Pub Date : 2021-07-01DOI: 10.4018/IJCWT.2021070105
M. Canan, Omer Ilker Poyraz, Anthony Akil
The monetary impact of mega data breaches has been a significant concern for enterprises. The study of data breach risk assessment is a necessity for organizations to have effective cybersecurity risk management. Due to the lack of available data, it is not easy to obtain a comprehensive understanding of the interactions among factors that affect the cost of mega data breaches. The Monte Carlo analysis results were used to explicate the interactions among independent variables and emerging patterns in the variation of the total data breach cost. The findings of this study are as follows: The total data breach cost varies significantly with personally identifiable information (PII) and sensitive personally identifiable information (SPII) with unique patterns. Second, SPII must be a separate independent variable. Third, the multilevel factorial interactions between SPII and the other independent variables elucidate subtle patterns in the total data breach cost variation. Fourth, class action lawsuit (CAL) categorical variables regulate the variation in the total data breach cost.
{"title":"A Monte-Carlo Analysis of Monetary Impact of Mega Data Breaches","authors":"M. Canan, Omer Ilker Poyraz, Anthony Akil","doi":"10.4018/IJCWT.2021070105","DOIUrl":"https://doi.org/10.4018/IJCWT.2021070105","url":null,"abstract":"The monetary impact of mega data breaches has been a significant concern for enterprises. The study of data breach risk assessment is a necessity for organizations to have effective cybersecurity risk management. Due to the lack of available data, it is not easy to obtain a comprehensive understanding of the interactions among factors that affect the cost of mega data breaches. The Monte Carlo analysis results were used to explicate the interactions among independent variables and emerging patterns in the variation of the total data breach cost. The findings of this study are as follows: The total data breach cost varies significantly with personally identifiable information (PII) and sensitive personally identifiable information (SPII) with unique patterns. Second, SPII must be a separate independent variable. Third, the multilevel factorial interactions between SPII and the other independent variables elucidate subtle patterns in the total data breach cost variation. Fourth, class action lawsuit (CAL) categorical variables regulate the variation in the total data breach cost.","PeriodicalId":41462,"journal":{"name":"International Journal of Cyber Warfare and Terrorism","volume":"18 1","pages":"58-81"},"PeriodicalIF":0.5,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74426265","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-07-01DOI: 10.4018/IJCWT.2021070101
Polinpapilinho F. Katina, Omer F. Keskin
This article investigates the possible benefits of complex system governance (CSG) as a foundation for enhancing cybersecurity in critical cyber-physical systems (CPS). CPS are intrinsically linked to cyberspace and vulnerable to a wide range of risks stemming from physical and cyber threats. There remains a lack of robust frameworks for addressing the issue of cybersecurity for CPS at the metasystem level. In response, the authors suggest CSG as an organizing construct capable of providing a greater degree of cohesion and as a means to provide for design, execution, and evolution of ‘metasystemic' functions necessary to provide for communication, control, and coordination, and integration is critical to the cybersecurity of CPS. In this article, CSG is introduced as a potential construct for enhancing cybersecurity in CPS. A hypothetical case study application is then provided to illustrate the potential for this research. Finally, the authors offer conclusions and suggest future research. Keywords Case Study, Complex System Governance, Cyber-Physical Systems, Management Cybernetics, Metasystem Function, Power Grid, Systems Thinking
{"title":"Complex System Governance as a Foundation for Enhancing the Cybersecurity of Cyber-Physical Systems","authors":"Polinpapilinho F. Katina, Omer F. Keskin","doi":"10.4018/IJCWT.2021070101","DOIUrl":"https://doi.org/10.4018/IJCWT.2021070101","url":null,"abstract":"This article investigates the possible benefits of complex system governance (CSG) as a foundation for enhancing cybersecurity in critical cyber-physical systems (CPS). CPS are intrinsically linked to cyberspace and vulnerable to a wide range of risks stemming from physical and cyber threats. There remains a lack of robust frameworks for addressing the issue of cybersecurity for CPS at the metasystem level. In response, the authors suggest CSG as an organizing construct capable of providing a greater degree of cohesion and as a means to provide for design, execution, and evolution of ‘metasystemic' functions necessary to provide for communication, control, and coordination, and integration is critical to the cybersecurity of CPS. In this article, CSG is introduced as a potential construct for enhancing cybersecurity in CPS. A hypothetical case study application is then provided to illustrate the potential for this research. Finally, the authors offer conclusions and suggest future research. Keywords Case Study, Complex System Governance, Cyber-Physical Systems, Management Cybernetics, Metasystem Function, Power Grid, Systems Thinking","PeriodicalId":41462,"journal":{"name":"International Journal of Cyber Warfare and Terrorism","volume":"27 1","pages":"1-14"},"PeriodicalIF":0.5,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72989939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-07-01DOI: 10.4018/IJCWT.2021070103
Yasir Gokce
Bringing externals in the critical business processes and having them assume some or all of the responsibilities associated with the critical business functions comes with information security risks whose impact, if materialized, could be disastrous for business and therefore warrants a meticulous and holistic approach for managing those risks. Compounded with the engagement of externals in the development process, risks facing a development project require robust risk management by the outsourcing organization. The organization should be able influence the security behavior of those externals and induce them to comply with certain secure development principles and practices. Delving deep into those risks brought about by suppliers, this study aims at offering a methodology in addressing the risks associated with commissioning some or all components of a would-be-developed product to externals and shows how those risks can be mitigated by controlling the security behavior of suppliers through well-tailored contractual provisions.
{"title":"Commissioning Development to Externals: Addressing Infosec Risks Upfront","authors":"Yasir Gokce","doi":"10.4018/IJCWT.2021070103","DOIUrl":"https://doi.org/10.4018/IJCWT.2021070103","url":null,"abstract":"Bringing externals in the critical business processes and having them assume some or all of the responsibilities associated with the critical business functions comes with information security risks whose impact, if materialized, could be disastrous for business and therefore warrants a meticulous and holistic approach for managing those risks. Compounded with the engagement of externals in the development process, risks facing a development project require robust risk management by the outsourcing organization. The organization should be able influence the security behavior of those externals and induce them to comply with certain secure development principles and practices. Delving deep into those risks brought about by suppliers, this study aims at offering a methodology in addressing the risks associated with commissioning some or all components of a would-be-developed product to externals and shows how those risks can be mitigated by controlling the security behavior of suppliers through well-tailored contractual provisions.","PeriodicalId":41462,"journal":{"name":"International Journal of Cyber Warfare and Terrorism","volume":"12 1","pages":"30-40"},"PeriodicalIF":0.5,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75561334","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-07-01DOI: 10.4018/IJCWT.2021070102
X. Palmer, Lucas Potter, Saltuk Karahan
The evolving nature of warfare has been changing with cybersecurity and the use of advanced biotechnology in each aspect of the society is expanding and overlapping with the cyberworld. This intersection, which has been described as “biocybersecurity” (BCS), can become a major front of the 21st-century conflicts. There are three lines of BCS which make it a critical component of overall cybersecurity: (1) cyber operations within the area of BCS have life threatening consequences to a greater extent than other cyber operations, (2) the breach in health-related personal data is a significant tool for fatal attacks, and (3) health-related misinformation campaigns as a component of BCS can cause significant damage compared to other misinformation campaigns. Based on the observation that rather than initiating the necessary cooperation COVID-19 helped exacerbate the existing conflicts, the authors suggest that BCS needs to be considered as an essential component of the cyber doctrine, within the Defending Forward framework. The findings are expected to help future cyber policy developments.
{"title":"COVID-19 and Biocybersecurity's Increasing Role on Defending Forward","authors":"X. Palmer, Lucas Potter, Saltuk Karahan","doi":"10.4018/IJCWT.2021070102","DOIUrl":"https://doi.org/10.4018/IJCWT.2021070102","url":null,"abstract":"The evolving nature of warfare has been changing with cybersecurity and the use of advanced biotechnology in each aspect of the society is expanding and overlapping with the cyberworld. This intersection, which has been described as “biocybersecurity” (BCS), can become a major front of the 21st-century conflicts. There are three lines of BCS which make it a critical component of overall cybersecurity: (1) cyber operations within the area of BCS have life threatening consequences to a greater extent than other cyber operations, (2) the breach in health-related personal data is a significant tool for fatal attacks, and (3) health-related misinformation campaigns as a component of BCS can cause significant damage compared to other misinformation campaigns. Based on the observation that rather than initiating the necessary cooperation COVID-19 helped exacerbate the existing conflicts, the authors suggest that BCS needs to be considered as an essential component of the cyber doctrine, within the Defending Forward framework. The findings are expected to help future cyber policy developments.","PeriodicalId":41462,"journal":{"name":"International Journal of Cyber Warfare and Terrorism","volume":"24 1","pages":"15-29"},"PeriodicalIF":0.5,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73901889","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-07-01DOI: 10.4018/IJCWT.2021070104
C. Pinto, Matthew Zurasky, Fatine Elakramine, Safae El Amrani, Ra'ed M. Jaradat, Chad S. Kerr, Vidanelage L. Dayarathna
A recent cyberweapons effectiveness methodology clearly provides a parallel but distinct process from that of kinetic weapons – both for defense and offense purposes. This methodology promotes consistency and improves cyberweapon system evaluation accuracy – for both offensive and defensive postures. However, integrating this cyberweapons effectiveness methodology into the design phase and operations phase of weapons systems development is still a challenge. The paper explores several systems engineering modeling techniques (e.g., SysML) and how they can be leveraged towards an enhanced effectiveness methodology. It highlights how failure mode analyses (e.g., FMEA) can facilitate cyber damage determination and target assessment, how block and parametric diagraming techniques can facilitate characterizing cyberweapons and eventually assess the effectiveness of such weapons and conversely assess vulnerabilities of systems to certain types of cyberweapons.
{"title":"Enhancing Cyberweapon Effectiveness Methodology With SE Modeling Techniques: Both for Offense and Defense","authors":"C. Pinto, Matthew Zurasky, Fatine Elakramine, Safae El Amrani, Ra'ed M. Jaradat, Chad S. Kerr, Vidanelage L. Dayarathna","doi":"10.4018/IJCWT.2021070104","DOIUrl":"https://doi.org/10.4018/IJCWT.2021070104","url":null,"abstract":"A recent cyberweapons effectiveness methodology clearly provides a parallel but distinct process from that of kinetic weapons – both for defense and offense purposes. This methodology promotes consistency and improves cyberweapon system evaluation accuracy – for both offensive and defensive postures. However, integrating this cyberweapons effectiveness methodology into the design phase and operations phase of weapons systems development is still a challenge. The paper explores several systems engineering modeling techniques (e.g., SysML) and how they can be leveraged towards an enhanced effectiveness methodology. It highlights how failure mode analyses (e.g., FMEA) can facilitate cyber damage determination and target assessment, how block and parametric diagraming techniques can facilitate characterizing cyberweapons and eventually assess the effectiveness of such weapons and conversely assess vulnerabilities of systems to certain types of cyberweapons.","PeriodicalId":41462,"journal":{"name":"International Journal of Cyber Warfare and Terrorism","volume":"11 1","pages":"41-57"},"PeriodicalIF":0.5,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85202977","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-04-01DOI: 10.4018/IJCWT.2021040105
Shadi A. Alshdaifat, Sanford R. Silverburg
Benefiting from the progress of technology, terrorism poses a major threat to international peace and security. Terrorist acts might move to other forms and are the culmination of processes that often begin with radicalization, the formation of extremist views, and acceptance of violence as a means through which to attempt change. As with other types of offenses, there is no internationally agreed upon definition of terrorism, but several conducts are universally accepted as expressions thereof. Terrorist-related offenses include the use of violence for political purposes, such as the hijacking of aircraft, targeting of marine vessels, the use of chemical or nuclear weapons against civilians, kidnapping, and other forms of targeting civilians. Terrorism itself is not a new phenomenon, yet the early 21st century is being shaped by a more intense focus on the issue and an increased awareness of terrorist acts and groups. If terrorism in outer space became a reality, then the cause is not different from other forms of terrorism in that violent extremism is often driven by feelings of isolation and exclusion, as well as fear and ignorance. To strengthen a sustainable solution, responses to violent extremism must be implemented in a framework respectful of human rights and the rule of law; otherwise, the exclusion is exacerbated, and the international community will witness another form of chaos.
