In this article, I offer an outline of the papers comprising the special issue. I also provide a brief overview of its topic, namely, the friction between cyber security measures and individual rights. I consider such a friction to be a new and exacerbated version of what Mill called ‘the struggle between liberties and authorities,’ and I claim that the struggle arises because of the involvement of public authorities in the management of the cyber sphere, for technological (...) and state power can put individual rights, such as privacy, anonymity and freedom of speech, under sharp devaluating pressure. Finally, I conclude by stressing the need to reach an ethical balance to fine-tune cyber security measures and individual rights. (shrink)

Purpose: The research explored empirical evidence to assess the impact of cyber security and supply chain risk on digital operations in the UAE pharmaceutical industry. Methodology/Design/Approach: Based on responses from 243 personnel working at 14 pharmaceutical manufacturing companies in Dubai, data were examined for normality, instrument validity and regression analysis. Cyber security and SC risk on digital operations were explored by applying convenient sampling and descriptive and analytical research design. Findings: The findings validated the significant positive (...) association between cyber security and supply chain risk with digital operations. Research implications and Limitations: The research model was developed with three variables evaluated only on the pharmaceutical industry in Dubai. Future research should focus on multiple manufacturing industries by covering a larger geographic area. Practical implications: When suppliers are highly concentrated, customer-focused organisations with uncertain levels of digital transformation could improve their ability to manage supply chain risk by diversifying their clients. Pharmaceutical firms may require a greater focus on technology-based manufacturing firms to build and maintain customer trust. Originality Value: To illustrate how the pharmaceutical industry has explored the relationship between cyber security, supply chain risk and digital operations, the research highlights the significant and convoluted consequences of the relationship model that have not been previously considered. (shrink)

Current approaches to cyber-security are not working. Rather than producing more security, we seem to be facing less and less. The reason for this is a multi-dimensional and multi-faceted security dilemma that extends beyond the state and its interaction with other states. It will be shown how the focus on the state and “its” security crowds out consideration for the security of the individual citizen, with detrimental effects on the security of the whole (...) system. The threat arising from cyberspace to (national) security is presented as possible disruption to a specific way of life, one building on information technologies and critical functions of infrastructures, with relatively little consideration for humans directly. This non-focus on people makes it easier for state actors to militarize cyber-security and (re-)assert their power in cyberspace, thereby overriding the different security needs of human beings in that space. Paradoxically, the use of cyberspace as a tool for national security, both in the dimension of war fighting and the dimension of mass-surveillance, has detrimental effects on the level of cyber-security globally. A solution out of this dilemma is a cyber-security policy that is decidedly anti-vulnerability and at the same time based on strong considerations for privacy and data protection. Such a security would have to be informed by an ethics of the infosphere that is based on the dignity of information related to human beings. (shrink)

This study explores the challenge of cyber security threats that e-commerce technology and business are facing. Technology applications for e-commerce are attracting attention from both academia and industry. It has made what was not possible before for the business community and consumers. But it did not come all alone but has brought some challenges, and cyber security challenge is one of them. Cyber security concerns have many forms, but this study focuses on social engineering, (...) denial of services, malware, and attacks on personal data. Firms worldwide spend a lot on addressing cybersecurity issues, which grow each year. However, it seems complicated to overcome the challenge because the attackers continuously search for new vulnerabilities in humans, organizations, and technology. This paper is based on the conceptual analysis of social engineering, denial of services, malware, and attacks on personal data. We argue that implementing modern technology for e-commerce and cybersecurity issues is a never-ending game of cat and mouse. To reduce risks, reliable technology is needed, training of employees and consumer is necessary for using the technology, and a strong policy and regulation is needed at the firm and governmental level. (shrink)

Internet of Things-based environments pose various challenges due to their anytime/anywhere computing, and the efficient cryptographic based key management is one of the major challenges in Internet of Things. The key management life cycle consists of initialization, key generation, key registration, key backup, key update, key recovery, and key revocation. Our contribution in this paper is to summarize the state-of-the-art key management schemes and techniques in different scenarios, such as mobile ad hoc networks, wireless sensor networks, and the Internet of (...) Things environments. Further different issues related specifically to the Internet of Things environment are discussed and the causes and effects pertaining to the security breach for Internet of Things are identified. Furthermore, in this research work, we develop a novel permutation of threshold and identity-based key management schemes for the Internet of Things environment and have proposed future directions to counteract the attacks on confidentiality, integrity, authentication, and availability of security services in the Internet of Things environment and identified the two key management schemes, that is, identity and threshold schemes for Internet of Things, to resolve Internet of Things key management issues and maximum possible security services effective implementation. We evaluate our scheme with the help of mathematical and statistical techniques. (shrink)

Large-scale data brokers collect massive amounts of highly personal consumer information to be sold to whoever will pay their price, even at the expense of sacrificing individual privacy and autonomy in the process. In this Article, I will show how a proper understanding and justification for a right to privacy, in context to both protecting private acts and safeguarding information and states of affairs for the performance of such acts, provides a necessary background framework for imposing legal restrictions on such (...) collections. This problem, which has already gained some attention in literature, now becomes even more worrisome, as government itself becomes a consumer of this information to fight off a domestic instantiation of the global Covid-19 pandemic. This Article proposes some definite ways in which the courts and Congress might limit both the private sector and the government’s use of such data to ensure individual autonomy will not be sacrificed. (shrink)

Artificial Intelligence is becoming widespread and as we continue ask ‘can we implement this’ we neglect to ask ‘should we implement this’. There are various frameworks and conceptual journeys one should take to ensure a robust AI product; context is one of the vital parts of this. AI is now expected to make decisions, from deciding who gets a credit card to cancer diagnosis. These decisions affect most, if not all, of society. As developers if we do not understand or (...) use fundamental modelling principles then we can cause real harm to society. Recently more serious effects of AI have been observed. Dehumanisation is the human reaction to overused anthropomorphism and lack of social contact caused by excessive interaction with, or addiction to, technology. This can cause humans to devalue technology and to devalue other humans. This is a contradiction of the use of ‘social robots’ and ‘chatbots’, indicating that the negative effects of this technology would outweigh any perceived positive effects. Also, within cyberspace, anthropomorphism and similar techniques based on deep philosophical principles can, and are, being used to alter the behaviour of humans. These techniques are used to manipulate human behaviours at a basic level in the human mind. As these types of techniques are becoming more widespread, it is clear that we are entering unchartered territory that holds a vast array of consequences for society. (shrink)

Prior to the year 2001, the phenomenon of Internet criminal fraud was not globally associated with Nigeria. Since then, however, the country had acquired a world-wide notoriety in criminal activities, especially financial scams, facilitated through the use of the Internet. This is not to say that computer-related crimes were alien to the country. It is, however, remarkable that the perpetration of cyber crimes involving Nigerians and traceable to Nigeria became so rampant that questions might be legitimately raised as to (...) why the problem became so pronounced from around that year. It is further remarkable that the attempt to launch Nigeria into the digital age coincided with the unprecedented rise in computer-related financial crimes in the country. In this paper, it is argued that the problem arose as a direct consequence of the lapses in the 2001 National Policy for Information Technology (NPFIT). The argument is based on an analysis of the various provisions of the Policy, with specific focus on the lack of proactive security provisions in it and in its subsequent implementation, in the wider context of global experiences of, and efforts to deal with, cyber security breaches as at the time of the formulation and implementation of the NPFIT. (shrink)

The 4th National Cyber Security Workshop organised by IEEE India Council was held in Mumbai at the sprawling Yantra Park, Thane Campus of Tata Consultancy Services on 11 & 12 November, 2016. This event follows two successful editions of the workshop in Ahmedabad and Bangalore.

The aim of this study is to analyze the information in the social media which is being produced and included into the stream by mass media in the context of digital ethics and cyber security. The principles of digital ethics includes norms that takes individual’s privacy of life into consideration. In addition to being a concept related to cyberspace, computer, and computer networks, it also includes the whole human-made activities, for this reason manipulation techniques in cyberspace appear as (...) an important cyber threat to users. As it comes to the purpose of coping with cyber threats the development of digital etic rules is essential. As a result of the violation of digital etic rules, wrong and false information is formed and individuals are misinformed. In the study, social media, which aims to bring individuals together on the basis of "being the same", has been evaluated within the scope of the culture industry concept of Adorno and Horkheimer. In this direction, content with a manipulative nature has been analyzed in the context of digital ethical principles. Then, social media threats encountered in cyberspace in general and information manipulation, in particular, are compared in the context of cybersecurity strategies implemented by states. As a result, it has been observed that the manipulative nature of information increases as it moves away from the principles of digital ethics. For this reason, it has been determined that all actors of cyberspace must be effective in order to develop and apply cyber ethics rules. (shrink)

Purpose Over the past decade, many research works in various disciplines have benefited from the endless ocean of people and their potentials as an effective problem-solving strategy and computational model. But nothing interesting is ever completely one-sided. Therefore, when it comes to leveraging people's power, as the dark side of crowdsourcing, there are some possible threats that have not been considered as should be, such as recruiting black hat crowdworkers for organizing targeted adversarial intentions. The purpose of this paper is (...) to draw more attention to this critical issue through investigation of its different aspects. Design/methodology/approach To delve into details of such malicious intentions, the related literature and previous researches have been studied. Then, four major typologies for adversarial crowdsourced attacks as well as some real-world scenarios are discussed and delineated. Finally, possible future threats are introduced. Findings Despite many works on adversarial crowdsourcing, there are only a few specific research studies devoted to considering the issue in the context of cyber security. In this regard, the proposed typologies for such human-mediated attacks can shed light on the way of identifying and confronting such threats. Originality/value To the best of the authors' knowledge, this the first work in which the titular topic is investigated in detail. Due to popularity and efficiency of leveraging crowds' intelligence and efforts in a wide range of application domains, it is most likely that adversarial human-driven intentions gain more attention. In this regard, it is anticipated that the present research study can serve as a roadmap for proposing defensive mechanisms to cope with such diverse threats. (shrink)

The presented paper focuses on the analysis of strategic documents at the level of the European Union concerning the regulation of artificial intelligence as one of the so-called disruptive technologies. In the first part of the article, we outline the basic terminology. Subsequently, we focus on the summarizing and systemizing of the key documents adopted at the EU level in terms of artificial intelligence regulation. The focus of the paper is devoted to issues of personal data protection and cyber (...) security included in these strategic documents. The final part contains recommendations for future research and evaluation of its key features. (shrink)

Big data technologies are entering the world of ageing computer systems running critical infrastructures. These innovations promise to afford rapid Internet connectivity, remote operations or predictive maintenance. As legacy critical infrastructures were traditionally disconnected from the Internet, the prospect of their modernisation necessitates an inquiry into cyber security and how it intersects with traditional engineering requirements like safety, reliability or resilience. Looking at how the adoption of big data technologies in critical infrastructures shapes understandings of risk management, we (...) focus on a specific case study from the cyber security governance: the EU Network and Information Systems Security Directive. We argue that the implementation of Network and Information Systems Security Directive is the first step in the integration of safety and security through novel risk management practices. Therefore, it is the move towards legitimising the modernisation of critical infrastructures. But we also show that security risk management practices cannot be directly transplanted from the safety realm, as cyber security is grounded in anticipation of the future adversarial behaviours rather than the history of equipment failure rates. Our analysis offers several postulates for the emerging research agenda on big data in complex engineering systems. Building on the conceptualisations of safety and security grounded in the materialist literature across Science and Technology Studies and Organisational Sociology, we call for a better understanding of the ‘making of’ technologies, standardisation processes and engineering knowledge in a quest to build safe and secure critical infrastructures. (shrink)

In spite of the acknowledged importance of professional ethics, technical students often show little enthusiasm for studying the subject. This paper considers how such engagement might be improved. Four guiding principles for promoting engagement are identified: aligning teaching content with student interests; taking a pragmatic rather than a philosophical approach to issue resolution; addressing the full complexity of real-world case studies; and covering content in a way that students find entertaining. The use of these principles is then discussed with respect (...) to the specific experience of developing and presenting a master’s module in Ethical and Legal Issues in Cyber Security at Queens University Belfast. One significant aspect of the resulting design is that it encourages students to see ethical issues in systemic terms rather than from an individual perspective, with issues emerging from a conflict between different groups with different vested interests. Case studies are used to examine how personal and business priorities create conflicts that can lead to negative press, fines and punitive legal action. The module explores the reasons why organisations may be unaware of the risks associated with their actions and how an inappropriate response to an ethical issue can significantly aggravate a situation. The module has been delivered in three successive years since 2014 and been well received on each occasion. The paper describes the design of the module and the experience of delivering it, concluding with a discussion of the effectiveness of the approach. (shrink)

The book examines the extent to which Chinese cyber and network security laws and policies act as a constraint on the emergence of Chinese entrepreneurialism and innovation. Specifically, how the contradictions and tensions between data localisation laws affect innovation in artificial intelligence. The book surveys the globalised R&D networks, and how the increasing use of open-source platforms by leading Chinese AI firms during 2017–2020, exacerbated the apparent contradiction between Network Sovereignty and Chinese innovation. The drafting of the (...) class='Hi'>Cyber Security Law did not anticipate the changing nature of globalised AI innovation. It is argued that the deliberate deployment of what the book refers to as 'fuzzy logic' in drafting the Cyber Security Law allowed regulators to subsequently interpret key terms regarding data in that Law in a fluid and flexible fashion to benefit Chinese innovation. (shrink)

This article explores the technological innovations associated with industry 4.0 and how it has altered virtually every aspect of the human life. Even though in the process of redefining technology, the insatiable and complex needs of man can be met quite considerably, there are various challenges observed with its usage by individuals, groups, business organizations and countries. Some of the consequences highlighted in this study include cyber-threat or attacks against businesses and individuals, political figures and government. Therefore the author (...) examines critical cases and problems which are not just socioeconomic but also sociopolitical. The qualitative method and NCSI Index were used to analyze the cases in this study. In addition, the solutions proposed in this study includes that top technological figures, institutions and companies in Nigeria, Russia and the US need to put their cyber differences aside, move beyond the firewall protection approach and critically assess how data breach can be massively reduced if not avoided in its entirety. (shrink)

From North Korea's recent attacks on Sony to perpetual news reports of successful hackings and criminal theft, cyber conflict has emerged as a major topic of public concern. Yet even as attacks on military, civilian, and commercial targets have escalated, there is not yet a clear set of ethical guidelines that apply to cyber warfare. Indeed, like terrorism, cyber warfare is commonly believed to be a war without rules. Given the prevalence cyber warfare, developing a practical (...) moral code for this new form of conflict is more important than ever. In Ethics and Cyber Warfare, internationally-respected ethicist George Lucas delves into the confounding realm of cyber conflict. Comparing "state-sponsored hacktivism" to the transformative impact of "irregular warfare" in conventional armed conflict, Lucas offers a critique of legal approaches to governance, and outlines a new approach to ethics and "just war" reasoning. Lucas draws upon the political philosophies of Alasdair MacIntyre, John Rawls, and Jürgen Habermas to provide a framework for understanding these newly-emerging standards for cyber conflict, and ultimately presents a professional code of ethics for a new generation of "cyber warriors." Lucas concludes with a discussion of whether preemptive self-defense efforts - such as the massive government surveillance programs revealed by Edward Snowden - can ever be justified, addressing controversial topics such as privacy, anonymity, and public trust. Well-reasoned and timely, Ethics and Cyber Warfare is a must-read for anyone with an interest in philosophy, ethics, or cybercrime. (shrink)

This book review responds to George Lucas's Ethics and Cyber Warfare: The Quest for Responsible Security in an Age of Digital Warfare, laying out the structure of the work as well as highlighting areas of strength.

Cyber attack against Critical National Infrastructure is a developing capability in state arsenals. The onset of this new instrument in national security has implications for conflict thresholds an...

Conceiving new technologies as social experiments is a means to discuss responsible deployment of technologies that may have unknown and potentially harmful side-effects. Thus far, the uncertain outcomes addressed in the paradigm of new technologies as social experiments have been mostly safety-related, meaning that potential harm is caused by the design plus accidental events in the environment. In some domains, such as cyberspace, adversarial agents may be at least as important when it comes to undesirable effects of deployed technologies. In (...) such cases, conditions for responsible experimentation may need to be implemented differently, as attackers behave strategically rather than probabilistically. In this contribution, we outline how adversarial aspects are already taken into account in technology deployment in the field of cyber security, and what the paradigm of new technologies as social experiments can learn from this. In particular, we show the importance of adversarial roles in social experiments with new technologies. (shrink)

The main purpose of the study is to determine the key aspects of the mechanisms of state management of the exchange of information about cyberattacks, cyber incidents, and information security incidents. The methodology includes a set of theoretical methods. Modern government, on the one hand, must take into account the emergence of such a new weapon as cyber, which can break various information systems, can be used in hybrid wars, influence political events, pose a threat to the (...) national security of any state. As a result of the study, key elements of the mechanisms of state management of the exchange of information about cyberattacks, cyber incidents, and information security incidents were identified. (shrink)

ABSTRACT Cybernetic attacks have been wrongly perceived as weapons of physical destruction rather than of disruption. Because modern, post‐industrial societies have become critically dependent on computer networks to function on a day‐to‐day basis, disruption of those networks could have serious social and economic consequences. In order to better protect society, policymakers will have to re‐orient their approach toward cyber security so as to emphasize the genuine cybernetic threat, which is network disruption rather than physical destruction.

In the recent years, an alarming rise in the incidence of cyber attacks has made cyber security a major concern for nations across the globe. Given the current volatile socio-political environment and the massive increase in the incidence of terrorism, it is imperative that government agencies rapidly realize the possibility of cyber space exploitation by terrorist organizations and state players to disrupt the normal way of life. The threat level of cyber terrorism has never been (...) as high as it is today, and this has created a lot of insecurity and fear. This study has focused on different aspects of cyber attacks and explored the reasons behind their increasing popularity among the terrorist organizations and state players. This study proposes an empirical model that can be used to estimate the risk levels associated with different types of cyber attacks and thereby provide a road map to conceptualize and formulate highly effective counter measures and cyber security policies. (shrink)

The use of cyber force can be as severe and disruptive as traditional armed attacks are. Cyber attacks may neither provoke physical injuries nor cause property damages and still, they can affect essential functions of today’s societies, such as governmental services, business processes or communication systems that progressively depend on information as a vital resource. Whereas several scholars claim that an international treaty, much as new forms of international cooperation, are necessary, a further challenge should be stressed: authors (...) of cyber attacks can be non-state actors, and identifying the party responsible for such a use of force, whether non-state actors or national sovereign states, is often impossible. Accordingly, several programmes on online security and national defence have been developed by sovereign states to tackle this menace and yet, the endurance of Western democracies and their aim to protect basic rights have already been tested by such programmes over the past years. The new scenarios of cyber force do not only concern the field of international law, since they may represent the main threat in the fields of national and constitutional law as well. (shrink)

Cyber technology gives states the ability to accomplish effects that once required kinetic action. These effects can now be achieved with cyber means in a manner that is covert, deniable, cheap, and technologically feasible for many governments. In some cases, cyber means are morally preferable to conventional military operations, but in other cases, cyber's unique qualities can lead to greater mischief than governments would have chanced using kinetic means. This volume addresses the applicability of traditional military (...) ethics to cyber operations, jus ad vim, the rights of the targets of cyber operations, cyber sabotage, cyber surveillance, phase zero operations, psychological operations, artificial intelligence, and algorithmic ethics. Uniquely, it includes a number of cyber incidents that do not currently exist as case studies and have not received much public attention. This volume has been designed to work as a handbook for military and security professionals involved in cyber training, teaching, and application. (shrink)

Contemporary business often encompasses or aspires towards the automated, networked production of industrial goods across transnational supply chains that have many digitalized interfaces. This allows competitive operations in time, costs, and quality, which have been widely discussed. On the downside, it entails cyber threats with significant risks for society in areas including business, environment, and health. Hence, to adequately manage these risks in the emerging digital world, there is a vital necessity to raise awareness, establish, maintain, and further develop (...) cyber-security measures to ensure an appropriate level of protection along the entire value chain and supply chain. Blockchain capabilities are introduced to improve the technical and organizational basis for secured operations in industrial networks. Its advantages are explained by a simple USB-device use case, that has often been the root cause to subsequent security incidents, especially in the Stuxnet incident. (shrink)

This paper identifies two conceptions of security in contemporary concerns over the vulnerability of computers and networks to hostile attack. One is derived from individual-focused conceptions of computer security developed in computer science and engineering. The other is informed by the concerns of national security agencies of government as well as those of corporate intellectual property owners. A comparative evaluation of these two conceptions utilizes the theoretical construct of “securitization,”developed by the Copenhagen School of International Relations.

To facilitate recruitment of conscript cyber soldiers in Sweden, the Cyber Test for Future Soldiers was developed as a complement to the existing generic enrolment test. Consisting of several parts, CTFS measures different aspects of computer-related knowledge and cognitive abilities that we believe are of particular relevance to cyber security. This article describes the evaluation regarding CTFS’s validity and reliability based on data from 62 conscripts that took the test and the 27 selected conscripts finishing the (...) training 1 year later. Reliability was predicted through internal consistency and test–retest measures. Cronbach’s alpha for CTFS ranges from 0.79 to 0.86 whereas the test–retest reliability is 0.60. Evidence regarding validity was collected based on test content and internal structure. Convergent, discriminant, and predictive evidence are also presented. Perhaps most importantly, CTFS could predict the cyber soldiers’ performance during their training and added incremental validity to I-prov 2000. When adjusted for range restriction, I-prov 2000 predicted 20% of the variation in course score, while 34% of the variance was explained when CTFS was used in conjunction with I-prov 2000. The results show that CTFS already in its first version is adding value for the Swedish Armed Forces. (shrink)

Developments in genetics, cyber-technology, nanotechnology, biotechnology, artificial intelligence, and other areas hold the promise – and the peril – of redefining what it means to be human. In addition to hedonism or a desire for self-improvement, the possibilities of these technologies plus the rational concern of falling behind a potential adversary produce a classic security dilemma. These competitive pressures among states, firms, and emerging “super-empowered individuals” encourage the development and dissemination of these technologies, and already the possibilities are (...) being explored by actors in conflict. This security dilemma, plus the nature of the technologies themselves, makes it virtually certain that attempts at regulation will fail. Instead, we should expect “arms races” of quantity and quality of improvements, complicated by differing conceptions of what improvement means. This paper explores these pressures and outcomes, as well as general consequences of the potential modification of “human nature” for global and human security. It finds that whatever forms or enhancements we possess, in a transhuman or posthuman future politics will not be transcended. Critical problems of security will continue to challenge ourselves and our descendants. (shrink)

The purpose of cognitive models is to make predictive simulations of human behaviour, but this is often done at the aggregate level. Cranford, Gonzalez, Aggarwal, Cooney, Tambe, and Lebiere show that they can automatically customize a model to a particular individual on‐the‐fly, and use it to make specific predictions about their next actions, in the context of a particular cybersecurity game.

With the development of distributed networks, the remote controllability of the distributed energy objects and the vulnerability of user-side information security protection measures make distributed energy objects extremely vulnerable to malicious control by attackers. Hence, the large-scale loads may produce abnormal operation performance, such as load casting/dropping synchronously or frequent and synchronous casting and dropping, and hence, it can threaten the security and stable operation of the distribution networks. First, we analyze the security threats faced by industrial (...) controllable load, civil controllable load, and the gains and losses of attacks on the distribution networks. Considering the factors of cyber attacks, we propose a control model and cyber attack model in active distribution networks. And, three types of attacks that the target suffered are defined on the basis of “on” and “off” modes for control. Then, the controllable load was maliciously controlled as the research object, and a suitable scenario is selected. The impact of malicious control of the controllable load on the power supply reliability and power quality of the distribution networks are simulated and analyzed, and risk consequences for different types of attacks are provided. (shrink)

System security is essential for the operation of the island microgrid. However, the system security is generally threatened due to the presence of physical uncertainties and cyber attacks. In this article, a novel sliding mode load control strategy is proposed for the microgrid to mitigate cyber attacks and physical uncertainties. Firstly, a high-order disturbance observer is designed to estimate the unmeasurable factors in the microgrid. Secondly, a HODO-based sliding mode control strategy is proposed where the estimated (...) value observed by the HODO is applied to the sliding mode surface and control law. It can better guarantee the security of the isolated microgrid. Then, the stability of the HODO-based SMC is demonstrated by Lyapunov stability theory. Finally, simulation results show that the proposed control strategy has excellent control performance. (shrink)

The implementation of cyber-physical and similar systems depends on prevailing social and economic conditions. It is here argued that, if the effect of these technologies is to be benign, the current neo-liberal economy must change to a radically more cooperative model. In this paper, economy change means a thorough change to a qualitatively different kind of economy. It is contrasted with economic change, which is the kind of minor change usually considered in mainstream discourse. The importance of language is (...) emphasised, including that of techno-optimism and that of economic conservatism. Problems of injustice, strife, and ecological overload cannot be solved by conventional growth together with technical efficiency gains. Rather, a change is advocated from economics-as-usual to a broader concept, oikonomia, which takes into account all that contributes to a good life, including what cannot be represented quantitatively. Some elements of such a broader economy are discussed. It is argued that the benefits of technology can be enhanced and the ills reduced in such an economy. This is discussed in the case of cyber-physical systems under the headings employment, security, standards and oligopoly, and energy efficiency. The paper concludes that such systems, and similar technological developments, cannot resolve the problems of sustainability within an economy-as-usual model. If, however, there is the will to create a cooperative and sustainable economy, technology can contribute significantly to the resolution of present problems. (shrink)

This work is an initial step toward developing a cognitive theory of cyber deception. While widely studied, the psychology of deception has largely focused on physical cues of deception. Given that present‐day communication among humans is largely electronic, we focus on the cyber domain where physical cues are unavailable and for which there is less psychological research. To improve cyber defense, researchers have used signaling theory to extended algorithms developed for the optimal allocation of limited defense resources (...) by using deceptive signals to trick the human mind. However, the algorithms are designed to protect against adversaries that make perfectly rational decisions. In behavioral experiments using an abstract cybersecurity game (i.e., Insider Attack Game), we examined human decision‐making when paired against the defense algorithm. We developed an instance‐based learning (IBL) model of an attacker using the Adaptive Control of Thought‐Rational (ACT‐R) cognitive architecture to investigate how humans make decisions under deception in cyber‐attack scenarios. Our results show that the defense algorithm is more effective at reducing the probability of attack and protecting assets when using deceptive signaling, compared to no signaling, but is less effective than predicted against a perfectly rational adversary. Also, the IBL model replicates human attack decisions accurately. The IBL model shows how human decisions arise from experience, and how memory retrieval dynamics can give rise to cognitive biases, such as confirmation bias. The implications of these findings are discussed in the perspective of informing theories of deception and designing more effective signaling schemes that consider human bounded rationality. (shrink)

This research paper emphasizes the importance of NATO’s adaptation to non-traditional threats in maintaining stability and security in the changing security environment. It highlights the need for NATO allies to prioritize the development of strategies and action plans that address emerging issues such as new technologies, energy security, climate change, hybrid threats, and cyber threats. The paper suggests that in order to effectively counter these non-traditional threats, NATO must remain current with the latest technological advancements. As (...) such, the paper recommends that NATO allies develop new strategies and action plans without delay to counter these threats and ensure security. The relevance of NATO can only be ensured through its transformation and adaptation, which in turn makes its existence self-justified. (shrink)

In this opinion piece, we present a synopsis of our findings from the last 2 years concerning cyber-attacks on web-based academia. We also present some of problems that we have faced and try to resolve any misunderstandings about our work. We are academic information security specialists, not hackers. Finally, we present a brief overview of our methods for detecting cyber fraud in an attempt to present general guidelines for researchers who would like to continue our work. We (...) believe that our work is necessary for protecting the integrity of scholarly publishing against emerging cybercrime. (shrink)

Coordination of a power system with the phasor measurement devices in real time on the load and generation sides is carried out within the context of smart grid studies. Power systems equipped with information systems in a smart grid pace with external security threats. Developing a smart grid which can resist against cyber threats is considered indispensable for the uninterrupted operation. In this study, a two-way secure communication methodology underpinned by a chaos-based encryption algorithm for PMU devices is (...) proposed. The proposed system uses the IEEE-14 busbar system on which the optimum PMU placement has been installed. The proposed hyperchaotic system-based encryption method is applied as a new security methodology among PMU devices. The success of results is evaluated by the completeness of data exchange, durations, the complexity of encryption-decryption processes, and strength of cryptography using a microcomputer-based implementation. The results show that the proposed microcomputer-based encryption algorithms can be directly embedded as encryption hardware units into PMU and PDC devices which have very fast signal processing capabilities taking into considerations the acceptable delay time for power system protection and measuring applications and quality metering applications which is 2 ms and 10 ms, respectively. While proposed algorithms can be used in TCP or UDP over IP-based IEEE C37.118, IEC 61850, and IEC 61850-90-5 communication frameworks, they can also be embedded into electronic cards, smartcards, or smart tokens which are utilized for authentication among smart grid components. (shrink)

Due to the complexity and versatility of network security alarm data, a cloud-based network security data extraction method is proposed to address the inability to effectively understand the network security situation. The information properties of the situation are generated by creating a set of spatial characteristics classification of network security knowledge, which is then used to analyze and optimize the processing of hybrid network security situation information using cloud computing technology and co-filtering technology. Knowledge and (...) information about the security situation of a hybrid network has been analyzed using cloud computing strategy. The simulation results show that a cyber security crash occurs in window 20, after which the protection index drops to window 500. The increase in the security index of 500 windows is consistent with the effectiveness of the concept of this document method, indicating that this document method can sense changes in the network security situation. Starting from the first attacked window, the defense index began to decrease. In order to simulate the added network defense, the network security events in the 295th time window were reduced in the original data, and the defense index increased significantly in the corresponding time period, which is consistent with the method perception results, which further verifies the effectiveness and reliability of this method on the network security event perception. This method provides high-precision knowledge of network security situations and improves the security and stability of cloud-based networks. (shrink)

In recent years, the network has become more complex, and the attacker’s ability to attack is gradually increasing. How to properly understand the network security situation and improve network security has become a very important issue. In order to study the method of extracting information about the security situation of the network based on cloud computing, we recommend the technology of knowledge of the network security situation based on the data extraction technology. It converts each received (...) cyber security event into a standard format that can be defined as multiple brochures, creating a general framework for the cyber security situation. According to the large nature of network security situation data, the Hadoop platform is used to extract aggregation rules, and perform model extraction, pattern analysis, and learning on a network security event dataset to complete network security situation rule mining, and establish a framework for assessing the state of network security. According to the results of the federal rule extraction, the level of network node security risk is obtained in combination with signal reliability, signal severity, resource impact, node protection level, and signal recovery factor. A simulation test is performed to obtain the intrusion index according to the source address of the network security alarm. Through the relevant experiments and analysis of the results, the attack characteristics obtained in this study were obtained after manually reducing the network security event in the 295 h window. The results show that after the security event is canceled, the corresponding window attack index decreases to 0, indicating that this method can effectively implement a network security situation awareness. The proposed technique allows you to accurately sense changes in network security conditions. (shrink)

In the last period, especially during the COVID-19 pandemics, individuals as well as institutions globally and in North Macedonia particularly, have failed to correctly respond to the new challenges related to cyber security, online attacks, and fake news. Being that in a state of isolation and quarantine most governmental institutions have heavily relied on online tools to communicate among each other and with the public, it is quite evident that they have not been well prepared to adopt new (...) technologies. This paper aims to bridge together the needs for technology during the COVID-19 pandemics versus the security challenges that many forget to mention. The primary focus of this paper is to elaborate on the security challenges associated with technology with several examples from incidents around the world and from North Macedonia. As such, it represents a perspective paper with focus on current and emerging advances on IT security for running the “new normal” world. (shrink)

This study explored the global cyberspace security issues, with the purpose of breaking the stereotype of people’s cognition of cyberspace problems, which reflects the relationship between interdependence and association. Based on the Apriori algorithm in association rules, a total of 181 strong rules were mined from 40 target websites and 56,096 web pages were associated with global cyberspace security. Moreover, this study analyzed support, confidence, promotion, leverage, and reliability to achieve comprehensive coverage of data. A total of 15,661 (...) sites mentioned cyberspace security-related words from the total sample of 22,493 professional websites, accounting for 69.6%, while only 735 sites mentioned cyberspace security-related words from the total sample of 33,603 non-professional sites, accounting for 2%. Due to restrictions of language, the number of samples of target professional websites and non-target websites is limited. Meanwhile, the number of selections of strong rules is not satisfactory. Nowadays, the cores of global cyberspace security issues include internet sovereignty, cyberspace security, cyber attack, cyber crime, data leakage, and data protection. (shrink)