Nation-states are increasing their utilization of cyber operations against other nation-states and will likely enhance their effects in times of armed conflict. As much as cyber operations can be specific and limit casualties, they can also be used to inflict direct or indirect harm to civilians. Cyber operations directed at critical infrastructure like industrial control systems and healthcare organizations can have a direct impact on civilian life. Other malware developed by nation-states
may also spread from target networks with unforeseen effects that if not properly executed can potentially harm civilian networks.

Cyber operations targeting civilian data can in a present-day context operate in somewhat of a grey area. Because of this, states and non-state groups can attack civilian data during an armed conflict without consequens in most cases, which can rapidly cause more harm to the civilian population than the destruction of physical civilian objects. Since states have in many cases been reluctant to share their views on how international humanitarian law applies to the case of data as a civilian object, this thesis sets out to clarify whether data is protected from attack during an armed conflict.

This report is part of a broader OECD study into Future Global Shocks, examples of which could include a further failure of the global financial system and large-scale pandemics. The authors have concluded that very few single cyber-related events have the capacity to cause a global shock. Governments nevertheless need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate.

Information pervades today's human activities, essentially making every sector of society an information environment. Due to the ubiquity of technological innovations and their interconnectivity, there is no aspect of lives of individuals that has not been affected. Individuals & organizations use multiple devices and networking platforms to interact with each other, businesses, and governments, as well as to search, retrieve, and consume information. Adoption and use of information and communication technologies (ICTs) and the nature of information in general and its management and use have been topics of discussion at events such as the ASIS&T Annual Meeting. However, what is often lacking, if not missing, is a broader discussion about information and ICTs, in applied areas such as emergency management, homeland security, and cybersecurity. 83rd Annual Meeting of the Association for Information Science & Technology October 25-29, 2020. Author(s) retain copyright, but ASIS&T receives an exclusive publication license.

The objective of the present study is to explore the role of cyber security in enhancing civil protection in Greek reality. Methodologically, the study has been based on a survey with a sample of 345 executives of IT companies in Greece by using a structured questionnaire. The basic results of the research study showed that cyber security technologies positively affect civil protection, cybercrime reduction practices have a positive influence on civil protection, and there is a significant relationship between the government’s role in cyber security and civil protection. Cybersecurity also may have a significant influence on the principles of emergency operations: prevention, mitigation, preparation, response, or emergency evacuation and recovery.

Risk perception is an important driver of netizens’ (Internet users’) cybersecurity behaviours, with a number of factors influencing its formation. It has been argued that the affect heuristic can be a source of variation in generic risk perception. However, a major shortcoming of the supporting research evidence for this assertion is that the central construct, affect, has not been measured or analysed. Moreover, its influence in the cybersecurity domain has not yet been tested.

The focus of this paper is the need for more administrative infrastructure to secure the proposed centralized data center defined in the Act and subsequent regulatory efforts.

Thus, there is a need to strengthen cybersecurity in future autonomous vehicles. In this article, we discuss major automotive cyber-attacks over the past decade and present state-of-the-art solutions that leverage artificial intelligence. We propose a roadmap toward building secure autonomous vehicles and highlight key open challenges that need to be addressed.

Cyber-physical systems are at the core of our current civilization. Countless examples dominate our daily life and work, such as driverless cars that will soon master our roads, implanted medical devices that will improve many lives, and industrial control systems that control production and infrastructure. Because cyber-physical systems manipulate the real world, they constitute a danger for many applications. Therefore, their safety and security are essential properties of these indispensable systems. The long history of systems engineering has demonstrated that the system quality properties—such as safety and security—strongly depend on the underlying system architecture. Satisfactory system quality properties can only be ensured if the fundamental system architecture is sound! The development of dependable cyber-physical architectures in recent years suggests that two harmonical architectures are required: a design-time architecture and a run-time architecture. The design-time architecture defines and specifies all parts and relationships, assuring the required system quality properties. However, in today’s complex systems, ensuring all quality properties in all operating conditions during design time will never be possible. Therefore, an additional line of defense against safety accidents and security incidents is indispensable: This must be provided by the run-time architecture. The run-time architecture primarily consists of a protective shell that monitors the run-time system during operation. It detects anomalies in system behavior, interface functioning, or data—often using artificial intelligence algorithms—and takes autonomous mitigation measures, thus attempting to prevent imminent safety accidents or security incidents before they occur. This paper’s core is the protective shell as a run-time protection mechanism for cyber-physical systems. The paper has the form of an introductory tutorial and includes focused references. © 2023, The Author(s).

This publication provides a catalog of security and privacy controls for information systems and
organizations to protect organizational operations and assets, individuals, other organizations,
and the Nation from a diverse set of threats and risks, including hostile attacks, human errors,
natural disasters, structural failures, foreign intelligence entities, and privacy risks. The controls
are flexible and customizable and implemented as part of an organization-wide process to
manage risk. The controls address diverse requirements derived from mission and business
needs, laws, executive orders, directives, regulations, policies, standards, and guidelines. Finally,
the consolidated control catalog addresses security and privacy from a functionality perspective
(i.e., the strength of functions and mechanisms provided by the controls) and from an assurance
perspective (i.e., the measure of confidence in the security or privacy capability provided by the
controls). Addressing functionality and assurance helps to ensure that information technology
products and the systems that rely on those products are sufficiently trustworthy.