Pub Date : 2022-12-02DOI: 10.5604/01.3001.0016.0867
Veronika Netolická
Supply chain security is one of the challenges many countries are currently addressing. As this topic is a national security prerogative, the systems for screening also vary. The Czech Republic is preparing a legislative framework to protect strategically important infrastructure from high-risk suppliers. This commentary focuses on the Czech Republic’s progress in this area, particularly in the European context.��
{"title":"Commentary: The Czech Approach to Supply Chain Security in ICT","authors":"Veronika Netolická","doi":"10.5604/01.3001.0016.0867","DOIUrl":"https://doi.org/10.5604/01.3001.0016.0867","url":null,"abstract":"Supply chain security is one of the challenges many countries are currently addressing. As this topic is a national security prerogative, the systems for screening also vary. The Czech Republic is preparing a legislative framework to protect strategically important infrastructure from high-risk suppliers. This commentary focuses on the Czech Republic’s progress in this area, particularly in the European context.\u0000\u0000","PeriodicalId":123092,"journal":{"name":"Applied Cybersecurity & Internet Governance","volume":"16 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123656146","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-11-17DOI: 10.5604/01.3001.0016.1093
Johannes Thumfart
The application of securitization theory to cybersecurity is useful since it subjects the emotive rhetoric of threat construction to critical scrutiny. Floyd’s just securitization theory (JST) constitutes a mixture of securitization theory and just war theory. Unlike traditional securitization theory, it also addresses the normative question of when securitization is legitimate. In this contribution, I critically apply Floyd’s JST to cybersecurity and develop my own version of JST based on subsidiarity. Floyd’s JST follows a minimalistic and subsidiary approach by emphasizing that securitization is only legitimate if it has a reasonable chance of success in averting threats to the satisfaction of basic human needs. From this restrictive perspective, cyber-securitization is only legitimate if it serves to protect critical infrastructure. Whilst Floyd’s JST focuses exclusively on permissibility and needs instead of rights, I argue that there are cases in which states’ compliance with human rights obligations requires the guarantee of cybersecurity, most importantly regarding the human right to privacy. My version of JST is also based on the principle of subsidiarity, in the sense that securitization should always include stakeholders directly affected by a threat. To strengthen this kind of subsidiarity, focused on the private sector, I argue for the legitimacy of private active self-defence in cyberspace and emphasize the importance of a ‘whole-of-society approach’ involving digital literacy and everyday security practices. Moreover, I argue that far-reaching securitization on the nation-state-level should be avoided, particularly the hyper-securitization of the digital public sphere, following unclear notions of ‘digital sovereignty’.��
{"title":"The (Il)legitimacy of\u0000Cybersecurity. An Application\u0000of Just Securitization Theory\u0000to Cybersecurity based on\u0000the Principle of Subsidiarity","authors":"Johannes Thumfart","doi":"10.5604/01.3001.0016.1093","DOIUrl":"https://doi.org/10.5604/01.3001.0016.1093","url":null,"abstract":"The application of securitization theory to cybersecurity is useful since it subjects the emotive rhetoric of threat construction to critical scrutiny. Floyd’s just securitization theory (JST) constitutes a mixture of securitization theory and just war theory. Unlike traditional securitization theory, it also addresses the normative question of when securitization is legitimate. In this contribution, I critically apply Floyd’s JST to cybersecurity and develop my own version of JST based on subsidiarity. Floyd’s JST follows a minimalistic and subsidiary approach by emphasizing that securitization is only legitimate if it has a reasonable chance of success in averting threats to the satisfaction of basic human needs. From this restrictive perspective, cyber-securitization is only legitimate if it serves to protect critical infrastructure. Whilst Floyd’s JST focuses exclusively on permissibility and needs instead of rights, I argue that there are cases in which states’ compliance with human rights obligations requires the guarantee of cybersecurity, most importantly regarding the human right to privacy. My version of JST is also based on the principle of subsidiarity, in the sense that securitization should always include stakeholders directly affected by a threat. To strengthen this kind of subsidiarity, focused on the private sector, I argue for the legitimacy of private active self-defence in cyberspace and emphasize the importance of a ‘whole-of-society approach’ involving digital literacy and everyday security practices. Moreover, I argue that far-reaching securitization on the nation-state-level should be avoided, particularly the hyper-securitization of the digital public sphere, following unclear notions of ‘digital sovereignty’.\u0000\u0000","PeriodicalId":123092,"journal":{"name":"Applied Cybersecurity & Internet Governance","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126090574","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-11-17DOI: 10.5604/01.3001.0016.1459
Daniel Mider
The value system of Poles in terms of the phenomenon of privacy on the Internet was analysed. The following aspects were taken into account: privacy on the Internet as a moral value, privacy on the Internet as a subject of legal regulations (current or future) and actual actions taken by users to protect privacy. The differentiation of Polish society in terms of the three above-mentioned areas was also examined. Results were obtained on the basis of a quantitative empirical study conducted on a representative sample (N=1001) of adult Poles. The method of computer assisted telephone interviews (CATI) was used. Descriptive statistics and selected inductive statistics were used in the analyses. Intra-group differentiation was investigated using a method called two-step cluster analysis. Poles have low technical competences in the field of Internet privacy protection. This value is appreciated; however, it rarely translates into active protection of one’s own identity and information. A strong polarization of Poles’ attitudes towards the requirement to disclose their identity on the Internet was identified, as well as ensuring access to any user information by law enforcement agencies. Poles are willing to accept legal regulations preventing their profiling. We note a moderately strong negative attitude towards state institutions as a factor limiting privacy on the Internet and a significantly lower (but still negative) attitude towards Internet service providers. Poles differ in terms of attitudes towards privacy on the Internet (IT competences, age, education, gender, socioeconomic status and size of the place of residence).��
{"title":"Privacy on the Internet:\u0000An Empirical Study of Poles’\u0000Attitudes","authors":"Daniel Mider","doi":"10.5604/01.3001.0016.1459","DOIUrl":"https://doi.org/10.5604/01.3001.0016.1459","url":null,"abstract":"The value system of Poles in terms of the phenomenon of privacy on the Internet was analysed. The following aspects were taken into account: privacy on the Internet as a moral value, privacy on the Internet as a subject of legal regulations (current or future) and actual actions taken by users to protect privacy. The differentiation of Polish society in terms of the three above-mentioned areas was also examined. Results were obtained on the basis of a quantitative empirical study conducted on a representative sample (N=1001) of adult Poles. The method of computer assisted telephone interviews (CATI) was used. Descriptive statistics and selected inductive statistics were used in the analyses. Intra-group differentiation was investigated using a method called two-step cluster analysis. Poles have low technical competences in the field of Internet privacy protection. This value is appreciated; however, it rarely translates into active protection of one’s own identity and information. A strong polarization of Poles’ attitudes towards the requirement to disclose their identity on the Internet was identified, as well as ensuring access to any user information by law enforcement agencies. Poles are willing to accept legal regulations preventing their profiling. We note a moderately strong negative attitude towards state institutions as a factor limiting privacy on the Internet and a significantly lower (but still negative) attitude towards Internet service providers. Poles differ in terms of attitudes towards privacy on the Internet (IT competences, age, education, gender, socioeconomic status and size of the place of residence).\u0000\u0000","PeriodicalId":123092,"journal":{"name":"Applied Cybersecurity & Internet Governance","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128821472","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-11-16DOI: 10.5604/01.3001.0016.0823
Michael Koppmann, Christian Kudera, Michael Pucher, Georg Merzdovnik
Nowadays, more and more applications are built with web technologies, such as HTML, CSS, and JavaScript, which are then executed in browsers. The web is utilized as an operating system independent application platform. With this change, authorization models change and no longer depend on operating system accounts and underlying access controls and file permissions. Instead, these accounts are now implemented in the applications themselves, including all of the protective measures and security controls that are required for this. Because of the inherent complexity, flaws in the authorization logic are among the most common security vulnerabilities in web applications. Most applications are built on the concept of the Access-Control List (ACL), a security model that decides who can access a given object. Object Capabilities, transferable rights to perform operations on specific objects, have been proposed as an alternative to ACLs, since they are not susceptible to certain attacks prevalent for ACLs. While their use has been investigated for various domains, such as smart contracts, they have not been widely applied for web applications. In this paper, we therefore present a general overview of the capability-based authorization model and adapt those approaches for use in web applications. Based on a prototype implementation, we show the ways in which Object Capabilities may enhance security, while also offering insights into existing pitfalls and problems in porting such models to the web domain.��
{"title":"Utilizing Object Capabilities to Improve Web Application Security","authors":"Michael Koppmann, Christian Kudera, Michael Pucher, Georg Merzdovnik","doi":"10.5604/01.3001.0016.0823","DOIUrl":"https://doi.org/10.5604/01.3001.0016.0823","url":null,"abstract":"Nowadays, more and more applications are built with web technologies, such as HTML, CSS, and JavaScript, which are then executed in browsers. The web is utilized as an operating system independent application platform. With this change, authorization models change and no longer depend on operating system accounts and underlying access controls and file permissions. Instead, these accounts are now implemented in the applications themselves, including all of the protective measures and security controls that are required for this. Because of the inherent complexity, flaws in the authorization logic are among the most common security vulnerabilities in web applications. Most applications are built on the concept of the Access-Control List (ACL), a security model that decides who can access a given object. Object Capabilities, transferable rights to perform operations on specific objects, have been proposed as an alternative to ACLs, since they are not susceptible to certain attacks prevalent for ACLs. While their use has been investigated for various domains, such as smart contracts, they have not been widely applied for web applications. In this paper, we therefore present a general overview of the capability-based authorization model and adapt those approaches for use in web applications. Based on a prototype implementation, we show the ways in which Object Capabilities may enhance security, while also offering insights into existing pitfalls and problems in porting such models to the web domain.\u0000\u0000","PeriodicalId":123092,"journal":{"name":"Applied Cybersecurity & Internet Governance","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123973896","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-11-16DOI: 10.5604/01.3001.0016.0916
Ladislav Cabada
In the last decade Czechia’s foreign and security policies were destabilised by the activities of external actors, with Russia in the leading role, and also by internal ac- tors who followed the Russian and pro-Kremlin propaganda and disinformation campaigns and/or actively participated in such subversive activities. After 2015, within the set of crises and their securitisation, a disinformation network was developed in Czechia using social media and so-called ‘alternative online media’ for the dissemination of disinformation, mis- information, fake news and chain mails to spread these campaigns. As leading persons in the executive belonged to the disinformers, the government was not able to develop work- ing strategies against the disinformation campaigns as the new hybrid threat until 2021. At the end of 2021, the new Czech government of Prime Minister Petr Fiala launched a new strategy regarding hybrid threats which contained disinformation. The one-year plan to establish a systemic platform for the struggle against such threats was challenged by Russian aggression against Ukraine. In this article, we analyse the development of the security eco-system in Czechia against these hybrid threats, specifically the acceleration and intensification of this activity after 24 February 2022.��
{"title":"Russian Aggression against Ukraine as the Accelerator in the Systemic Struggle against Disinformation in Czechia","authors":"Ladislav Cabada","doi":"10.5604/01.3001.0016.0916","DOIUrl":"https://doi.org/10.5604/01.3001.0016.0916","url":null,"abstract":"In the last decade Czechia’s foreign and security policies were destabilised by the activities of external actors, with Russia in the leading role, and also by internal ac- tors who followed the Russian and pro-Kremlin propaganda and disinformation campaigns and/or actively participated in such subversive activities. After 2015, within the set of crises and their securitisation, a disinformation network was developed in Czechia using social media and so-called ‘alternative online media’ for the dissemination of disinformation, mis- information, fake news and chain mails to spread these campaigns. As leading persons in the executive belonged to the disinformers, the government was not able to develop work- ing strategies against the disinformation campaigns as the new hybrid threat until 2021. At the end of 2021, the new Czech government of Prime Minister Petr Fiala launched a new strategy regarding hybrid threats which contained disinformation. The one-year plan to establish a systemic platform for the struggle against such threats was challenged by Russian aggression against Ukraine. In this article, we analyse the development of the security eco-system in Czechia against these hybrid threats, specifically the acceleration and intensification of this activity after 24 February 2022.\u0000\u0000","PeriodicalId":123092,"journal":{"name":"Applied Cybersecurity & Internet Governance","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125105644","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-11-04DOI: 10.5604/01.3001.0016.0800
Erwin Adi, Z. Baig, S. Zeadally
Cybersecurity has benefitted from Artificial Intelligence (AI) technologies for attack detection. However, recent advances in AI techniques, in tandem with their misuse, have outpaced parallel advancements in cyberattack classification methods that have been achieved through academic and industry-led efforts. We describe the shift in the evolution of AI techniques, and we show how recent AI approaches are effective in helping an adversary attain his/her objectives appertaining to cyberattacks. We also discuss how the current architecture of computer communications enables the development of AI-based adversarial threats against heterogeneous computing platforms and infrastructures.��
{"title":"Artificial Intelligence for Cybersecurity: Offensive Tactics, Mitigation Techniques and Future Directions","authors":"Erwin Adi, Z. Baig, S. Zeadally","doi":"10.5604/01.3001.0016.0800","DOIUrl":"https://doi.org/10.5604/01.3001.0016.0800","url":null,"abstract":"Cybersecurity has benefitted from Artificial Intelligence (AI) technologies for attack detection. However, recent advances in AI techniques, in tandem with their misuse, have outpaced parallel advancements in cyberattack classification methods that have been achieved through academic and industry-led efforts. We describe the shift in the evolution of AI techniques, and we show how recent AI approaches are effective in helping an adversary attain his/her objectives appertaining to cyberattacks. We also discuss how the current architecture of computer communications enables the development of AI-based adversarial threats against heterogeneous computing platforms and infrastructures.\u0000\u0000","PeriodicalId":123092,"journal":{"name":"Applied Cybersecurity & Internet Governance","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126347883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-11-04DOI: 10.5604/01.3001.0016.1052
Marika Kosiel-Pająk