{"title":"Can Terrorism Mold Itself to Outer Space?: An International Legal Perspective","authors":"Shadi A. Alshdaifat, Sanford R. Silverburg","doi":"10.4018/IJCWT.2021040105","DOIUrl":"https://doi.org/10.4018/IJCWT.2021040105","url":null,"abstract":"Benefiting from the progress of technology, terrorism poses a major threat to international peace and security. Terrorist acts might move to other forms and are the culmination of processes that often begin with radicalization, the formation of extremist views, and acceptance of violence as a means through which to attempt change. As with other types of offenses, there is no internationally agreed upon definition of terrorism, but several conducts are universally accepted as expressions thereof. Terrorist-related offenses include the use of violence for political purposes, such as the hijacking of aircraft, targeting of marine vessels, the use of chemical or nuclear weapons against civilians, kidnapping, and other forms of targeting civilians. Terrorism itself is not a new phenomenon, yet the early 21st century is being shaped by a more intense focus on the issue and an increased awareness of terrorist acts and groups. If terrorism in outer space became a reality, then the cause is not different from other forms of terrorism in that violent extremism is often driven by feelings of isolation and exclusion, as well as fear and ignorance. To strengthen a sustainable solution, responses to violent extremism must be implemented in a framework respectful of human rights and the rule of law; otherwise, the exclusion is exacerbated, and the international community will witness another form of chaos.","PeriodicalId":41462,"journal":{"name":"International Journal of Cyber Warfare and Terrorism","volume":"1 1","pages":"56-75"},"PeriodicalIF":0.5,"publicationDate":"2021-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89738233","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-04-01DOI: 10.4018/IJCWT.2021040102
Loo Seng Neo
This study involved the creation of factors and indicators that can detect radicalization in social media posts. A concurrent approach of an expert knowledge acquisition process (modified Delphi technique) and literature review was utilized. Seven Singapore subject-matter experts in the field of terrorism evaluated factors that were collated from six terrorism risk assessment tools (ERG 22+, IVP, TRAP-18, MLG, VERA-2, and Cyber-VERA). They identify those that are of most considerable relevance for detecting radicalization in social media posts. A parallel literature review on online radicalization was conducted to complement the findings from the expert panel. In doing so, 12 factors and their 42 observable indicators were derived. These factors and indicators have the potential to guide the development of cyber-focused screening tools to detect radicalization in social media posts.
{"title":"Detecting Markers of Radicalisation in Social Media Posts: Insights From Modified Delphi Technique and Literature Review","authors":"Loo Seng Neo","doi":"10.4018/IJCWT.2021040102","DOIUrl":"https://doi.org/10.4018/IJCWT.2021040102","url":null,"abstract":"This study involved the creation of factors and indicators that can detect radicalization in social media posts. A concurrent approach of an expert knowledge acquisition process (modified Delphi technique) and literature review was utilized. Seven Singapore subject-matter experts in the field of terrorism evaluated factors that were collated from six terrorism risk assessment tools (ERG 22+, IVP, TRAP-18, MLG, VERA-2, and Cyber-VERA). They identify those that are of most considerable relevance for detecting radicalization in social media posts. A parallel literature review on online radicalization was conducted to complement the findings from the expert panel. In doing so, 12 factors and their 42 observable indicators were derived. These factors and indicators have the potential to guide the development of cyber-focused screening tools to detect radicalization in social media posts.","PeriodicalId":41462,"journal":{"name":"International Journal of Cyber Warfare and Terrorism","volume":"89 1","pages":"12-28"},"PeriodicalIF":0.5,"publicationDate":"2021-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82197529","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-04-01DOI: 10.4018/IJCWT.2021040103
Chuck Easttom, William Butler
Cyber conflict is a factor in modern politics. There is often a synergy between historical political issues and current cyber conflicts. Saudi Arabia and Iran have a long-standing mutual animosity that is now being expressed via cyber operations. This study provides a context for current cyber conflicts between the Kingdom of Saudi Arabia and Iran. The political history of both countries is briefly explored. Then specific cyber incidents are examined within that existing political conflict. The current state of affairs between Saudi Arabia and Iran can best be described as a cyber cold war. This study provides both current cyber incidents as well as the political and historical context in which these incidents occur. The history of the modern states of Iran and Saudi Arabia provide a context for the political strife between the two countries.
{"title":"The Iran-Saudi Cyber Conflict","authors":"Chuck Easttom, William Butler","doi":"10.4018/IJCWT.2021040103","DOIUrl":"https://doi.org/10.4018/IJCWT.2021040103","url":null,"abstract":"Cyber conflict is a factor in modern politics. There is often a synergy between historical political issues and current cyber conflicts. Saudi Arabia and Iran have a long-standing mutual animosity that is now being expressed via cyber operations. This study provides a context for current cyber conflicts between the Kingdom of Saudi Arabia and Iran. The political history of both countries is briefly explored. Then specific cyber incidents are examined within that existing political conflict. The current state of affairs between Saudi Arabia and Iran can best be described as a cyber cold war. This study provides both current cyber incidents as well as the political and historical context in which these incidents occur. The history of the modern states of Iran and Saudi Arabia provide a context for the political strife between the two countries.","PeriodicalId":41462,"journal":{"name":"International Journal of Cyber Warfare and Terrorism","volume":"12 1","pages":"29-42"},"PeriodicalIF":0.5,"publicationDate":"2021-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85026566","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-04-01DOI: 10.4018/IJCWT.2021040101
S. Kleemann
Cyber warfare is a timely and relevant issue and one of the most controversial in international humanitarian law (IHL). The aim of IHL is to set rules and limits in terms of means and methods of warfare. In this context, a key question arises: Has digital warfare rules or limits, and if so, how are these applicable? Traditional principles, developed over a long period, are facing a new dimension of challenges due to the rise of cyber warfare. This paper argues that to overcome this new issue, it is critical that new humanity-oriented approaches is developed with regard to cyber warfare. The challenge is to establish a legal regime for cyber-attacks, successfully addressing human rights norms and standards. While clarifying this from a legal perspective, the authors can redesign the sensitive equilibrium between humanity and military necessity, weighing the humanitarian aims of IHL and the protection of civilians—in combination with international human rights law and other relevant legal regimes—in a different manner than before.
{"title":"Cyber Warfare and the \"Humanization\" of International Humanitarian Law","authors":"S. Kleemann","doi":"10.4018/IJCWT.2021040101","DOIUrl":"https://doi.org/10.4018/IJCWT.2021040101","url":null,"abstract":"Cyber warfare is a timely and relevant issue and one of the most controversial in international humanitarian law (IHL). The aim of IHL is to set rules and limits in terms of means and methods of warfare. In this context, a key question arises: Has digital warfare rules or limits, and if so, how are these applicable? Traditional principles, developed over a long period, are facing a new dimension of challenges due to the rise of cyber warfare. This paper argues that to overcome this new issue, it is critical that new humanity-oriented approaches is developed with regard to cyber warfare. The challenge is to establish a legal regime for cyber-attacks, successfully addressing human rights norms and standards. While clarifying this from a legal perspective, the authors can redesign the sensitive equilibrium between humanity and military necessity, weighing the humanitarian aims of IHL and the protection of civilians—in combination with international human rights law and other relevant legal regimes—in a different manner than before.","PeriodicalId":41462,"journal":{"name":"International Journal of Cyber Warfare and Terrorism","volume":"52 1","pages":"1-11"},"PeriodicalIF":0.5,"publicationDate":"2021-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84669447","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}