

Submission to 2021–2025 UN Open-Ended Working Group (OEWG) on security of and in the use of information and communications technologies

Criminal Liabilities of Boko Haram in Nigeria

One major problem that has posed a great threat to the Nigerian Nation is Boko Haram or rather the Boko Haram militant group. What this paper intends to do is to analyze the criminal liabilities of the Boko Haram militant group in Nigeria in both domestic and international law. I see this paper primarily as timely because a lot has been said about Boko Haram, in Nigeria, but yet there is much we still do not know about Boko Haram, its criminal liabilities, origin structure, size and method of operation still remains a mirage and a mystery. This dissertation will start with an introduction of the term Boko Haram and the various definitions of terrorism. The subsequent chapter will in detail attempt the Impact of the Boko Haram insurgency as a threat to national security--This chapter would be more of revelations surrounding the Boko Haramites conflict, and its inclinations towards terrorism. Chapter three intends to look at the fascination towards Boko Haram, while chapter five would discuss the Applicable International and Domestic laws against Boko Haram. At the conclusion in chapter six, suggestions and recommendations will be made on how to eradicate the Boko Haram terrorist group as well as enforcing actions against the Boko Haramites to determine their criminal liability or rather their culpability. This dissertation would remain relevant going by the fact that the stability of the Nigerian Nation has been affected drastically by the Boko Haram conflict and I am confident that this work of mine could be a source of inspiration for those in authority as well as policy makers to adequately tackle this horrific crime

Self-Sovereign Identity and the Decentralized, Consent-Based Model

The centralized third-party authentication model for digital identity validation is obsolete in light of newer and more secure means of ensuring accurate digital identification. Governments, private organizations, and citizens should be encouraged to explore the means by which they can maximize the latest in digital developments to protect themselves and their online identities. California should begin to implement the precepts of the decentralized Self-Sovereign Identity (SSI) model, which is superior to its predecessor in its simplicity, as it requires only three things to validate a digital identity: (1) a blockchain which has the information necessary to satisfy the consensus algorithm ensuring adequate replication across the network nodes; (2) verifiable credentials; and (3) decentralized identifiers. Because this system is predicated on a trustless Proof of Work (PoW) model, at present, blockchains are practically immutable, thus making it impossible to falsify or forge information on them. The use of cryptographic hash functions ensures that the security of each block of data is independently secured from one another, and ultimately known only to the controller and owner of the information: the user. California should join other state and national governments in the research and implementation of SSI-compliant models of governance to better protect and support the needs of its citizenry in an increasingly digitized world

Shifting paradigms in Europe's approach to cyber defence: ambitions to disrupt malicious cyber activity need to protect norms as well as networks

As high-level European Union (EU) policy documents call for investment in active cyber defence capabilities, the legal and political powers for their use remain ill-defined. To demonstrate their commitment to principles of responsible state behaviour and due diligence, the EU and its member states have a duty to establish the normative foun­dations for the use of active cyber defence measures ahead of their deployment, while carefully managing the risk of a gradual militarisation of the cyber and information domain. (author's abstract

Cyber Sovereignty: The Way Ahead

The last few years are full of reports of cyber incidents, some of which have caused significant damage. Each of these cyber events raise important questions about the role and responsibility of States with respect to cyber incidents. The answer to these questions revolves in large part around the international law doctrine of sovereignty. The extent to which nations exercise sovereignty over cyberspace and cyber infrastructure will provide key answers to how much control States must exercise and how much responsibility States must accept for harmful cyber activities when they fail to adequately do so. This article argues that States have sovereign power over their cyber infrastructure and that with that sovereign power comes corresponding responsibility to control that infrastructure and prevent it from being knowingly used to harm other States. This responsibility to prevent external harm extends not only to state actors, but also to non-state actors. This article will review some of the cardinal principles of sovereignty and their application to cyberspace and then consider the corresponding duties and obligations. In each case, the principle of sovereignty will be stated and defined. Its application to cyberspace will then be discussed, including the corresponding duty or obligation that arises from that assertion of sovereignty. Examples of the duty and obligation will be used to help clarify the analysis. Finally, issues that arise from the assertion of that authority and its corresponding duty or obligation will be highlighted

Privacy-Preserving Methods for Sharing Financial Risk Exposures

Unlike other industries in which intellectual property is patentable, the financial industry relies on trade secrecy to protect its business processes and methods, which can obscure critical financial risk exposures from regulators and the public. We develop methods for sharing and aggregating such risk exposures that protect the privacy of all parties involved and without the need for a trusted third party. Our approach employs secure multi-party computation techniques from cryptography in which multiple parties are able to compute joint functions without revealing their individual inputs. In our framework, individual financial institutions evaluate a protocol on their proprietary data which cannot be inverted, leading to secure computations of real-valued statistics such a concentration indexes, pairwise correlations, and other single- and multi-point statistics. The proposed protocols are computationally tractable on realistic sample sizes. Potential financial applications include: the construction of privacy-preserving real-time indexes of bank capital and leverage ratios; the monitoring of delegated portfolio investments; financial audits; and the publication of new indexes of proprietary trading strategies