131 research outputs found
Enhancing relationships between criminology and cybersecurity
‘Cybercrime’ is an umbrella concept used by criminologists to refer to traditional crimes that
are enhanced via the use of networked technologies (i.e. cyber-enabled crimes) and newer
forms of crime that would not exist without networked technologies (i.e. cyber-dependent
crimes). Cybersecurity is similarly a very broad concept and diverse field of practice. For
computer scientists, the term ‘cybersecurity’ typically refers to policies, processes and practices undertaken to protect data, networks and systems from unauthorised access.
Cybersecurity is used in subnational, national and transnational contexts to capture an
increasingly diverse array of threats. Increasingly, cybercrimes are presented as threats to
cybersecurity, which explains why national security institutions are gradually becoming
involved in cybercrime control and prevention activities. This paper argues that the fields
of cyber-criminology and cybersecurity, which are segregated at the moment, are in much
need of greater engagement and cross-fertilisation. We draw on concepts of ‘high’ and ‘low’
policing (Brodeur, 2010) to suggest it would be useful to consider ‘crime’ and ‘security’ on
the same continuum. This continuum has cybercrime at one end and cybersecurity at the other,
with crime being more the domain of ‘low’ policing while security, as conceptualised in the
context of specific cybersecurity projects, falls under the responsibility of ‘high’ policing
institutions. This unifying approach helps us to explore the fuzzy relationship between
cyber-crime and cyber-security and to call for more fruitful alliances between cybercrime
and cybersecurity researchers
Beyond Norms: Using International Economic Tools to Deter Malicious State-Sponsored Cyber Activities
In thinking about strategy and doctrine for cyberspace, one cannot ignore either the cyber domain\u27s interaction with other domains or the applicability of existing legal tools to address cyberspace issues. This Comment focuses on the latter and argues that any discussion regarding deterrence and a playbook for consequences for cyber incidents by state actors ought necessarily to include a careful examination of existing plays, particularly where those incidents have an economic component as many do. Focusing on multilateral institutions, regional and bilateral trade and investment agreements, and unilateral tariff and non-tariff trade and investment tools, this Comment maintains that current and available international economic tools offer significant potential to shape cyber activities and norms and only now are beginning to be deployed this way
Criminal markets and networks in cyberspace
This is an introduction to the special issue of Trends in Organized Crime on ‘criminal markets and networks in cyberspace’. All the contributions to this special issue, even if from different standpoints and focuses, help us understand how cyberspace is (re)shaping offenses and offenders
CyberGuardians: Improving Community Cyber Resilience Through Embedded Peer-to-Peer Support
Older users are rapidly adopting internet-enabled devices, yet are often targeted by cyberattackers with possible disastrous consequences. We describe the CyberGuardians initiative where we train older members of the community to be knowledgeable about cybersecurity so they can spread the information to peers and help protect their communities from cyber harms. Specifically, we focus on a case study evaluating two CyberGuardians and their use of training materials to inform peers in their community about cybersecurity. We discuss the importance of flexible training materials that can be adapted by CyberGuardians for sharing with peers
Cyber Resilience: What Is It And How Do We Get It?
Prepare, Absorb, Recover, and Adapt: How organisations can better respond to cyber attacks and harms
A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate
Technological advances have resulted in organisations digitalizing many parts of their operations. The threat landscape of cyber-attacks is rapidly changing and the potential impact of such attacks is uncertain, because there is a lack of effective metrics, tools and frameworks to understand and assess the harm organisations face from cyber-attacks. In this paper, we reflect on the literature on harm, and how it has been conceptualised in disciplines such as criminology and economics, and investigate how other notions such as risk and impact relate to harm. Based on an extensive literature survey and on reviewing news articles and databases reporting cyber-incidents, cybercrimes, hacks and other attacks, we identify various types of harm and create a taxonomy of cyber-harms encountered by organisations. This taxonomy comprises five broad themes: physical or digital harm; economic harm; psychological harm; reputational harm; and social and societal harm. In each of these themes we present several cyber-harms that can result from cyber-attacks. To provide initial indications about how these different types of harm are connected and how cyber-harm in general may propagate, this article also analyses and draws insight from four real-world case studies, involving Sony (2011 and 2014), JPMorgan and Ashley Madison. We conclude by arguing for the need for analytical tools for organisational cyber-harm, which can be based on a taxonomy such as the one we propose here. These would allow organisations to identify corporate assets, link these to different types of cyber-harm, measure those harms and, finally, consider the security controls needed for the treatment of harm
An Impact and Risk Assessment Framework for National Electronic Identity (eID) Systems
Electronic identification (eID) systems allow citizens to assert and
authenticate their identities for various purposes, such as accessing
government services or conducting financial transactions. These systems improve
user access to rights, services, and the formal economy. As eID systems become
an essential facet of national development, any failure, compromise, or misuse
can be costly and damaging to the government, users, and society. Therefore, an
effective risk assessment is vital for identifying emerging risks to the system
and assessing their impact. However, developing a comprehensive risk assessment
for these systems must extend far beyond focusing on technical security and
privacy impacts and must be conducted with a contextual understanding of
stakeholders and the communities these systems serve. In this study, we posit
that current risk assessments do not address risk factors for all key
stakeholders and explore how potential compromise could impact them each in
turn. In the examination of the broader impact of risks and the potentially
significant consequences for stakeholders, we propose a framework that
considers a wide range of factors, including the social, economic, and
political contexts in which these systems were implemented. This provides a
holistic platform for a better assessment of risk to the eID system.Comment: 10 page
- …