Scholars have long recognized and debated the effects of the “security dilemma,” where efforts by states to enhance their security can decrease the security of others. The severity of a security dilemma, and the prospects for cooperation under the dilemma, are greatly affected by military technology. In this article, I apply the security dilemma framework to a revolutionary new form of conflict: cyberwarfare. I argue that cooperation over cyberwarfare is made challenging due to the security dilemma, and that the unique characteristics of cyberwarfare make it difficult to break out of this dilemma. The reluctance and failure of states to achieve cooperation over cyberwarfare likely reflects, in part, the constraints of this “cybersecurity dilemma.” Some states have strong incentives, however, to promote limitations on offensive cyberwarfare. Thus, I propose ways in which cooperation may eventually be achieved despite these challenges
The Cybersecurity Dynamics framework offers an approach to systematically understanding, characterizing, quantifying and managing cybersecurity from a holistic perspective. The framework looks into cyberspace through the dynamics lens because environments in cyberspace often evolve with time (e.g., software vulnerabilities, attack capabilities, defense capabilities, and cybersecurity states). The dynamics lens offers a unique viewpoint, which guides the modeling of the various situations which evolve with respect to cybersecurity. This type of evolution is driven by attackers, defenders, and users of related systems and is manifested by their attack/defense/use activities. Since its inception in 2014, there has been significant progress in characterizing and taming various kinds of cybersecurity dynamics. In this paper we discuss the landscape and way-of-thinking that guide the Cybersecurity Dynamics model, including two killer applications and the technical barriers that serve as outstanding open problems for future research.
In May 2009, the Obama administration released its, Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure, which it expected would lay the groundwork for a new national cybersecurity strategy. Staking out separate policy development space, Congressional leaders began hearings and introduced legislation. The most significant – the Cybersecurity Act of 2009 – proposed major changes in current federal government approaches. The common starting point of all of these reform efforts is that current federal organization and current national cybersecurity policy is inadequate for the task of securing cyberspace.This article analyzes past federal reorganization efforts in response to the last technological revolution with serious national security implications – nuclear technology -- and the more recent response to homeland security. While much of the current cybersecurity debate leans toward radical reforming, we counsel an incremental approach to reorganization that builds on the hard work of the last decade combined with a genuine reconceptualization of the threat solution set.
The use of ICT in civil aviation has increased exponentially in the last years. Digitalisation and the technological tools and systems often connected to the internet constitute serious risks for aviation cyber security. The Government Accountability Oice (GAO) has recently stated that air traic management and control (ATM/ATC) vulnerabilities could be used to undermine national security. Against this backdrop, several related questions arise: what technologies do air traic management and control systems rely on? Are these systems vulnerable? Which actors could pose a threat to these systems? Do they have the technological skills to conduct attacks that could compromise them?
In this article I introduce the concept of the “dual-use security dilemma,” specifically through elaborating on two main aspects that shape this dilemma. First, inspired by traditional security scholarship, I focus on the spiral dynamics of actors responding to the insecurities raised by dual-use technologies that affect this type of dilemma. Second, I further develop a securitization reading of the traditional security dilemma, tracing how social constructions of insecurities and the justification of extraordinary measures affect the dynamics of the security dilemma.
This working paper lays the foundation for a comprehensive EU Cybersecurity Technology Roadmap. The insights presented are intended to undergo rigorous research and peer review, ensuring their effectiveness in further shaping and strengthening the EU’s strategic direction in cybersecurity
This chapter traces the evolution of German cybersecurity strategy throughout the past two and a half decades. During this period, the German approach to cybersecurity strategy has developed from a civilian preventive one to a more comprehensive one, which today includes strategic military aspects. In following, this chapter illustrates the development of cybersecurity strategy in three phases. The first phase (1991 to 2011) marks the emergence of cybersecurity as a strategic issue in the context of critical information infrastructure protection. In the second phase (2011 to 2016), the government consolidated existing policies after adopting its first national cybersecurity strategy in 2011. The Snowden revelations in 2013 lifted cybersecurity sharply up the political agenda. In the third phase, from 2016 to early 2018, Germany adopted its second national cybersecurity strategy that outlines a comprehensive approach to cybersecurity, as well as a national defence strategy, which for the first time emphasised the strategic military dimension of cybersecurity within a hybrid warfare context.
Security Information and Event Management (SIEM) systems contribute immensely to maintaining a business’ cybersecurity posture. SIEM solutions gather and analyze huge amounts of data from different sources, including users, software, information sources, cloud workloads, endpoints, etc. within a business’s IT infrastructure. SIEM systems centralize and correlate the gathered information to provide comprehensive visibility into the business’ cybersecurity status. With the increasingly evolving cybersecurity world and dynamics of the threat landscape, the role played by security experts and security solutions to secure data systems is changing. With the growing complexity of threats, novel approaches are gaining prominence to counter the effects of cyber-attacks.
The purpose of this capstone project was to identify how changes in federal cybersecurity policy affect businesses and organizations, both public and private. Additional emphasis was placed on how changes in federal cybersecurity policy affected the cybersecurity readiness of these organizations. This study focused on federal legislation, passed by congress and the executive branch, and how this legislation shaped cybersecurity policy through enforcement, regulation, and partnership. The literature examined included regulations that govern specific sectors as well as executive orders classifying industries and sectors as national critical infrastructures