Aleksandr P Alekseenko

DOI: https://doi.org/10.33975/riuq.vol34ns2.957

2022-09-02

Revista de Investigaciones Universidad del Quindío

Abstract:Singapore is one of the leading countries in digitalization and blockchain technology. Since 2016, Singapore has implemented the Ubin project to create a national digital currency. In 2019, Singapore passed the Payment Services Act. The paper aims to analyze Singapore's legislation and MAS policies and identify approaches that can be used to improve legislation in other states. To meet that aim, the general scientific techniques and methods of scientific cognition, such as analysis, synthesis, deduction, induction, system-structural and formal-logical approaches are utilised. Based on the analysis, it is concluded that Singapore extends the provisions of securities legislation to digital tokens, which have the characteristics of securities or futures. Digital tokens, which are cryptocurrencies, are regulated by the Payment Services Act containing criteria to distinguish payment tokens from other virtual objects. Using this approach minimizes difficulties in regulating the circulation of, for example, bitcoins. In addition, MAS has developed a set of rules enshrining requirements for cryptocurrency exchanges, which reduces the risks of fraud and money laundering using cryptocurrencies. The paper also analyses MAS reports on developing a state's digital currency. The paper concludes that other states can use Singapore's experience to shape or modernize their legislation.

Xie Xinzhou,Yuan Quan

DOI: https://doi.org/10.3969/j.issn.1001-8867.2007.01.018

2007-01-01

Abstract:In Singapore,there are Media Development Authority,National Computer Board and other institutions responsible for the management of network information.The goveroment manages and censors network information according to related laws.The state has a registration system for the Internet service providers and Internet content providers,which clearly specifies their responsibilities and puts emphasis on their self-discipline.Nowadays,when network information is rapidly growing and there is a lack of management resources in China,we should learn from the experiences of Singapore and improve oar management.16 refs.

Shaun Kai Ern Ee

2024-08-15

Abstract:The partnership between the United States and Singapore is founded in no small part on the shared recognition of the value that technology has for national security. Over the last 55 years, Singapore has become an established purchaser of U.S. defense technology, but the past 20 years have also seen the U.S.-Singapore relationship mature into an increasingly collaborative one, tackling newer fields like cybersecurity and biosecurity. However, current geopolitical tensions present a challenge for Singapore, which strives to retain its strategic autonomy by maintaining positive relations with all parties. Paradoxically, the rise of non-traditional security threats may pave the way for greater bilateral cooperation by allowing Singapore to position itself as a hub for cooperation on regional security issues in Southeast Asia at large. In such spirit, this paper recommends that the United States and Singapore do the following: 1) in defense technology, co-develop niche capabilities in C4ISR and unmanned systems with peacetime applications; 2) in cybersecurity, improve their domestic resilience against sophisticated nation-state actors while also building regional capacity to counter cybercrime in Southeast Asia; and 3) in biosecurity, strengthen regional epidemiological surveillance to brace against possible future pandemics.

Computers and Society

Matthew Lemanski

DOI: https://doi.org/10.48550/arXiv.1512.06317

2015-12-20

Abstract:The recent passing of the Cybersecurity Information Sharing Act of 2015 introduces a new framework for information sharing between private and US government entities with the expressed intent to identify cybersecurity threats. This is the latest in a series of similar bills that have been introduced to Congress over the last several years. While each of the previous standalone bills were defeated following widespread public resistance, the latest edition was included as an amendment to the United States' 2016 spending bill. This means that any dissenting congressmen unwilling to pass the spending bill with the CISA rider would be willing to risk another government shutdown due to the inability to come to terms on the budget measures. This paper seeks to explore the potential impacts of the measures introduced or enabled by CISA, and consider the formalization of digital privacy rights in an increasingly online and monitored world.

Cryptography and Security,Computers and Society

Bel G. Raggad,Sahbi Sidhom

DOI: https://doi.org/10.48550/arXiv.0712.4215

2007-12-27

Other Computer Science

Abstract:Despite all visible dividers, the Internet is getting us closer and closer, but with a great price. Our security is the price. The international community is fully aware of the urgent need to secure the cyberspace as you see the multiplication of security standards and national schemes interpreting them beyond borders: ISO 15408, ISO 17799, and ISO 27001. Even though some countries, including the Security Big Six (SB6), are equipped with their security books and may feel relatively safe; this remains a wrong sense of security as long as they share their networks with entities of less security. The standards impose security best practices and system specifications for the development of information security management systems. Partners beyond borders have to be secure as this is only possible if all entities connected to the partnership remain secure. Unfortunately, there is no way to verify the continuous security of partners without periodic security auditing and certification, and members who do not comply should be barred from the partnership. This concept also applies to the cyber space or the electronic society. In order to clean our society from cyber crimes and cyber terrorism we need to impose strict security policies and enforce them in a cooperative manner. The paper discusses a country's effort in the development of a national security strategy given its security economic intelligence position, its security readiness, and its adverse exposure.

Kaspar Rosager Ludvigsen,Shishir Nagaraja

DOI: https://doi.org/10.48550/arXiv.2205.13196

2022-05-26

Abstract:Safety is becoming cybersecurity under most circumstances. This should be reflected in the Cybersecurity Resilience Act when it is proposed and agreed upon in the European Union. In this paper, we define a range of principles which this future Act should build upon, a structure and argue why it should be as broad as possible. It is based on what the cybersecurity research community for long have asked for, and on what constitutes clear hard legal rules instead of soft. Important areas such as cybersecurity should be taken seriously, by regulating it in the same way we see other types of critical infrastructure and physical structures, and be uncompromising and logical, to encompass the risks and potential for chaos which its ubiquitous nature entails. We find that principles which regulate cybersecurity systems' life-cycles in detail are needed, as is clearly stating what technology is being used, due to Kirkhoffs principle, and dismissing the idea of technosolutionism. Furthermore, carefully analysing risks is always necessary, but so is understanding when and how the systems manufacturers may fail or almost fail. We do this through the following principles: Ex ante and Ex post assessment, Safety and Security by Design, Denial of Obscurity, Dismissal of Infallibility, Systems Acknowledgement, Full Transparency, Movement towards a Zero-trust Security Model, Cybersecurity Resilience, Enforced Circular Risk Management, Dependability, Hazard Analysis and mitigation or limitation, liability, A Clear Reporting Regime, Enforcement of Certification and Standards, Mandated Verification of Security and Continuous Servicing. To this, we suggest that the Act employs similar authorities and mechanisms as the GDPR and create strong national authorities to coordinate inspection and enforcement in each Member State, with ENISA being the top and coordinating organ.

Computers and Society,Cryptography and Security

Ian Walden,Johan David Michels

DOI: https://doi.org/10.48550/arXiv.2203.04887

2022-03-10

Abstract:In this chapter, we review how the EU cybersecurity regulatory framework impacts providers of cloud computing services. We examine the evolving regulatory treatment of cloud services as an enabler of the EU's digital economy and question whether all cloud services should be treated as critical infrastructure. Further, we look at how the safeguarding and incident notification obligations under the General Data Protection Regulation ('GDPR') and the Network and Information Systems Directive ('NISD') apply to cloud providers. We also consider the proposed revision of the NISD and look at newly developed voluntary assurance mechanisms for cloud providers, including codes of conduct and certification schemes. We conclude that, since cloud providers are typically subject to both NISD and GDPR and to the jurisdiction of multiple regulators, they face divergent regulatory approaches, which can lead to unintended outcomes and high compliance costs.

Computers and Society,Cryptography and Security

Rogier Creemers

DOI: https://doi.org/10.1163/25427466-06020001

2023-03-17

China Law and Society Review

Abstract:Abstract Cybersecurity has become a key regulatory area in China’s rapidly digitizing society, economy, and state. The leadership deems it critical in providing adequate security guarantees for the realization of the ambitious “informatization” policy, symbolized by the passing of the Cybersecurity Law in 2016. Cybersecurity has also become integrated with overall national security, at a time when Chinese policy has become increasingly securitized. What, then, does this mean in practice? How do authorities conceive of cybersecurity and attempt to retrofit regulatory frameworks into an already well-established digital environment. This paper reviews the various components of the cybersecurity regime established by the Cybersecurity Law. It discusses how external circumstances have facilitated or obstructed the advance of regulation and implementation and demonstrates how cybersecurity is embedded in the broader processes of reform led by the Chinese Communist Party.

Leo Tan Wee Hin,R. Subramaniam

DOI: https://doi.org/10.4018/978-1-59904-947-2.ch040

2008-01-01

Electronic Government

Abstract:Governments are a strategic necessity, as they provide the overarching administrative machinery to ensure that national (and citizens’) needs are taken care of. The need for the civil service to be more cognizant of citizens’ concerns has been reiterated in several recent studies (e.g., Tarabanis, Peristeras, & Koumpic, 2000; Janssen, Wagener, & Beerens, 2003). People interact with the government for a variety of needs, for example, payment of bills for utilities, seeking approvals for licenses, and so on. While this has served citizens well, there is a general perception that governments are generally lackadaisical in terms of response times. Citizens and businesses in today’s society have high expectations and demand that their governments be more responsive to their needs. Though upping of civil service head count and decentralizing of official machinery have met with a good degree of success, it has been at the expense of a cost factor which may not be that easy to justify or sustain in the future, especially when there are so many pressing sectors of the economy needing fiscal injections. Any productivity increments achieved in maximizing use of government manpower and resources through various enabling tools means that the savings realized can be deployed back into the economy. The emergence of the Internet has given governments an opportunity to act in this regard. This has given rise to what is known as e-government.

Ahmed Mohammad Abdou

DOI: https://doi.org/10.1002/pa.2656

2021-03-07

Journal of Public Affairs

Abstract:<p>Since 2019, countries in the world have been facing many economic, political, social, and health shocks and challenges that are not easily faced with the COVID‐19 pandemic, including Singapore. Under these conditions, the performance of the governance system in dealing with a pandemic is tested transparently in public. However, the implementation of good governance by the Singapore government itself is carried out by steps and decisions that will be taken and implemented through the digital bureaucracy to the community in order to suppress the positive number of COVID‐19. The application of good governance also needs support other crucial elements that improved by digital bureaucracy, which are transparency, accountability, efficiency and effective.</p>

Hyun-Jung Lee,Kwangwoo Lee,Dongho Won

DOI: https://doi.org/10.1109/trustcom.2011.106

2011-11-01

Abstract:As cyber-crimes using personal information such as ID theft are increasing, there is a need for appropriate technology or law to protect privacy. To this end, the Korean Government established the Privacy Act on March 29th 2011. The Privacy Act prescribes a specification for dealing with privacy with the intention to protect personal information from being collected, leaked, misused, or abused so that it can improve rights and interests of the nation and eventually realize the dignity and value of man. The United States, Japan, Canada, and several countries of the EU have their own privacy law being established or revised. Although there must be differences depending on the circumstances of each country, the ultimate goal of the privacy law should be the same. Consequently, there might be the same or similar technical protection required by all these countries. Between the increasing interest in protecting personal information and the establishment of the Privacy Act, many industries are having relevant products released one after another. Customers without knowledge of the law and the product types cannot decide what they need. This paper intends to derive necessary security functions of a personal information security system based on the Common Criteria and analyze the limit of the products in order to make guidelines for privacy and information protection system.

Noor Suhani Sulaiman,Muhammad Ashraf Fauzi,Walton Wider,Jegatheesan Rajadurai,Suhaidah Hussain,Siti Aminah Harun

DOI: https://doi.org/10.3390/socsci11090386

2022-08-30

Social Sciences

Abstract:Cyber and information security (CIS) is an issue of national and international interest. Despite sophisticated security systems and extensive physical countermeasures to combat cyber-attacks, organisations are vulnerable due to the involvement of the human factor. Humans are regarded as the weakest link in cybersecurity systems as development in digital technology advances. The area of cybersecurity is an extension of the previously studied fields of information and internet security. The need to understand the underlying human behavioural factors associated with CIS policy warrants further study, mainly from theoretical perspectives. Based on these underlying theoretical perspectives, this study reviews literature focusing on CIS compliance and violations by personnel within organisations. Sixty studies from the years 2008 to 2020 were reviewed. Findings suggest that several prominent theories were used extensively and integrated with another specific theory. Protection Motivation Theory (PMT), the Theory of Planned Behaviour (TPB), and General Deterrence Theory (GDT) were identified as among the most referred-to theories in this area. The use of current theories is discussed based on their emerging importance and their suitability in future CIS studies. This review lays the foundation for future researchers by determining gaps and areas within the CIS context and encompassing employee compliance and violations within an organisation.

English Else

Charanjit Singh

DOI: https://doi.org/10.69554/zflw4133

2023-09-01

Abstract:Cyber security capabilities must be designed to mitigate attacks and threats to key network and information systems and ensure continuity in service provision, contribute to the security and effective functioning of economies and societies, and the Network and Information Security 2 Directive (NIS2) seeks to strengthen the European Union (EU) approach to this. Advances in artificial intelligence (AI) have revolutionised industries including banking (FinTech), law (RegTech), insurance (InsureTech), charities (CharityTech) and health (HealthTech). The EU understands this and has therefore introduced the requirement for member states to embrace AI, as a cyber security tool used to protect against and prevent cyber security attacks/threats. The purpose of this paper is to review the NIS2 and the changes it makes to the European approach to cyber security including the use of AI, and the implications for businesses subject to the new rules. The subject is explored through an analysis of literature, EU law and policy documentation. This paper critically reviews a significant advent in European cyber security and technology law: the advances created by the NIS2 Directive, which are considered alongside other key legislation that came into force in January 2023. In addition, the UK’s contrasting evolving position is also critically reviewed. The paper concludes with several practical suggestions on the, if any, steps for businesses as at April 2023. The NIS2 makes some significant inroads to close security gaps that existed in the EU cyber security-related legislative framework; importantly, it creates a requirement for the use of AI in the EU’s cyber security defence armoury. Businesses need to undertake several steps in preparation for full implementation of the NIS2. This research is among the first to review key advances made in EU cyber security and technology law, and to contrast that with the UK position as at April 2023. It is also the first to discuss the likely powers of competent authorities, and the potential results of breaching other EU legislation such as the General Data Protection Regulation (GDPR).

Ella Gorian

DOI: https://doi.org/10.7256/2454-0595.2020.3.32677

2020-03-01

Административное и муниципальное право

Abstract:The object of this research is the legal relations that emerge in ensuring informations security of the banking and finance system of the People&rsquo;s Republic of China. The work characterizes China&rsquo;s cybersecurity law, which was enacted in 2017. The author determines the key positions of this statutory act that establishes the foundation for national institutional and normative-legislative mechanism of ensuring information security of the banking and finance sectors as objects of critical information infrastructure. China&rsquo;s cybersecurity law represents a fundamental piece of legislation that defines the principles, mechanisms and order of ensuring information security. It defines critical information infrastructure through nomenclature of the sectors and indication of criteria for designation of one or another sector as critical information infrastructure. The banking and finance sector meets such criteria, thus ensuring its information security is based on the general positions of this legislation. The law determines the regime of protection of personal data, as well as obligations of network carriers that are included into the institutional mechanism of provision of cybersecurity. All aforementioned facts make China&rsquo;s cybersecurity law a key legislative instrument of the mechanism of ensuring information security of the banking and finance system.

Titis Pandan Wangi Reformasi,Hasrul Buamona

DOI: https://doi.org/10.55927/jlca.v3i3.10376

2024-08-06

Abstract:In the ever-evolving digital era, an in-depth exploration of the cybersecurity legal framework is a must. This article examines the background and discussion of personal data protection in 2023. It provides a comprehensive overview of the current cybersecurity landscape, identifying key trends and threats faced by individuals, businesses, and governments. The focus then shifts to regulatory and compliance analysis, exploring potential changes and evaluating the adequacy of current regulations. Next, we outline the latest technologies used in data protection, detailing the role of artificial intelligence (AI) to blockchain in strengthening cybersecurity. Ethical aspects are also highlighted, exploring how efforts to improve security can be balanced with individuals’ right to privacy and preventing abuse of power by authorities. Through analysis of key cases in 2023, this article highlights real-world experiences related to personal data breaches. From here, readers can gain a deeper understanding of how cybersecurity law is evolving and addressing the ever-growing threats in this digital era. This article aims to provide a holistic view, educating readers about the current challenges and innovations in personal data protection and contributing to a deeper understanding of the field.

Guillaume Nguyen,Manon Knockaert,Michael Lognoul,Xavier Devroey

2024-12-05

Abstract:While procedures prevail on the European market for the greater good of its citizens, it might be daunting when trying to introduce a product, whether innovative or not. In the current world, Cyber-Physical Systems (CPSs) are ubiquitous in our daily lives. Cars can provide intrusive assistance as they can brake or turn wheels on their own, buildings are getting smarter to optimize energy consumption, smart cities are emerging to facilitate information sharing and orchestrate the response to emergency situations, etc. As the presence of such tools will grow in the coming years and people will rely even more on CPSs, we certainly need to ensure that they are safe and reliable for users or everybody else, which is why regulations are so important. However, compliance should not act as a barrier to new actors coming to the European market. Nor should it prevent current actors from keeping systems deemed compliant when introduced while obsolete at the time they are used. While the individual elements we point out might not bring novelty in the various research areas we cover (EU policies, requirements engineering, business engineering, and software engineering), this paper identifies the challenges related to building and testing a CPS with respect to applicable laws and discusses the difficulty of automating the response to those challenges, such as finding a relevant legal text, paying for mentioned materials or identifying the level of compliance to a legal text. Our analysis of the holistic context when considering the compliance testing of CPS provides an overview enabling more effective decision-making as well.

Software Engineering,Computers and Society,Systems and Control

Cormac Callanan

DOI: https://doi.org/10.1007/978-3-319-16447-2_2

2015-01-01

Abstract:This chapter examines the practical evolution of Internet self- and co-regulation and reflects on the current approaches in the fields of cybercrime, cybersecurity and national security. First, it provides insights into the development of self- and co-regulatory approaches to cybercrime and cybersecurity in the multi-stakeholder environment from the beginning of the Internet service provider industry. Second, it highlights the differences concerning the ecosystem of stakeholders involved in each area. Detailed analysis focuses on existing forms of collaboration, highlighting the differences and difficulties in leveraging the forms of cooperation and successful approaches from one area to another. The last part analyses the problems of multi-stakeholder approaches. It will also examine the drawbacks of the existing forms of public–private collaboration, which can be attributed to a specific area (cybercrime, cybersecurity and national security). Ultimately, this chapter provides some suggestions with regard to the way forward in self- and co-regulation in securing cyberspace. It offers unique insights into the role of Internet industry in combatting cybercrime, improving cybersecurity and supporting national security. It identifies the current practical and economic limits on cooperation between industry and state agencies and describes the balance between human rights/data privacy and crime investigation. It concludes with the challenge of state over-reaching their mandate—when national security becomes political interference in human rights.

Elaine M. Sedenberg,James X. Dempsey

DOI: https://doi.org/10.48550/arXiv.1805.12266

2018-05-31

Abstract:In recent years the cybersecurity policy debate in Washington has been dominated by calls for greater information sharing within the private sector, and between the private sector and the federal government. The passage of the Cybersecurity Information Sharing Act (CISA) (signed into law under the Cybersecurity Act of 2015) underscored federal efforts to collect information from the private sector, and assuaged some concerns regarding private sector liability in sharing activities. However, the law lacked specificity on how continued federal efforts would work with existing information sharing networks, and failed to address other challenges associated with sharing including trust building, privacy and propriety interests, reciprocation, and quality control. This paper aims to bring granularity to implementations of information sharing initiatives by creating a taxonomy of the governance and policy models within each of these organizations. The research shows how this diverse ecosystem of sharing models work together and separately, and the impact governance and policy have on key components critical to sharing infrastructure.

Computers and Society,Cryptography and Security

Roberto Dillon

DOI: https://doi.org/10.48550/arXiv.2308.06963

2023-08-14

Computers and Society

Abstract:This paper proposes an analysis of the prospects of the cyber security industry and educational ecosystems in four Southeast Asian countries, namely Vietnam, Singapore, Malaysia, and Indonesia, which are along the Maritime Silk Road, by using two novel metrics: the "Cybersecurity Education Prospects Index" (CEPI) and the "Cybersecurity Industry Prospects Index" (CIPI). The CEPI evaluates the state of cybersecurity education by assessing the availability and quality of cybersecurity degrees together with their ability to attract new students. On the other hand, the CIPI measures the potential for the cybersecurity industry's growth and development by assessing the talent pool needed to build and sustain its growth. Ultimately, this study emphasizes the vital importance of a healthy cybersecurity ecosystem where education is responsible for supporting the industry to ensure the security and reliability of commercial operations in these countries against a complex and evolving cyber threat landscape.

Dian Purwaningrum Soemitro,Muhammad Arvin Wicaksono,Nur Aini Putri

DOI: https://doi.org/10.37276/sjh.v5i1.272

2023-07-31

SIGn Jurnal Hukum

Abstract:This study aims to compare the penal provisions between the PDPA and Law Number 27 of 2022. This study uses normative legal research with the statute and comparative approaches. The collected legal material is then qualitatively analyzed to describe the problem and answer study purposes. The results show a striking difference between the PDPA and Law Number 27 of 2022 concerning penal provisions related to offenses of personal data protection. The PDPA portrays a more moderate approach by establishing relatively lighter imprisonment and fines. In contrast, Law Number 27 of 2022 illustrates a stricter approach with more severe imprisonment, fines, and additional punishments. Singapore leans towards prevention and education, while Indonesia places a high priority on law enforcement. Nonetheless, both approaches ultimately aim to protect their citizens’ personal data. Therefore, it recommended that the relevant authorities in both Singapore and Indonesia continually evaluate and adapt their legal frameworks to safeguard personal data effectively. Singapore could consider stricter penalties to discourage offenses while maintaining its focus on education and prevention. On the other hand, while Indonesia’s commitment to law enforcement is commendable, it could also benefit from incorporating preventive measures and public education to promote understanding and voluntary compliance. Collaborative efforts between the two countries can facilitate continual enhancements in personal data protection within their respective jurisdictions.