Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.4
T. Stevens, Camino Kavanagh
This chapter provides a conceptual and analytical framework for the understanding of ‘cyber power’ in the theory and practice of international relations. Cyber power is the product of relationships between actors, rather than a material quantity that can be possessed and converted into strategic outcomes. This chapter identifies four forms of cyber power that arise from different configurations of state and non-state actors: compulsory, institutional, structural, and productive. Analysis of national cyber strategies shows how states develop, leverage, and exploit their relationships with the actors and structures of the international system to generate cyber power in pursuit of their strategic objectives. Cyber power should therefore be understood as a multiplicity of forms of power in and through cyberspace, not as a singular concept or practice. Moreover, cyber power should be framed within broader conceptualizations of power, rather than treated as somehow distinct and discrete.
{"title":"Cyber Power in International Relations","authors":"T. Stevens, Camino Kavanagh","doi":"10.1093/oxfordhb/9780198800682.013.4","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.4","url":null,"abstract":"This chapter provides a conceptual and analytical framework for the understanding of ‘cyber power’ in the theory and practice of international relations. Cyber power is the product of relationships between actors, rather than a material quantity that can be possessed and converted into strategic outcomes. This chapter identifies four forms of cyber power that arise from different configurations of state and non-state actors: compulsory, institutional, structural, and productive. Analysis of national cyber strategies shows how states develop, leverage, and exploit their relationships with the actors and structures of the international system to generate cyber power in pursuit of their strategic objectives. Cyber power should therefore be understood as a multiplicity of forms of power in and through cyberspace, not as a singular concept or practice. Moreover, cyber power should be framed within broader conceptualizations of power, rather than treated as somehow distinct and discrete.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123973191","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.26
David Mussington
Critical infrastructure cybersecurity has risen to the forefront of national policy in much of the world. These systems use information and communications technologies (ICTs) to deliver key services and opportunities central to participation in the digital economy. Not only are critical national infrastructures (CNIs) of importance to the health and well-being of citizens, they also contribute to the economic, military, and political functioning of modern societies. Targeting of these systems by cyber actors has become a commonplace concern for both experts and policymakers. This chapter addresses the state of these efforts, and their utility for defining new norms of state interaction that constrain escalation and instability in international security.
{"title":"Securing the Critical National Infrastructure","authors":"David Mussington","doi":"10.1093/oxfordhb/9780198800682.013.26","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.26","url":null,"abstract":"Critical infrastructure cybersecurity has risen to the forefront of national policy in much of the world. These systems use information and communications technologies (ICTs) to deliver key services and opportunities central to participation in the digital economy. Not only are critical national infrastructures (CNIs) of importance to the health and well-being of citizens, they also contribute to the economic, military, and political functioning of modern societies. Targeting of these systems by cyber actors has become a commonplace concern for both experts and policymakers. This chapter addresses the state of these efforts, and their utility for defining new norms of state interaction that constrain escalation and instability in international security.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"229 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115086986","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.8
A. Corbeil, Rafal Rohozinski
The Internet and social media platforms are disrupting societies and politics on a global level. While these technologies have had immense benefit, facilitating individual empowerment and establishing the data economy, they have also helped to mainstream terrorism, hate, and anti-democratic beliefs. These forces will continue to disrupt traditional democratic politics and contribute to the breakdown of societal cohesion. Regulations that ensure the protection of fundamental rights and freedoms are now a necessary element in the establishment of a new social contract for the digital age. Stakeholders must work to reimpose gatekeeper functions that the Internet has swept away, in turn limiting the ability of dangerous marginal views to influence the mainstream. However, in doing so, these same stakeholders must ensure that their efforts do not result in an Orwellian future that leaves citizens less secure and less empowered.
{"title":"Managing Risk","authors":"A. Corbeil, Rafal Rohozinski","doi":"10.1093/oxfordhb/9780198800682.013.8","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.8","url":null,"abstract":"The Internet and social media platforms are disrupting societies and politics on a global level. While these technologies have had immense benefit, facilitating individual empowerment and establishing the data economy, they have also helped to mainstream terrorism, hate, and anti-democratic beliefs. These forces will continue to disrupt traditional democratic politics and contribute to the breakdown of societal cohesion. Regulations that ensure the protection of fundamental rights and freedoms are now a necessary element in the establishment of a new social contract for the digital age. Stakeholders must work to reimpose gatekeeper functions that the Internet has swept away, in turn limiting the ability of dangerous marginal views to influence the mainstream. However, in doing so, these same stakeholders must ensure that their efforts do not result in an Orwellian future that leaves citizens less secure and less empowered.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"34 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116491740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.14
B. Buchanan
The notion of cyberwar has held a central place in technology and security scholarship for several decades. With the continued aggression of modern government hacking operations, cyberwar has again emerged as a popular frame. This chapter shows how the present reality, though, has strayed far from the original concept and how a closer examination of state activities suggests a scope for hacking that is different and more limited than many expected. Drawing on case studies, this chapter shows how virtually all hacking activities fall short of war. They are instead variants of espionage, sabotage, and subversion. This refined framing offers important implications for deterrence, coercion, and operational practice.
{"title":"Cyberwar Redux","authors":"B. Buchanan","doi":"10.1093/oxfordhb/9780198800682.013.14","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.14","url":null,"abstract":"The notion of cyberwar has held a central place in technology and security scholarship for several decades. With the continued aggression of modern government hacking operations, cyberwar has again emerged as a popular frame. This chapter shows how the present reality, though, has strayed far from the original concept and how a closer examination of state activities suggests a scope for hacking that is different and more limited than many expected. Drawing on case studies, this chapter shows how virtually all hacking activities fall short of war. They are instead variants of espionage, sabotage, and subversion. This refined framing offers important implications for deterrence, coercion, and operational practice.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131749902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.21
M. Steinmetz
Discussion of the insider threat gains more attention every day. Much of the debate concerns the dysfunctional actions and behaviours of the malicious insider, whose ability to cause harm commands headlines on a regular basis. Technological strides have been made to identify the behaviours that could locate the malicious insider threat and even predict the likelihood of such behaviours before they take place. This chapter addresses areas beyond those frequently explored when discussing the methods and means of discovering dysfunctional behaviour by examining the entire workforce and the factors affecting the entire workplace environment. Are there opportunities where leadership could better measure and shape the work environment, thereby creating a different work environment for employees? What happens when companies fail to utilize every metric available and every opportunity to shape the work environment? Are there opportunities not just to identify the malicious insider threat but to create measurable insider advocacy?
{"title":"The ‘Insider Threat’ and the ‘Insider Advocate’","authors":"M. Steinmetz","doi":"10.1093/oxfordhb/9780198800682.013.21","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.21","url":null,"abstract":"Discussion of the insider threat gains more attention every day. Much of the debate concerns the dysfunctional actions and behaviours of the malicious insider, whose ability to cause harm commands headlines on a regular basis. Technological strides have been made to identify the behaviours that could locate the malicious insider threat and even predict the likelihood of such behaviours before they take place. This chapter addresses areas beyond those frequently explored when discussing the methods and means of discovering dysfunctional behaviour by examining the entire workforce and the factors affecting the entire workplace environment. Are there opportunities where leadership could better measure and shape the work environment, thereby creating a different work environment for employees? What happens when companies fail to utilize every metric available and every opportunity to shape the work environment? Are there opportunities not just to identify the malicious insider threat but to create measurable insider advocacy?","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129017416","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.22
D. Clemente
This chapter examines the basics of personal cybersecurity and good ‘cyber hygiene’. It analyses the trade-offs inherent in cybersecurity, looks at methods of conducting a risk assessment, and reveals the potential impacts of poor security choices. It offers a range of practical security recommendations applicable to informed readers who may not be subject matter experts, and who wish to manage their personal cyber risks more effectively.
{"title":"Personal Protection","authors":"D. Clemente","doi":"10.1093/oxfordhb/9780198800682.013.22","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.22","url":null,"abstract":"This chapter examines the basics of personal cybersecurity and good ‘cyber hygiene’. It analyses the trade-offs inherent in cybersecurity, looks at methods of conducting a risk assessment, and reveals the potential impacts of poor security choices. It offers a range of practical security recommendations applicable to informed readers who may not be subject matter experts, and who wish to manage their personal cyber risks more effectively.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124444945","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.30
Elaine Korzak
This chapter focuses on two trade mechanisms and their role in pursuing the policy imperatives of promoting international trade in information and communication technologies (ICTs) while seeking to mitigate cybersecurity risks. The first mechanism, international standard setting and certification efforts, aims to facilitate international trade by providing benchmarks and assurances for security features. In contrast, the second mechanism, international export controls, explicitly seeks to restrict the trade in certain ICT goods for national and international security purposes. The chapter begins by introducing the concepts of standards and certification, and surveying the landscape of cybersecurity standard setting before providing a discussion of the major intergovernmental certification scheme, the Common Criteria Recognition Arrangement. It then looks at the Wassenaar Arrangement and examines its recent experience in bringing two types of technologies, intellectual property (IP) surveillance systems and intrusion software, under the purview of export controls.
{"title":"Cybersecurity, Multilateral Export Control, and Standard Setting Arrangements","authors":"Elaine Korzak","doi":"10.1093/oxfordhb/9780198800682.013.30","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.30","url":null,"abstract":"This chapter focuses on two trade mechanisms and their role in pursuing the policy imperatives of promoting international trade in information and communication technologies (ICTs) while seeking to mitigate cybersecurity risks. The first mechanism, international standard setting and certification efforts, aims to facilitate international trade by providing benchmarks and assurances for security features. In contrast, the second mechanism, international export controls, explicitly seeks to restrict the trade in certain ICT goods for national and international security purposes. The chapter begins by introducing the concepts of standards and certification, and surveying the landscape of cybersecurity standard setting before providing a discussion of the major intergovernmental certification scheme, the Common Criteria Recognition Arrangement. It then looks at the Wassenaar Arrangement and examines its recent experience in bringing two types of technologies, intellectual property (IP) surveillance systems and intrusion software, under the purview of export controls.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"526 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130240077","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.39
José Eduardo M. S. Brandão
This chapter demonstrates how the elements of a cybersecurity incident can be analysed systematically, and suggests an alternative way to mitigate the causes and consequences of such incidents. Cybersecurity incidents can be explained in terms of a sequence of elements linking the attacking agents to their objectives: the attacking agent uses tools to exploit vulnerabilities, causing actions on a specific target to obtain unauthorized results, achieving their objectives. Cyber security can be improved by stopping the flow of the attack by mitigating one or more elements that make up the process. Unfortunately, most of these elements have characteristics that limit the opportunities for mitigation. The least difficult element to mitigate is vulnerability. The current model of vulnerability mitigation has behaved for the corporate environment, which can pay for specialized tools and consulting. This is an excellent business model but inaccessible to the public. A new model is necessary to prevent cybersecurity incidents on a broader, more inclusive level. The main proposal for vulnerability mitigation is multisector cooperation to create an independent, trustworthy, and secure vulnerability database, based on a new vulnerability report protocol developed in accordance with researchers, companies, governments, and society. However, this proposal creates some social, political, and technical challenges.
{"title":"Toward a Vulnerability Mitigation Model","authors":"José Eduardo M. S. Brandão","doi":"10.1093/oxfordhb/9780198800682.013.39","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.39","url":null,"abstract":"This chapter demonstrates how the elements of a cybersecurity incident can be analysed systematically, and suggests an alternative way to mitigate the causes and consequences of such incidents. Cybersecurity incidents can be explained in terms of a sequence of elements linking the attacking agents to their objectives: the attacking agent uses tools to exploit vulnerabilities, causing actions on a specific target to obtain unauthorized results, achieving their objectives. Cyber security can be improved by stopping the flow of the attack by mitigating one or more elements that make up the process. Unfortunately, most of these elements have characteristics that limit the opportunities for mitigation. The least difficult element to mitigate is vulnerability. The current model of vulnerability mitigation has behaved for the corporate environment, which can pay for specialized tools and consulting. This is an excellent business model but inaccessible to the public. A new model is necessary to prevent cybersecurity incidents on a broader, more inclusive level. The main proposal for vulnerability mitigation is multisector cooperation to create an independent, trustworthy, and secure vulnerability database, based on a new vulnerability report protocol developed in accordance with researchers, companies, governments, and society. However, this proposal creates some social, political, and technical challenges.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125553267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.9
Sandro Gaycken
This chapter explains tactical offensive cyberoperations to derive a precise definition of cyberweapons. The definition will be used to explore implementable options for cyber arms control and functional cyber norms, it will help to delineate important research gaps and red lines and to identify novel options for an application of international humanitarian law to strategic cyberwarfare, such as an application of the human shield rule to ban commercial information technology from military units.
{"title":"Cyberweapons","authors":"Sandro Gaycken","doi":"10.1093/oxfordhb/9780198800682.013.9","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.9","url":null,"abstract":"This chapter explains tactical offensive cyberoperations to derive a precise definition of cyberweapons. The definition will be used to explore implementable options for cyber arms control and functional cyber norms, it will help to delineate important research gaps and red lines and to identify novel options for an application of international humanitarian law to strategic cyberwarfare, such as an application of the human shield rule to ban commercial information technology from military units.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122285119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1093/oxfordhb/9780198800682.013.36
Melissa Hathaway
In recent years, countries have become increasingly concerned about the immediate and future threats to their critical services and infrastructures that could result from the misuse of information and communications technologies (ICTs). As such, countries have placed the development of normative standards guiding state behaviour in cyberspace at the top of their foreign policy agendas. Yet, despite broad international consensus regarding the basic principles to limit the misuse of ICTs in the digital age and to constrain state behaviour, the key tenets have been consistently violated. All evidence suggests that states are not following their own doctrines of restraint, and that each disruptive and destructive attack further destabilizes our future. States have turned a blind eye and have shirked their responsibility for curbing or halting cyberattacks originating from their own territories. Disruption or damage (or both) of critical infrastructures that provide services to the public has become customary practice—the ‘new normal’. And this intentional misuse of ICTs against critical infrastructures and services has great potential to lead to misperception, escalation, and even conflict. This chapter offers five standards of care that can be used to ‘test’ individual states’ true commitment to the international norms of behaviour. Only with a concerted and coordinated effort across the global community will it be possible to change the new normal of ‘anything goes’ and move forward to ensure the future safety and security of the Internet and Internet-based infrastructures.
{"title":"Getting Beyond Norms","authors":"Melissa Hathaway","doi":"10.1093/oxfordhb/9780198800682.013.36","DOIUrl":"https://doi.org/10.1093/oxfordhb/9780198800682.013.36","url":null,"abstract":"In recent years, countries have become increasingly concerned about the immediate and future threats to their critical services and infrastructures that could result from the misuse of information and communications technologies (ICTs). As such, countries have placed the development of normative standards guiding state behaviour in cyberspace at the top of their foreign policy agendas. Yet, despite broad international consensus regarding the basic principles to limit the misuse of ICTs in the digital age and to constrain state behaviour, the key tenets have been consistently violated. All evidence suggests that states are not following their own doctrines of restraint, and that each disruptive and destructive attack further destabilizes our future. States have turned a blind eye and have shirked their responsibility for curbing or halting cyberattacks originating from their own territories. Disruption or damage (or both) of critical infrastructures that provide services to the public has become customary practice—the ‘new normal’. And this intentional misuse of ICTs against critical infrastructures and services has great potential to lead to misperception, escalation, and even conflict. This chapter offers five standards of care that can be used to ‘test’ individual states’ true commitment to the international norms of behaviour. Only with a concerted and coordinated effort across the global community will it be possible to change the new normal of ‘anything goes’ and move forward to ensure the future safety and security of the Internet and Internet-based infrastructures.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121682238","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: