Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.31
D. Fidler
As private-sector enterprises became dependent on Internet-enabled technologies, cybersecurity threats developed into serious problems in international political economy. This chapter analyses how states use international organizations to address these threats. The chapter explains why international organizations were not prominent in the Internet’s emergence and impact on transnational trade and investment. It examines the main threats companies face, including cybercrime, economic cyber espionage, government surveillance and hacking, innovation in digital technologies, and poor corporate cyber defences. International organizations have been most involved in fighting cybercrime, but these efforts have not been successful. International organizations do not play significant roles in countering other cybersecurity threats in global commerce. The chapter argues that international organizations are unlikely to become more important in the future because geopolitics and shifts in domestic politics in democracies will make collective action on cybersecurity in global commerce more difficult.
{"title":"Cybersecurity, Global Commerce, and International Organizations","authors":"D. Fidler","doi":"10.1093/oxfordhb/9780198800682.013.31","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.31","url":null,"abstract":"As private-sector enterprises became dependent on Internet-enabled technologies, cybersecurity threats developed into serious problems in international political economy. This chapter analyses how states use international organizations to address these threats. The chapter explains why international organizations were not prominent in the Internet’s emergence and impact on transnational trade and investment. It examines the main threats companies face, including cybercrime, economic cyber espionage, government surveillance and hacking, innovation in digital technologies, and poor corporate cyber defences. International organizations have been most involved in fighting cybercrime, but these efforts have not been successful. International organizations do not play significant roles in countering other cybersecurity threats in global commerce. The chapter argues that international organizations are unlikely to become more important in the future because geopolitics and shifts in domestic politics in democracies will make collective action on cybersecurity in global commerce more difficult.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"101 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128735041","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.41
A. Sukumar
This chapter explores how India has managed its external environment with a view to securing its own digital ecosystems. It highlights India’s engagement with the United States and China, the biggest players in its digital ecosystem. Both relationships reflect certain geopolitical realities, but also offer contrasting narratives. India and the United States have sought in recent years to align their views on the governance of common digital spaces, whereas New Delhi's outreach to China has been more instrumental, and largely confined to interactions with specific Chinese companies that invest in the country. Mindful, however, of Beijing's potential to expand its influence in Asian economies by supplying their digital infrastructure and applications, India has acknowledged the need to engage China at a strategic level on ‘cyber’ issues. Its high-level interactions with the United States and China could lead India to a crossroads from where it has to choose one model of standards, rules, and norms for cybersecurity and Internet governance over the other.
{"title":"Look West or Look East? India at the Crossroads of Cyberspace","authors":"A. Sukumar","doi":"10.1093/oxfordhb/9780198800682.013.41","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.41","url":null,"abstract":"This chapter explores how India has managed its external environment with a view to securing its own digital ecosystems. It highlights India’s engagement with the United States and China, the biggest players in its digital ecosystem. Both relationships reflect certain geopolitical realities, but also offer contrasting narratives. India and the United States have sought in recent years to align their views on the governance of common digital spaces, whereas New Delhi's outreach to China has been more instrumental, and largely confined to interactions with specific Chinese companies that invest in the country. Mindful, however, of Beijing's potential to expand its influence in Asian economies by supplying their digital infrastructure and applications, India has acknowledged the need to engage China at a strategic level on ‘cyber’ issues. Its high-level interactions with the United States and China could lead India to a crossroads from where it has to choose one model of standards, rules, and norms for cybersecurity and Internet governance over the other.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127958277","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.10
Florian J. Egloff
This chapter focuses on intentions and cyberterrorists. In defining cyberterrorism as the use, or threat of use, of cyberspace to deliver violence, through the disruption or destruction of digital data, the chapter captures potentially novel behaviour. It highlights the claims made by intelligence officials about terrorists’ intentions of using cyberspace. It then interrogates to what extent this matches the literature on terrorist motivations and intentions, and whether cyberspace is an attractive means for carrying out terrorist attacks. Finding that a simple cost–benefit analysis does not favour cyberspace as a means of carrying out terrorist acts, the chapter interrogates the vectors of change both on the intentions and capability side of the assessment. It closes with the analysis of a hypothetical case that would match the definition of cyberterror: a religiously inspired version of the Ashley Madison hack.
{"title":"Intentions and Cyberterrorism","authors":"Florian J. Egloff","doi":"10.1093/oxfordhb/9780198800682.013.10","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.10","url":null,"abstract":"This chapter focuses on intentions and cyberterrorists. In defining cyberterrorism as the use, or threat of use, of cyberspace to deliver violence, through the disruption or destruction of digital data, the chapter captures potentially novel behaviour. It highlights the claims made by intelligence officials about terrorists’ intentions of using cyberspace. It then interrogates to what extent this matches the literature on terrorist motivations and intentions, and whether cyberspace is an attractive means for carrying out terrorist attacks. Finding that a simple cost–benefit analysis does not favour cyberspace as a means of carrying out terrorist acts, the chapter interrogates the vectors of change both on the intentions and capability side of the assessment. It closes with the analysis of a hypothetical case that would match the definition of cyberterror: a religiously inspired version of the Ashley Madison hack.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"1048 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123146218","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.33
Nigel Inkster
This chapter assesses semi-official diplomacy in the cyber domain. It begins by describing Track 2 and Track 1.5 diplomacy. Track 2 diplomacy consists of a broad spectrum of activities ranging from academic conferences designed to address specific conflict-related diplomatic issues to much more generic people-to-people contacts designed to create a climate of greater mutual understanding. Meanwhile, Track 1.5 diplomacy seeks to leverage the strengths of both Track 1 and Track 2 diplomacy. It became clear from an early stage that the United States, Russia, and China were in a position to determine the strategic evolution of the cyber domain due to their status as global geo-political actors, their advanced cyber capabilities, their possession of nuclear weapons, and their differences in values and ideology. Russia was the first to make a move towards semi-official diplomacy. Whereas Russia has taken a leading role in international negotiations on cyber governance and cybersecurity, China has arguably become more consequential in terms of how its relationship with the United States will shape the normative culture of the cyber domain. The chapter then considers other examples of semi-official diplomacy as well as prospects for further semi-official diplomacy in the cyber domain.
{"title":"Semi-Formal Diplomacy","authors":"Nigel Inkster","doi":"10.1093/oxfordhb/9780198800682.013.33","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.33","url":null,"abstract":"This chapter assesses semi-official diplomacy in the cyber domain. It begins by describing Track 2 and Track 1.5 diplomacy. Track 2 diplomacy consists of a broad spectrum of activities ranging from academic conferences designed to address specific conflict-related diplomatic issues to much more generic people-to-people contacts designed to create a climate of greater mutual understanding. Meanwhile, Track 1.5 diplomacy seeks to leverage the strengths of both Track 1 and Track 2 diplomacy. It became clear from an early stage that the United States, Russia, and China were in a position to determine the strategic evolution of the cyber domain due to their status as global geo-political actors, their advanced cyber capabilities, their possession of nuclear weapons, and their differences in values and ideology. Russia was the first to make a move towards semi-official diplomacy. Whereas Russia has taken a leading role in international negotiations on cyber governance and cybersecurity, China has arguably become more consequential in terms of how its relationship with the United States will shape the normative culture of the cyber domain. The chapter then considers other examples of semi-official diplomacy as well as prospects for further semi-official diplomacy in the cyber domain.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127843865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.17
Nicole van der Meulen
After the discovery of the Morris Worm in November 1988, the first Computer Emergency Response Team (CERT) was established. During the following years, other CERTs or Computer Security Incident Response Teams (CSIRTs) were established in different parts of the globe. Now, three decades later, CSIRTs have become an integral part of the cyber security ecosystem. This chapter aims to provide an insight into the evolution of CSIRTs by describing their historical background, their different types and services, as well as the challenges they are encountering as the topic of cyber security becomes more pertinent and political.
{"title":"Stepping out of the Shadow","authors":"Nicole van der Meulen","doi":"10.1093/oxfordhb/9780198800682.013.17","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.17","url":null,"abstract":"After the discovery of the Morris Worm in November 1988, the first Computer Emergency Response Team (CERT) was established. During the following years, other CERTs or Computer Security Incident Response Teams (CSIRTs) were established in different parts of the globe. Now, three decades later, CSIRTs have become an integral part of the cyber security ecosystem. This chapter aims to provide an insight into the evolution of CSIRTs by describing their historical background, their different types and services, as well as the challenges they are encountering as the topic of cyber security becomes more pertinent and political.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128608051","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.59
T. Unwin
The links between cybersecurity and international development are crucially important, especially for the world’s poorest and most marginalized countries and people. Yet, they have rarely been explored in detail, and all too often international initiatives designed to support development have paid insufficient attention to cybersecurity issues. In large part, this is because the communities of expertise in the two fields are often distinct and separate, speak different languages, have different interests, and are physically located in different organizations and places. Cybersecurity tends to be the domain of computer scientists, security agencies, telecommunication ministries, the private sector, and foreign policy organizations, whereas international development is largely the field of social scientists, development specialists, aid ministries, civil society, and humanitarian organizations. This separation is true of most bilateral and multilateral donors, and, as a result technology-supported aid initiatives frequently ignore fundamentally important issues around digital security. This chapter provides an overview of the intersections between the two, why they are important, and what can be done to improve integration between them in the interests of reducing inequalities and poverty.
{"title":"‘Cybersecurity’ and ‘Development’","authors":"T. Unwin","doi":"10.1093/oxfordhb/9780198800682.013.59","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.59","url":null,"abstract":"The links between cybersecurity and international development are crucially important, especially for the world’s poorest and most marginalized countries and people. Yet, they have rarely been explored in detail, and all too often international initiatives designed to support development have paid insufficient attention to cybersecurity issues. In large part, this is because the communities of expertise in the two fields are often distinct and separate, speak different languages, have different interests, and are physically located in different organizations and places. Cybersecurity tends to be the domain of computer scientists, security agencies, telecommunication ministries, the private sector, and foreign policy organizations, whereas international development is largely the field of social scientists, development specialists, aid ministries, civil society, and humanitarian organizations. This separation is true of most bilateral and multilateral donors, and, as a result technology-supported aid initiatives frequently ignore fundamentally important issues around digital security. This chapter provides an overview of the intersections between the two, why they are important, and what can be done to improve integration between them in the interests of reducing inequalities and poverty.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116940886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.48
D. Ashenden
This chapter explores the future human and behavioural challenges that are likely to have an impact on cybersecurity. It identifies some general challenges that will need to be overcome. The first challenge will be to accept that cybersecurity practitioners are not average end users. It is important to understand cybersecurity as a social practice that is carried out in specific and variable contexts if we are to design successful behavioural and social interventions. The second challenge is to improve the levels of creativity and innovation demonstrated by cybersecurity practitioners. Finally, the third challenge is to look at how we address cybersecurity risk. Meeting these challenges will depend on developing a skill set among cybersecurity practitioners that puts soft skills on a par with technical skills, and establishes trust relationships through genuine dialogue realized through participative approaches to cybersecurity.
{"title":"The Future Human and Behavioural Challenges of Cybersecurity","authors":"D. Ashenden","doi":"10.1093/oxfordhb/9780198800682.013.48","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.48","url":null,"abstract":"This chapter explores the future human and behavioural challenges that are likely to have an impact on cybersecurity. It identifies some general challenges that will need to be overcome. The first challenge will be to accept that cybersecurity practitioners are not average end users. It is important to understand cybersecurity as a social practice that is carried out in specific and variable contexts if we are to design successful behavioural and social interventions. The second challenge is to improve the levels of creativity and innovation demonstrated by cybersecurity practitioners. Finally, the third challenge is to look at how we address cybersecurity risk. Meeting these challenges will depend on developing a skill set among cybersecurity practitioners that puts soft skills on a par with technical skills, and establishes trust relationships through genuine dialogue realized through participative approaches to cybersecurity.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125679863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.35
Tim Maurer
This chapter addresses cyber proxies and offensive cyber operations. The market of cyber force is a complex and dynamic relationship between the state and actors detached from the state that can target a third party beyond a state’s border with unprecedented ease. Only hacking, also known as ‘remote cyber operations’ in the military bureaucracy's vernacular, makes global reach possible at such low cost. Research identifies three main types of proxy relationships between a state and non-state actors: (i) delegation, (ii) orchestration, and (iii) sanctioning. How to manage effectively both proxies and the market for cyber capabilities, both tools and services to the degree they can be separated, is not only of interest for academic scholarship but also for practitioners and policymakers. While a state may face significant challenges in affecting another state’s proxy relationships, it can exercise greater control over its own relationships with cybersecurity companies, hacktivists, and those breaking the law either at home or abroad.
{"title":"States, Proxies, and (Remote) Offensive Cyber Operations","authors":"Tim Maurer","doi":"10.1093/oxfordhb/9780198800682.013.35","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.35","url":null,"abstract":"This chapter addresses cyber proxies and offensive cyber operations. The market of cyber force is a complex and dynamic relationship between the state and actors detached from the state that can target a third party beyond a state’s border with unprecedented ease. Only hacking, also known as ‘remote cyber operations’ in the military bureaucracy's vernacular, makes global reach possible at such low cost. Research identifies three main types of proxy relationships between a state and non-state actors: (i) delegation, (ii) orchestration, and (iii) sanctioning. How to manage effectively both proxies and the market for cyber capabilities, both tools and services to the degree they can be separated, is not only of interest for academic scholarship but also for practitioners and policymakers. While a state may face significant challenges in affecting another state’s proxy relationships, it can exercise greater control over its own relationships with cybersecurity companies, hacktivists, and those breaking the law either at home or abroad.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"103 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131670437","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.20
F. Cate, Rachel Dockery
This chapter discusses cybersecurity laws. Many measures employed to enhance cybersecurity pose a risk to privacy. In addition, data protection laws focus only on personally identifiable information, while cybersecurity is also concerned with securing economic data such as trade secrets and company databases, government information, and the systems that transmit and process information. As a practical matter, despite the prominence of security obligations in data protection legislation, these were often downplayed or ignored entirely until recent years. Only as cybersecurity threats became more pressing did regulators begin actively enforcing the security obligations found in most data protection laws. More recently, legislative bodies and regulators have begun adopting cybersecurity-specific obligations. However, even these have often mirrored or been combined with privacy protections, sometimes to the detriment of effective cybersecurity. The chapter describes major categories of cybersecurity law, including unfair or deceptive practices legislation, breach notification laws, and data destruction laws. It also considers the new focus on critical infrastructure and information sharing, the China Cybersecurity Law, and the new challenges to data privacy and security law.
{"title":"Data Privacy and Security Law","authors":"F. Cate, Rachel Dockery","doi":"10.1093/oxfordhb/9780198800682.013.20","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.20","url":null,"abstract":"This chapter discusses cybersecurity laws. Many measures employed to enhance cybersecurity pose a risk to privacy. In addition, data protection laws focus only on personally identifiable information, while cybersecurity is also concerned with securing economic data such as trade secrets and company databases, government information, and the systems that transmit and process information. As a practical matter, despite the prominence of security obligations in data protection legislation, these were often downplayed or ignored entirely until recent years. Only as cybersecurity threats became more pressing did regulators begin actively enforcing the security obligations found in most data protection laws. More recently, legislative bodies and regulators have begun adopting cybersecurity-specific obligations. However, even these have often mirrored or been combined with privacy protections, sometimes to the detriment of effective cybersecurity. The chapter describes major categories of cybersecurity law, including unfair or deceptive practices legislation, breach notification laws, and data destruction laws. It also considers the new focus on critical infrastructure and information sharing, the China Cybersecurity Law, and the new challenges to data privacy and security law.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134317400","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: