Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.3
Madeline Carr
The political history of cyberspace can reveal much about contemporary and future cyber security challenges. This chapter includes some technological history but, more importantly, it also addresses the political forces and trends that fundamentally shaped the development of cyberspace. In doing so, it provides insight into why cyber security is much more than a technical challenge, and why politics can be simultaneously an obstruction to better global cyber security and also the best hope for it. Observing how political perceptions of cyber security threats have both changed and remained constant over time helps put current approaches into perspective, avoiding the two reductionist arguments that either ‘everything is different now’ or ‘it is the same as it ever was’. Addressing future challenges like the Internet of Things and future remedies like emergent cyber norms require a sound understanding of the past. Essentially, this chapter calls for much more careful and comprehensive engagement with the interrelationship between technological developments and political forces.
{"title":"A Political History of Cyberspace","authors":"Madeline Carr","doi":"10.1093/oxfordhb/9780198800682.013.3","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.3","url":null,"abstract":"The political history of cyberspace can reveal much about contemporary and future cyber security challenges. This chapter includes some technological history but, more importantly, it also addresses the political forces and trends that fundamentally shaped the development of cyberspace. In doing so, it provides insight into why cyber security is much more than a technical challenge, and why politics can be simultaneously an obstruction to better global cyber security and also the best hope for it. Observing how political perceptions of cyber security threats have both changed and remained constant over time helps put current approaches into perspective, avoiding the two reductionist arguments that either ‘everything is different now’ or ‘it is the same as it ever was’. Addressing future challenges like the Internet of Things and future remedies like emergent cyber norms require a sound understanding of the past. Essentially, this chapter calls for much more careful and comprehensive engagement with the interrelationship between technological developments and political forces.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121207556","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.33
Nigel Inkster
This chapter assesses semi-official diplomacy in the cyber domain. It begins by describing Track 2 and Track 1.5 diplomacy. Track 2 diplomacy consists of a broad spectrum of activities ranging from academic conferences designed to address specific conflict-related diplomatic issues to much more generic people-to-people contacts designed to create a climate of greater mutual understanding. Meanwhile, Track 1.5 diplomacy seeks to leverage the strengths of both Track 1 and Track 2 diplomacy. It became clear from an early stage that the United States, Russia, and China were in a position to determine the strategic evolution of the cyber domain due to their status as global geo-political actors, their advanced cyber capabilities, their possession of nuclear weapons, and their differences in values and ideology. Russia was the first to make a move towards semi-official diplomacy. Whereas Russia has taken a leading role in international negotiations on cyber governance and cybersecurity, China has arguably become more consequential in terms of how its relationship with the United States will shape the normative culture of the cyber domain. The chapter then considers other examples of semi-official diplomacy as well as prospects for further semi-official diplomacy in the cyber domain.
{"title":"Semi-Formal Diplomacy","authors":"Nigel Inkster","doi":"10.1093/oxfordhb/9780198800682.013.33","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.33","url":null,"abstract":"This chapter assesses semi-official diplomacy in the cyber domain. It begins by describing Track 2 and Track 1.5 diplomacy. Track 2 diplomacy consists of a broad spectrum of activities ranging from academic conferences designed to address specific conflict-related diplomatic issues to much more generic people-to-people contacts designed to create a climate of greater mutual understanding. Meanwhile, Track 1.5 diplomacy seeks to leverage the strengths of both Track 1 and Track 2 diplomacy. It became clear from an early stage that the United States, Russia, and China were in a position to determine the strategic evolution of the cyber domain due to their status as global geo-political actors, their advanced cyber capabilities, their possession of nuclear weapons, and their differences in values and ideology. Russia was the first to make a move towards semi-official diplomacy. Whereas Russia has taken a leading role in international negotiations on cyber governance and cybersecurity, China has arguably become more consequential in terms of how its relationship with the United States will shape the normative culture of the cyber domain. The chapter then considers other examples of semi-official diplomacy as well as prospects for further semi-official diplomacy in the cyber domain.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127843865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.41
A. Sukumar
This chapter explores how India has managed its external environment with a view to securing its own digital ecosystems. It highlights India’s engagement with the United States and China, the biggest players in its digital ecosystem. Both relationships reflect certain geopolitical realities, but also offer contrasting narratives. India and the United States have sought in recent years to align their views on the governance of common digital spaces, whereas New Delhi's outreach to China has been more instrumental, and largely confined to interactions with specific Chinese companies that invest in the country. Mindful, however, of Beijing's potential to expand its influence in Asian economies by supplying their digital infrastructure and applications, India has acknowledged the need to engage China at a strategic level on ‘cyber’ issues. Its high-level interactions with the United States and China could lead India to a crossroads from where it has to choose one model of standards, rules, and norms for cybersecurity and Internet governance over the other.
{"title":"Look West or Look East? India at the Crossroads of Cyberspace","authors":"A. Sukumar","doi":"10.1093/oxfordhb/9780198800682.013.41","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.41","url":null,"abstract":"This chapter explores how India has managed its external environment with a view to securing its own digital ecosystems. It highlights India’s engagement with the United States and China, the biggest players in its digital ecosystem. Both relationships reflect certain geopolitical realities, but also offer contrasting narratives. India and the United States have sought in recent years to align their views on the governance of common digital spaces, whereas New Delhi's outreach to China has been more instrumental, and largely confined to interactions with specific Chinese companies that invest in the country. Mindful, however, of Beijing's potential to expand its influence in Asian economies by supplying their digital infrastructure and applications, India has acknowledged the need to engage China at a strategic level on ‘cyber’ issues. Its high-level interactions with the United States and China could lead India to a crossroads from where it has to choose one model of standards, rules, and norms for cybersecurity and Internet governance over the other.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127958277","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.56
J. Penney
This chapter examines recent research on the impact of surveillance, both mass and targeted forms, and considers these insights and their implications for cybersecurity. State surveillance has been central to the ‘securitization’ in cybersecurity, particularly the increasing sophistication and expansion of digital surveillance. The chapter looks at different theoretical and empirical approaches to understanding the impact of such surveillance activities, particularly surveillance studies and chilling effects theory. It also considers how new research shows that surveillance has an impact on a range of fundamental human rights and freedoms, with important implications for civil society and deliberative democracy. Awareness of surveillance, or the threat of it, can have a substantial chilling effect on people’s exercise of these rights, leading them to self-censor or avoid seeking or imparting certain sensitive information. Surveillance can also be said to violate international rights against discrimination and protections for minorities, in that it has unequal or disproportionate impact on certain groups, including vulnerable minorities. The chapter then argues for new frameworks for cybersecurity centred on civil society or human rights.
{"title":"Cybersecurity, Human Rights, and Empiricism","authors":"J. Penney","doi":"10.1093/oxfordhb/9780198800682.013.56","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.56","url":null,"abstract":"This chapter examines recent research on the impact of surveillance, both mass and targeted forms, and considers these insights and their implications for cybersecurity. State surveillance has been central to the ‘securitization’ in cybersecurity, particularly the increasing sophistication and expansion of digital surveillance. The chapter looks at different theoretical and empirical approaches to understanding the impact of such surveillance activities, particularly surveillance studies and chilling effects theory. It also considers how new research shows that surveillance has an impact on a range of fundamental human rights and freedoms, with important implications for civil society and deliberative democracy. Awareness of surveillance, or the threat of it, can have a substantial chilling effect on people’s exercise of these rights, leading them to self-censor or avoid seeking or imparting certain sensitive information. Surveillance can also be said to violate international rights against discrimination and protections for minorities, in that it has unequal or disproportionate impact on certain groups, including vulnerable minorities. The chapter then argues for new frameworks for cybersecurity centred on civil society or human rights.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131782736","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.17
Nicole van der Meulen
After the discovery of the Morris Worm in November 1988, the first Computer Emergency Response Team (CERT) was established. During the following years, other CERTs or Computer Security Incident Response Teams (CSIRTs) were established in different parts of the globe. Now, three decades later, CSIRTs have become an integral part of the cyber security ecosystem. This chapter aims to provide an insight into the evolution of CSIRTs by describing their historical background, their different types and services, as well as the challenges they are encountering as the topic of cyber security becomes more pertinent and political.
{"title":"Stepping out of the Shadow","authors":"Nicole van der Meulen","doi":"10.1093/oxfordhb/9780198800682.013.17","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.17","url":null,"abstract":"After the discovery of the Morris Worm in November 1988, the first Computer Emergency Response Team (CERT) was established. During the following years, other CERTs or Computer Security Incident Response Teams (CSIRTs) were established in different parts of the globe. Now, three decades later, CSIRTs have become an integral part of the cyber security ecosystem. This chapter aims to provide an insight into the evolution of CSIRTs by describing their historical background, their different types and services, as well as the challenges they are encountering as the topic of cyber security becomes more pertinent and political.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128608051","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.59
T. Unwin
The links between cybersecurity and international development are crucially important, especially for the world’s poorest and most marginalized countries and people. Yet, they have rarely been explored in detail, and all too often international initiatives designed to support development have paid insufficient attention to cybersecurity issues. In large part, this is because the communities of expertise in the two fields are often distinct and separate, speak different languages, have different interests, and are physically located in different organizations and places. Cybersecurity tends to be the domain of computer scientists, security agencies, telecommunication ministries, the private sector, and foreign policy organizations, whereas international development is largely the field of social scientists, development specialists, aid ministries, civil society, and humanitarian organizations. This separation is true of most bilateral and multilateral donors, and, as a result technology-supported aid initiatives frequently ignore fundamentally important issues around digital security. This chapter provides an overview of the intersections between the two, why they are important, and what can be done to improve integration between them in the interests of reducing inequalities and poverty.
{"title":"‘Cybersecurity’ and ‘Development’","authors":"T. Unwin","doi":"10.1093/oxfordhb/9780198800682.013.59","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.59","url":null,"abstract":"The links between cybersecurity and international development are crucially important, especially for the world’s poorest and most marginalized countries and people. Yet, they have rarely been explored in detail, and all too often international initiatives designed to support development have paid insufficient attention to cybersecurity issues. In large part, this is because the communities of expertise in the two fields are often distinct and separate, speak different languages, have different interests, and are physically located in different organizations and places. Cybersecurity tends to be the domain of computer scientists, security agencies, telecommunication ministries, the private sector, and foreign policy organizations, whereas international development is largely the field of social scientists, development specialists, aid ministries, civil society, and humanitarian organizations. This separation is true of most bilateral and multilateral donors, and, as a result technology-supported aid initiatives frequently ignore fundamentally important issues around digital security. This chapter provides an overview of the intersections between the two, why they are important, and what can be done to improve integration between them in the interests of reducing inequalities and poverty.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116940886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.48
D. Ashenden
This chapter explores the future human and behavioural challenges that are likely to have an impact on cybersecurity. It identifies some general challenges that will need to be overcome. The first challenge will be to accept that cybersecurity practitioners are not average end users. It is important to understand cybersecurity as a social practice that is carried out in specific and variable contexts if we are to design successful behavioural and social interventions. The second challenge is to improve the levels of creativity and innovation demonstrated by cybersecurity practitioners. Finally, the third challenge is to look at how we address cybersecurity risk. Meeting these challenges will depend on developing a skill set among cybersecurity practitioners that puts soft skills on a par with technical skills, and establishes trust relationships through genuine dialogue realized through participative approaches to cybersecurity.
{"title":"The Future Human and Behavioural Challenges of Cybersecurity","authors":"D. Ashenden","doi":"10.1093/oxfordhb/9780198800682.013.48","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.48","url":null,"abstract":"This chapter explores the future human and behavioural challenges that are likely to have an impact on cybersecurity. It identifies some general challenges that will need to be overcome. The first challenge will be to accept that cybersecurity practitioners are not average end users. It is important to understand cybersecurity as a social practice that is carried out in specific and variable contexts if we are to design successful behavioural and social interventions. The second challenge is to improve the levels of creativity and innovation demonstrated by cybersecurity practitioners. Finally, the third challenge is to look at how we address cybersecurity risk. Meeting these challenges will depend on developing a skill set among cybersecurity practitioners that puts soft skills on a par with technical skills, and establishes trust relationships through genuine dialogue realized through participative approaches to cybersecurity.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125679863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.35
Tim Maurer
This chapter addresses cyber proxies and offensive cyber operations. The market of cyber force is a complex and dynamic relationship between the state and actors detached from the state that can target a third party beyond a state’s border with unprecedented ease. Only hacking, also known as ‘remote cyber operations’ in the military bureaucracy's vernacular, makes global reach possible at such low cost. Research identifies three main types of proxy relationships between a state and non-state actors: (i) delegation, (ii) orchestration, and (iii) sanctioning. How to manage effectively both proxies and the market for cyber capabilities, both tools and services to the degree they can be separated, is not only of interest for academic scholarship but also for practitioners and policymakers. While a state may face significant challenges in affecting another state’s proxy relationships, it can exercise greater control over its own relationships with cybersecurity companies, hacktivists, and those breaking the law either at home or abroad.
{"title":"States, Proxies, and (Remote) Offensive Cyber Operations","authors":"Tim Maurer","doi":"10.1093/oxfordhb/9780198800682.013.35","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.35","url":null,"abstract":"This chapter addresses cyber proxies and offensive cyber operations. The market of cyber force is a complex and dynamic relationship between the state and actors detached from the state that can target a third party beyond a state’s border with unprecedented ease. Only hacking, also known as ‘remote cyber operations’ in the military bureaucracy's vernacular, makes global reach possible at such low cost. Research identifies three main types of proxy relationships between a state and non-state actors: (i) delegation, (ii) orchestration, and (iii) sanctioning. How to manage effectively both proxies and the market for cyber capabilities, both tools and services to the degree they can be separated, is not only of interest for academic scholarship but also for practitioners and policymakers. While a state may face significant challenges in affecting another state’s proxy relationships, it can exercise greater control over its own relationships with cybersecurity companies, hacktivists, and those breaking the law either at home or abroad.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"103 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131670437","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.20
F. Cate, Rachel Dockery
This chapter discusses cybersecurity laws. Many measures employed to enhance cybersecurity pose a risk to privacy. In addition, data protection laws focus only on personally identifiable information, while cybersecurity is also concerned with securing economic data such as trade secrets and company databases, government information, and the systems that transmit and process information. As a practical matter, despite the prominence of security obligations in data protection legislation, these were often downplayed or ignored entirely until recent years. Only as cybersecurity threats became more pressing did regulators begin actively enforcing the security obligations found in most data protection laws. More recently, legislative bodies and regulators have begun adopting cybersecurity-specific obligations. However, even these have often mirrored or been combined with privacy protections, sometimes to the detriment of effective cybersecurity. The chapter describes major categories of cybersecurity law, including unfair or deceptive practices legislation, breach notification laws, and data destruction laws. It also considers the new focus on critical infrastructure and information sharing, the China Cybersecurity Law, and the new challenges to data privacy and security law.
{"title":"Data Privacy and Security Law","authors":"F. Cate, Rachel Dockery","doi":"10.1093/oxfordhb/9780198800682.013.20","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.20","url":null,"abstract":"This chapter discusses cybersecurity laws. Many measures employed to enhance cybersecurity pose a risk to privacy. In addition, data protection laws focus only on personally identifiable information, while cybersecurity is also concerned with securing economic data such as trade secrets and company databases, government information, and the systems that transmit and process information. As a practical matter, despite the prominence of security obligations in data protection legislation, these were often downplayed or ignored entirely until recent years. Only as cybersecurity threats became more pressing did regulators begin actively enforcing the security obligations found in most data protection laws. More recently, legislative bodies and regulators have begun adopting cybersecurity-specific obligations. However, even these have often mirrored or been combined with privacy protections, sometimes to the detriment of effective cybersecurity. The chapter describes major categories of cybersecurity law, including unfair or deceptive practices legislation, breach notification laws, and data destruction laws. It also considers the new focus on critical infrastructure and information sharing, the China Cybersecurity Law, and the new challenges to data privacy and security law.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134317400","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: