Code: Version 2.0

Discusses the regulation of cyberspace via code, as well as possible trends to expect in this regulation. Additional topics discussed in this context include intellectual property, privacy, and free speech

Active offensive cyber situational awareness: theory and practice

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.There is an increasing gap between the progress of technological systems and the successful exploitation of these systems through cyber-attack. Whilst the mechanism and scope of cyberspace is progressing with each passing day, risk factors and the ability to process the required amount of data from cyberspace efficiently are proving to be major obstacles to achieving desired outcomes from cyber operations. This, coupled with the dramatic increase in the numbers of cyber attackers, who are constantly producing new ways of attacking and paralysing cyber systems for political or financial gain, is a critical issue for countries that have linked their major infrastructures with Internet applications. The defensive methods currently applied to counter these evolving attacks are no longer sufficient, due to their preventive and reactive nature. This research has developed a new Active Situational Awareness theoretical model for Active Defence that aims to enhance the agility and quality of cyber situational awareness in organisations in order to counter cyber attacks. Situational Awareness (SA) is a crucial component in every organisation. It helps in the assessment of an immediate situation in relation to the environment. Current SA models adopt a reactive attitude, which responds to events and works in passive manner to any progressing enemy cyber attack. This creates a defensive mind-set and consequently influences the operator to process and utilise knowledge only within the concept of attack prevention. Thus, one can assume that operators will only gather certain knowledge after the occurrence of an attack, instead of actively searching for new intelligence to create new knowledge about the cyber attack before it takes place. This research study introduces a new approach that incorporates an Active Defence posture; namely, a ‘winning attitude’ that conforms to the military stratagems of Sun Tzu, where operators always engage attackers directly in order to create new knowledge in an agile manner by deploying active intelligence-gathering techniques to inform active defence postures in cyberspace. This also allows the system being protected to remain one step ahead of the attackers to ultimately defeat them and thwart any costly attacks. To back these statements, this study issued a survey to 200 cyber defence and security experts in order to collect data on their opinions concerning the current state of Active SA. Structural Equation Modelling (SEM) was then employed to analyse the data gathered from the survey. The results of the analysis revealed significant importance of Active Offensive Intelligence gathering in enhancing Cyber SA. The SEM showed there is a significant impact on SA Agility and Quality from Active Intelligence gathering activities. Further to this, the SEM results informed the design of the serious gaming environments utilised in this research to verify the SEM causality model. Also, the SEM informed the design of a SA assessment metric, where a behavioural anchor rating scale was used along with ground truth to measure participant SA performance. The results of this experiment revealed that there was 2 times better enhancement in cyber Situational awareness among those who did utilise active measures compared with participants who did not which mean almost double and this shows the importance of offensive intelligence gathering in enhancing cyber SA and speed up defender decision making and OODA loop. This research provided for the first time a novel theory for active cyber SA that is aligned with military doctrine. Also, a novel assessment framework and approaches for evaluating and quantifying cyber SA performance was developed in this research study. Finally, a serious gaming environment was developed for this research and used to evaluate the active SA theory which has an impact on training, techniques and practice Deception utilisation by Active groups revealed the importance of having deception capabilities as part of active tools that help operators to understand attackers’ intent and motive, and give operators more time to control the impact of cyber attacks. However, incorrect utilisation of deception capabilities during the experiment led operators to lose control over cyber attacks. Active defence is required for future cyber security. However, this trend towards the militarisation of cyberspace demands new or updated laws and regulations at an international level. Active intelligence methods define the principal capability at the core of the new active situational awareness model order in to deliver enhanced agility and quality in cyber SA.Abu Dhabi Police General Head Quarter

The politics of cyberconflict: ethnoreligious conflicts in computer mediated environments

This thesis argues that it is important to distinguish between two different phenomena in cyberpolitical spaces: First of all, between ethnic or religious groups fighting over in cyberspace, as they do in real life (Ethnoreligious cyberconflict) and second, between a social movement and its antagonistic institution (Sociopolitical cyberconflict). These different kinds of cyberconflict can be explained in the context of international conflict analysis for ethnoreligious cyberconflict and social movement theory for sociopolitical cyberconflict, while keeping in mind that this takes place in a media environment by using media theory. By combining elements of these approaches and justifying the link to cyberconflict, it is possible to use them as a theoretical light to look at the environment of Cyberconflict (CC) and analysis of incidents of CC. Consequently, this work looks at the leading groups using the internet either as weapon or a resource against governments, while also looking at networks, international organisations and new social movements. Searching for a satisfactory theoretical framework, I propose the following parameters to be looked at while analysing cyberconflicts: 1. Environment of Conflict and Conflict Mapping (real and virtual). The world system generates an arborescent apparatus, which is haunted by lines of flight, emerging through underground networks connected horizontally and lacking a hierarchic centre (Deleuze and Guattari). The structure of the internet is ideal for network groups, (a global network with no central authority) has offered another experience of governance (no governance), time and space (compression), ideology (freedom of information and access to it), identity (multiplicity) and fundamentally an opposition to surveillance and control, boundaries and apparatuses. 2. Sociopolitical Cyberconflicts: The impact of ICTs on: a. Mobilising structures (network style of movements using the internet, participation, recruitment, tactics, goals), b. Framing Processes (issues, strategy, identity, the effect of the internet on these processes), c. Political opportunity structure (the internet as a component of this structure), d. hacktivism. 3. Ethnoreligious Cyberconflicts: a. Ethnic/religious affiliation, chauvinism, national identity, b. Discourses of inclusion and exclusion, c. Information warfare, the use of the internet as a weapon, propaganda and mobilisational resource d. Conflict resolution depends on legal, organisational framework, number of parties issues, distribution of power, values and beliefs. 4. The internet as a medium: a. Analysing discourses (representations of the world, constructions of social identities and social relations), b. Control of information, level of censorship, alternative sources, c. Wolsfeld: Political contest model among antagonists: the ability to initiate and control events, dominate political discourse, mobilise supporters, d. Media effects on policy (strategic, tactical, and representational)

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Governança multisetorial e o processo de governança da internet : um estudo de caso sobre crime cibernético e filtragem na internet entre 1990 e 2010

Tese (doutorado)—Universidade de Brasília, Instituto de Relações Internacionais, 2012.Texto em inglês, com os elementos pré-textuais, introdução e conclusão em português.Com o desenvolvimento do código HTML e do primeiro browser no começo dos anos 90, a internet deixou de ser uma rede acessada somente por um grupo relativamente pequeno de pessoas distribuídas por alguns países. A partir do momento em que houve a comercialização da internet, um número crescente de pessoas e atores começou a utilizar esse meio de forma a desenvolver suas próprias visões, ideias e interesses. O que começou como uma rede fundamentalmente usada por programadores e acadêmicos com o objetivo de criar acesso rápido a informações independentes da localização física do usuário se tranformou em uma rede de negócios, um meio de divulgação de direitos básicos, um fórum para qualquer tipo de informação, mas também um espaço para atividades mal intencionadas, crime cibernético ou ataques virtuais. Face a essa alta quantidade de problemas e oportunidades, um grande número de atores do setor público, do setor privado e da sociedade civil criou um novo fenômeno chamado governança de internet, baseado no conceito multi-setorial. A institucionalização desse processo aconteceu quando, em 2005, foi criado o Fórum de Governança de Internet pela Organização das Nações Unidas. Esta tese busca analisar o processo que criou o ambiente multi-setorial da governança de internet com foco nos dois fenômenos de crime cibernético e filtragem da internet. _______________________________________________________________________________________ ABSTRACTWith the development of HTML and the first browser in the beginning of the 1990s, the Internet was no longer a network exclusively for a relatively small group of individuals in a number of countries. With the commercialization of the Internet a growing number of individuals and actors started using this means to develop and follow their own visions, ideas and interests. What had started as a network basically used by programmers and scientists aiming at creating fast access to information independently of the physical location of the user, turned into a business network, a place to divulge basic rights, a forum for any kind of information but also a place for malicious activities, cybercrime, and virtual attacks. Given the high quantity of problems and opportunities a large number of actors from the public sector, the private sector and civil society developed a new phenomenon called Internet governance, based on a multi-stakeholder approach. The institutionalization of this process happened in 2005 when the United Nations Internet Governance Forum was set up. This thesis is analysing the process that built the multi-stakeholder Internet governance environment, with a focus on the two phenomenons cybercrime and Internet filtering

Omnia Sunt Communia: On the Commons and the Transformation to Postcapitalism

In Omnia Sunt Communia, Massimo de Angelis offers a radical political economy, illuminating the steps necessary to arrive at a post-capitalist world. By conceptualizing the idea of commons not just as common goods but as a set of social systems, de Angelis shows their pervasive presence in everyday life, and he maps out a strategy for total social transformation. From the micro to the macro, de Angelis unveils the commons as fields of power relations—shared space, objects, and subjects—that explode the limits of daily life under capitalism. He exposes attempts to co-opt the commons, through the use of seemingly innocuous words such as “participation” and “governance,” and he reveals the potential for radical transformation rooted in the social reproduction of our communities, life, work, and society as a whole

Rendezvous: a collaboration between art, research and communities

The Remediating the social book includes full proceedings of the conference in Edinburgh, 2012, including full texts of essays and full colour artist's pages with documentation of works commissioned for the Remediating the social exhibitio

Bit Bang 8: Digitalization

This book is the 8th in the Bit Bang series of books produced as multidisciplinary teamwork exercises by doctoral students participating in the course Bit Bang 8: Digitalization at Aalto University during the academic year 2015–2016. Digitalization has brought great opportunities for economic growth, productivity gain and job creation in our societies, and will change the way industry will operate. Bit Bang 8 addressed the topic of digitalization from the perspective of its economic, environmental and social sustainability. The course elaborated on the interconnectedness of these phenomena, and linked them to possible future scenarios, global megatrends and ethical considerations. How will digitalization shape our future? How can we prepare can prepare our societies to respond to these changes? Working in teams, the students set out to answer questions related to the digitalization and to brainstorm radical scenarios of what the future could hold. This joint publication contains articles produced as teamwork assignments for the course, in which the students were encouraged to take novel and radical views on digitalization. The Bit Bang series of courses is supported by the Multidisciplinary Institute of Digitalisation and Energy (MIDE). Previous Bit Bang publications are available from http:/mide.aalto.fi

From contractual serfdom to human rights liberation : doing justice to virtual lives

Analysis of relationships between states and citizens has almost monopolised the Human Rights legal discourse. In my thesis, I start from the position that Human Rights is a philosophical and historical victory of humankind, whose application cannot be limited to dictating norms in traditional forms of governance; Human Rights primarily define the human being as an individual, as a group, as a societal entity. Therefore, when we discuss Human Rights we do not pursue what governing states 'ought' or 'ought not' to do, but how human beings 'should' endure their lives in a dignified manner; how they should be treated independently of who their acting opponent might be. The Internet, on the other hand, has evolved through the years into an uncharted virtual structure of uncounted online operations and services run by private commercial actors. Within this setting, where the online application platform performs as a land parallel and the private commercial host as the de facto ruler, online identity is mirrored into service accounts. Hence the human being‘s digital existence seems to be depending, to a large degree, on the private initiative – and will. Whilst exploring various relevant themes, the thesis revisits the issue of the application of Human Rights in private relationships through the lenses of online electronic communications and using the example of commercial online virtual worlds. According to my conclusions, a simple projection of the state/citizen model onto ISPs/users relationships does not give sufficient ground for contesting Human Rights within that context. What we need is to deconstruct predominant dogmas in modern Human Rights theory and legislation and to readjust our focus back on the human being and its universal manifestations

A framework to mitigate phishing threats

We live today in the information age with users being able to access and share information freely by using both personal computers and their handheld devices. This, in turn, has been made possible by the Internet. However, this poses security risks as attempts are made to use this same environment in order to compromise the confidentiality, integrity and availability of information. Accordingly, there is an urgent need for users and organisations to protect their information resources from agents posing a security threat. Organisations typically spend large amounts of money as well as dedicating resources to improve their technological defences against general security threats. However, the agents posing these threats are adopting social engineering techniques in order to bypass the technical measures which organisations are putting in place. These social engineering techniques are often effective because they target human behaviour, something which the majority of researchers believe is a far easier alternative than hacking information systems. As such, phishing effectively makes use of a combination of social engineering techniques which involve crafty technical emails and website designs which gain the trust of their victims. Within an organisational context, there are a number of areas which phishers exploit. These areas include human factors, organisational aspects and technological controls. Ironically, these same areas serve simultaneously as security measures against phishing attacks. However, each of these three areas mentioned above are characterised by gaps which arise as a result of human involvement. As a result, the current approach to mitigating phishing threats comprises a single-layer defence model only. However, this study proposes a holistic model which integrates each of these three areas by strengthening the human element in each of these areas by means of a security awareness, training and education programme