Now for the long term: the report of the Oxford Martin Commission for Future Generations

This report is the product of a year long process of research and debate undertaken by a group of eminent leaders on the successes and failures in addressing global challenges over recent decades. As the world slowly emerges from the devastating Financial Crisis, it is time to reflect on the lessons of this turbulent period and think afresh about how to prevent future crises. The Oxford Martin Commission for Future Generations focuses on the increasing short-termism of modern politics and our collective inability to break the gridlock which undermines attempts to address the biggest challenges that will shape our future. In Now for the Long Term, they urge decision-makers to overcome their pressing daily preoccupations to tackle problems that will determine the lives of today’s and tomorrow’s generations. Dr James Martin, the founder of the Oxford Martin School, highlights that humanity is at a crossroads. This could be our best century ever, or our worst. The outcome will depend on our ability to understand and harness the extraordinary opportunities as well as manage the unprecedented uncertainties and risks.   The report identifies what these challenges are, explains how progress can be made, and provides practical recommendations. The Commission outlines an agenda for the long term. The case for action is built in three parts. The first, Possible Futures , identifies the key drivers of change and considers how we may address the challenges that will dominate this century. Next, in Responsible Futures, the Commission draws inspiration from previous examples of where impediments to action have been overcome, and lessons from where progress has been stalled. We then consider the characteristics of our current national and global society that frustrate progress. The final part, Practical Futures, sets out the principles for action and offers illustrative recommendations which show how we can build a sustainable, inclusive and resilient future for all. &nbsp

Identifying the science and technology dimensions of emerging public policy issues through horizon scanning

Public policy requires public support, which in turn implies a need to enable the public not just to understand policy but also to be engaged in its development. Where complex science and technology issues are involved in policy making, this takes time, so it is important to identify emerging issues of this type and prepare engagement plans. In our horizon scanning exercise, we used a modified Delphi technique [1]. A wide group of people with interests in the science and policy interface (drawn from policy makers, policy adviser, practitioners, the private sector and academics) elicited a long list of emergent policy issues in which science and technology would feature strongly and which would also necessitate public engagement as policies are developed. This was then refined to a short list of top priorities for policy makers. Thirty issues were identified within broad areas of business and technology; energy and environment; government, politics and education; health, healthcare, population and aging; information, communication, infrastructure and transport; and public safety and national security.Public policy requires public support, which in turn implies a need to enable the public not just to understand policy but also to be engaged in its development. Where complex science and technology issues are involved in policy making, this takes time, so it is important to identify emerging issues of this type and prepare engagement plans. In our horizon scanning exercise, we used a modified Delphi technique [1]. A wide group of people with interests in the science and policy interface (drawn from policy makers, policy adviser, practitioners, the private sector and academics) elicited a long list of emergent policy issues in which science and technology would feature strongly and which would also necessitate public engagement as policies are developed. This was then refined to a short list of top priorities for policy makers. Thirty issues were identified within broad areas of business and technology; energy and environment; government, politics and education; health, healthcare, population and aging; information, communication, infrastructure and transport; and public safety and national security

Does digital transformation matter for operational risk exposure?

Basel Committee recommends banks maintain a capital buffer for operational risk exposure based on business volumes, assuming aggressive actions for quicker business growth could increase risk exposures. We argue that technological innovations expose banks to more operational risk because technology helps increase business volume, but system failure, problems with internal processes, and disruptions from external and internal security threats are inherent to technology. Based on 10 years of data for 264 banks from 43 countries, we find that digitalized banking operation is an underlying driver of operational risk that comes with increased business volume. Banks proactively take more operational risks by increasing cyber spending to tackle FinTech competition in the digitalized economy. Digitalization could generally matter for operational risk exposure, but the natural experiment does not find cybersecurity threats per se could increase operational risks even though cybersecurity appears to be a serious threat to digital banking. The study creates new avenues for future research

The Ripple Effect of an Information Security Breach Event: A Stakeholder Analysis

While unfortunate physical events result in a negative market reaction, cyber events rarely do. It is our contention that a security attack is a complex intervention that ripples through the attacked company’s ecosystem. Over time, new information about the incident is revealed which might change the trajectory of the effect. This study aims to understand the impact of a security breach on the attacked company, its ecosystem (e.g., consumers, vendors, banks, and hackers), and surrounding society. By utilizing a stakeholder analysis as a methodological framework, we found that, while some stakeholders are losers, other are winners. Our analysis also implies that, depending on subsequent events, the effect of a security breach on the attacked firm varies over time, suggesting a “wait and see” attitude by the market

The barriers to sustainable risk transfer in the cyber-insurance market

Efficient risk transfer is an important condition for ensuring the sustainability of a market according to the established economics literature. In an inefficient market, significant financial imbalances may develop and potentially jeopardise the solvency of some market participants. The constantly evolving nature of cyber-threats and lack of public data sharing mean that the economic conditions required for quoted cyber-insurance premiums to be considered efficient are highly unlikely to be met. This paper develops Monte Carlo simulations of an artificial cyber-insurance market and compares the efficient and inefficient outcomes based on the informational setup between the market participants. The existence of diverse loss distributions is justified by the dynamic nature of cyber-threats and the absence of any reliable and centralised incident reporting. It is shown that the limited involvement of reinsurers when loss expectations are not shared leads to increased premiums and lower overall capacity. This suggests that the sustainability of the cyber-insurance market requires both better data sharing and external sources of risk tolerant capital.Comment: 32 pages, 9 figures, 17 table

Modeling Deception for Cyber Security

In the era of software-intensive, smart and connected systems, the growing power and so- phistication of cyber attacks poses increasing challenges to software security. The reactive posture of traditional security mechanisms, such as anti-virus and intrusion detection systems, has not been sufficient to combat a wide range of advanced persistent threats that currently jeopardize systems operation. To mitigate these extant threats, more ac- tive defensive approaches are necessary. Such approaches rely on the concept of actively hindering and deceiving attackers. Deceptive techniques allow for additional defense by thwarting attackers’ advances through the manipulation of their perceptions. Manipu- lation is achieved through the use of deceitful responses, feints, misdirection, and other falsehoods in a system. Of course, such deception mechanisms may result in side-effects that must be handled. Current methods for planning deception chiefly portray attempts to bridge military deception to cyber deception, providing only high-level instructions that largely ignore deception as part of the software security development life cycle. Con- sequently, little practical guidance is provided on how to engineering deception-based techniques for defense. This PhD thesis contributes with a systematic approach to specify and design cyber deception requirements, tactics, and strategies. This deception approach consists of (i) a multi-paradigm modeling for representing deception requirements, tac- tics, and strategies, (ii) a reference architecture to support the integration of deception strategies into system operation, and (iii) a method to guide engineers in deception mod- eling. A tool prototype, a case study, and an experimental evaluation show encouraging results for the application of the approach in practice. Finally, a conceptual coverage map- ping was developed to assess the expressivity of the deception modeling language created.Na era digital o crescente poder e sofisticação dos ataques cibernéticos apresenta constan- tes desafios para a segurança do software. A postura reativa dos mecanismos tradicionais de segurança, como os sistemas antivírus e de detecção de intrusão, não têm sido suficien- tes para combater a ampla gama de ameaças que comprometem a operação dos sistemas de software actuais. Para mitigar estas ameaças são necessárias abordagens ativas de defesa. Tais abordagens baseiam-se na ideia de adicionar mecanismos para enganar os adversários (do inglês deception). As técnicas de enganação (em português, "ato ou efeito de enganar, de induzir em erro; artimanha usada para iludir") contribuem para a defesa frustrando o avanço dos atacantes por manipulação das suas perceções. A manipula- ção é conseguida através de respostas enganadoras, de "fintas", ou indicações erróneas e outras falsidades adicionadas intencionalmente num sistema. É claro que esses meca- nismos de enganação podem resultar em efeitos colaterais que devem ser tratados. Os métodos atuais usados para enganar um atacante inspiram-se fundamentalmente nas técnicas da área militar, fornecendo apenas instruções de alto nível que ignoram, em grande parte, a enganação como parte do ciclo de vida do desenvolvimento de software seguro. Consequentemente, há poucas referências práticas em como gerar técnicas de defesa baseadas em enganação. Esta tese de doutoramento contribui com uma aborda- gem sistemática para especificar e desenhar requisitos, táticas e estratégias de enganação cibernéticas. Esta abordagem é composta por (i) uma modelação multi-paradigma para re- presentar requisitos, táticas e estratégias de enganação, (ii) uma arquitetura de referência para apoiar a integração de estratégias de enganação na operação dum sistema, e (iii) um método para orientar os engenheiros na modelação de enganação. Uma ferramenta protó- tipo, um estudo de caso e uma avaliação experimental mostram resultados encorajadores para a aplicação da abordagem na prática. Finalmente, a expressividade da linguagem de modelação de enganação é avaliada por um mapeamento de cobertura de conceitos

Countering Cyber Terrorism: Investment Models Under Decision and Game Theoretic Frameworks

In this work we attempt to develop models that can suggest requisite levels of investment, and/or indicate the strategic nuances of such investments in the face of possible cyber terrorist attacks. Beginning with one naïve model each under the two broad conceptual frameworks of Decision Theoretic and Game Theoretic frameworks, we have incrementally introduced pertinent backgrounds, investment criteria and economic dynamics to achieve (what we call) adequate investment models for countering cyber terrorism related attacks. This initial work is geared towards a broad based understanding of the issues surrounding the threat of cyber terrorism, and an adequate investment propensity of the defender

Understanding the Creeping Crisis

This open access book explores a special species of trouble afflicting modern societies: creeping crises. These crises evolve over time, reveal themselves in different ways, and resist comprehensive responses despite periodic public attention. As a result, these crises continue to creep in front of our eyes. This book begins by defining the concept of a creeping crisis, showing how existing literature fails to properly define and explore this phenomenon and outlining the challenges such crises pose to practitioners. Drawing on ongoing research, this book presents a diverse set of case studies on: antimicrobial resistance, climate change-induced migration, energy extraction, big data, Covid-19, migration, foreign fighters, and cyberattacks. Each chapter explores how creeping crises come into existence, why they can develop unimpeded, and the consequences they bring in terms of damage and legitimacy loss. The book provides a proof-of-concept to help launch the systematic study of creeping crises. Our analysis helps academics understand a new species of threat and practitioners recognize and prepare for creeping crises