The commentary focuses on the current process of converting the British immigration procedures into an entirely digital format, as part of a reform brought about by Brexit and in the framework of broader digital strategies in the United Kingdom of Great Britain and Northern Ireland. The British government’s ambitious aim is to digitalise the immigration procedures by 2025, further support eGates and eventually enforce a contactless mode of arrival. The policy plan, its execution to date and its reception are analysed briefly. Taking into account that the government is revealing only selected aspects of the complex system rather than all the mechanisms and safeguards, neither British digital sovereignty in this matter nor the scope of protection of personal and meta-data could be fully examined. The challenges already encountered are set out, with the conclusion being that a human-centred approach is still lacking in the practical employment of the policy. Subsequently, the isolationist or populist concept of protecting the state against any migrant, as a potential threat rather than a potential to be developed for the benefit of the state, is the prevailing mindset. Finally, the current political and economic instability may play a pivotal role in policy implementation and contribute to its ultimate failure.��
{"title":"UK Border Digitalisation – a Commentary on the Current State of Affairs","authors":"Marika Kosiel-Pająk","doi":"10.5604/01.3001.0016.1052","DOIUrl":"https://doi.org/10.5604/01.3001.0016.1052","url":null,"abstract":"The commentary focuses on the current process of converting the British immigration procedures into an entirely digital format, as part of a reform brought about by Brexit and in the framework of broader digital strategies in the United Kingdom of Great Britain and Northern Ireland. The British government’s ambitious aim is to digitalise the immigration procedures by 2025, further support eGates and eventually enforce a contactless mode of arrival. The policy plan, its execution to date and its reception are analysed briefly. Taking into account that the government is revealing only selected aspects of the complex system rather than all the mechanisms and safeguards, neither British digital sovereignty in this matter nor the scope of protection of personal and meta-data could be fully examined. The challenges already encountered are set out, with the conclusion being that a human-centred approach is still lacking in the practical employment of the policy. Subsequently, the isolationist or populist concept of protecting the state against any migrant, as a potential threat rather than a potential to be developed for the benefit of the state, is the prevailing mindset. Finally, the current political and economic instability may play a pivotal role in policy implementation and contribute to its ultimate failure.\u0000\u0000","PeriodicalId":123092,"journal":{"name":"Applied Cybersecurity & Internet Governance","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129084053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-30DOI: 10.5604/01.3001.0016.0690
Remigiusz Rosicki
The objective scope of the research problem concerns the content and sense of the elements characterising one of the types of child pornography, criminalised under Art. 202 §4b of the Criminal Code, i.e. simulated child pornography. This offence is understood as producing, disseminating, presenting, storage and possession of pornographic material presenting a generated or processed image of a minor participating in sexual activity. The main goal of the text is to perform a substantive criminal analysis of the act criminalised under Art. 202 §4b of the Polish Criminal Code. The scope of the analysis has been elaborated with the following research question concerning the degree of effectiveness: To what degree is the legal solution concerned with criminalisation and penalisation of the activities of »production, dissemination, presentation, storage or possession of pornographic material presenting a generated or processed image of a minor participating in sexual activities« effective and realises the ratio legis intended by the legislator? The analysis of the problem has been performed with the aid of chiefly institutional and legal approach in the form of textual, functional and doctrinal interpretations, which have been supplemented with the author’s own conclusions and opinions. ��
{"title":"The Substantive Criminal Aspects of the Offence of Simulated Child Pornography under Polish Law","authors":"Remigiusz Rosicki","doi":"10.5604/01.3001.0016.0690","DOIUrl":"https://doi.org/10.5604/01.3001.0016.0690","url":null,"abstract":"The objective scope of the research problem concerns the content and sense of the elements characterising one of the types of child pornography, criminalised under Art. 202 §4b of the Criminal Code, i.e. simulated child pornography. This offence is understood as producing, disseminating, presenting, storage and possession of pornographic material presenting a generated or processed image of a minor participating in sexual activity. The main goal of the text is to perform a substantive criminal analysis of the act criminalised under Art. 202 §4b of the Polish Criminal Code. The scope of the analysis has been elaborated with the following research question concerning the degree of effectiveness: To what degree is the legal solution concerned with criminalisation and penalisation of the activities of »production, dissemination, presentation, storage or possession of pornographic material presenting a generated or processed image of a minor participating in sexual activities« effective and realises the ratio legis intended by the legislator? The analysis of the problem has been performed with the aid of chiefly institutional and legal approach in the form of textual, functional and doctrinal interpretations, which have been supplemented with the author’s own conclusions and opinions. \u0000\u0000","PeriodicalId":123092,"journal":{"name":"Applied Cybersecurity & Internet Governance","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125463285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: