Ivana Cesarec

DOI: https://doi.org/10.51381/adrs.v3i1.45

2020-11-17

Annals of Disaster Risk Sciences

Abstract:States, organizations and individuals are becoming targets of both individual and state-sponsored cyber-attacks, by those who recognize the impact of disrupting security systems and effect to people and governments. The energy sector is seen as one of the main targets of cyber-attacks against critical infrastructure, but transport, public sector services, telecommunications and critical (manufacturing) industries are also very vulnerable. One of most used example of cyber-attack is the Ukraine power grid attack in 2015 that left 230,000 people without power for up to 6 hours. Another most high profile example of a cyber-attack against critical infrastructure is the Stuxnet computer virus (first used on Iranian nuclear facility) which could be adapted to attack the SCADA systems (industrial control systems) used by many critical infrastructures in Europe.Wide range of critical infrastructure sectors are reliant on industrial control systems for monitoring processes and controlling physical devices (sensors, pumps, etc.) and for that reason, physical connected devices that support industrial processes are becoming more vulnerable. Not all critical infrastructure operators in all sectors are adequately prepared to manage protection (and raise resilience) effectively across both cyber and physical environments. Additionally there are few challenges in implementation of protection measures, such as lack of collaboration between private and public sector and low levels of awareness on existence of national key legislation.From supranational aspect, in relation to this papers topic, the European Union has took first step in defense to cyber threats in 2016 with „Directive on security of network and information systems“ (NIS Directive) by prescribing member states to adopt more rigid cyber-security standards. The aim of directive is to improve the deterrent and increase the EU’s defenses and reactions to cyber attacks by expanding the cyber security capacity, increasing collaboration at an EU level and introducing measures to prevent risk and handle cyber incidents. There are lot of other „supporting tools“ for Member States countries, such as European Union Agency for Network and Information Security – ENISA (which organize regular cyber security exercises at an EU level, including a large and comprehensive exercise every two years, raising preparedness of EU states); Network of National Coordination Centers and the European Cybersecurity Industrial, Technology and Research Competence Centre; and Coordinated response to major cyber security incidents and crises (Blueprint) with aim to ensure a rapid and coordinated response to large-scale cyber attacks by setting out suitable processes within the EU.Yet, not all Member States share the same capacities for achieving the highest level of cyber-security. They need to continuously work on enhancing the capability of defense against cyber threats as increased risk to state institutions information and communication systems but also the critical infrastructure objects. In Southeast Europe there are few additional challenges – some countries even don't have designated critical infrastructures (lower level of protection; lack of „clear vision“ of criticality) and critical infrastructures are only perceived through physical prism; non-EU countries are not obligated to follow requirements of European Union and its legislation, and there are interdependencies and transboundary cross-sector effects that needs to be taken in consideration. Critical infrastructure Protection (CIP) is the primary area of action, and for some of SEE countries (like the Republic of Croatia) the implementation of cyber security provisions just complements comprehensive activities which are focused on physical protection.This paper will analyze few segments of how SEE countries cope with new security challenges and on which level are they prepared for cyber-attacks and threats: 1. Which security mechanisms they use; 2. The existing legislation (Acts, Strategies, Plan of Action, etc.) related to cyber threats in correlation with strategic critical infrastructure protection documents. Analysis will have two perspectives: from EU member states and from non-EU member states point of view. Additionally, for EU member states it will be analyzed if there were any cyber security legislation before NIS directive that meets same aims. The aim of research is to have an overall picture of efforts in region regarding cyber-security as possibility for improvement thorough cooperation, organizational measures, etc. providing also some recommendations to reduce the gap in the level of cyber-security development with other regions of EU.

Sandra Schmitz-Berndt,Pier Giorgio Chiara

DOI: https://doi.org/10.1365/s43439-022-00058-7

2022-07-20

International Cybersecurity Law Review

Abstract:Abstract With the COVID-19 pandemic accelerating digital transformation of the Single Market, the European Commission also speeded up the review of the first piece of European Union (EU)-wide cybersecurity legislation, the NIS Directive. Originally foreseen for May 2021, the Commission presented the review as early as December 2020 together with a Proposal for a NIS2 Directive. Almost in parallel, some Member States strengthened (or adopted) national laws beyond the scope of the NIS Directive to respond adequately to the fast-paced digital threat landscape. Against this backdrop, the article investigates the national interventions in the field of cybersecurity recently adopted by Italy and Germany. In order to identify similarities and divergences of the Italian and German national frameworks with the European Commission’s Proposal for a NIS2 Directive, the analysis will focus on selected aspects extrapolated from the Commission Proposal, namely: i) the enlarged scope; ii) detailed cybersecurity risk-management measures; iii) more stringent supervisory measures; and, iv) stricter enforcement requirements, including harmonised sanctions across the EU. The article concludes that the national cybersecurity legal frameworks under scrutiny already match the core of the proposed changes envisaged by the NIS2 Proposal.

Sara Ricci,Simon Parker,Jan Jerabek,Yianna Danidou,Argyro Chatzopoulou,Remi Badonnel,Imre Lendak,Vladimir Janout

DOI: https://doi.org/10.1109/te.2023.3340868

2024-01-01

IEEE Transactions on Education

Abstract:Demand for cybersecurity professionals from industry and institutions is high, driven by an increasing digitization of society and the growing range of potential targets for cyber attacks. However, despite this pressing need a significant shortfall in the number of cybersecurity experts remains and a discrepancy has emerged between the skills introduced through education and those required in professional settings. In this article, a political, economic, social, technological, legal, and environmental (PESTLE) analysis was utilized to explore the factors impacting cybersecurity education in Europe. The PESTLE analysis enabled the categorization of factors affecting cybersecurty education and skills and allowed for cybersecurity professionals to assess the relevance of the factors at a national-level and European-level. Utilizing the concept of modularity from social network analysis, the interconnectivity of factors was also considered. Finally, a European-level stakeholder survey was conducted to verify the findings. As a result of the above process, a lack of societal awareness of cybersecurity was identified as a major challenge to education, along with a lack of EU-level certification. It should be noted that significant differences between factors perceived as impacting cybersecurity education were found between countries suggesting a need for local solutions to the problem.

engineering, electrical & electronic,education, scientific disciplines

Zsolt Bederna,Zoltan Rajnai,Tamas Szadeczky

DOI: https://doi.org/10.2478/raft-2021-0020

2021-06-01

Land Forces Academy Review

Abstract:Abstract In the current social and economic processes, information and communication services play a decisive role, changing several entities’ operations. The growing dependence that has developed over the last two decades made the security needs introduced political will, which has resulted in an iterative evolution of the regulatory environment. Hence, the legal framework requires that several entities develop protection that includes controls enhancing both preventive and reactive in a risk-proportionate manner under the business value to be protected. Nevertheless, due to the nature of cybersecurity, the development of such capabilities is not the task of a single organisation but all entities involved in cyberspace, including, e.g., individuals, non-profit and for-profit organisations, public sector actors. Therefore, each involved entity should design protection capabilities in a risk-proportionate manner, which requires strategic approaches and tools and requires organisations to learn from security incidents. This paper reviews the essential formal security strategy formulation tools, applying in the Facebook’s case based on publicly available information. The analysis aims to confirm the importance of management’s attitude and support for tackling cybersecurity’s challenges.

João Reis,Paula Santo,Nuno Melão

DOI: https://doi.org/10.3390/su12176708

IF: 3.9

2020-08-19

Sustainability

Abstract:Currently, artificial intelligence (AI) is at the center of academic and public debate. However, its implications on politics remain little understood. To understand the impact of the AI phenomenon on politics of the European Union (EU), we have carried out qualitative multimethod research by performing a systematic literature review and a case study. The first method was performed according to the preferred reporting items for systematic reviews and meta-analyses (PRISMA), in order to report the state-of-the-art in the existing literature and explore the most relevant research areas. The second method contained contributions from experts in data science and AI of the Portuguese scientific community. The results showed that solutions such as intelligent decision support systems are improving the political decision-making process and impacting the Portuguese society at local, regional, and national levels. We also found that practitioners and scientists are currently shifting their interests from environmental and biological sciences to healthcare services, which is bringing new challenges in terms of protecting patient/citizen data and growing concerns about handling of critical information. Future research may focus on comparative studies with other EU States to obtain a comprehensive and holistic understanding of the AI phenomenon.

environmental sciences,environmental studies,green & sustainable science & technology

Ifeoluwa Elegbe

DOI: https://doi.org/10.37500/ijessr.2024.7211

2024-01-01

International Journal of Education and Social Science Research

Abstract:The World Economic Forum's Global Risk Report 2021 highlights cybercrime as a top global risk, necessitating robust legislation to address its evolving nature. The United States signed two cybersecurity bills into law in June 2022, aiming to enhance the federal cyber workforce and promote coordination on security issues. This paper exams a comparative cybercrime legislation across various jurisdictions, including the United States, reveals divergent approaches, with the United States adopting a decentralized model, while Germany and Singapore opt for centralized regimes. This paper highlights the need for comprehensive legal frameworks to combat cyber threats effectively, key trends and challenges in cybercrime legislation include the need for harsher sanctions, extraterritorial jurisdiction, and balancing legal principles in sentencing. Best practices and recommendations emphasize international collaboration, capacity building, public-private partnerships, technological solutions, and continuous legislative review. Future solutions emphasize the importance of rigorous monitoring and adaptable legal frameworks to address the evolving landscape of cyber threats. By understanding international laws and collaborations, policymakers can develop innovative policies to safeguard digital environments against cybercrime.

Kaspar Rosager Ludvigsen,Shishir Nagaraja

DOI: https://doi.org/10.48550/arXiv.2205.13196

2022-05-26

Abstract:Safety is becoming cybersecurity under most circumstances. This should be reflected in the Cybersecurity Resilience Act when it is proposed and agreed upon in the European Union. In this paper, we define a range of principles which this future Act should build upon, a structure and argue why it should be as broad as possible. It is based on what the cybersecurity research community for long have asked for, and on what constitutes clear hard legal rules instead of soft. Important areas such as cybersecurity should be taken seriously, by regulating it in the same way we see other types of critical infrastructure and physical structures, and be uncompromising and logical, to encompass the risks and potential for chaos which its ubiquitous nature entails. We find that principles which regulate cybersecurity systems' life-cycles in detail are needed, as is clearly stating what technology is being used, due to Kirkhoffs principle, and dismissing the idea of technosolutionism. Furthermore, carefully analysing risks is always necessary, but so is understanding when and how the systems manufacturers may fail or almost fail. We do this through the following principles: Ex ante and Ex post assessment, Safety and Security by Design, Denial of Obscurity, Dismissal of Infallibility, Systems Acknowledgement, Full Transparency, Movement towards a Zero-trust Security Model, Cybersecurity Resilience, Enforced Circular Risk Management, Dependability, Hazard Analysis and mitigation or limitation, liability, A Clear Reporting Regime, Enforcement of Certification and Standards, Mandated Verification of Security and Continuous Servicing. To this, we suggest that the Act employs similar authorities and mechanisms as the GDPR and create strong national authorities to coordinate inspection and enforcement in each Member State, with ENISA being the top and coordinating organ.

Computers and Society,Cryptography and Security

João Estevens

DOI: https://doi.org/10.1186/s40878-018-0093-3

2018-10-01

Comparative Migration Studies

Abstract:This article addresses migration-security nexus in the EU by assessing Member States’ national security and defence strategies as well as the 2016 EUGS in a time of migration crisis, a crisis that stands as one of the most important geopolitical challenges today in the EU. After developing and applying a framework for analysis derived from a literature review, the existing differences among Member States are clear in terms of strategic cultures and approaches to migration issues. The idea of ‘EU’rope without internal borders is at stake as Schengen is under serious attack due to increasing Eurocentrism and growing extreme right-wing populism, which are a consequence of increasing economic protectionism and international terrorism. The solution seems to depend on two critical uncertainties: the evolution of political and social instability in the North Africa and the Middle East, and the future of the EU itself. The results enlighten a securitization of migration mostly centred on the nation-state and national security rather than on people and human security.

English Else

João Nunes,Tiago Cruz,Paulo Simões

DOI: https://doi.org/10.34190/eccws.23.1.2296

2024-06-21

Abstract:The railway infrastructure constitutes a type of operational technology (OT)-based critical infrastructure, which is expected to work 24x7, 365 days a year, and where the life expectancy of operational equipment often exceeds 30 years. In this domain, an operational anomaly compromising the OT system can cause a train accident or interrupt traffic, with potentially significant impact in terms of business as well as for passenger safety. Due to their relevance, railways are strategic assets of national interest and, consequently, targets of interest for cybercriminals and cyberwarfare activities. For instance, service interruptions may trigger ripple effects resulting in product shortages and widespread supply chain disruptions, with severe impacts for both the economy and national security. In a bid to optimise and streamline operations. the railway industry has recently started taking a series of significant steps towards digitization, with infrastructures experiencing a significant paradigm shift which, for instance, makes it possible to have centralised interlockings and Radio Block Centre (RBC) for an entire country, with geographical redundancy, ensuring the utmost availability and punctuality by moving the control logic to the cloud. Nevertheless, these developments must always be carried on within the scope of established cybersecurity standards and frameworks. This paper presents an analysis of the state of the art on railway cybersecurity, focused on the existing solutions based on the application of the CENELEC “Technical specification 50701 - Railway Application – Cybersecurity”, which is currently the latest European specification addressing railways, being designed to help suppliers, integrators, and operators to implement a cybersecurity risk assessment plan, the necessary controls, and the management of the complete system life cycle. Special attention will be paid to the conduit between the rail signal interlocking system, that controls the line signalling, and the Automatic Train Supervision (ATS) that runs in the Operational Control Centre (OCC), as this has been identified by the European Union Agency for Cybersecurity (ENISA) as one of the most critical systems identified by the operators of essential services.

Anna Urbanovics

DOI: https://doi.org/10.32565/aarms.2022.1.6

2022-11-09

Academic and Applied Research in Military and Public Management Science

Abstract:Latin American countries begin to develop their national-level cyber policy including their cybersecurity strategy. The paper aims to provide a comparative analysis of the strategy development processes in six Latin American countries including Argentina, Brazil, Chile, Colombia, Mexico and Peru. The methodology is based on a mixed approach. For the quantitative analysis, the National Cyber Security Index and UNIDIR Cyber Policy Portal were used, while for the qualitative analysis a document analysis was carried out on the national strategies. Analysing national data based on the NCSI, Chile stands out overall, however, the country is still in the initial phase in terms of digital and essential service protection, personal data protection and cyber crisis management. Brazil’s position is interesting, standing at 3rd place overall, being the most targeted country by cyberattacks in the region. Brazil stands out in terms of cyber threat analysis and military cyber operations. Based on the document analysis, Chile and Argentina have a more holistic cybersecurity strategy, including factors such as cybersecurity education, cybercrime detection, regulatory framework, and the aim to cooperate with international and industrial partners.

Natalia Vladimirovna Kovalevskaia,Maria Anatolievna Tikhotskaia,Yan Nikolaevich Shevchenko,Natalia Vladimirovna Kovalevskaia,Maria Anatolievna Tikhotskaia

DOI: https://doi.org/10.25136/1339-3057.2022.1.37196

2022-01-01

Abstract:The COVID-19 pandemic and coronacrisis have clearly exposed the strong dependence of modern companies on the approaches towards data management, stability of information networks and digitalization, as well as significantly strengthened the assertion of the Europeans in the need to achieve strategic autonomy with regards to development of the own digital solutions. The article aims to determine the place of the European Union in the international information and communication space in the context of global data management policy. Research methodology leans on the principles of the multi-paradigm method used for extrapolating some provisions of Robert Gilpin’s hegemonic stability theory on the modern technological competition among the countries on the international arena within the framework of regional approach. The article examines the term “information sovereignty” based on the principles of international law in a constantly changing international environment. The research addresses such documents as “New Industrial Strategy for Europe”, “European Data Strategy”, and the decision of the European Court of Justice concerning the Transatlantic Privacy Shield Agreement. As an example of the European digital policy, the author examines the ambitious GAIA-X project intended to create an open digital ecosystem and develop common requirements for the European data infrastructure. The article formulates the recommendations aimed at ensuring effective management in the digital sector, and offers the model of multilateral participation, which would allow reaching information sovereignty based on the European values and ideals.

Bruno Santos,Rogério Luís C. Costa,Leonel Santos

2024-10-12

Abstract:Unlocking the potential of Industry 5.0 hinges on robust cybersecurity measures. This new Industrial Revolution prioritises human-centric values while addressing pressing societal issues such as resource conservation, climate change, and social stability. Recognising the heightened risk of cyberattacks due to the new enabling technologies in Industry 5.0, this paper analyses potential threats and corresponding countermeasures. Furthermore, it evaluates the existing industrial implementation frameworks, which reveals their inadequacy in ensuring a secure transition from Industry 4.0 to Industry 5.0. Consequently, the paper underscores the necessity of developing a new framework centred on cybersecurity to facilitate organisations' secure adoption of Industry 5.0 principles. The creation of such a framework is emphasised as a necessity for organisations.

Cryptography and Security

Adejoke T. Odebade,Elhadj Benkhelifa

2023-03-24

Abstract:This study compares the National Cybersecurity Strategies (NCSSs) of publicly available documents of ten nations across Europe (United Kingdom, France, Lithuania, Estonia, Spain, and Norway), Asia-Pacific (Singapore and Australia), and the American region (the United States of America and Canada). The study observed that there is not a unified understanding of the term "Cybersecurity"; however, a common trajectory of the NCSSs shows that the fight against cybercrime is a joint effort among various stakeholders, hence the need for strong international cooperation. Using a comparative structure and an NCSS framework, the research finds similarities in protecting critical assets, commitment to research and development, and improved national and international collaboration. The study finds that the lack of a unified underlying cybersecurity framework leads to a disparity in the structure and contents of the strategies. The strengths and weaknesses of the NCSSs from the research can benefit countries planning to develop or update their cybersecurity strategies. The study gives recommendations that strategy developers can consider when developing an NCSS.

Computers and Society

Jukka Ruohonen

DOI: https://doi.org/10.1007/978-3-031-72234-9_24

2024-09-27

Abstract:The European Union (EU) has been pursuing new cyber security policies in recent years. This paper presents a short reflection of four such policies. The focus is on potential incoherency, meaning a lack of integration, divergence between the member states, institutional dysfunction, and other related problems that should be at least partially avoidable by sound policy-making. According to the results, the four policies have substantially increased the complexity of the EU's cyber security framework. In addition, there are potential problems with trust, divergence between industry sectors and different technologies, bureaucratic conflicts, and technical issues, among other things. With these insights, the paper not only contributes to the study of EU policies but also advances the understanding of cyber security policies in general.

Cryptography and Security,Computers and Society

João Marco Silva,Diogo Ribeiro,Luis Felipe Ramos,Vítor Fonte

2023-10-02

Abstract:The availability of public services through online platforms has improved the coverage and efficiency of essential services provided to citizens worldwide. These services also promote transparency and foster citizen participation in government processes. However, the increased online presence also exposes sensitive data exchanged between citizens and service providers to a wider range of security threats. Therefore, ensuring the security and trustworthiness of online services is crucial to Electronic Government (EGOV) initiatives' success. Hence, this work assesses the security posture of online platforms hosted in 3068 governmental domain names, across all UN Member States, in three dimensions: support for secure communication protocols; the trustworthiness of their digital certificate chains; and services' exposure to known vulnerabilities. The results indicate that despite its rapid development, the public sector still falls short in adopting international standards and best security practices in services and infrastructure management. This reality poses significant risks to citizens and services across all regions and income levels.

Cryptography and Security,Computers and Society

Oriana Helena Negulescu,Elena Doval,Ana Roxana Stefanescu

DOI: https://doi.org/10.37055/pno/158811

2023-01-05

Przegląd Nauk o Obronności

Abstract:Objectives (1) What is the hacker community made up of and what are the main vulnerable industries? (2) What are the main types of digital threats and how are they characterized? (3) What are the vulnerabilities and damage caused by cyber-attacks? (4) What are the ways to detect digital threats? (5) What measures can be taken to prevent and avoid these attacks? (6) What does the cyber security management process consist of? (7) What cybersecurity evidence and trends can be selected? Methods document analysis; data selection and assambly; synthesis; conceptualization; interpretation. Results The research results are: a presentation of the hacker community and the main vulnerable industries; a brief definition of the types of digital threats; presentation of various vulnerabilities and damages caused by cyber-attacks; a selection of the ways to detect digital threats; a selection of the main measures to prevent and avoid these attacks; cybersecurity management process and a selection of evidence and trends regarding cyber security. Also, two conceptualizations are proposed: the approach to cyber risk management and 10 basic actions to prevent and avoid cyber risks. Conclusions The current and future situation is not encouraging for the management of organizations in terms of the risks caused by cyber-attacks, which are increasing significantly. The solution to prevent and avoid these threats is for civil and military organizations to implement Cybersecurity risk management.

João Reis

DOI: https://doi.org/10.1371/journal.pone.0303524

IF: 3.7

2024-07-15

PLoS ONE

Abstract:Space security has emerged as a concern for the European Union (EU), given that space systems have become integral to ensuring the safety of all European society. This strategy reflects the interaction of geopolitical dynamics and the rising specter of hybrid threats. However, grappling with hybrid threats targeting the EU space presents distinct challenges, primarily owing to their elusive nature. Hence, our objective is to develop practical methodologies to identify and mitigate such threats effectively. To meet this objective, we propose an innovative 8-step process. This approach streamlines the systematic identification and analysis of discourses of hybrid threats within online platforms dedicated to EU space discussions. Our methodology underwent rigorous scrutiny, including a comprehensive literature review that prioritized peer-reviewed manuscripts from sources such as Web of Science and Elsevier Scopus. Additionally, we selected documents from Google Scholar to ensure comprehensive coverage of diverse scholarly contributions, enriching the depth of our analysis. Our research yielded a conceptual framework for Online Discourse Analysis (ODA) tailored to evaluate hybrid threats targeting EU space defense and security. The results highlight the importance of leveraging advanced ODA techniques to deepen our understanding of emerging threats. In conclusion, we advocate for the adoption of these innovative methods to enhance the robustness of EU space defense strategies in the face of evolving security scenarios. The establishment of the 8-step ODA framework marks a pivotal milestone, offering a structured approach to deciphering hybrid threats. Looking ahead, we aim to empirically validate this framework by creating and deploying custom-tailored software designed to identify potential hybrid threats jeopardizing the security of European space assets. Through continued research and practical implementation, we endeavor to fortify the EU's defenses against emerging threats in the space domain.

George Metakides

DOI: https://doi.org/10.1007/978-3-030-86144-5_29

2021-11-24

Abstract:Abstract The current decade will be critical for Europe’s aspiration to attain and maintain digital sovereignty so as to effectively protect and promote its humanistic values in the evolving digital ecosystem. Digital sovereignty in the current geopolitical context remains a fluid concept as it must rely on a balanced strategic interdependence with the USA, China, and other global actors. The developing strategy for achieving this relies on the coordinated use of three basic instruments, investment, regulation, and completion of the digital internal market. Investment, in addition to the multiannual financial framework (2021–2027) instruments, will draw upon the 20% of the 750 billion recovery fund. Regulation, in addition to the Digital Governance Act and the Digital Market Act, will include the Data Act, the new AI regulation, and more that is in the pipeline, leveraging the so-called Brussels effect. Of key importance for the success of this effort remains the timing and “dovetailing” of the particular actions taken.

Leonor Teixeira,Irene Cardoso,Jorge Oliveira E Sá,Filipe Madeira

DOI: https://doi.org/10.3390/healthcare11050712

2023-02-28

Abstract:Purpose: This study aimed to reflect on the challenges of Health Information Systems in Portugal at a time when technologies enable the creation of new approaches and models for care provision, as well as to identify scenarios that may characterize this practice in the future. Design/methodology/approach: A guiding research model was created based on an empirical study that was conducted using a qualitative method that integrated content analysis of strategic documents and semi-structured interviews with a sample of fourteen key actors in the health sector. Findings: Results pointed to the existence of emerging technologies that may promote the development of Health Information Systems oriented to "health and well-being" in a preventive model logic and reinforce the social and management implications. Originality/value: The originality of this work resided in the empirical study carried out, which allowed us to analyze how the various actors look at the present and the future of Health Information Systems. There is also a lack of studies addressing this subject. Research limitations/implications: The main limitations resulted from a low, although representative, number of interviews and the fact that the interviews took place before the pandemic, so the digital transformation that was promoted was not reflected. Managerial implications and social implications: The study highlighted the need for greater commitment from decision makers, managers, healthcare providers, and citizens toward achieving improved digital literacy and health. Decision makers and managers must also agree on strategies to accelerate existing strategic plans and avoid their implementation at different paces.