Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Introduction from the editor Journal: Journal of Cyber Policy Pages: 305-308 Issue: 3 Volume: 4 Year: 2019 Month: 9 X-DOI: 10.1080/23738871.2019.1702074 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1702074 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:3:p:305-308 Template-Type: ReDIF-Article 1.0 Author-Name: Rose McDermott Author-X-Name-First: Rose Author-X-Name-Last: McDermott Title: Some emotional considerations in cyber conflict Abstract: One of the most neglected and important aspects of cyber conflict involves the role of emotions in decision-making and its potential influence on the cyber domain in particular. This paper constitutes an initial attempt to examine some of the policy implications of neglecting or omitting emotional factors from our understanding of decision-making in the cyber realm. Several elements of cyber conflict, including secrecy, overlap with other kinds of conflict, while other aspects, such as the speed of computation, present unique and novel challenges. This discussion focuses on cyber conflict. Because the effects of emotion on judgement and decision-making, as well as behaviour, are not specific to the realm of cyberspace, this examination begins with a broader discussion of more recent literature in psychology and neuroscience on the effects of emotion on both choice and action. It then proceeds with a more detailed examination of the influence of specific emotions on decision-making in cyber conflict. It concludes with some of the possible political implications that follow from a fuller recognition of the role of emotions on conflict. An understanding of the role of human emotion in decision-making is essential to achieve effective and accurate policy in the cyber realm. Journal: Journal of Cyber Policy Pages: 309-325 Issue: 3 Volume: 4 Year: 2019 Month: 9 X-DOI: 10.1080/23738871.2019.1701692 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1701692 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:3:p:309-325 Template-Type: ReDIF-Article 1.0 Author-Name: Simon Butler Author-X-Name-First: Simon Author-X-Name-Last: Butler Title: Criminal use of cryptocurrencies: a great new threat or is cash still king? Abstract: In July 2018, the Federal Reserve Chairman told the US Congress that cryptocurrencies are ‘great’ for money laundering. Many media headlines follow comments such as this, suggesting that cryptocurrencies are a significant criminal tool that should be feared. This article examines academic research, particularly those that analysed the Bitcoin blockchain, to see if the results matched the headlines. This was then compared to wider government and think-tank reporting. Contrary to popular opinion, this article shows that cryptocurrencies are currently used in a very small percentage of crime and they are not the great future threat that many assert. Cash is the real enemy for crime fighting and remains ‘king’. It is anonymous and far more useful to criminals than cryptocurrencies. However, the future of money is uncertain and policymakers need to understand that there is more to the debate about cryptocurrencies than the headlines suggest. Journal: Journal of Cyber Policy Pages: 326-345 Issue: 3 Volume: 4 Year: 2019 Month: 9 X-DOI: 10.1080/23738871.2019.1680720 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1680720 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:3:p:326-345 Template-Type: ReDIF-Article 1.0 Author-Name: Paul Maxwell Author-X-Name-First: Paul Author-X-Name-Last: Maxwell Author-Name: Robert Barnsby Author-X-Name-First: Robert Author-X-Name-Last: Barnsby Title: Insecure at any bit rate: why Ralph Nader is the true OG of the software design industry Abstract: The software design industry lacks standards for both code quality and security; as a result, code vulnerability at the time of a product’s release is often compromised at subsequent, critical junctures in its consumer-use phase. Exacerbating this problem is the fact that developers typically waive all liability for code errors and place the burden of security on unqualified, non-expert users. Although certain legal remedies exist in the US – often in the form of US Federal Trade Commission (FTC) enforcement actions classifying inadequate data security as an ‘unfair trade practice’ – they are limited in nature, infrequently utilised and are generally incapable of meaningfully protecting consumers. History has shown that other major technological advances, including developments in the aircraft and automotive industries, have occurred in similar unregulated manners, often resulting in negative and potentially dangerous outcomes for the public. To ensure the security of today’s software environment, change from within the industry – not unlike the Ralph Nader-inspired industry-wide automotive safety improvements in the 1970s – is necessary to create a shared liability model for software which protects users from poor development practices. Such a model, when coupled with certification standards and education, will result in a more secure software design industry. Journal: Journal of Cyber Policy Pages: 346-361 Issue: 3 Volume: 4 Year: 2019 Month: 9 X-DOI: 10.1080/23738871.2019.1671471 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1671471 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:3:p:346-361 Template-Type: ReDIF-Article 1.0 Author-Name: Dominique Lazanski Author-X-Name-First: Dominique Author-X-Name-Last: Lazanski Title: Governance in international technical standards-making: a tripartite model Abstract: All of us enjoy the daily benefits of the mobile internet and other global telecommunications and data services. But the delivery of consistent and reliable internet and telecommunication services relies on the development and implementation of international and interoperable technical standards. This paper discusses governance in international technical and internet standards-making. A theory of governance of standards-making through three modes — namely multilateral, multistakeholder and emergent —is developed. The most efficient and effective approach to governance of international standards-making will be looked at using a theory of governance of the commons and common pool resources. Journal: Journal of Cyber Policy Pages: 362-379 Issue: 3 Volume: 4 Year: 2019 Month: 9 X-DOI: 10.1080/23738871.2019.1696851 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1696851 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:3:p:362-379 Template-Type: ReDIF-Article 1.0 Author-Name: Nancy Ayer Fairbank Author-X-Name-First: Nancy Ayer Author-X-Name-Last: Fairbank Title: The state of Microsoft?: the role of corporations in international norm creation Abstract: This research seeks to understand the role that corporations can play as global cyber norm entrepreneurs via a case study of tech giant Microsoft’s engagement in emergent international cybersecurity norms. Two key questions are addressed, including how Microsoft has been acting as a norm entrepreneur and what these actions indicate about the company's underlying objectives. Understanding Microsoft's processes and aims as a norm entrepreneur can help scholars better determine how corporate actors may fit into – or challenge – both existing norm creation theories and the development of global cyber policies. This research highlights three key takeaways that may inform further research: (1) In contrast to traditionally state-centric IR norm research, more focus is needed on the relationship between corporations and citizens when companies are acting as cyber norm entrepreneurs; (2) Four main objectives drive Microsoft’s attempts at cybersecurity norm entrepreneurship: trust building, software protection, balance of responsibility and sociopolitical influence; and (3) Microsoft provides an empirical example of a private corporation utilising all of Finnemore and Hollis’ tool categories for norm entrepreneurs. Through exploring the paths by which Microsoft strives to influence state behaviour and position themselves as a legitimate stakeholder in global cyber norm debates, we can gain insight into the methods and objectives of this newly identified form of corporate entrepreneurship and better understand the role that private actors may have in the ongoing formation of global cyber norms. Journal: Journal of Cyber Policy Pages: 380-403 Issue: 3 Volume: 4 Year: 2019 Month: 9 X-DOI: 10.1080/23738871.2019.1696852 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1696852 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:3:p:380-403 Template-Type: ReDIF-Article 1.0 Author-Name: Ethem Ilbiz Author-X-Name-First: Ethem Author-X-Name-Last: Ilbiz Title: The Uberization of the United Nations’ regime to prevent the online financing of terrorism: tackling the problem of obfuscation in virtual currencies Abstract: This article examines an Uberization model of governance that can enable the existing United Nations (UN) regime for preventing the financing of terrorism to overcome the problems caused by the obfuscation techniques employed by virtual currencies (VCs). This new global governance model envisions a multi-sided platform where public and private actors are interconnected by the United Nations Security Council (UNSC). The central argument of this article is that the UNSC can build a powerful and transparent platform of cooperation and set binding rules of cooperation for all countries and members of the VC ecosystem. This governance platform will offer an entrepreneurial opportunity for private actors of the VC ecosystem to allocate their idle investigation capacity towards cooperation with national law enforcement agencies who lack investigation resources to tackle the problem of obfuscation in VCs. It will also enable national law enforcement agencies to collaborate with the most competent private cyber forensic experts in a cost-efficient way. Journal: Journal of Cyber Policy Pages: 404-424 Issue: 3 Volume: 4 Year: 2019 Month: 9 X-DOI: 10.1080/23738871.2019.1666892 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1666892 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:3:p:404-424 Template-Type: ReDIF-Article 1.0 Author-Name: Christopher Nolan Author-X-Name-First: Christopher Author-X-Name-Last: Nolan Author-Name: Glenn Lawyer Author-X-Name-First: Glenn Author-X-Name-Last: Lawyer Author-Name: Ryan Marshall Dodd Author-X-Name-First: Ryan Marshall Author-X-Name-Last: Dodd Title: Cybersecurity: today’s most pressing governance issue Abstract: Cybersecurity is today’s most pressing corporate governance issue, but one which Boards of Directors and senior management find challenging to manage. The concept of cyber hygiene can define stress tests which assess Cyber Value at Risk, helping companies manage cyber risk as other macro-level business risks. Cyber hygiene can be described as the frequency of cybersecurity related operational stoppages or disruptions and the time required to resolve these issues when they occur. Hygiene also includes cybersecurity yield, the efficiency of a company’s security expenditure in relation to the Value at Risk. Cyber Value at Risk is a financial component of a benchmarking exercise necessary to determine cyber governance quality at an enterprise level. Cybersecurity poses significant financial risks to enterprise value, justifying its classification as a governance issue and management quality indicator. Including cybersecurity in the environment, social and governance framework prioritises the risk on board, senior management and investor agendas. Key regulatory oversight bodies increasingly require companies to manage cyber risk in a manner consistent with other macro-level business risks. Reporting on cybersecurity risk in financial terms enables the board and full executive management team to manage cyber like any strategic business risk. Journal: Journal of Cyber Policy Pages: 425-441 Issue: 3 Volume: 4 Year: 2019 Month: 9 X-DOI: 10.1080/23738871.2019.1673458 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1673458 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:3:p:425-441 Template-Type: ReDIF-Article 1.0 Author-Name: James Johnson Author-X-Name-First: James Author-X-Name-Last: Johnson Title: The AI-cyber nexus: implications for military escalation, deterrence and strategic stability Abstract: How could AI-infused cyber capabilities be used to subvert, or otherwise compromise, the reliability, control and use of states’ nuclear forces? This article argues that a new generation of artificial intelligence (AI) enhanced cyber capabilities will amplify the risk of inadvertent escalation caused by the co-mingling of nuclear and strategic non-nuclear weapons and the increasing speed of warfare, thereby increasing the risk of nuclear confrontation. It examines the potential implications of cyber (offensive and defensive) capabilities augmented with AI applications for nuclear security. The article concludes that future iterations of AI-enhanced cyber counterforce capabilities will complicate the existing challenges of cyber defence, and in turn, compromise nuclear assets and increase the escalatory effects of offensive cyber capabilities. Journal: Journal of Cyber Policy Pages: 442-460 Issue: 3 Volume: 4 Year: 2019 Month: 9 X-DOI: 10.1080/23738871.2019.1701693 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1701693 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:3:p:442-460 Template-Type: ReDIF-Article 1.0 Author-Name: Joshua E. Kenway Author-X-Name-First: Joshua E. Author-X-Name-Last: Kenway Title: The perfect weapon: war, sabotage, and fear in the cyber age Journal: Journal of Cyber Policy Pages: 461-462 Issue: 3 Volume: 4 Year: 2019 Month: 9 X-DOI: 10.1080/23738871.2019.1701694 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1701694 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:3:p:461-462 Template-Type: ReDIF-Article 1.0 Author-Name: Emily Taylor Author-X-Name-First: Emily Author-X-Name-Last: Taylor Title: Introduction from the Editor Journal: Journal of Cyber Policy Pages: 1-4 Issue: 1 Volume: 1 Year: 2016 Month: 1 X-DOI: 10.1080/23738871.2016.1168605 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1168605 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:1:p:1-4 Template-Type: ReDIF-Article 1.0 Author-Name: John Naughton Author-X-Name-First: John Author-X-Name-Last: Naughton Title: The evolution of the Internet: from military experiment to General Purpose Technology Abstract: The Internet is now over four decades old. A survey of its evolution from a military experiment conducted in the context of the Cold War to a General Purpose Technology illustrates the extent to which the network was shaped, not just by the intrinsic affordances of its underpinning technologies, but also by political, ideological, social, and economic factors. Journal: Journal of Cyber Policy Pages: 5-28 Issue: 1 Volume: 1 Year: 2016 Month: 1 X-DOI: 10.1080/23738871.2016.1157619 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1157619 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:1:p:5-28 Template-Type: ReDIF-Article 1.0 Author-Name: Jeanette Hofmann Author-X-Name-First: Jeanette Author-X-Name-Last: Hofmann Title: Multi-stakeholderism in Internet governance: putting a fiction into practice Abstract: This article assumes that the multi-stakeholder concept is a fiction that provides meaning to a disorderly world. However, the multi-stakeholder concept does not only represent reality, it also gives rise to expectations, objectives and benchmarks. A second assumption of this article, therefore, is that the multi-stakeholder concept is performative. To the extent that the actors in Internet governance identify with its tale of inclusion and bottom-up policymaking, they are struggling to achieve its goals including those that Yaron Ezrahi would call a ‘publicly “believable impossibility”’. It is the effort of implementing the multi-stakeholder fiction which is at the centre of this article. Its performative power will be explored with regard to three common imaginaries: the imaginary of global representation, the democratisation of the transnational sphere and the possibility of improved outcomes. Two organisations, both of which strongly promote the multi-stakeholder approach, will serve as examples: the Internet Corporation for Assigned Names and Numbers and the Internet Governance Forum. Following a brief overview of the origins of the multi-stakeholder concept and the empirical evidence of its performance, the article will focus on institutional practices in Internet governance. Journal: Journal of Cyber Policy Pages: 29-49 Issue: 1 Volume: 1 Year: 2016 Month: 1 X-DOI: 10.1080/23738871.2016.1158303 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1158303 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:1:p:29-49 Template-Type: ReDIF-Article 1.0 Author-Name: Jarno Limnéll Author-X-Name-First: Jarno Author-X-Name-Last: Limnéll Title: The cyber arms race is accelerating – what are the consequences? Abstract: Nation-states are in the midst of an accelerating cyber arms race. This development has several political and strategic implications that pose the need to find specifically political answers. What is often forgotten or neglected is the increasing importance of understanding cyberspace as a political domain and cyberpolitics is needed more than ever before. The current developments in cybersecurity and cyberwarfare certainly have a number of implications but the aim of this article is to explore five consequences which are critical when evaluating both political and military aspects of cyberwarfare and its political future: the race for talented people; the need to develop a proportionate political response framework before a disruptive or destructive cyber incident occurs; the increasing necessity to expose some cyber capabilities in order to strengthen cyber deterrence; the importance of integrating physical and digital domains in order to be able to operate in the combined cyber–physical environment; and the requirement for deeper international cooperation. Journal: Journal of Cyber Policy Pages: 50-60 Issue: 1 Volume: 1 Year: 2016 Month: 1 X-DOI: 10.1080/23738871.2016.1158304 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1158304 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:1:p:50-60 Template-Type: ReDIF-Article 1.0 Author-Name: Nanjira Sambuli Author-X-Name-First: Nanjira Author-X-Name-Last: Sambuli Title: Challenges and opportunities for advancing Internet access in developing countries while upholding net neutrality Abstract: Access to affordable Internet is increasingly a development priority, and even considered a basic right. There are huge economic and social benefits to be reaped from Internet access, as evidenced by gross domestic product contributions, as well as projections. However, a majority of the world’s population, most of who are in developing nations, remain unconnected. A crucial policy debate on how to avail Internet access, while upholding and preserving the openness of the Internet, also known as net neutrality, is emerging as state actors, private sector players and civil society alike operate in this space. The practice of zero-rating is one of the most popular approaches to getting the unconnected online. This follows the fact that the mobile phone is the primary device through which the ‘next billion’ Internet users are expected to get online. The overarching question is whether zero-rating defies the principle of net neutrality, by favouring some content over other content. The challenge for policy makers and regulators in developing countries, as addressed in this paper, is knowing which regulatory frameworks will be needed to expand Internet access to under served communities, without compromising the fundamental principles of a free and open Internet. Journal: Journal of Cyber Policy Pages: 61-74 Issue: 1 Volume: 1 Year: 2016 Month: 1 X-DOI: 10.1080/23738871.2016.1165715 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1165715 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:1:p:61-74 Template-Type: ReDIF-Article 1.0 Author-Name: Marietje Schaake Author-X-Name-First: Marietje Author-X-Name-Last: Schaake Author-Name: Mathias Vermeulen Author-X-Name-First: Mathias Author-X-Name-Last: Vermeulen Title: Towards a values-based European foreign policy to cybersecurity Abstract: ‘The internet changes everything’ is a buzz phrase that promises to enable more rights and freedoms for people. However, it is hampered by the various ways in which states seek to strengthen their national security or control their populations under the guise of ‘cybersecurity’ policies. In closed societies with authoritarian regimes such as China and Russia, people's opportunities for greater access to information and freedom of expression are increasingly suffering from rigid ‘cybersecurity’ policies that treat the internet's infrastructure as an extension of the state. In open societies, the promise of a networked society that empowers individuals is hampered too by the conflation of cybersecurity and national security. As a result, the space to develop a values-based approach to cybersecurity, which focuses on (1) preserving and promoting the security and integrity of the open internet, (2) encouraging restraint of governments which want to adopt national security policies that negatively affect the security of the internet's network and (3) streamlining digital rights in its external policies is wide open. The European Union has the opportunity to take a leadership position both at home and abroad if it develops a clear cybersecurity that incorporates people's rights and freedoms. Journal: Journal of Cyber Policy Pages: 75-84 Issue: 1 Volume: 1 Year: 2016 Month: 1 X-DOI: 10.1080/23738871.2016.1157617 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1157617 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:1:p:75-84 Template-Type: ReDIF-Article 1.0 Author-Name: Charlie McMurdie Author-X-Name-First: Charlie Author-X-Name-Last: McMurdie Title: The cybercrime landscape and our policing response Journal: Journal of Cyber Policy Pages: 85-93 Issue: 1 Volume: 1 Year: 2016 Month: 1 X-DOI: 10.1080/23738871.2016.1168607 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1168607 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:1:p:85-93 Template-Type: ReDIF-Article 1.0 Author-Name: Heli Tiirmaa-Klaar Author-X-Name-First: Heli Author-X-Name-Last: Tiirmaa-Klaar Title: Building national cyber resilience and protecting critical information infrastructure Abstract: The digital transformation poses a challenge to all societies and economies, with Information and Communication Technologies forming a substrate for critical services and economic growth. National cyber policy-makers are faced with many priorities, including protecting critical infrastructure, reducing cybercrime, raising awareness, and following national security and foreign policy interests. The protection of critical services and infrastructure, fight against cybercrime, cyber incident response and recovery form a basis of nations’ cyber resilience in the digital era. In the light of recent cyber security regulations passed in the US and the European Union, the article offers an overview of how to organise and provide leadership for an efficient national cyber effort. It also discusses several methods from a public policy perspective of how to provide better cyber security for critical services and infrastructures. Journal: Journal of Cyber Policy Pages: 94-106 Issue: 1 Volume: 1 Year: 2016 Month: 1 X-DOI: 10.1080/23738871.2016.1165716 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1165716 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:1:p:94-106 Template-Type: ReDIF-Article 1.0 Author-Name: Sarmad Hussain Author-X-Name-First: Sarmad Author-X-Name-Last: Hussain Author-Name: Ahmed Bakhat Author-X-Name-First: Ahmed Author-X-Name-Last: Bakhat Author-Name: Nabil Benamar Author-X-Name-First: Nabil Author-X-Name-Last: Benamar Author-Name: Meikal Mumin Author-X-Name-First: Meikal Author-X-Name-Last: Mumin Author-Name: Inam Ullah Author-X-Name-First: Inam Author-X-Name-Last: Ullah Title: Enabling multilingual domain names: addressing the challenges of the Arabic script top-level domains Abstract: Domain names are a key to accessing content online. Even though much of the content is multilingual now, the domain names are still mostly limited to Latin characters. The paper focuses on the top-level domains, as a part of the Domain Name System (DNS), and explains the community-driven effort to make these multilingual using the internationalized domain name framework. The case of Arabic script is presented, highlighting the challenges faced for the script community in developing specific rules and recommendations to ensure the validity and uniqueness of labels for the DNS Root zone. The paper highlights the tension between enabling broadest expression with the domain names to facilitate the linguistic community while simultaneously adhering to the conservative procedure set out by the technical community to ensure the security and stability of the Root zone. The paper finally presents the details and evaluation of the proposed solution for the top-level domain names in Arabic script, addressing the end-user needs while minimizing the end-user confusion. Journal: Journal of Cyber Policy Pages: 107-129 Issue: 1 Volume: 1 Year: 2016 Month: 1 X-DOI: 10.1080/23738871.2016.1157618 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1157618 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:1:p:107-129 Template-Type: ReDIF-Article 1.0 Author-Name: The Editorial Team Author-X-Name-First: Author-X-Name-Last: The Editorial Team Title: Top ten must-reads: the editorial team choices Journal: Journal of Cyber Policy Pages: 130-132 Issue: 1 Volume: 1 Year: 2016 Month: 1 X-DOI: 10.1080/23738871.2016.1169761 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1169761 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:1:p:130-132 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Security and international cooperation dominate today's cyber policy landscape Journal: Journal of Cyber Policy Pages: 133-138 Issue: 1 Volume: 1 Year: 2016 Month: 1 X-DOI: 10.1080/23738871.2016.1166255 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1166255 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:1:p:133-138 Template-Type: ReDIF-Article 1.0 Author-Name: Emily Taylor Author-X-Name-First: Emily Author-X-Name-Last: Taylor Title: Introduction from the editor Journal: Journal of Cyber Policy Pages: 1-3 Issue: 1 Volume: 2 Year: 2017 Month: 1 X-DOI: 10.1080/23738871.2017.1301239 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1301239 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:1:p:1-3 Template-Type: ReDIF-Article 1.0 Author-Name: Jamie Saunders Author-X-Name-First: Jamie Author-X-Name-Last: Saunders Title: Tackling cybercrime – the UK response Abstract: Cybercrime activity is growing fast and evolving at a rapid pace, becoming both more technically proficient and aggressive. The Office for National Statistics (ONS) estimates that there were two million computer misuse offences experienced in England and Wales in the 12 months to March 2016. Precise figures for the total cost of cybercrime are hard to establish, but a National Crime Agency (NCA) Assessment published in July 2016 estimated the cost to the UK economy to be in the order of billions of pounds per annum.Tackling the threat of cybercrime requires a broad-based strategy that recognises the diversity of offences, actors and motivations. It requires the right balance between the ‘Four Ps’ of the UK Serious and Organised Crime Strategy – PURSUE, PREVENT, PROTECT, PREPARE. Critically, it requires close working between law enforcement, government, international partners and industry.This paper sets out the UK approach to tackling cybercrime and outlines some of the successes that have been achieved to date. It recognises that government, law enforcement agencies and other bodies have all increased efforts to tackle cybercrime, but concludes that these efforts alone cannot fully address the challenge. A number of areas are identified that need to be strengthened if, collectively, we are to have a lasting impact on the threat. Journal: Journal of Cyber Policy Pages: 4-15 Issue: 1 Volume: 2 Year: 2017 Month: 1 X-DOI: 10.1080/23738871.2017.1293117 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1293117 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:1:p:4-15 Template-Type: ReDIF-Article 1.0 Author-Name: Eviatar Matania Author-X-Name-First: Eviatar Author-X-Name-Last: Matania Author-Name: Lior Yoffe Author-X-Name-First: Lior Author-X-Name-Last: Yoffe Author-Name: Tal Goldstein Author-X-Name-First: Tal Author-X-Name-Last: Goldstein Title: Structuring the national cyber defence: in evolution towards a Central Cyber Authority Abstract: The unique characteristics of cyberspace challenge current national structures, originally built to cope with conventional threats. This realisation leads nations to search for the adequate structures and processes that could optimally tackle the new cyber risk while protecting core civil rights. This paper describes the three-phase evolution process that most countries have already gone through in structuring their cybersecurity activities. We then analyse the limitations of the current phase and outline the necessity in the next phase of evolution of governmental structures – the formation of a national Central Cyber Authority (CCA), a single civilian entity with concrete operational capabilities, responsible for defending the national cyberspace and leading national cybersecurity efforts. We present the logic behind this next phase of evolution as well as basic principles and components comprising the new CCA and its relations with current governmental organisations – regulators, law enforcement agencies and the intelligence community. Journal: Journal of Cyber Policy Pages: 16-25 Issue: 1 Volume: 2 Year: 2017 Month: 1 X-DOI: 10.1080/23738871.2017.1299193 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1299193 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:1:p:16-25 Template-Type: ReDIF-Article 1.0 Author-Name: Michael Chertoff Author-X-Name-First: Michael Author-X-Name-Last: Chertoff Title: A public policy perspective of the Dark Web Abstract: The Dark Web is at the centre of the debate over whether online anonymity should be maintained in spite of the illegal activity that it enables. Policy-makers must gain an understanding of the Dark Web in order to engage intelligently in the debate and enact effective Dark Web policy. This paper aims to provide context and policy recommendations pertaining to the Dark Web based on open-source research. The Dark Web’s complete history, from its creation to the latest incidents of government intervention, remains relevant to today’s debate. By examining cases where a government agency has enforced laws on the Dark Web, one can glean an understanding of which policies will be most successful going forward. This paper explores two specific policy topics: (1) determining the appropriate role of government in regulating the Dark Web and (2) exploring the most effective and reasonable methods for government to intervene. As the United States develops and refines policy regarding the Dark Web, the international community will also be manoeuvring to put in place regulations, and it is essential that these regulations be compatible while staying true to the values of the internet users that those governments serve. Journal: Journal of Cyber Policy Pages: 26-38 Issue: 1 Volume: 2 Year: 2017 Month: 1 X-DOI: 10.1080/23738871.2017.1298643 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1298643 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:1:p:26-38 Template-Type: ReDIF-Article 1.0 Author-Name: Jasmina Byrne Author-X-Name-First: Jasmina Author-X-Name-Last: Byrne Author-Name: Patrick Burton Author-X-Name-First: Patrick Author-X-Name-Last: Burton Title: Children as Internet users: how can evidence better inform policy debate? Abstract: As more and more researchers from all over the world are becoming interested in how children use the Internet and mobile technologies, global evidence of both the opportunities that the Internet brings, and their associated risks, is increasing. A new research initiative, Global Kids Online, contributes to this through provision of tools and guidelines to national researchers and comparative analysis of country-specific research findings. For the first time, rigorous and comparable evidence from lower and middle-income countries (South Africa, Serbia, the Philippines, Brazil and Argentina) is available on a range of topics: children’s civic engagement, participation and digital literacy, as well as risky behaviour and negative experiences. But to what extent do current Internet-related or broader child rights policies (regarding education and protection) correspond to this growing evidence base? What are the opportunities, through evidence use, for influencing new policy direction related to children and the Internet? Drawing on recent research and an associated policy review, this paper explores the link between the two and provides some suggestions for policy and questions for further discussion. Journal: Journal of Cyber Policy Pages: 39-52 Issue: 1 Volume: 2 Year: 2017 Month: 1 X-DOI: 10.1080/23738871.2017.1291698 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1291698 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:1:p:39-52 Template-Type: ReDIF-Article 1.0 Author-Name: Mark Camillo Author-X-Name-First: Mark Author-X-Name-Last: Camillo Title: Cyber risk and the changing role of insurance Abstract: A brief look at how the cyber risk landscape is evolving and what this means from a risk and insurance perspective, particularly as businesses accept they cannot hope to prevent all cyber intrusions regardless of the sophistication of their IT security. While cyber insurance is currently a stand-alone product, we are moving to a future where all classes of risk and insurance will be touched by cyber. Meanwhile, the rapid pace of technological change, increasing connectivity through the internet of Things and the changing MO of cyberattackers introduce new vulnerabilities and increase the potential for systemic and risk aggregation complexities that will need to be measured and monitored by insurers. As cyber underwriters scrutinise the IT security of firms seeking insurance, they also have an important and growing role as a de facto regulator. They are setting the bar for the cyber hygiene standards necessary in order to qualify for insurance, and in so doing, encouraging organisations large and small to implement systems and processes that will mitigate cyber risk. Journal: Journal of Cyber Policy Pages: 53-63 Issue: 1 Volume: 2 Year: 2017 Month: 1 X-DOI: 10.1080/23738871.2017.1296878 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1296878 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:1:p:53-63 Template-Type: ReDIF-Article 1.0 Author-Name: Brenden Kuerbis Author-X-Name-First: Brenden Author-X-Name-Last: Kuerbis Author-Name: Milton Mueller Author-X-Name-First: Milton Author-X-Name-Last: Mueller Title: Internet routing registries, data governance, and security Abstract: Routing is fundamental to the workings of the internet, yet the basic routing protocol, Border Gateway Protocol (BGP), is known to be insecure. This paper uses institutional economics to examine internet routing registries, which are used by network operators to mitigate the security flaws in BGP. Secure routing of internet traffic is characterised as a problem in the distributed governance of data. The highly distributed and decentralised exchange of routing announcements and routing policy data among network operators affords many opportunities for error or manipulation. This paper considers various solutions to the data governance problems associated with routing, in light of actors’ incentives and collective action problems. We compare IRRs to other methods of governing routing data in a way that enhances internet security, such as Resource Public Key Infrastructure and Border Gateway Protocol Security, Mutually Agreed Norms on Routing Security, and a blockchain supported routing registry. Journal: Journal of Cyber Policy Pages: 64-81 Issue: 1 Volume: 2 Year: 2017 Month: 1 X-DOI: 10.1080/23738871.2017.1295092 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1295092 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:1:p:64-81 Template-Type: ReDIF-Article 1.0 Author-Name: Adam Henschke Author-X-Name-First: Adam Author-X-Name-Last: Henschke Author-Name: Shannon Brandt Ford Author-X-Name-First: Shannon Brandt Author-X-Name-Last: Ford Title: Cybersecurity, trustworthiness and resilient systems: guiding values for policy Abstract: Cyberspace relies on information technologies to mediate relations between different people, across different communication networks and is reliant on the supporting technology. These interactions typically occur without physical proximity and those working depending on cybersystems must be able to trust the overall human–technical systems that support cyberspace. As such, detailed discussion of cybersecurity policy would be improved by including trust as a key value to help guide policy discussions. Moreover, effective cybersystems must have resilience designed into them. This paper argues that trustworthy cybersystems are a key element to resilient systems, and thus are core to cybersecurity policy. The paper highlights the importance of trustworthiness for resilient cybersystems. The importance of trustworthiness is shown through a discussion of three events where trustworthiness was the target or casualty of cyberattacks: Stuxnet, hacking of communications and the Edward Snowden revelations. The impact of losing trust is highlighted, to underpin the argument that a resilient cybersystem ought to design in trustworthiness. The paper closes off by presenting a general set of policy implications arising from recognition of the interplay between trust, trustworthiness and resilience for effective cybersecurity. Journal: Journal of Cyber Policy Pages: 82-95 Issue: 1 Volume: 2 Year: 2017 Month: 1 X-DOI: 10.1080/23738871.2016.1243721 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1243721 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:1:p:82-95 Template-Type: ReDIF-Article 1.0 Author-Name: Luca Belli Author-X-Name-First: Luca Author-X-Name-Last: Belli Title: Net neutrality, zero rating and the Minitelisation of the internet Abstract: The internet is a general-purpose network grounded on openness, decentralisation and interoperability. Such features have allowed innovation to flourish, lowering barriers to communication, participation and cooperation, thus empowering end-users. ‘General purpose’ means that the purpose for which the internet is used is not predefined by the operator but can be autonomously decided by the end-user. Accordingly, the network neutrality (NN) principle mandates non-discriminatory treatment of internet traffic to preserve the general-purpose nature of the internet, unleashing end-users’ creativity. This paper starts by exploring the NN debate, stressing that the NN rationale is to preserve an open and decentralised internet architecture, empowering end-users and protecting their rights. Subsequently, it argues that the combination of reduced data caps and zero-rating (ZR) schemes may create artificial scarcity, raise the price of the open internet and jeopardise the achievement of the NN rationale. It provides a taxonomy of ZR models and emphasises that several ZR practices might impose on the internet a centralised configuration that characterises less innovative networks, such as the Minitel. The phenomenon that I define as ‘Minitelisation’ of the internet consists of the shift from a user-centric, general-purpose network to one with predefined purposes, thereby creating passive consumers of predetermined services, rather than active internet users. Journal: Journal of Cyber Policy Pages: 96-122 Issue: 1 Volume: 2 Year: 2017 Month: 1 X-DOI: 10.1080/23738871.2016.1238954 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1238954 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:1:p:96-122 Template-Type: ReDIF-Article 1.0 Author-Name: Patryk Pawlak Author-X-Name-First: Patryk Author-X-Name-Last: Pawlak Author-Name: Panagiota-Nayia Barmpaliou Author-X-Name-First: Panagiota-Nayia Author-X-Name-Last: Barmpaliou Title: Politics of cybersecurity capacity building: conundrum and opportunity Abstract: A rapidly increasing uptake of Information and Communication Technologies across the globe, coupled with the uneven levels of readiness of societies to address security challenges associated with this process, has pushed the international community to deal with potential ‘safe havens’ and ‘weakest links’ around the world. Capacity building emerged in international cybersecurity debates as a possible remedy to this problem, also advocated by developing countries and emerging economies, thereby opening the cybersecurity policy community to development actors as well. The purpose of this article is twofold. By presenting conceptual underpinnings of cybersecurity capacity building (CCB), it aims to improve a general understanding of dilemmas and politics associated with its actors, drivers and processes. At the same time, by taking a critical view on the current pace and practice of capacity building in this field, it attempts to inject a more strategic reflection about the process. The article concludes by proposing some ideas for moving forward in establishing a strong CCB community. It highlights the need for institutional investment in ‘cyber knowledge brokers’ at all levels of government and across policies as well as the emergence of a principle-based approach to capacity building in cyberspace with a sustainable outlook towards closing the ‘cyber capacity gap’. Journal: Journal of Cyber Policy Pages: 123-144 Issue: 1 Volume: 2 Year: 2017 Month: 1 X-DOI: 10.1080/23738871.2017.1294610 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1294610 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:1:p:123-144 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Top must-reads: the editorial team choices Journal: Journal of Cyber Policy Pages: 145-147 Issue: 1 Volume: 2 Year: 2017 Month: 1 X-DOI: 10.1080/23738871.2017.1300290 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1300290 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:1:p:145-147 Template-Type: ReDIF-Article 1.0 Author-Name: Emily Taylor Author-X-Name-First: Emily Author-X-Name-Last: Taylor Title: Introduction from the editor Journal: Journal of Cyber Policy Pages: 289-292 Issue: 3 Volume: 2 Year: 2017 Month: 9 X-DOI: 10.1080/23738871.2017.1406184 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1406184 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:3:p:289-292 Template-Type: ReDIF-Article 1.0 Author-Name: Kathryn C. Brown Author-X-Name-First: Kathryn C. Author-X-Name-Last: Brown Title: Guest Editorial Journal: Journal of Cyber Policy Pages: 293-295 Issue: 3 Volume: 2 Year: 2017 Month: 9 X-DOI: 10.1080/23738871.2017.1407076 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1407076 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:3:p:293-295 Template-Type: ReDIF-Article 1.0 Author-Name: Lawrence E. Strickling Author-X-Name-First: Lawrence E. Author-X-Name-Last: Strickling Author-Name: Jonah Force Hill Author-X-Name-First: Jonah Force Author-X-Name-Last: Hill Title: Multi-stakeholder internet governance: successes and opportunities Abstract: This paper highlights some of the successes, challenges, and opportunities of the multi-stakeholder approach to Internet governance, based upon the authors’ experiences in the NTIA, the U.S. government agency responsible for spearheading many of the U.S. government’s internet governance initiatives. It identifies key areas upon which the internet community can focus as it strives to improve the multi-stakeholder approach and adapt it to other areas of internet governance and policy. Journal: Journal of Cyber Policy Pages: 296-317 Issue: 3 Volume: 2 Year: 2017 Month: 9 X-DOI: 10.1080/23738871.2017.1404619 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1404619 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:3:p:296-317 Template-Type: ReDIF-Article 1.0 Author-Name: Sally Wentworth Author-X-Name-First: Sally Author-X-Name-Last: Wentworth Title: Internet multi-stakeholder governance Journal: Journal of Cyber Policy Pages: 318-322 Issue: 3 Volume: 2 Year: 2017 Month: 9 X-DOI: 10.1080/23738871.2017.1400574 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1400574 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:3:p:318-322 Template-Type: ReDIF-Article 1.0 Author-Name: Andrew Sullivan Author-X-Name-First: Andrew Author-X-Name-Last: Sullivan Title: Avoiding lamentation: to build a future Internet Abstract: The logic of growth of the Internet, both in its applications and in the evolution of its infrastructure, appears to be gradually eroding the things that made the Internet what it was in the first place. This leads one to question not what the future of the Internet will be like, but rather whether there will be one at all. The paper considers the ways important applications on the Internet affect experience of the Internet and also devices and systems that are being deployed to the Internet that might affect the network. It concludes that acceptance of the logic of Internet evolution combined with a renewed attention to end-to-end arguments may be able to protect the Internet from the damage that will otherwise occur. Journal: Journal of Cyber Policy Pages: 323-337 Issue: 3 Volume: 2 Year: 2017 Month: 9 X-DOI: 10.1080/23738871.2017.1400083 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1400083 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:3:p:323-337 Template-Type: ReDIF-Article 1.0 Author-Name: Walid Al-Saqaf Author-X-Name-First: Walid Author-X-Name-Last: Al-Saqaf Author-Name: Nicolas Seidler Author-X-Name-First: Nicolas Author-X-Name-Last: Seidler Title: Blockchain technology for social impact: opportunities and challenges ahead Abstract: While much has already been written about blockchain applications and prospects in the FinTech industry, little research has been done to explore blockchain technology’s user-centric paradigm in enabling various applications beyond banking. This article is an effort to contribute to that body of scholarship by exploring blockchain technology’s potential applications, and their limits, in areas that intersect with social impact, including human rights. This article explores whether blockchain technology and its core operational principles – such as decentralisation, transparency, equality and accountability – could play a role in limiting undue online surveillance, censorship and human rights abuses that are facilitated by the increasing reliance on a few entities that control access to information online. By doing so, this article aims at initiating a scholarly curiosity to understand what is possible and what is to be concerned about when it comes to the potential impact of blockchain technology on society. Journal: Journal of Cyber Policy Pages: 338-354 Issue: 3 Volume: 2 Year: 2017 Month: 9 X-DOI: 10.1080/23738871.2017.1400084 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1400084 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:3:p:338-354 Template-Type: ReDIF-Article 1.0 Author-Name: Konstantinos Komaitis Author-X-Name-First: Konstantinos Author-X-Name-Last: Komaitis Title: The ‘wicked problem’ of data localisation Abstract: Data localisation should be seen as a sign of the current political climate; as the internet grows, so does its ability to empower users, hold governments accountable, and call into question much of the status quo. At the same time, governments are becoming increasingly savvy in their use of the internet to monitor the actions of users, both within their own countries and in others. Edward Snowden's 2013 revelations regarding the U.S. government's secret surveillance programme made other governments realise the potential of utilising the internet as a means to collect, analyse, and store data. It is under this purview that we will discuss data localisation. The main question of which we should keep reminding ourselves is why, in the face of clear evidence regarding the detrimental impact of data localisation in a country, a government would still opt for such a measure. The answer is to be found in power. Journal: Journal of Cyber Policy Pages: 355-365 Issue: 3 Volume: 2 Year: 2017 Month: 9 X-DOI: 10.1080/23738871.2017.1402942 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1402942 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:3:p:355-365 Template-Type: ReDIF-Article 1.0 Author-Name: Dennis Broeders Author-X-Name-First: Dennis Author-X-Name-Last: Broeders Title: Aligning the international protection of ‘the public core of the internet’ with state sovereignty and national security Abstract: The norm to protect the public core of the internet, originally advocated by the Netherlands Scientific Council for Government Policy, can be operationalised in two ways. Both a layered approach and a functional approach to defining the public core of the internet provide productive ways to discuss safeguarding the functionality and integrity of the core logical and physical infrastructure of the internet from unwarranted state interventions. The article further discusses the tensions between the concept of ‘the public core of the internet’ and those of state sovereignty and national security. It describes two tiers of objection to the protection of the core internet infrastructure and suggests ways to mitigate them. It concludes that even though there are no easy answers to national security in the cyber age, in the long run, reducing ambiguity in cyberspace will benefit all states. Lifting the public core of the internet out of that ambiguity would be a good starting point. Journal: Journal of Cyber Policy Pages: 366-376 Issue: 3 Volume: 2 Year: 2017 Month: 9 X-DOI: 10.1080/23738871.2017.1403640 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1403640 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:3:p:366-376 Template-Type: ReDIF-Article 1.0 Author-Name: Undrah B. Baasanjav Author-X-Name-First: Undrah B. Author-X-Name-Last: Baasanjav Title: Language rights and international domain names Abstract: This research examines how international domain names (IDNs) have become a proxy solution to multilingualism and language rights on the internet. In 2009, the Internet Corporation for Assigned Names and Numbers (ICANN) approved the initiation of fully internationalised top-level domain names. In this paper, I introduce the process of initiating IDNs, and map out their technological standards and solutions in the praxis of internet governance. Then, I discuss the key players and participants in the initiation of IDNs in relation to the Internet Assigned Numbers Authority (IANA) transition of 2016 and the expiring control of the U.S. government over ICANN. Finally, I discuss the relatively new language rights paradigm, which is gaining ground in cyberspace, coupled with the increasing norm of multilingualism. Journal: Journal of Cyber Policy Pages: 377-388 Issue: 3 Volume: 2 Year: 2017 Month: 9 X-DOI: 10.1080/23738871.2017.1402941 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1402941 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:3:p:377-388 Template-Type: ReDIF-Article 1.0 Author-Name: Brian Nussbaum Author-X-Name-First: Brian Author-X-Name-Last: Nussbaum Author-Name: Charlie Lewis Author-X-Name-First: Charlie Author-X-Name-Last: Lewis Title: Sizing up people and process: a conceptual lens for thinking about cybersecurity in large and small enterprises Abstract: This paper proposes a conceptual lens for analysing organisational cybersecurity challenges in light of ‘firm size’. There is extensive literature in the fields of business and organisational studies that connect firm size to various observed outcomes, as well as looking at the determinants and advantages or disadvantages of how large an enterprise is. This paper will theoretically examine cybersecurity challenges in large and small enterprises, both in the private sector (‘firms’) and in the public sector (‘agencies’ or ‘services’). While there are obviously technical aspects of cybersecurity, including challenges related to resources for acquiring equipment, convergence in information-sharing standards, and limitations of hardware and software, this paper focuses instead on social and organisational cybersecurity challenges. It will frame these challenges in terms of a balance of ‘process’ challenges – that is, the coordination of cybersecurity functions within the organisation – and in terms of ‘people’ challenges – that is, the recruitment, development and retention of qualified staff. The theoretical approach suggests a line of future research that would examine empirically if in fact the balance of ‘process’ and ‘people’ challenges look more similar among large firms (of whichever sector) than they do of large and small firms in the same sector. Journal: Journal of Cyber Policy Pages: 389-404 Issue: 3 Volume: 2 Year: 2017 Month: 9 X-DOI: 10.1080/23738871.2017.1398265 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1398265 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:3:p:389-404 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Top must-reads: the editorial team choices Journal: Journal of Cyber Policy Pages: 405-407 Issue: 3 Volume: 2 Year: 2017 Month: 9 X-DOI: 10.1080/23738871.2017.1406185 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1406185 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:3:p:405-407 Template-Type: ReDIF-Article 1.0 Author-Name: The Editor Title: Introduction from the editor Journal: Journal of Cyber Policy Pages: 1-4 Issue: 1 Volume: 3 Year: 2018 Month: 1 X-DOI: 10.1080/23738871.2018.1474239 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1474239 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:1:p:1-4 Template-Type: ReDIF-Article 1.0 Author-Name: David Omand Author-X-Name-First: David Author-X-Name-Last: Omand Title: The threats from modern digital subversion and sedition Abstract: Campaigns of subversion by foreign powers, and seditious domestic movements supported by them, are ancient practices of statecraft. These show the common characteristics of intimidation, propaganda and covert influence operations as demonstrated in examples from history. The modern digital space provides effective new means for promoting such vectors of subversion and sedition through cyberattacks on critical infrastructure, the weaponisation of information, and the use of social media to target messaging. Current Russian information campaigns and Salafist-Jihadist recruitment and propaganda are given as examples. The article concludes with an examination of possible responses by democracies that would be consistent with liberal values and human rights including freedom of speech. Journal: Journal of Cyber Policy Pages: 5-23 Issue: 1 Volume: 3 Year: 2018 Month: 1 X-DOI: 10.1080/23738871.2018.1448097 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1448097 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:1:p:5-23 Template-Type: ReDIF-Article 1.0 Author-Name: Amy E. Pope Author-X-Name-First: Amy E. Author-X-Name-Last: Pope Title: Cyber-securing our elections Abstract: The 2016 U.S. Presidential election highlighted the cybersecurity threat of hostile state interference in democratic processes. A large body of evidence has emerged demonstrating how Russian operatives hacked the Democratic National Convention and leaked sensitive documents to undermine voter trust; spread disinformation and propaganda to polarise and divide American citizens; and suppressed voters with targeted advertisements and paid trolls. But hostile interference is a global threat and there are lessons to be learned from the U.S. election that could enable faster and more effective responses by governments around the world. This paper describes three preventative measures: the development of norms around influence operations – at a minimum, between like-minded states; internal government restructuring for improved real-time decision-making; and innovative mechanisms for public-private cooperation through trusted intermediaries. While there is no straightforward solution to protecting democratic processes, governments can begin taking steps to secure future elections from influence operations. Journal: Journal of Cyber Policy Pages: 24-38 Issue: 1 Volume: 3 Year: 2018 Month: 1 X-DOI: 10.1080/23738871.2018.1473887 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1473887 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:1:p:24-38 Template-Type: ReDIF-Article 1.0 Author-Name: Susan Morgan Author-X-Name-First: Susan Author-X-Name-Last: Morgan Title: Fake news, disinformation, manipulation and online tactics to undermine democracy Journal: Journal of Cyber Policy Pages: 39-43 Issue: 1 Volume: 3 Year: 2018 Month: 1 X-DOI: 10.1080/23738871.2018.1462395 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1462395 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:1:p:39-43 Template-Type: ReDIF-Article 1.0 Author-Name: Mischa Hansel Author-X-Name-First: Mischa Author-X-Name-Last: Hansel Author-Name: Max Mutschler Author-X-Name-First: Max Author-X-Name-Last: Mutschler Author-Name: Marcel Dickow Author-X-Name-First: Marcel Author-X-Name-Last: Dickow Title: Taming cyber warfare: lessons from preventive arms control Abstract: Preventive arms control, narrowly defined, is about restrictions on weapons development. From this traditional understanding follows that cyber warfare will be hard, if not impossible, to regulate. In this article, we start from a less circumscribed definition of preventive arms control that would also encompass limitations on the use of emerging technological capacities, both formal and informal. Based upon a comparison with the historical case of Anti-Ballistic Missile (ABM) arms control, we offer a fresh look into the prospects of taming cyber warfare via arms control measures and similar forms of security cooperation. The case of the ABM Treaty is instructive because it shows that neither definitional vagueness nor unequal relative gains proved to be insurmountable obstacles for cooperation. Rather, the transformation of strategic interests through complex learning was key to the achievement of the ABM Treaty. Recent developments in cybersecurity negotiations show that similar learning processes are underway. This is not to say that definitional and verification problems can be solved easily and that a treaty prohibiting cyber weapons is possible. But there is reason to believe that complex learning can transform perceived interest, just like it did during the Cold War, and that international norms against certain cyberattacks can be established. Journal: Journal of Cyber Policy Pages: 44-60 Issue: 1 Volume: 3 Year: 2018 Month: 1 X-DOI: 10.1080/23738871.2018.1462394 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1462394 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:1:p:44-60 Template-Type: ReDIF-Article 1.0 Author-Name: Louise Marie Hurel Author-X-Name-First: Louise Marie Author-X-Name-Last: Hurel Author-Name: Luisa Cruz Lobato Author-X-Name-First: Luisa Cruz Author-X-Name-Last: Lobato Title: Unpacking cyber norms: private companies as norm entrepreneurs Abstract: Concerns over practices in cyberspace are central to the consolidating international agenda for cybersecurity. Responses to such concerns come in different shapes and sizes, and are proposed by different actors. Whether it concerns intellectual property rights, the theft of trade secrets, collection of personal data, critical infrastructure protection, DNS security, or geopolitical issues, the rise of cybersecurity as a multifaceted global issue has led to the proliferation of governance mechanisms aimed at responding thereto. While state efforts have sought to promote norms of responsible state behaviour in cyberspace, we argue that technology companies are also taking the lead as norm entrepreneurs in the context of the stability and security of cyberspace. We explore the tensions between current literature on cyber norms and the role of private actors as potential norm entrepreneurs in global cybersecurity. In an attempt to determine the position of private actors in this field, we turn to practices such as corporate diplomacy and lobbying as avenues for highlighting the methods in which corporations engage in international policymaking in general, and cyber norms in particular. We look at Microsoft’s case to unpack the company’s role in the normative development of cybersecurity globally. We analyse documents containing the company’s policies and strategies, and argue that these efforts consist of an attempt to influence global public policies on cybersecurity. In conclusion, we note that, notwithstanding these efforts, the lack of coordination between different aspects of norm-making processes illustrates the challenges facing the advancement of international cyber norms. Journal: Journal of Cyber Policy Pages: 61-76 Issue: 1 Volume: 3 Year: 2018 Month: 1 X-DOI: 10.1080/23738871.2018.1467942 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1467942 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:1:p:61-76 Template-Type: ReDIF-Article 1.0 Author-Name: Stefan Steiger Author-X-Name-First: Stefan Author-X-Name-Last: Steiger Author-Name: Sebastian Harnisch Author-X-Name-First: Sebastian Author-X-Name-Last: Harnisch Author-Name: Kerstin Zettl Author-X-Name-First: Kerstin Author-X-Name-Last: Zettl Author-Name: Johannes Lohmann Author-X-Name-First: Johannes Author-X-Name-Last: Lohmann Title: Conceptualising conflicts in cyberspace Abstract: The article conceptualises political conflict in cyberspace. Thus far, scholarship has focussed on the analysis of (unilateral) cyberattacks, measuring their scope and impact, especially in Western industrialised countries. But cyber conflict, defined here as an incompatibility of stated intentions between actors which guides their use of computer technologies to harm the other, has received much less attention. Our conceptual approach builds on the work done by Valeriano and Maness and others in the field of cyber conflict measurement. We argue, however, that the interactive, international and inter-agential nature of cyber conflicts has not been captured sufficiently in recent scholarship. By providing a new methodology to address the problems of information bias, attribution and the neglect of non-state actors, we hold that variance in cyber conflict dynamics as well as spill-over effects between off- and online conflicts may be better captured with the new approach. Our work seeks to extend the understanding of state and non-state conflict behaviour in cyberspace and our methodology may inform further extensive data collections. Journal: Journal of Cyber Policy Pages: 77-95 Issue: 1 Volume: 3 Year: 2018 Month: 1 X-DOI: 10.1080/23738871.2018.1453526 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1453526 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:1:p:77-95 Template-Type: ReDIF-Article 1.0 Author-Name: Noha Fathy Author-X-Name-First: Noha Author-X-Name-Last: Fathy Title: Freedom of expression in the digital age: enhanced or undermined? The case of Egypt Abstract: This research is intended to assess the extent to which freedom of expression is enhanced or undermined in the digital age. The purpose of this investigation is to explore the case study of Egypt. By employing qualitative modes of enquiry, the research argues that the internet could buttress freedom of expression as a ubiquitous, open, global network. However, these potentials are hindered by the violations of the right to freedom of expression carried out by the Egyptian government. To this aim, the study is built on a conceptual framework that hinges on three modalities adopted from Lawrence Lessig's (2006) framework: 1) the law – the internet legislation that regulates online freedoms; 2) the architecture – the design of the internet which is founded on hardware and software, and 3) the social norms – the norms that are imposed by the community and influenced by the law. To investigate these three modalities, three pertinent indicators need to be incorporated: 1) the international human rights standards that enshrine freedom of expression, against which the local legal landscape is assessed; 2) the internet filtering, censorship and surveillance used to analyse the internet architecture, and 3) the encroachments on human rights which would be necessary in order to examine if the social norms were altered by such violations. Journal: Journal of Cyber Policy Pages: 96-115 Issue: 1 Volume: 3 Year: 2018 Month: 1 X-DOI: 10.1080/23738871.2018.1455884 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1455884 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:1:p:96-115 Template-Type: ReDIF-Article 1.0 Author-Name: Eric Jardine Author-X-Name-First: Eric Author-X-Name-Last: Jardine Title: Mind the denominator: towards a more effective measurement system for cybersecurity Abstract: Crime statistics in the physical world are routinely normalised around the population of a city or country. Such normalisations are essential, as they provide both a propensity-based perspective on crime (e.g. the odds of being murdered are 1 in 100,000) and correct for the simple fact that a larger population should have more crimes. Unfortunately, many cybersecurity metrics tend to be uncorrected counts of malicious phenomena such as the number of phishing websites. While normalisation cannot make bad measures good, a failure to normalise even the best cybersecurity metrics can lead to bias. A failure to normalise count statistics around the size of the ecosystem, sensor density or risk mitigation personnel has implications for the observed trends, often making the state of cybersecurity seem worse than it actually is. In short, normalisation of malicious count data is a crucial measurement step and has significant impacts for both firm- and economy-wide risk management strategies and policy assessment. Journal: Journal of Cyber Policy Pages: 116-139 Issue: 1 Volume: 3 Year: 2018 Month: 1 X-DOI: 10.1080/23738871.2018.1472288 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1472288 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:1:p:116-139 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Top must-reads: the editorial team choices Journal: Journal of Cyber Policy Pages: 140-141 Issue: 1 Volume: 3 Year: 2018 Month: 1 X-DOI: 10.1080/23738871.2018.1476565 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1476565 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:1:p:140-141 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Introduction from the editor Journal: Journal of Cyber Policy Pages: 287-290 Issue: 3 Volume: 3 Year: 2018 Month: 9 X-DOI: 10.1080/23738871.2018.1557234 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1557234 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:3:p:287-290 Template-Type: ReDIF-Article 1.0 Author-Name: Vinod K. Aggarwal Author-X-Name-First: Vinod K. Author-X-Name-Last: Aggarwal Author-Name: Andrew W. Reddie Author-X-Name-First: Andrew W. Author-X-Name-Last: Reddie Title: Comparative industrial policy and cybersecurity: a framework for analysis Abstract: This comparative project evaluates the role of firms, governments, and other key stakeholders in the rise of industrial policy in important states in the cybersecurity industry. In particular, we focus on the US, China, Taiwan, Japan, the EU and key European states. Our goals are as follows: 1) to examine the motivation for government promotion of the cybersecurity industry; 2) to inventory existing measures employed by these countries; 3) to understand the driving forces of cybersecurity industrial policy in these countries; and 4) to examine the likely conflicts that will arise from the competitive pursuit of such industrial policies and how they might possibly be resolved through international cooperation. To this end, we provide an analytical framework to serve as the structure for this project by drawing on a variety of theoretical approaches to understand industrial policy. Journal: Journal of Cyber Policy Pages: 291-305 Issue: 3 Volume: 3 Year: 2018 Month: 9 X-DOI: 10.1080/23738871.2018.1553989 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1553989 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:3:p:291-305 Template-Type: ReDIF-Article 1.0 Author-Name: Tai Ming Cheung Author-X-Name-First: Tai Ming Author-X-Name-Last: Cheung Title: The rise of China as a cybersecurity industrial power: balancing national security, geopolitical, and development priorities Abstract: This article examines the development of China's cybersecurity industry over the past two decades since the arrival of the internet in that country. This analysis takes place from a primarily security and technology perspective because the national security apparatus occupies a powerful presence in China's cyber affairs. Moreover, the development of the cybersecurity industry is significantly driven by the development of technological capabilities. Key issues explored include: (1) Chinese decision-making and thinking on cybersecurity development within the context of the Chinese leadership's general approach to development, national security, and technology advancement; (2) the nature and characteristics of recent Chinese cybersecurity-related development strategies and plans; (3) the drivers behind the development of China's cybersecurity industry, looking especially at market failures, national security rationales, and government intervention; (4) the proliferation of principal actors and coalitions in the Chinese cybersecurity industry and how this influences its development; and (5) the nature of the relationship between the state and cybersecurity firms, in particular examining four types of interactions: the state as a customer; state hiring of talent; the state's direct regulatory power, and the state as an investor. The article concludes by considering the international implications of China's rise as an increasingly capable and confident cybersecurity power. Journal: Journal of Cyber Policy Pages: 306-326 Issue: 3 Volume: 3 Year: 2018 Month: 9 X-DOI: 10.1080/23738871.2018.1556720 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1556720 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:3:p:306-326 Template-Type: ReDIF-Article 1.0 Author-Name: Benjamin Bartlett Author-X-Name-First: Benjamin Author-X-Name-Last: Bartlett Title: Government as facilitator: how Japan is building its cybersecurity market Abstract: This paper explores Japan’s industrial policy toward cyber security. I begin by describing the perceived market failures with regard to cyber security, and the Japanese government’s rationales for intervention. Next, I briefly describe the institutions involved in Japan’s cyber security policy-making. I follow by discussing three models of Japanese intervention: government as provider, government as facilitator, and government as promoter. Then, I examine the factors that have led to this particular constellation of measures. Finally, I look at the effectiveness of these measures as well as make some concluding remarks about likely future trends. Journal: Journal of Cyber Policy Pages: 327-343 Issue: 3 Volume: 3 Year: 2018 Month: 9 X-DOI: 10.1080/23738871.2018.1550522 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1550522 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:3:p:327-343 Template-Type: ReDIF-Article 1.0 Author-Name: Hsini Huang Author-X-Name-First: Hsini Author-X-Name-Last: Huang Author-Name: Tien-Shen Li Author-X-Name-First: Tien-Shen Author-X-Name-Last: Li Title: A centralised cybersecurity strategy for Taiwan Abstract: Viewing cybersecurity as a matter of national security, in May 2018, authorities in Taiwan passed the Information and Communication Management Act (ICM Act) in response to the increasing awareness of potential malicious cyberattacks targeting the public and private sectors. Under the ICM Act, both government and non-government bodies are complied with the coded regulations and new management scheme. This article provides a thorough review of the proposed national information security policies in Taiwan between 2001 and 2017, as well as to deliver a case for the comparative study of industrial policies employed to bolster domestic cybersecurity markets. Using interview data and government documents, we argue that the industrial policy for cybersecurity in Taiwan is a top-down centralised approach. The new basic law for cybersecurity requests all government agencies and the critical infrastructure providers to comply with the new regulation. On top of the legislative base, the state policy adopts traditional policy instruments as economic stimulus, for instance announcing series of national development programme, imposing new security standards, and providing financial subsidy and R&D credits for SMEs. This paper also describes the major rationale and drivers behind the government’s plan of action to shape the cybersecurity industry policy in Taiwan. Journal: Journal of Cyber Policy Pages: 344-362 Issue: 3 Volume: 3 Year: 2018 Month: 9 X-DOI: 10.1080/23738871.2018.1553987 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1553987 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:3:p:344-362 Template-Type: ReDIF-Article 1.0 Author-Name: Paul Timmers Author-X-Name-First: Paul Author-X-Name-Last: Timmers Title: The European Union’s cybersecurity industrial policy Abstract: The European Union was founded as an economic cooperation of its member states. It has as a major objective to create a large internal market with free flow of people, goods, services and capital. Over its 60-year history, the EU’s mandate has expanded beyond economic matters and the internal market into areas such as justice and international affairs. In this paper, I discuss EU policy to address cybersecurity concerns, bolster the cybersecurity market, and assess the impact of these interventions. EU-level cybersecurity policymaking is challenging due to the wide diversity of interests of the EU countries and the limited EU mandate where matters of national security are concerned. The conclusion is that, nevertheless, it has been possible to establish clear EU policy in cybersecurity and even to a degree joint EU cybersecurity industrial policy. The EU approach, though sui generis, may also provide insights for wider international cooperation in cybersecurity. Journal: Journal of Cyber Policy Pages: 363-384 Issue: 3 Volume: 3 Year: 2018 Month: 9 X-DOI: 10.1080/23738871.2018.1562560 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1562560 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:3:p:363-384 Template-Type: ReDIF-Article 1.0 Author-Name: Danilo D’Elia Author-X-Name-First: Danilo Author-X-Name-Last: D’Elia Title: Industrial policy: the holy grail of French cybersecurity strategy? Abstract: The 2008 White Paper on Defence and National Security was the first major document to focus directly on national cyberthreats as a key risk to France’s sovereignty. It defined new priorities – such as cyberattack prevention and response – and established, in July 2009, the National Agency for the Security of Information System (ANSSI) as an inter-ministerial agency with national authority for the defence of information systems. In 2013, a new version of the White Paper reiterated that the capacity to detect and protect against cyberattacks was ‘an essential component of [France’s] national sovereignty and economic well-being’. The same year, the French government launched an ambitious programme and invested considerable efforts and expenditure into cybersecurity industrial policy. This article summarises the structural characteristics of public-private partnerships and outlines the different conflicts behind the industrial movements in the 2009–2015 period: representation of digital sovereignty versus corporate interest in the global market, national defence champions versus the start-up ecosystem. Journal: Journal of Cyber Policy Pages: 385-406 Issue: 3 Volume: 3 Year: 2018 Month: 9 X-DOI: 10.1080/23738871.2018.1553988 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1553988 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:3:p:385-406 Template-Type: ReDIF-Article 1.0 Author-Name: Melissa K. Griffith Author-X-Name-First: Melissa K. Author-X-Name-Last: Griffith Title: A comprehensive security approach: bolstering Finnish cybersecurity capacity Abstract: Finland, at the easternmost border of the European Union (EU), has set itself apart as a global leader in cybersecurity technology. Yet, despite Finland’s relative technological strength in this space, the government has actively intervened in the market in order to bolster cybersecurity capacity and competency. Why? There is an important distinction between the presence of technological expertise and a strategy for the security of society writ large, the latter of which necessitates resilient critical infrastructure and services within a country. To this end, the government has utilised a pre-existing logic for market intervention: Finland’s geopolitical position and its corresponding defence doctrine’s emphasis on defence of society by maintaining society-wide resilience in the event of a crisis. In comprehensive security (kokonaisturvallisuus), which includes cybersecurity, the responsibility for and the safeguarding of the vital functions of society are jointly held by private and public actors, industry and government, defence forces and citizens. Notably, given this focus on industry and civil society’s role within the provision of security, Finland’s approach provides an institutional foundation that is well suited to the realities of addressing cybersecurity at the national level. Journal: Journal of Cyber Policy Pages: 407-429 Issue: 3 Volume: 3 Year: 2018 Month: 9 X-DOI: 10.1080/23738871.2018.1561919 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1561919 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:3:p:407-429 Template-Type: ReDIF-Article 1.0 Author-Name: Madeline Carr Author-X-Name-First: Madeline Author-X-Name-Last: Carr Author-Name: Leonie Maria Tanczer Author-X-Name-First: Leonie Maria Author-X-Name-Last: Tanczer Title: UK cybersecurity industrial policy: an analysis of drivers, market failures and interventions Abstract: The United Kingdom (UK) forms the largest internet economy in the G20 and has the stated ambition of being the ‘safest place in the world to live and work online’. Cybersecurity is, thus, regarded as both a challenge as much as an opportunity. Since the publication of UK's first National Cyber Security Strategy (NCSS) in November 2011, the government has implemented many proactive as well as reactive measures to enhance both its cybersecurity capabilities as well as its market power in this space. This article provides an analysis of the shift away from a reliance on market forces that dominated Western approaches to cybersecurity over the recent years. Specifically, it highlights three ‘market failures’ that have prompted UK's industrial policy responses: ongoing data breaches; inadequate private cybersecurity investments; and a continuous digital skills gap. An analysis of these drivers as well as UK government's responses demonstrates that the UK's cybersecurity strategy has evolved from an initial heavy reliance on market forces towards a more state-driven public-private partnership. Journal: Journal of Cyber Policy Pages: 430-444 Issue: 3 Volume: 3 Year: 2018 Month: 9 X-DOI: 10.1080/23738871.2018.1550523 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1550523 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:3:p:430-444 Template-Type: ReDIF-Article 1.0 Author-Name: Vinod K. Aggarwal Author-X-Name-First: Vinod K. Author-X-Name-Last: Aggarwal Author-Name: Andrew W. Reddie Author-X-Name-First: Andrew W. Author-X-Name-Last: Reddie Title: Comparative industrial policy and cybersecurity: the US case Abstract: This paper investigates the relationship between the US government and its domestic cybersecurity sector drawing on the special issue framework. We show how there has been, and argue that we will likely continue to see, substantial public investment in the sector by the US government via industrial policy to address cybersecurity market failures. This analysis is particularly important given that both the market failures associated with the provision of cybersecurity and the government role in addressing this challenge remain under-explored in the existing academic and policy literature. The paper proceeds in three parts. First, it outlines the unique categories of three types of firms – those in the cybersecurity sector, large technology companies and internet-adjacent firms – involved in the under-provision of cybersecurity and examines possible market failures. Second, we inventory existing measures employed by the US government to engage with each type of firm to address real and perceived market failures in these different sectors. Finally, we examine how state-society relations have conditioned US government intervention approaches in this sector and argue that well-established IT firms now have a privileged lobbying role related to state-society relations in the United States. Journal: Journal of Cyber Policy Pages: 445-466 Issue: 3 Volume: 3 Year: 2018 Month: 9 X-DOI: 10.1080/23738871.2018.1551910 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1551910 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:3:p:445-466 Template-Type: ReDIF-Article 1.0 Author-Name: Florian J. Egloff Author-X-Name-First: Florian J. Author-X-Name-Last: Egloff Title: Cyber mercenaries: the state, hackers, and power Journal: Journal of Cyber Policy Pages: 467-468 Issue: 3 Volume: 3 Year: 2018 Month: 9 X-DOI: 10.1080/23738871.2018.1523443 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1523443 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:3:p:467-468 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Erratum Journal: Journal of Cyber Policy Pages: 469-469 Issue: 3 Volume: 3 Year: 2018 Month: 9 X-DOI: 10.1080/23738871.2018.1543929 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1543929 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:3:p:469-469 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Introduction from the Editor Journal: Journal of Cyber Policy Pages: 139-142 Issue: 2 Volume: 4 Year: 2019 Month: 5 X-DOI: 10.1080/23738871.2019.1639785 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1639785 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:2:p:139-142 Template-Type: ReDIF-Article 1.0 Author-Name: Esther Keymolen Author-X-Name-First: Esther Author-X-Name-Last: Keymolen Author-Name: Simone Van der Hof Author-X-Name-First: Simone Author-X-Name-Last: Van der Hof Title: Can I still trust you, my dear doll? A philosophical and legal exploration of smart toys and trust Abstract: The purpose of this article is to show how the smartification of children’s toys impacts the concept of trust. We make use of the 4Cs conceptual trust framework – context, construction, curation, codification – to analyse how the technological, commercial and legal developments central to the arrival of the Internet of Toys have an impact on the trust relations of children, parents and the companies behind smart dolls. We found that the introduction of smart dolls brings forth several trust issues. First, important vulnerabilities, such as monitoring practices and data-sharing, take place beyond the awareness of children and parents. Even if they try to read the terms and conditions or look into the technical specifications of the toys, these products remain black boxes because the operating systems are proprietary and not all information is disclosed or understandable. Second, with the arrival of smart dolls, a form of hybrid ownership arises. Because of the networked character of the dolls, they remain under the influence and control of the company. Children and parents have to trust the companies not to abuse this connection. And finally, the regulatory framework that should protect children is not only inadequate, it might actually exacerbate trust issues. Journal: Journal of Cyber Policy Pages: 143-159 Issue: 2 Volume: 4 Year: 2019 Month: 5 X-DOI: 10.1080/23738871.2019.1586970 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1586970 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:2:p:143-159 Template-Type: ReDIF-Article 1.0 Author-Name: Marie-Helen Maras Author-X-Name-First: Marie-Helen Author-X-Name-Last: Maras Author-Name: Adam Scott Wandt Author-X-Name-First: Adam Scott Author-X-Name-Last: Wandt Title: Enabling mass surveillance: data aggregation in the age of big data and the Internet of Things Abstract: The Internet of Things as envisioned – that is, an interconnected, interdependent and interoperable networked world – creates inherent dangers. Among these dangers, is the fact that it facilitates perpetual surveillance of populations. This form of surveillance is made possible because IoT devices record and transmit a massive amount of data that is being shared and analysed in new and unique ways to enable the ubiquitous monitoring of individuals. Ultimately, the data collected by the Internet of Things enables a level of surveillance previously only written about in science fiction novels. This article examines the privacy implications of this ‘new norm’ of perpetual surveillance, the private sector’s primary role in enabling, and engaging in, this surveillance, and what, if anything, can be done about this surveillance. Journal: Journal of Cyber Policy Pages: 160-177 Issue: 2 Volume: 4 Year: 2019 Month: 5 X-DOI: 10.1080/23738871.2019.1590437 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1590437 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:2:p:160-177 Template-Type: ReDIF-Article 1.0 Author-Name: Nóra Ni Loideain Author-X-Name-First: Nóra Ni Author-X-Name-Last: Loideain Title: A port in the data-sharing storm: the GDPR and the Internet of things Abstract: The onward march of the ‘Internet of Things’ (IoT) heralds an all-encompassing data-driven society where the collection, analysis, sharing, and retention of personal data by service providers, machines and objects will be pervasive and ubiquitous, thereby normalising sustained data gathering from any source possible. In other words, the full realisation of the IoT would best be described as a data-sharing storm where there are no controls or safeguards on what data is shared, who it is shared with, or for what purposes data is used or re-used. As a legal framework that stipulates key principles and safeguards that must be employed when processing of personal data takes place within its scope of application, the EU General Data Protection Regulation (GDPR) represents a port in the data-sharing storm put forward by this vision of the IoT. This article examines what role the recent major upgrade of EU data protection law, under the GDPR, may play in addressing the data protection implications and challenges posed by the IoT for data controllers and processors. Journal: Journal of Cyber Policy Pages: 178-196 Issue: 2 Volume: 4 Year: 2019 Month: 5 X-DOI: 10.1080/23738871.2019.1635176 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1635176 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:2:p:178-196 Template-Type: ReDIF-Article 1.0 Author-Name: Victoria Baines Author-X-Name-First: Victoria Author-X-Name-Last: Baines Title: Online child sexual exploitation: towards an optimal international response Abstract: Efforts have been made in recent years to ensure there is sufficient capacity within nation states to respond to, and combat, Online Child Sexual Exploitation (OCSE). The UK-led WeProtect Global Alliance initiative has outlined a Model National Response (MNR), to which a large number of nations have already committed. OCSE, like cybercrime, is very often a crime with international dimensions. If we could start again knowing what we know now about OCSE, what would a model international response look like? Does this help us identify gaps in the existing international response that can be opportunities for improvement? This article maps an optimal international response to the problem of OCSE. Drawing on and complementing the We Protect Global Alliance Model National Response (MNR), it highlights aspects peculiar to the international nature of OCSE and suggests areas for future operational coordination and research. Journal: Journal of Cyber Policy Pages: 197-215 Issue: 2 Volume: 4 Year: 2019 Month: 5 X-DOI: 10.1080/23738871.2019.1635178 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1635178 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:2:p:197-215 Template-Type: ReDIF-Article 1.0 Author-Name: Thomas Paterson Author-X-Name-First: Thomas Author-X-Name-Last: Paterson Title: Indonesian cyberspace expansion: a double-edged sword Abstract: Indonesia’s gross domestic product (GDP) is growing at a healthy 5.1% per year. A significant portion of new growth in recent years has been generated by cyberspace expansion and the creation of new cyber-based businesses in the e-commerce sector. These businesses have thrived due to the rising number of Indonesians connecting to the internet. As of 2017, Indonesia had approximately 143 million internet users. This figure will further increase as the economy grows. Digital connectivity in Indonesia has created many positive economic opportunities but has also led to problems with cybercrime, cyber-amplified religious intolerance and disinformation. Indonesia’s slow-moving and inadequate legislative environment has resulted in cyber criminals using the archipelago as a haven for their activities. Problems associated with low rates of digital literacy mean that Indonesians citizens are highly vulnerable to pervasive disinformation campaigns. To address these issues, the Indonesian government has announced a limited range of measures aimed at improving digital literacy and combating issues in its cyberspace. Although some of these measures are positive, they include problematic proposals for legislative revisions and an automated ‘content moderation’ system, which, without proper oversight or transparent implementation frameworks, could be used to censor or suppress legitimate political expression. Journal: Journal of Cyber Policy Pages: 216-234 Issue: 2 Volume: 4 Year: 2019 Month: 5 X-DOI: 10.1080/23738871.2019.1627476 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1627476 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:2:p:216-234 Template-Type: ReDIF-Article 1.0 Author-Name: James Shires Author-X-Name-First: James Author-X-Name-Last: Shires Title: Hack-and-leak operations: intrusion and influence in the Gulf Abstract: Events such as the leaking of hacked emails from the US Democratic National Committee before the 2016 presidential election sit between two paradigms of cybersecurity. The first paradigm focuses on intrusion (unauthorised access to networks), while the second concentrates on influence (the use of digital technologies to shift public debate). Analyses generally tackle one of these two aspects: cybersecurity specialists focus on intrusion, setting aside the complexities of the digital public sphere, while media scholars do the opposite, closely analysing flows of leaked information without considering how it was obtained. This article instead argues for conceptualising hack-and-leak operations (HLOs) as a distinct category, through a close analysis of a crucial HLO that has been overlooked by the cybersecurity literature: the release of documents from the Saudi Ministry of Foreign Affairs by the ‘Yemen Cyber Army’. It proposes a tripartite framework for understanding the impact of HLOs as mechanisms of delegitimization, based on their technical characteristics, social and political context and target audiences. The article suggests that the Yemen Cyber Army incident could have been an experiment for the same Russian actors who carried out the DNC operation, allowing them to hone their tactics prior to the US elections. Journal: Journal of Cyber Policy Pages: 235-256 Issue: 2 Volume: 4 Year: 2019 Month: 5 X-DOI: 10.1080/23738871.2019.1636108 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1636108 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:2:p:235-256 Template-Type: ReDIF-Article 1.0 Author-Name: Rod Thornton Author-X-Name-First: Rod Author-X-Name-Last: Thornton Author-Name: Marina Miron Author-X-Name-First: Marina Author-X-Name-Last: Miron Title: Deterring Russian cyber warfare: the practical, legal and ethical constraints faced by the United Kingdom Abstract: This article examines both the nature of the cyber threat that Russia poses to the United Kingdom and the efficacy of the latter’s responses to it. It begins, and making use of original Russian sources, with a review of why a Russian cyber campaign is being conducted against the UK and how it is being operationalised. This article then goes on to analyse the UK’s ability to defend itself against this campaign by employing the concepts of both deterrence-by-denial and deterrence-by-punishment. But can this UK cyber deterrence actually work? The idea of cyber deterrence-by-denial seems to be impractical, while there are specific issues with employing cyber in a deterrence-by-punishment capacity. In particular, how can the UK use its own offensive cyber capabilities against Russia and yet remain within international law and ethical boundaries? Indeed, the UK government has already accepted that, in any future use of its offensive cyber capabilities, it cannot do so. Journal: Journal of Cyber Policy Pages: 257-274 Issue: 2 Volume: 4 Year: 2019 Month: 5 X-DOI: 10.1080/23738871.2019.1640757 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1640757 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:2:p:257-274 Template-Type: ReDIF-Article 1.0 Author-Name: Aaron F. Brantly Author-X-Name-First: Aaron F. Author-X-Name-Last: Brantly Title: Conceptualizing cyber policy through complexity theory Abstract: Complexity is a consistent feature of cyberspace. It is resident within the technical, logical and human layers across which socio-technical structures leverage cyberspace. Yet the development of policy often approaches the complex nature of cyberspace through reductionism. This paper argues, using two case examples from cryptography that to develop good policies and laws for cyberspace requires an embrace of a new theoretical framework, that is, complexity theory. Journal: Journal of Cyber Policy Pages: 275-289 Issue: 2 Volume: 4 Year: 2019 Month: 5 X-DOI: 10.1080/23738871.2019.1583763 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1583763 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:2:p:275-289 Template-Type: ReDIF-Article 1.0 Author-Name: Samuel Zilincik Author-X-Name-First: Samuel Author-X-Name-Last: Zilincik Author-Name: Michael Myklin Author-X-Name-First: Michael Author-X-Name-Last: Myklin Author-Name: Petr Kovanda Author-X-Name-First: Petr Author-X-Name-Last: Kovanda Title: Cyber power and control: a perspective from strategic theory Abstract: Cyber power has not been sufficiently examined from the perspective of strategic theory. This research aims to fill this gap by closely analysing the connection between cyber power and the concept of control. For this purpose, the authors use the method of theoretical analysis augmented by an examination of particular historical examples. The findings indicate that cyber sabotage and cyber subversion may be able to produce varying levels of control depending on the particular context of each situation. Cyber espionage alone is unable to produce any level of control, but it may enable other instruments to achieve a level of control. Journal: Journal of Cyber Policy Pages: 290-301 Issue: 2 Volume: 4 Year: 2019 Month: 5 X-DOI: 10.1080/23738871.2019.1635177 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1635177 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:2:p:290-301 Template-Type: ReDIF-Article 1.0 Author-Name: Rebecca Beigel Author-X-Name-First: Rebecca Author-X-Name-Last: Beigel Title: Democracy hacked: political turmoil and information warfare in the digital age Journal: Journal of Cyber Policy Pages: 302-303 Issue: 2 Volume: 4 Year: 2019 Month: 5 X-DOI: 10.1080/23738871.2019.1640260 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1640260 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:2:p:302-303 Template-Type: ReDIF-Article 1.0 Author-Name: Ryan Shandler Author-X-Name-First: Ryan Author-X-Name-Last: Shandler Title: The age of surveillance capitalism: the fight for a human future at the new frontier of power Journal: Journal of Cyber Policy Pages: 303-304 Issue: 2 Volume: 4 Year: 2019 Month: 5 X-DOI: 10.1080/23738871.2019.1637914 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1637914 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:2:p:303-304 Template-Type: ReDIF-Article 1.0 Author-Name: Richard Hill Author-X-Name-First: Richard Author-X-Name-Last: Hill Title: Internet governance, multi-stakeholder models, and the IANA transition: shining example or dark side? Abstract: Multi-stakeholder models refer to decision-making processes that involve a wide consultation of all interested parties. It has been stated that one particular version of such models is widely used in internet governance and has been very successful in achieving desirable outcomes. This paper shows that in fact no single multi-stakeholder model is used for internet governance. It then examines the IANA function, which is governed by a particular version of the multi-stakeholder model, and the current discussions regarding the reduction of the role of the US government in that governance (the so-called ‘IANA transition’). The paper argues that the IANA transition is not a good example of best practices for multi-stakeholder models in internet governance. Journal: Journal of Cyber Policy Pages: 176-197 Issue: 2 Volume: 1 Year: 2016 Month: 7 X-DOI: 10.1080/23738871.2016.1227866 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1227866 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:2:p:176-197 Template-Type: ReDIF-Article 1.0 Author-Name: Paul Bernal Author-X-Name-First: Paul Author-X-Name-Last: Bernal Title: Data gathering, surveillance and human rights: recasting the debate Abstract: The nature and depth of internet surveillance has been revealed to be very different from what had previously been publically acknowledged or politically debated. There are critical ways in which the current debate is miscast, misleading and confused. Privacy is portrayed as an individual right, in opposition to a collective need for security. Data gathering and surveillance are portrayed as having an impact only on this individual right to privacy, rather than on a broad spectrum of rights, including freedom of expression, of assembly and association, the prohibition of discrimination and more. The gathering and surveillance of ‘content’ is intrinsically more intrusive than that of ‘communications’ data or ‘metadata’. The impact of data gathering and surveillance is often portrayed as happening only at when data are examined by humans rather than when gathered, or when examined algorithmically. Commercial and governmental data gathering and surveillance are treated as separate and different, rather than intrinsically and inextricably linked. This miscasting has critical implications. When the debate is recast taking into account these misunderstandings, the bar for the justification of surveillance is raised and a new balance needs to be found, in political debate, in law, and in decision-making on the ground. Journal: Journal of Cyber Policy Pages: 243-264 Issue: 2 Volume: 1 Year: 2016 Month: 7 X-DOI: 10.1080/23738871.2016.1228990 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1228990 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:2:p:243-264 Template-Type: ReDIF-Article 1.0 Author-Name: Nina A. Kollars Author-X-Name-First: Nina A. Author-X-Name-Last: Kollars Author-Name: Andrew Sellers Author-X-Name-First: Andrew Author-X-Name-Last: Sellers Title: Trust and information sharing: ISACs and U.S. Policy Abstract: Sharing rather than obscurity appears to be the contemporary consensus about how to create increasingly secure cyber systems. Nevertheless, in its contemporary form, national cyber defence planning is dominated by traditional logics of security that do not clearly capture both horizontal and vertical sharing systems in partnership. In contrast to this, surprising developments in defence are emerging through a community-oriented logic consisting of cooperation and transparency. This paper investigates the rise, and rapid proliferation of, Information Sharing and Analysis Centers. Journal: Journal of Cyber Policy Pages: 265-277 Issue: 2 Volume: 1 Year: 2016 Month: 7 X-DOI: 10.1080/23738871.2016.1229804 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1229804 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:2:p:265-277 Template-Type: ReDIF-Article 1.0 Author-Name: Carl Bildt Author-X-Name-First: Carl Author-X-Name-Last: Bildt Author-Name: Gordon Smith Author-X-Name-First: Gordon Author-X-Name-Last: Smith Title: The one and future internet Abstract: The internet has become inextricably entangled into our economies, cultural and social lives. We stand on the brink of the next technological revolution, in which the internet of things transforms the network of networks into the infrastructure of all infrastructures. It is now essential that we find a sustainable way to govern and manage the internet. The technologies that are revolutionising all aspects of our society are still young; it is not sufficient for us to take a passive approach, hoping that the technology alone will determine an open, secure, trustworthy and inclusive internet. For us to create a healthy future, internet will require positive actions by many people and institutions. This paper focuses on the work of the Global Commission on Internet Governance, a joint project by CIGI and Chatham House, under the leadership of Carl Bildt. It brought together experts from around the world to provide an evidence-based analysis of today’s internet policy landscape, and to provide a potential roadmap for the future of internet governance. Journal: Journal of Cyber Policy Pages: 142-156 Issue: 2 Volume: 1 Year: 2016 Month: 7 X-DOI: 10.1080/23738871.2016.1235908 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1235908 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:2:p:142-156 Template-Type: ReDIF-Article 1.0 Author-Name: Jonathan Robinson Author-X-Name-First: Jonathan Author-X-Name-Last: Robinson Title: IANA transition Journal: Journal of Cyber Policy Pages: 198-205 Issue: 2 Volume: 1 Year: 2016 Month: 7 X-DOI: 10.1080/23738871.2016.1238955 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1238955 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:2:p:198-205 Template-Type: ReDIF-Article 1.0 Author-Name: Jean-Jacques Sahel Author-X-Name-First: Jean-Jacques Author-X-Name-Last: Sahel Title: Multi-stakeholder governance: a necessity and a challenge for global governance in the twenty-first century Abstract: This article examines the challenges faced by the Westphalian model of governance in the twenty-first century, and how the emerging model of ‘multi-stakeholder’ governance may provide a way forward to handle complex global issues effectively. A review of the best practice for multi-stakeholder governance processes suggested within the United Nations context and the Net Mundial conference is followed by a focus on the example of ICANN, one of the few organisations that have been experimenting in depth with the new model. Despite being in its infancy and the teething issues it encounters, this pioneering and inherently evolutive model has become a necessity for Internet governance and it provides many practical avenues for improvement, which could help reinvigorate the current global governance system as a whole. Journal: Journal of Cyber Policy Pages: 157-175 Issue: 2 Volume: 1 Year: 2016 Month: 7 X-DOI: 10.1080/23738871.2016.1241812 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1241812 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:2:p:157-175 Template-Type: ReDIF-Article 1.0 Author-Name: Mark Sexton Author-X-Name-First: Mark Author-X-Name-Last: Sexton Title: U.K. cybersecurity strategy and active cyber defence – issues and risks Abstract: Amongst other issues, forthcoming cybersecurity policy and strategy will need to explain how the U.K. will use active cyber defence (ACD), a capability that has been highlighted in recent government discourse but about which few details are currently available to the public. This paper considers the implications of ACD from a cybersecurity and wider, national strategy perspective in the securitised environment prevailing in the U.K., wherein incidents in cyberspace are regarded as existential threats to the economy, society and national security. It examines risks and issues associated with: the circumstances in which active measures may be used; autonomy, decision-making and accountability; operationally related issues; the potential use of the private sector to perform functions critical to national security, including deployment of cyberweapons; and the hazards inherent in a developing ‘cyber-industrial complex’. It identifies unanswered questions, unresolved contentious issues and apparent paradoxes, with the aim of informing strategists and policy-makers. Addressing these issues in the planning and implementation of U.K. policy should ensure, so far as possible, that the U.K.’s Cyber Security Strategy provides efficient, effective and lawful protection in cyberspace, consistent with the U.K.’s national security objectives and coherent with wider-government strategy across all elements of national power. Journal: Journal of Cyber Policy Pages: 222-242 Issue: 2 Volume: 1 Year: 2016 Month: 7 X-DOI: 10.1080/23738871.2016.1243140 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1243140 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:2:p:222-242 Template-Type: ReDIF-Article 1.0 Author-Name: The Editorial Team Author-X-Name-First: The Editorial Author-X-Name-Last: Team Title: Top ten must-reads: the editorial team choices Journal: Journal of Cyber Policy Pages: 278-280 Issue: 2 Volume: 1 Year: 2016 Month: 7 X-DOI: 10.1080/23738871.2016.1247902 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1247902 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:2:p:278-280 Template-Type: ReDIF-Article 1.0 Author-Name: Alice Wanjira Munyua Author-X-Name-First: Alice Wanjira Author-X-Name-Last: Munyua Title: Exploring the multi-stakeholder experience in Kenya Abstract: This paper attempts to explore the extent to which the multi-stakeholder model has contributed to the vibrant information and communications technology (ICT) sector in Kenya. It shows how stakeholder organisation and lobbying, as well as political decisions, influenced the innovation and diffusion of ICTs, and how the multi-stakeholder approach gained support from both governmental and non-governmental players in the ICT sector. The paper highlights socio-political dynamics and changes that have taken place, which have led to the multi-stakeholder approach being applied in order to develop ICT policies and create new institutions deploying infrastructure, rollout, and management. It also explores how the multi-stakeholder partnership (MSP) approach has been applied to the discussion and regulation of post-access issues. This paper is based on interviews, the author’s broad experience in this area, and reviews of Kenya ICT Action Network documents, as well as mailing list discussions. Journal: Journal of Cyber Policy Pages: 206-221 Issue: 2 Volume: 1 Year: 2016 Month: 7 X-DOI: 10.1080/23738871.2016.1249898 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1249898 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:2:p:206-221 Template-Type: ReDIF-Article 1.0 Author-Name: Emily Taylor Author-X-Name-First: Emily Author-X-Name-Last: Taylor Title: Introduction from the Editor Journal: Journal of Cyber Policy Pages: 139-141 Issue: 2 Volume: 1 Year: 2016 Month: 7 X-DOI: 10.1080/23738871.2016.1251156 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1251156 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:2:p:139-141 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Editorial Board Journal: Journal of Cyber Policy Pages: ebi-ebi Issue: 2 Volume: 1 Year: 2016 Month: 7 X-DOI: 10.1080/23738871.2016.1258206 File-URL: http://hdl.handle.net/10.1080/23738871.2016.1258206 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:1:y:2016:i:2:p:ebi-ebi Template-Type: ReDIF-Article 1.0 Author-Name: Rose Bernard Author-X-Name-First: Rose Author-X-Name-Last: Bernard Title: These are not the terrorist groups you’re looking for: an assessment of the cyber capabilities of Islamic State Abstract: Although Islamic State (IS) exploits the internet and social media to its advantage, a misconception in the nature of its activities has led a number of diverse groups with differing capabilities and intents to be labelled as homogenous. This fails to take into account the conflicting and often mutable loyalties of online groups. To understand the true cyber threat to the U.K. that IS poses, we need to undertake a comprehensive and unbiased assessment of the capabilities of all groups linked to and supporting IS. Journal: Journal of Cyber Policy Pages: 255-265 Issue: 2 Volume: 2 Year: 2017 Month: 5 X-DOI: 10.1080/23738871.2017.1334805 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1334805 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:2:p:255-265 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: The internet of toys – the impact on children of a connected environment Journal: Journal of Cyber Policy Pages: 227-231 Issue: 2 Volume: 2 Year: 2017 Month: 5 X-DOI: 10.1080/23738871.2017.1355401 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1355401 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:2:p:227-231 Template-Type: ReDIF-Article 1.0 Author-Name: Susan Ariel Aaronson Author-X-Name-First: Susan Ariel Author-X-Name-Last: Aaronson Title: What might have been and could still be: the Trans-Pacific Partnership’s potential to encourage an open internet and digital rights Abstract: Herein I asses the implications for the Internet, digital rights, and digital trade of US abandonment of the Trans-Pacific Partnership or TPP. I focus on how the agreement attempts to regulate issues at the intersection of cross-border information flows and human rights. I focus on four chapters of the TPP. I show that these chapters may help internet users and policy-makers advance internet openness and make it harder for officials to restrict information flows but only in those cases where doing so would have a trade impact. TPP also contains transparency requirements that could bring much needed sunshine, due process, and increased political participation to trade (and internet related) policy-making in TPP countries such as Malaysia.However, TPP’s ability to limit censorship and filtering is limited. First, not all information flows are cross-border and hence subject to trade rules. Second, these agreements provide clear exceptions that allow governments to restrict information flows when they deem necessary to achieve important domestic policy goals. Third, many internet activists do not take kindly to the idea that trade agreements should become the main venue to regulate cross-border information flows.Meanwhile, TPP proponents have not developed compelling arguments as to how these agreements will benefit internet users and enhance human welfare. Until they do, internet users are unlikely to support efforts to regulate the global internet with trade agreements such as TPP. Journal: Journal of Cyber Policy Pages: 232-254 Issue: 2 Volume: 2 Year: 2017 Month: 5 X-DOI: 10.1080/23738871.2017.1356859 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1356859 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:2:p:232-254 Template-Type: ReDIF-Article 1.0 Author-Name: Roozbeh Safshekan Author-X-Name-First: Roozbeh Author-X-Name-Last: Safshekan Title: Iran and the global politics of internet governance Abstract: This article analyses the internet governance agenda pursued by the Islamic Republic of Iran (IRI) since 2003. Surveying the official documents of five major global events on internet governance, the article illustrates that the IRI agenda has been preoccupied with three major issues: first, the digital divide and the significant potential of the internet for economic development; second, the dominant role of developed countries in the management of critical internet resources; and third, the role of non-state actors in internet governance. The latter issue constitutes the main area of contention between different Iranian presidents. The IRI’s state-centric agenda for internet governance under President Mahmoud Ahmadinejad (2005–2013) sought to limit the role of non-state actors in order to enhance the hegemony of the state vis-à-vis Iranian society. During the presidencies of Mohammad Khatami and Hassan Rouhani (1997–2005 and 2013-present, respectively), however, the IRI agenda has acknowledged the role of non-state actors and been more open to the multi-stakeholder framework of internet governance. The article concludes that the overemphasis on these three issues has led the IRI to ignore the complexity of the emerging regime of global internet governance and, consequently, to overlook prevalent issues such as transnational cybercrime. Journal: Journal of Cyber Policy Pages: 266-284 Issue: 2 Volume: 2 Year: 2017 Month: 5 X-DOI: 10.1080/23738871.2017.1360375 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1360375 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:2:p:266-284 Template-Type: ReDIF-Article 1.0 Author-Name: Jeremy W. Bryans Author-X-Name-First: Jeremy W. Author-X-Name-Last: Bryans Title: The Internet of Automotive Things: vulnerabilities, risks and policy implications Abstract: The global automotive industry is undergoing rapid, multi-faceted change, brought about by the introduction of connectivity and the move towards autonomy. The benefits of these changes have to be balanced against the risks involved. In particular, the cybersecurity risks must be acknowledged. The UK is at the forefront of many of these changes, and the stated intention of the UK government is to continue to lead the way. This will require a sophisticated and intentional cyber posture. This article offers insight into the cyber policy issues surrounding the Internet of Automotive Things. Journal: Journal of Cyber Policy Pages: 185-194 Issue: 2 Volume: 2 Year: 2017 Month: 5 X-DOI: 10.1080/23738871.2017.1360926 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1360926 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:2:p:185-194 Template-Type: ReDIF-Article 1.0 Author-Name: Daniel Woods Author-X-Name-First: Daniel Author-X-Name-Last: Woods Author-Name: Andrew Simpson Author-X-Name-First: Andrew Author-X-Name-Last: Simpson Title: Policy measures and cyber insurance: a framework Abstract: The role of the insurance industry in driving improvements in cyber security has been identified as mutually beneficial for both insurers and policy-makers. To date, there has been no consideration of the roles governments and the insurance industry should pursue in support of this public–private partnership. This paper rectifies this omission and presents a framework to help underpin such a partnership, giving particular consideration to possible government interventions that might affect the cyber insurance market. We have undertaken a qualitative analysis of reports published by policy-making institutions and organisations working in the cyber insurance domain; we have also conducted interviews with cyber insurance professionals. Together, these constitute a stakeholder analysis upon which we build our framework. In addition, we present a research roadmap to demonstrate how the ideas described might be taken forward. Journal: Journal of Cyber Policy Pages: 209-226 Issue: 2 Volume: 2 Year: 2017 Month: 5 X-DOI: 10.1080/23738871.2017.1360927 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1360927 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:2:p:209-226 Template-Type: ReDIF-Article 1.0 Author-Name: Erica Constance Author-X-Name-First: Erica Author-X-Name-Last: Constance Title: The Internet of Things: preparing for the revolution Journal: Journal of Cyber Policy Pages: 152-154 Issue: 2 Volume: 2 Year: 2017 Month: 5 X-DOI: 10.1080/23738871.2017.1361890 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1361890 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:2:p:152-154 Template-Type: ReDIF-Article 1.0 Author-Name: Eireann Leverett Author-X-Name-First: Eireann Author-X-Name-Last: Leverett Author-Name: Aaron Kaplan Author-X-Name-First: Aaron Author-X-Name-Last: Kaplan Title: Towards estimating the untapped potential: a global malicious DDoS mean capacity estimate Abstract: What is the malicious reflected distributed denial of service (rDDoS) mean potential of the internet? The authors have been using data from the openNTP project which measures the number of reflectors on the internet since 2014 until now, and completed a graph that roughly estimates a lower boundary for global rDDoS mean potential across four internet protocols (IPs); SSDP, NTP, SNMP and open recursive DNS. By summing these values, and adjusting for average uplink capacity from reflectors, we come to a single number: 108.49 Tb/s as an estimate of rDDoS magnitude potential across IPv4. Tracking this number over time can give us insights into global remediation and clean-up efforts and where to invest our resources in when battling of rDDoS attacks. This paper demonstrates that the upstream throughput is the main contributing, measurable limiting factor for a volumetric rDDoS attack. The largest DDoS event reported by a single target (Dyn in 2016) was 1.2 Tb/s. In contrast, our lower estimate for the global attack potential is two orders of magnitude larger than the Dyn attack.The key contribution is an extensible methodology for measuring global potential for rDDoS attacks, with surprising policy implications. Journal: Journal of Cyber Policy Pages: 195-208 Issue: 2 Volume: 2 Year: 2017 Month: 5 X-DOI: 10.1080/23738871.2017.1362020 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1362020 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:2:p:195-208 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Top must-reads: the editorial team choices Journal: Journal of Cyber Policy Pages: 285-287 Issue: 2 Volume: 2 Year: 2017 Month: 5 X-DOI: 10.1080/23738871.2017.1364778 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1364778 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:2:p:285-287 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Introduction from the editor Journal: Journal of Cyber Policy Pages: 149-151 Issue: 2 Volume: 2 Year: 2017 Month: 5 X-DOI: 10.1080/23738871.2017.1364779 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1364779 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:2:p:149-151 Template-Type: ReDIF-Article 1.0 Author-Name: Carsten Maple Author-X-Name-First: Carsten Author-X-Name-Last: Maple Title: Security and privacy in the internet of things Abstract: The internet of things (IoT) is a technology that has the capacity to revolutionise the way that we live, in sectors ranging from transport to health, from entertainment to our interactions with government. This fantastic opportunity also presents a number of significant challenges. The growth in the number of devices and the speed of that growth presents challenges to our security and freedoms as we battle to develop policies, standards, and governance that shape this development without stifling innovation. This paper discusses the evolution of the IoT, its various definitions, and some of its key application areas. Security and privacy considerations and challenges that lie ahead are discussed both generally and in the context of these applications. Journal: Journal of Cyber Policy Pages: 155-184 Issue: 2 Volume: 2 Year: 2017 Month: 5 X-DOI: 10.1080/23738871.2017.1366536 File-URL: http://hdl.handle.net/10.1080/23738871.2017.1366536 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:2:y:2017:i:2:p:155-184 Template-Type: ReDIF-Article 1.0 Author-Name: Candice Tran Dai Author-X-Name-First: Candice Author-X-Name-Last: Tran Dai Author-Name: Miguel Alberto Gomez Author-X-Name-First: Miguel Alberto Author-X-Name-Last: Gomez Title: Challenges and opportunities for cyber norms in ASEAN Abstract: The growing frequency of state-associated cyberattacks has led to calls for the establishment of rules of behaviour in this increasingly relevant domain. While there has been no shortage of such initiatives over the past decade, their respective outcomes have highlighted the unique challenges faced by norm entrepreneurs in cyberspace. Questions of the contrasting conceptualizations of cyberspace and varying threat perceptions have stymied attempts to establish a globally acceptable set of norms that regulate state behaviour. As the Association of Southeast Asian Nations (ASEAN) continues to invest heavily in this domain, calls for the creation of cyber norms within the region have been made. Yet despite this positive development, this paper illustrates that the unique characteristics of ASEAN pose significant obstacles to the emergence and eventual internalisation of cyber norms. In response, this paper argues that success in this endeavour requires initiatives that focus on confidence and capacity-building measures to mitigate these constraints. Although the likelihood of common norms across ASEAN remains uncertain, the approach suggested may lead to the emergence of different yet congruent norms within the bloc. Journal: Journal of Cyber Policy Pages: 217-235 Issue: 2 Volume: 3 Year: 2018 Month: 5 X-DOI: 10.1080/23738871.2018.1487987 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1487987 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:2:p:217-235 Template-Type: ReDIF-Article 1.0 Author-Name: Valentin Weber Author-X-Name-First: Valentin Author-X-Name-Last: Weber Title: Linking cyber strategy with grand strategy: the case of the United States Abstract: The aim of this article is to study whether U.S. cyber strategy is integrated into U.S. grand strategy. In consideration of cyber strategy documents, three case studies and elite interviews find that a link between the two strategic layers is largely missing. Even though U.S. cyber strategy documents contain higher political goals, they do not meet other criteria that indicate links to a grand strategy. Those are a unified list of geopolitical challenges, a balance of ends and means, the integration of military, economic and political means, and the provision of a strategic narrative. Thereby, the documents leave the articulation of grand strategy at the initial stages and do not develop it further. The lack of grand strategy in cyberspace is also visible in U.S. tactical behaviour. The three chosen case studies show that the various U.S. military, economic and political actions taking place under the Obama administration were isolated from each other. Hence, they failed to create a combined impact greater than the sum of their separate effects. This study fills the demonstrated gap in U.S. strategy and concludes by presenting a cyber strategy that is integrated into U.S. grand strategy. Journal: Journal of Cyber Policy Pages: 236-257 Issue: 2 Volume: 3 Year: 2018 Month: 5 X-DOI: 10.1080/23738871.2018.1511741 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1511741 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:2:p:236-257 Template-Type: ReDIF-Article 1.0 Author-Name: Kimberly Tam Author-X-Name-First: Kimberly Author-X-Name-Last: Tam Author-Name: Kevin D. Jones Author-X-Name-First: Kevin D. Author-X-Name-Last: Jones Title: Maritime cybersecurity policy: the scope and impact of evolving technology on international shipping Abstract: As the global maritime industry becomes increasingly dependent on advancing technology, it is important for the world to be more aware of, and understand, the possible scope and impacts cyberattacks can have on international shipping. This article explores the maritime-cyber landscape for security flaws related to the area of maritime operations with an emphasis on the system technology involved, how their vulnerabilities enable attacks with cyber elements, and possible outcomes. As ships become more sophisticated and connected, in order to meet the demands of shipping 90 per cent of the world’s goods, the cyber risks increase. This article aims to analyse compressively the unique nature of maritime cyber and cyber-physical threats to influence maritime cyber policies and improve global fleet security by suggesting adjustments and additions to current codes and policy to cover more comprehensively cyber and cyber-physical risks. Journal: Journal of Cyber Policy Pages: 147-164 Issue: 2 Volume: 3 Year: 2018 Month: 5 X-DOI: 10.1080/23738871.2018.1513053 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1513053 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:2:p:147-164 Template-Type: ReDIF-Article 1.0 Author-Name: Deb Crawford Author-X-Name-First: Deb Author-X-Name-Last: Crawford Author-Name: Justin Sherman Author-X-Name-First: Justin Author-X-Name-Last: Sherman Title: Gaps in United States federal government IoT security and privacy policies Abstract: The growth of the Internet of Things (IoT) is at such a pace that makes it very difficult for government policy to keep up. For this reason, many gaps exist in United States federal policies on IoT security and privacy. In this paper, we aim to identify them in the guidance of future research and regulatory work. Journal: Journal of Cyber Policy Pages: 187-200 Issue: 2 Volume: 3 Year: 2018 Month: 5 X-DOI: 10.1080/23738871.2018.1514061 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1514061 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:2:p:187-200 Template-Type: ReDIF-Article 1.0 Author-Name: Andrew Futter Author-X-Name-First: Andrew Author-X-Name-Last: Futter Title: ‘Cyber’ semantics: why we should retire the latest buzzword in security studies Abstract: The word ‘cyber’ has become one of the most ubiquitous and powerful concepts in contemporary security studies. Very few academic papers or workshops in the social sciences fail to touch upon the ‘cyber challenge’ in some way, and very few politicians fail to use the term when talking about the most pressing threats to national security. But surprisingly, little consensus exists about what the term includes, refers to, or how it is being used differently by different people in different contexts. Indeed, there is no single definition or research agenda that all adhere to. This in turn often drives hype and leads to misunderstanding and bad policy. The result is that formulating suitable policies to deal with and respond to threats to digital computers and networks, either domestically or internationally, has become disjointed and obfuscated, with straw-man arguments based on erroneous assumptions often prevailing. This paper unpacks and explains these problems, before making the case for jettisoning the word ‘cyber’ from the security studies lexicon and returning instead to the language first developed by computer science in the 1990s. Only by doing this can we properly begin to understand, manage and mitigate the security challenges of the latest information age. Journal: Journal of Cyber Policy Pages: 201-216 Issue: 2 Volume: 3 Year: 2018 Month: 5 X-DOI: 10.1080/23738871.2018.1514417 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1514417 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:2:p:201-216 Template-Type: ReDIF-Article 1.0 Author-Name: Mark Bunting Author-X-Name-First: Mark Author-X-Name-Last: Bunting Title: From editorial obligation to procedural accountability: policy approaches to online content in the era of information intermediaries Abstract: Like all markets, online platforms need rules. Their rules are both explicit, in the form of community standards, moderator guidelines, terms of use, commercial contracts and policies, and implicit, in the code that shapes their interfaces and the algorithms that bring market participants together (Bunting 2018. “‘Keeping Consumers Safe Online’: Legislating for Platform Accountability for Online Content.” Communications Chambers. http://www.commcham.com/keeping-consumers-safe/). When platforms – or ‘online information intermediaries’ – govern the exchange of news, content and speech, their rules raise profound issues of human rights and public welfare. Information intermediaries are not publishers, but neither are they neutral conduits; their role in governing online content markets has inevitable ethical connotations. There has been heated debate about intermediaries’ responsibilities with respect to online content. Commentators have alleged that in a wide range of areas, intermediaries’ commercial incentives are insufficient to address harmful or illegal content while protecting fundamental rights, and that regulation is required. This paper argues that making intermediaries strictly liable for content they host is not an appropriate solution. Instead policymakers must use new techniques to evaluate and engage with intermediaries’ rule-making activities. Where the nature and effects of intermediaries’ rules are hard to assess, policymakers may seek their ‘procedural accountability’. Journal: Journal of Cyber Policy Pages: 165-186 Issue: 2 Volume: 3 Year: 2018 Month: 5 X-DOI: 10.1080/23738871.2018.1519030 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1519030 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:2:p:165-186 Template-Type: ReDIF-Article 1.0 Author-Name: Riza Azmi Author-X-Name-First: Riza Author-X-Name-Last: Azmi Author-Name: William Tibben Author-X-Name-First: William Author-X-Name-Last: Tibben Author-Name: Khin Than Win Author-X-Name-First: Khin Than Author-X-Name-Last: Win Title: Review of cybersecurity frameworks: context and shared concepts Abstract: In an effort to develop strong cyber resilience, international organisations, academic institutions, corporations and countries have been actively working to develop cybersecurity frameworks (CSFs). Such efforts emphasize various perspectives depending on the organisation’s intention, while their contents involve the same concept. The aim of this paper is to incorporate the many varied perspectives on CSFs and gather them into a concise view by contrasting different intentions and distilling shared concepts. To do so, this study uses the document analysis method alongside two cycles of coding (descriptive coding and pattern coding) to excerpt 12 extant CSFs. The various intentions can be cascaded with respect to four areas: 1) the promoted action, 2) the driver, 3) the framework milieu and 4) the audience. The frameworks can also be examined according to three common concepts: 1) shared actions, 2) cyber pillars and 3) the framework life cycle. A total of seven shared actions are distilled from the frameworks, while the human, organisational, infrastructure, technology and law and regulation pillar are the most frequently discussed excerpts from the CSFs. Moreover, there are three processes for securing cyberspace: profiling, delivering and assuring. The shared concepts presented in this paper may also be useful for developing a general model of a CSF. Journal: Journal of Cyber Policy Pages: 258-283 Issue: 2 Volume: 3 Year: 2018 Month: 5 X-DOI: 10.1080/23738871.2018.1520271 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1520271 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:2:p:258-283 Template-Type: ReDIF-Article 1.0 Author-Name: Thomas Henshaw Author-X-Name-First: Thomas Author-X-Name-Last: Henshaw Title: Exploding data: reclaiming our cyber security in the digital age Journal: Journal of Cyber Policy Pages: 284-285 Issue: 2 Volume: 3 Year: 2018 Month: 5 X-DOI: 10.1080/23738871.2018.1524502 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1524502 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:2:p:284-285 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Introduction from the editor: Evolutions in cybersecurity: issues, norms and frameworks Journal: Journal of Cyber Policy Pages: 143-146 Issue: 2 Volume: 3 Year: 2018 Month: 5 X-DOI: 10.1080/23738871.2018.1526308 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1526308 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:3:y:2018:i:2:p:143-146 Template-Type: ReDIF-Article 1.0 Author-Name: Joss Meakins Author-X-Name-First: Joss Author-X-Name-Last: Meakins Title: A zero-sum game: the zero-day market in 2018 Abstract: The most recent overview of white and grey markets in the zero-day trade was published in 2015 and much new evidence has since emerged. By examining data from bug bounty platforms, newly published pricelists and Russian language reporting, I aim to produce an updated picture of prices, market dynamics and policy implications. Analysis of the white market indicates that generally higher supply and demand is increasing prices, as more zero-days are found and organisations become more aware of the costs of breaches. Nevertheless, factors other than supply and demand shape the market, crucially the impetus among researchers to work for non-monetary rewards. Prices in the grey market also seem to be increasing, with comparisons of public price lists showing that zero-days affecting mobile operating systems, particularly iOS, were most valuable. Furthermore, recent evidence implies the existence of a grey market in Russia which is analysed below. Finally, this paper proposes three policy recommendations to mitigate the risk from zero-days, particularly as the Internet of Things comes to fruition. Secure software development, improving vulnerability disclosure legislation and establishing mechanisms for governments to decide what to do with the zero-days they find are all vital to reducing the current threat. Journal: Journal of Cyber Policy Pages: 60-71 Issue: 1 Volume: 4 Year: 2019 Month: 1 X-DOI: 10.1080/23738871.2018.1546883 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1546883 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:1:p:60-71 Template-Type: ReDIF-Article 1.0 Author-Name: Lincoln Pigman Author-X-Name-First: Lincoln Author-X-Name-Last: Pigman Title: Russia’s vision of cyberspace: a danger to regime security, public safety, and societal norms and cohesion Abstract: Far from just a domain in which to counter one’s enemies and a weapon to wield against them, Russian political elites view cyberspace as the source of significant threats to Russia’s own national security. Since 2011, when networked protests broke out in multiple Russian cities following controversial parliamentary elections and against the backdrop of the so-called Arab Spring, Russian political elites have articulated their anxieties by constructing three major cyberthreats: that to regime security, that to public safety, and that to societal norms and cohesion. These cybersecurity narratives, the construction of which is explored in this article, are found to have dovetailed with broader national security narratives deployed by Russian political elites, reinforcing their messaging on national security issues. The article concludes with the observation that cybersecurity debates in Russia and in North American and Western European countries increasingly resemble each other, to a potentially problematic extent. Journal: Journal of Cyber Policy Pages: 22-34 Issue: 1 Volume: 4 Year: 2019 Month: 1 X-DOI: 10.1080/23738871.2018.1546884 File-URL: http://hdl.handle.net/10.1080/23738871.2018.1546884 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:1:p:22-34 Template-Type: ReDIF-Article 1.0 Author-Name: Gregory Falco Author-X-Name-First: Gregory Author-X-Name-Last: Falco Author-Name: Alicia Noriega Author-X-Name-First: Alicia Author-X-Name-Last: Noriega Author-Name: Lawrence Susskind Author-X-Name-First: Lawrence Author-X-Name-Last: Susskind Title: Cyber negotiation: a cyber risk management approach to defend urban critical infrastructure from cyberattacks Abstract: Technical tools dominate the cyber risk management market. Social cybersecurity tools are severely underutilised in helping organisations defend themselves against cyberattacks. We investigate a class of non-technical risk mitigation strategies and tools that might be particularly effective in managing and mitigating the effects of certain cyberattacks. We call these social-science-grounded methods Defensive Social Engineering (DSE) tools. Through interviews with urban critical infrastructure operators and cross-case analysis, we devise a pre, mid and post cyber negotiation framework that could help organisations manage their cyber risks and bolster organisational cyber resilience, especially in the case of ransomware attacks. The cyber negotiation framework is grounded in both negotiation theory and practice. We apply our ideas, ex post, to past ransomware attacks that have wreaked havoc on urban critical infrastructure. By evaluating how to use negotiation strategies effectively (even if no negotiations ever take place), we hope to show how non-technical DSE tools can give defenders some leverage as they engage with cyber adversaries who often have little to lose. Journal: Journal of Cyber Policy Pages: 90-116 Issue: 1 Volume: 4 Year: 2019 Month: 1 X-DOI: 10.1080/23738871.2019.1586969 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1586969 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:1:p:90-116 Template-Type: ReDIF-Article 1.0 Author-Name: Theresa Hitchens Author-X-Name-First: Theresa Author-X-Name-Last: Hitchens Author-Name: Nancy W. Gallagher Author-X-Name-First: Nancy W. Author-X-Name-Last: Gallagher Title: Building confidence in the cybersphere: a path to multilateral progress Abstract: As use of the internet has become critical to global economic development and international security, there is near-unanimous agreement on the need for more international cooperation to increase stability and security in cyberspace. This paper compares what the United Nations’ (UN) Group of Governmental Experts (GGE) and the Organization for Security and Co-operation in Europe's (OSCE) norm-building processes have achieved so far and what disagreements have impeded these efforts. It identifies several priorities for cooperation identified by participants in both forums. It also proposes three practical projects related to these priorities that members of regional or global organisations might be able to work on together, despite political tensions and philosophical disputes. The first would help state and non-state actors share information and communicate about various types of cybersecurity threats using a flexible and intuitive effects-based taxonomy to categorise cyber activity. The second would develop a more sophisticated way for state and non-state actors to assess the risks of different types of cyber incidents and the potential benefits of cooperation. The third would identify aspects of the internet that might be considered the core of a public utility, worthy of special protection in their own right and for their support of trans-border critical infrastructure. Journal: Journal of Cyber Policy Pages: 4-21 Issue: 1 Volume: 4 Year: 2019 Month: 1 X-DOI: 10.1080/23738871.2019.1599032 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1599032 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:1:p:4-21 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Interview, Damian Collins MP Journal: Journal of Cyber Policy Pages: 56-59 Issue: 1 Volume: 4 Year: 2019 Month: 1 X-DOI: 10.1080/23738871.2019.1599033 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1599033 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:1:p:56-59 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Introduction from the Editor Journal: Journal of Cyber Policy Pages: 1-3 Issue: 1 Volume: 4 Year: 2019 Month: 1 X-DOI: 10.1080/23738871.2019.1602154 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1602154 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:1:p:1-3 Template-Type: ReDIF-Article 1.0 Author-Name: David V. Gioe Author-X-Name-First: David V. Author-X-Name-Last: Gioe Author-Name: Michael S. Goodman Author-X-Name-First: Michael S. Author-X-Name-Last: Goodman Author-Name: Alicia Wanless Author-X-Name-First: Alicia Author-X-Name-Last: Wanless Title: Rebalancing cybersecurity imperatives: patching the social layer Abstract: The social layer, where civil society, including commercial and academic interaction, takes place is the most vulnerable one of the three commonly accepted layers of cyberspace. Worse still, emphasis by technical experts on physical and logical layer security has lulled civil society into a dangerous torpor that conflates information transmission reliability with reliable information. This has been exploited by criminals, adversarial states such as Russia and hostile non-state actors such as the Islamic State. This article explores the danger of an overly narrow conception of cybersecurity by governments and practitioners and recommends an urgent focus on the social layer toward a holistic rebalancing of cybersecurity. It offers a set of recommendations to help civil society secure itself in cyberspace. Journal: Journal of Cyber Policy Pages: 117-137 Issue: 1 Volume: 4 Year: 2019 Month: 1 X-DOI: 10.1080/23738871.2019.1604780 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1604780 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:1:p:117-137 Template-Type: ReDIF-Article 1.0 Author-Name: Christos Andreas Makridis Author-X-Name-First: Christos Andreas Author-X-Name-Last: Makridis Author-Name: Max Smeets Author-X-Name-First: Max Author-X-Name-Last: Smeets Title: Determinants of cyber readiness Abstract: Why are some countries better prepared against cyberattacks than others? Whilst previous studies have revealed discrepancies in countries’ cyber readiness, there has not been any rigorous analysis which attempts to explain this variation. Based upon a new data set (Country Capability Data Set), this article therefore seeks to explain why some countries have a higher cybersecurity readiness compared to others. We develop three theoretical frameworks to explain variation in countries’ cyber readiness: (i) ‘institutional threat’; (ii) ‘institutional returns’; and (iii) ‘institutional capacity’. We find that countries facing a more threatening security environment are more likely to have a high level of cyber readiness. Also, the analysis indicates that countries which are highly dependent on cyberspace are more likely to have a high level of cyber readiness. Yet, surprisingly, we do not find a statistically significant association between our measures of institutional capacity (including real GDP) and cyber readiness. In other words, states which have more resources available to allocate to developing a reliable and frontier technology infrastructure are not at a systematic advantage in their cybersecurity investments. Journal: Journal of Cyber Policy Pages: 72-89 Issue: 1 Volume: 4 Year: 2019 Month: 1 X-DOI: 10.1080/23738871.2019.1604781 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1604781 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:1:p:72-89 Template-Type: ReDIF-Article 1.0 Author-Name: Hon-min Yau Author-X-Name-First: Hon-min Author-X-Name-Last: Yau Title: A critical strategy for Taiwan’s cybersecurity: a perspective from critical security studies Abstract: This paper examines Taiwan’s cybersecurity from the perspective of Critical Security Studies (CSS), also known as the Welsh School. It eschews a conventional realist approach to cybersecurity and addresses Taiwan’s state-centric need while attending to considerations of global cybersecurity. It claims that Taiwan’s cybersecurity can be improved without being militarised, zero-sum or confrontational and that one nation’s cybersecurity is not necessarily another’s insecurity.The paper starts by explaining the decision to bring CSS into the question. Informed by CSS, it moves on to understand how cyberwarfare naturally became the dominant discourse of cybersecurity in Taiwan. It next examines the limitations of ‘generally-accepted’ assumptions regarding cyberwarfare. Then, the paper explores the problematic effects of cyberwarfare within Taiwan’s security context. Finally, it proposes a critical strategy to engage Taiwan’s security challenge while avoiding the adverse consequences of implementing cyberwarfare.The paper is a reminder to evaluate Taiwan’s cybersecurity in a contemporary and theoretically-grounded framework. Journal: Journal of Cyber Policy Pages: 35-55 Issue: 1 Volume: 4 Year: 2019 Month: 1 X-DOI: 10.1080/23738871.2019.1604782 File-URL: http://hdl.handle.net/10.1080/23738871.2019.1604782 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:4:y:2019:i:1:p:35-55 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Editorial Introduction Journal: Journal of Cyber Policy Pages: 1-4 Issue: 1 Volume: 5 Year: 2020 Month: 7 X-DOI: 10.1080/23738871.2020.1748080 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1748080 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:1:p:1-4 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Guest Editorial Journal: Journal of Cyber Policy Pages: 5-8 Issue: 1 Volume: 5 Year: 2020 Month: 7 X-DOI: 10.1080/23738871.2020.1748081 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1748081 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:1:p:5-8 Template-Type: ReDIF-Article 1.0 Author-Name: Dan Geer Author-X-Name-First: Dan Author-X-Name-Last: Geer Author-Name: Eric Jardine Author-X-Name-First: Eric Author-X-Name-Last: Jardine Author-Name: Eireann Leverett Author-X-Name-First: Eireann Author-X-Name-Last: Leverett Title: On market concentration and cybersecurity risk Abstract: Market concentration affects each component of the cybersecurity risk equation (i.e. threat, vulnerability and impact). As the Internet ecosystem becomes more concentrated across a number of vectors from users and incoming links to economic market share, the locus of cyber risk moves towards these major hubs and the volume of systemic cyber risk increases. Mitigating cyber risk requires better measurement, diversity of systems, software and firms, attention to market concentration in cyber insurance pricing, and the deliberate choice to avoid ubiquitous interconnection in critical systems. Journal: Journal of Cyber Policy Pages: 9-29 Issue: 1 Volume: 5 Year: 2020 Month: 7 X-DOI: 10.1080/23738871.2020.1728355 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1728355 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:1:p:9-29 Template-Type: ReDIF-Article 1.0 Author-Name: Jari Arkko Author-X-Name-First: Jari Author-X-Name-Last: Arkko Title: The influence of internet architecture on centralised versus distributed internet services Abstract: The internet evolves rapidly as innovations in technology, applications and business emerge. In some cases, the changes have also given rise to the creation of centralised service deployment models and industry consolidation. This paper focuses on the question of how internet technology and open interfaces may affect the ability to deploy services in a collaborative fashion vs in a centralised fashion. The paper presents a categorisation of factors influencing these choices and discusses these factors in the context of several case studies. Some aspects of centralisation and consolidation are direct consequences of physics. A large organisation can provide a short round-trip time to users around the globe, due to service instances in many locations. Other aspects are due to economics. For instance, network effects cause the value of a service to grow per Metcalfe’s law. But technology and deployment choices also have an effect. Federated, collaborative networks with open standardised interfaces (such as email) allow multiple service providers to interact with each other. Closed systems may not allow this. Many popular social networks fall in this category. While technology is not the main driving force behind what are often business and economic decisions, awareness of technology choices makes it easier to understand the likely impacts of a chosen model. Journal: Journal of Cyber Policy Pages: 30-45 Issue: 1 Volume: 5 Year: 2020 Month: 7 X-DOI: 10.1080/23738871.2020.1740753 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1740753 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:1:p:30-45 Template-Type: ReDIF-Article 1.0 Author-Name: Roxana Radu Author-X-Name-First: Roxana Author-X-Name-Last: Radu Author-Name: Michael Hausding Author-X-Name-First: Michael Author-X-Name-Last: Hausding Title: Consolidation in the DNS resolver market – how much, how fast, how dangerous? Abstract: Almost all online services use a domain name resolution function to translate names typed by the user into numbers that computers understand. This basic, recursive function, performed in milliseconds and invisible to the user, was integrated from the beginning into the operation of Internet Service Providers (ISPs). This started to change with the advent of new players – such as Google, Cloudflare, Oracle – operating public resolvers and rendering the market more dynamic in the last decade. As more technologies are developed to increase the privacy and security of the domain name system (DNS) protocol, large internet companies with global operations appear better equipped to integrate the latest requirements and offer their services free to users and ISPs, further consolidating their position in the market. This article provides a timely analysis of the emerging trends of consolidation in the recursive DNS services market, focusing on its evolution in the last decade and discussing empirical evidence for the shifts occurring from 2016 to mid-2019. Journal: Journal of Cyber Policy Pages: 46-64 Issue: 1 Volume: 5 Year: 2020 Month: 7 X-DOI: 10.1080/23738871.2020.1722191 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1722191 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:1:p:46-64 Template-Type: ReDIF-Article 1.0 Author-Name: Jennifer Cobbe Author-X-Name-First: Jennifer Author-X-Name-Last: Cobbe Author-Name: Chris Norval Author-X-Name-First: Chris Author-X-Name-Last: Norval Author-Name: Jatinder Singh Author-X-Name-First: Jatinder Author-X-Name-Last: Singh Title: What lies beneath: transparency in online service supply chains Abstract: There is a noticeable trend towards the increased centralisation of Internet-based services. Though much focus is on the dominance of organisations such as Facebook, Google and Netflix, popular consumer-facing services, there has been considerably less discussion regarding the organisations providing the infrastructure that supports online services. This bears consideration, given that many online services rely on a range of platforms and services operated by third-parties.As such, this paper explores issues of consolidation as regards the systems supply chains that underpin and drive online services. Specifically, we note that while there are trends towards the increased centralisation and dominance in the provision of supporting technical infrastructure, the nature of these technical supply chains are relatively hidden. We explore the broader societal implications of this with regards to power and resilience, emphasising the lack of means, legal or technical, for uncovering the nature of the supply chains on which online services rely. Given society's ever-growing reliance on data-driven technology, we argue that more can be done to increase levels of transparency over the supply arrangements of technical infrastructure. This is a necessary precursor to determining what interventions, if any, may be required to deal with issues of consolidation in online infrastructure. Journal: Journal of Cyber Policy Pages: 65-93 Issue: 1 Volume: 5 Year: 2020 Month: 7 X-DOI: 10.1080/23738871.2020.1745860 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1745860 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:1:p:65-93 Template-Type: ReDIF-Article 1.0 Author-Name: Chris Riley Author-X-Name-First: Chris Author-X-Name-Last: Riley Title: Unpacking interoperability in competition Abstract: Growing centralisation in the tech sector is raising global governmental concern, and the winds of change are blowing. Interoperability – in this context, the ability of internet-connected technologies to work together, for example by exchanging data and accessing functions remotely – is gaining traction as a component of the coming regulatory and legislative reforms. Against a backdrop of rapidly evolving law and technology, this paper examines how interoperability fits within the existing landscape for competition law, and where it may be interpreted to be applicable to the complex system of data exchanges whose emergence we call the internet. Journal: Journal of Cyber Policy Pages: 94-106 Issue: 1 Volume: 5 Year: 2020 Month: 7 X-DOI: 10.1080/23738871.2020.1740754 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1740754 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:1:p:94-106 Template-Type: ReDIF-Article 1.0 Author-Name: Jesse H. Sowell Author-X-Name-First: Jesse H. Author-X-Name-Last: Sowell Title: Evaluating competition in the Internet’s infrastructure: a view of GAFAM from the Internet exchanges Abstract: The Internet has given rise to online platforms offering unrivalled access to diverse markets and services. At the application-layer, consolidation and concentration is framed as a threat to competition and diversity, with dominant players facing antitrust challenges in the US and the EU. Within the infrastructure though, concentration creates economies of scale that makes many of the resource-intensive building blocks of the Internet economy – such as global content delivery and distributed hosting – available to even the smallest innovator. This work complements existing analyses by exploring the links between these layers, differentiating between the implications of application-layer consolidation and the efficiencies of concentration at lower layers of the Internet’s infrastructure. In particular, these differences are presented from the vantage point of Internet exchanges, evaluating consolidation in terms of the distribution of these essential building blocks and how IXes’ governance norms lower barriers to accessing these resources. While promising, the spectre of predatory practices at the application layer remains. This article concludes by arguing that the indicators presented here highlighting regulatory interventions must effectively account for the complex interdependencies among these platforms. Journal: Journal of Cyber Policy Pages: 107-139 Issue: 1 Volume: 5 Year: 2020 Month: 7 X-DOI: 10.1080/23738871.2020.1754443 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1754443 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:1:p:107-139 Template-Type: ReDIF-Article 1.0 Author-Name: Eva Claessen Author-X-Name-First: Eva Author-X-Name-Last: Claessen Title: Reshaping the internet – the impact of the securitisation of internet infrastructure on approaches to internet governance: the case of Russia and the EU Abstract: In the face of the rising political stake associated with the Internet, states are increasingly vying for a bigger role in its governance. Within a climate of an array of threats associated with the online information space, the attention is turning towards the governance of the internet infrastructure itself, comprising both the physical (the collection of cables computers, servers and routers that make up the network) and the virtual infrastructure (protocols, social media platforms and search engines that make it possible to navigate and use the internet). The question of sovereignty is not only increasingly reflected in the legislation of political actors like Russia, but also recently in EU discourse in relation to technological resilience and cyber security. This article aims to map out the impact of the securitisation of the internet infrastructure in the Russian and the EU approach to internet governance. Journal: Journal of Cyber Policy Pages: 140-157 Issue: 1 Volume: 5 Year: 2020 Month: 7 X-DOI: 10.1080/23738871.2020.1728356 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1728356 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:1:p:140-157 Template-Type: ReDIF-Article 1.0 Author-Name: Joyce Hakmeh Author-X-Name-First: Joyce Author-X-Name-Last: Hakmeh Title: Editorial introduction Journal: Journal of Cyber Policy Pages: 159-162 Issue: 2 Volume: 5 Year: 2020 Month: 5 X-DOI: 10.1080/23738871.2020.1808033 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1808033 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:2:p:159-162 Template-Type: ReDIF-Article 1.0 Author-Name: Cameran Ashraf Author-X-Name-First: Cameran Author-X-Name-Last: Ashraf Title: Artificial intelligence and the rights to assembly and association Abstract: The rights to assembly and association are fundamental rights guaranteed in the Universal Declaration of Human Rights. They are essential to the establishment and functioning of a democracy and ensure that individuals and groups can peacefully come together to pursue their common goals. These, and other human rights, are being challenged by the development and widespread deployment of artificial intelligence systems on the internet. Indeed, the development of artificial intelligence has been a cause for concern among human rights activists, scholars and practitioners.While much existing literature has examined how AI will impact privacy and freedom of expression, its impact on the rights to assembly and association has been neglected. To develop a more well-rounded body of literature about AI and human rights, this paper will examine the impacts of artificial intelligence on the rights to assembly and association. It will discuss AI’s impact on two key areas: content display, whereby AI determines the content we see, and content moderation, where AI determines which content exists. The paper concludes with policy recommendations and the hope that these recommendations will serve as a starting point for a discussion on protecting these important rights in the age of artificial intelligence. Journal: Journal of Cyber Policy Pages: 163-179 Issue: 2 Volume: 5 Year: 2020 Month: 5 X-DOI: 10.1080/23738871.2020.1778760 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1778760 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:2:p:163-179 Template-Type: ReDIF-Article 1.0 Author-Name: Adam Henschke Author-X-Name-First: Adam Author-X-Name-Last: Henschke Author-Name: Matthew Sussex Author-X-Name-First: Matthew Author-X-Name-Last: Sussex Author-Name: Courteney O’Connor Author-X-Name-First: Courteney Author-X-Name-Last: O’Connor Title: Countering foreign interference: election integrity lessons for liberal democracies Abstract: Liberal democracies and their allies are facing a generational challenge from increased and evolving efforts by foreign actors to undermine public trust and degrade democracy. This article examines the problem of foreign interference with particular reference to the US midterm elections of 2018 as a case study, to draw potential lessons for liberal democracies in advance of future democratic processes. These lessons are centred upon five vulnerabilities to malicious actors, which – if exploited, either partly or wholly – can potentially degrade a democratic political system. The five vulnerabilities incorporate democratic institutions, election infrastructure and private industry. They also include individuals, and the core ideas that underpin democratic norms and values. We call these the ‘Five Is’. The paper outlines the challenges facing the integrity of elections for liberal democracies and fills out the concept of the ‘Five Is’. We note that the ‘Five Is’ are causally linked and overlapping. Having discussed the ‘Five Is’, we then look at the US 2018 midterms as a way to clarify and specify the ‘Five Is’ in practice. The paper then offers eight recommendations for policymakers to increase the resilience of electoral processes to such threats and attacks. Journal: Journal of Cyber Policy Pages: 180-198 Issue: 2 Volume: 5 Year: 2020 Month: 5 X-DOI: 10.1080/23738871.2020.1797136 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1797136 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:2:p:180-198 Template-Type: ReDIF-Article 1.0 Author-Name: Christopher Whyte Author-X-Name-First: Christopher Author-X-Name-Last: Whyte Title: Deepfake news: AI-enabled disinformation as a multi-level public policy challenge Abstract: The advent of ‘DeepFake' content that is increasingly difficult for humans and machines to distinguish as artificial portends a number of challenges to democratic societies. In order to effectively respond, policymakers must gain understanding of how DeepFake content might manifest. This paper aims to offer necessary context by exploring AI-enabled multimedia disinformation across different levels: (1) as a mass-produced, regular feature of the information environment in democracies and (2) as a highly tailored instrument used in tandem with cyber operations. I explore the impact of DeepFakes on the ability of populations to determine the origination, credibility, quality and freedom of information. Such macro impacts amplify the potential value of DeepFake content employed alongside targeted cyber activities, a combination that even alone offers belligerent actors new opportunities for enhancing attempts at disinformation and coercion. Nevertheless, I ultimately argue that DeepFakes should be thought of more as an evolution than a revolution in disinformation techniques, the real threat of which emerges from the manner in which new abilities to produce even reasonable fidelity fabrications rapidly and at scale combine the multiform shape of the modern digital information environment to make organized influence efforts much more dynamic than has previously been the case. Journal: Journal of Cyber Policy Pages: 199-217 Issue: 2 Volume: 5 Year: 2020 Month: 5 X-DOI: 10.1080/23738871.2020.1797135 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1797135 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:2:p:199-217 Template-Type: ReDIF-Article 1.0 Author-Name: Ying Miao Author-X-Name-First: Ying Author-X-Name-Last: Miao Title: Managing digital contention in China Abstract: This paper explores new developments in cyber content management strategies in China by highlighting the rise of participatory, peer-to-peer censoring practices, and examining how the People's Daily have responded to the contentious events in the top 20 public opinion incidents of 2016, to illustrate how official media uses different types of management strategies to mediate and demobilise contention, on top of information containment strategies such as censorship. I also discuss briefly the creation of a Digital United Front which seeks to incorporate social influencers and cyber elites into mainstream political institutions such as the CPPCC.Not only do these strategies further undermine the formation of a political locus opposite the state, they continue to subsume previously oppositional narratives into grander narratives of stability and national progress. Online political participation in Chinese cyberspace must seek further paternalistic protection from Party authorities in order to legitimise their contention. Although this strengthens the Party-state's claim to legitimacy, ultimately this weakens the emergence of civil society in China as the only form of contention that can survive is those that are legitimised by the Party-state, and the political space oppositional to the state remain closed off. Journal: Journal of Cyber Policy Pages: 218-238 Issue: 2 Volume: 5 Year: 2020 Month: 5 X-DOI: 10.1080/23738871.2020.1748079 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1748079 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:2:p:218-238 Template-Type: ReDIF-Article 1.0 Author-Name: Stacie Hoffmann Author-X-Name-First: Stacie Author-X-Name-Last: Hoffmann Author-Name: Dominique Lazanski Author-X-Name-First: Dominique Author-X-Name-Last: Lazanski Author-Name: Emily Taylor Author-X-Name-First: Emily Author-X-Name-Last: Taylor Title: Standardising the splinternet: how China’s technical standards could fragment the internet Abstract: China’s drive for technological dominance has resulted in a long-term, government-driven national strategy. This includes the creation of native technologies which reflect local policies and politics, micromanagement of the internet from the top down, and the use of international standards development organisations (SDOs), such as the UN agency the International Telecommunication Union (ITU), to legitimize and protect these technologies in the global marketplace. Alternate internet technologies based on a new ‘decentralized internet infrastructure’ are being developed in SDOs and marketed by Chinese companies. In a worst-case scenario, these alternate technologies and a suite of supporting standards could splinter the global internet’s shared and ubiquitous architecture. They also pave the way to a new form of internet governance, one that is multilateral instead of multistakeholder. A fragmented network would introduce new challenges to cyber defence and could provide adversaries with a technical means to undermine the norms, predictability and security of today’s cyberspace – which would also impact human rights and widen the digital divide. Western nations and like-minded allies need to intensify their cooperation with one another, international partners such as the EU, and other stakeholders like industry, academia and civil society to understand and limit the potential ramifications of these new technical developments. This paper aims to shed light on how China’s activities in SDOs contribute to the execution of its long-term technical, economic and political strategic ambitions. Journal: Journal of Cyber Policy Pages: 239-264 Issue: 2 Volume: 5 Year: 2020 Month: 5 X-DOI: 10.1080/23738871.2020.1805482 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1805482 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:2:p:239-264 Template-Type: ReDIF-Article 1.0 Author-Name: Eugenio Lilli Author-X-Name-First: Eugenio Author-X-Name-Last: Lilli Title: President Obama and US cyber security policy Abstract: Advancements in Information and Communications Technology have had an enormous impact on modern societies. As a consequence, an increased number of governments has developed national cyber security policies. This article specifically focuses on the contribution of President Barack Obama to the development of cyber security policy in the United States. In particular, this is a study of the policy measures that directly affected US national security in the core areas of homeland security, defence and foreign policy. These measures include strategic documents, organisational initiatives, and additional measures originating from the US federal government, mostly from the White House. The main argument of the article is that, although having been discussed by US policymakers at least since the 1960s, US cyber security policy only took off and became a national security priority during the Obama years, when the administration decided to move from ad-hoc and sector-specific measures to a more structured and holistic approach. Tellingly, Obama’s record shows a notable number of ‘firsts’, that is of measures which tackled aspects of cyber security which had not been addressed before. Finally, the article also develops and discusses a new working definition of cyber security policy. Journal: Journal of Cyber Policy Pages: 265-284 Issue: 2 Volume: 5 Year: 2020 Month: 5 X-DOI: 10.1080/23738871.2020.1778759 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1778759 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:2:p:265-284 Template-Type: ReDIF-Article 1.0 Author-Name: Eviatar Matania Author-X-Name-First: Eviatar Author-X-Name-Last: Matania Author-Name: Eldad Tal-Shir Author-X-Name-First: Eldad Author-X-Name-Last: Tal-Shir Title: Continuous terrain remodelling: gaining the upper hand in cyber defence Abstract: This paper seeks to shed light on the implications of the malleability of cyberspace for the offence-defence balance. We argue that defenders’ authority over their ‘cyber terrain’ which results from genuine ownership of its comprising assets gives them a unique advantage over attackers. Namely, the advantage to alter the state and composition of any assets over which cyberattackers and defenders contend. We suggest that this advantage is optimally suited for employment in a defensive paradigm of continuous remodelling of the cyber terrain (CTR). We demonstrate that various technologies are emerging as potential facilitators of such an approach to cyber defence. We also substantiate CTR’s capacity for granting defenders the upper hand by demonstrating its thwarting of most phases of cyberattacks and the imposition of an asymmetric disadvantage on attackers. Specifically, we analyse the promise of such remodelling in light of Lockheed Martin’s cyber kill chain model, and exemplify its disruptive effects on infamous malware. We also discuss what constitutes an owner’s cyber terrain in the age of the cloud, the obstacles to CTR, its implications for the industry, and propose an expected trajectory for offensive actions in cyberspace in an era of terrain remodelling. Journal: Journal of Cyber Policy Pages: 285-301 Issue: 2 Volume: 5 Year: 2020 Month: 5 X-DOI: 10.1080/23738871.2020.1778761 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1778761 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:2:p:285-301 Template-Type: ReDIF-Article 1.0 Author-Name: William Hatcher Author-X-Name-First: William Author-X-Name-Last: Hatcher Author-Name: Wesley L. Meares Author-X-Name-First: Wesley L. Author-X-Name-Last: Meares Author-Name: John Heslen Author-X-Name-First: John Author-X-Name-Last: Heslen Title: The cybersecurity of municipalities in the United States: an exploratory survey of policies and practices Abstract: Few empirical studies have examined the cybersecurity policies of cities in the United States. Issues that have yet to be addressed in the literature include whether cities (of various sizes) maintain cybersecurity plans and policies that are sufficient to protect their citizens’ data, a general lack of knowledge regarding cybersecurity policies, and practices on the part of cities that place at risk the security of public services and citizens’ privacy. Our research explored these issues by administering a survey to public officials working in U.S. cities. The survey instrument included questions pertaining to (1) the existence of a formal cybersecurity strategic plan and the utilisation of internet-based technologies in cities, (2) the support received by cities for their cybersecurity planning, (3) the types of cybersecurity policies being implemented in cities, and (4) the resources needed to conduct cybersecurity planning. We collected surveys from 168 officials employed in cities across the U.S. Our analysis of the results indicates that municipalities have formal cybersecurity policies but that they need to increase the integration of cybersecurity practices into their daily management processes by tracking their data, consulting outside security auditors, and increasing management training related to data security. Journal: Journal of Cyber Policy Pages: 302-325 Issue: 2 Volume: 5 Year: 2020 Month: 5 X-DOI: 10.1080/23738871.2020.1792956 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1792956 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:2:p:302-325 Template-Type: ReDIF-Article 1.0 Author-Name: Florian J. Egloff Author-X-Name-First: Florian J. Author-X-Name-Last: Egloff Author-Name: Max Smeets Author-X-Name-First: Max Author-X-Name-Last: Smeets Title: Sandworm: a new era of cyberwar and the hunt for the Kremlin’s most dangerous hackers Journal: Journal of Cyber Policy Pages: 326-327 Issue: 2 Volume: 5 Year: 2020 Month: 5 X-DOI: 10.1080/23738871.2020.1808032 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1808032 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:2:p:326-327 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Editorial introduction Journal: Journal of Cyber Policy Pages: 329-331 Issue: 3 Volume: 5 Year: 2020 Month: 09 X-DOI: 10.1080/23738871.2020.1867599 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1867599 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:3:p:329-331 Template-Type: ReDIF-Article 1.0 Author-Name: Jacob Dexe Author-X-Name-First: Jacob Author-X-Name-Last: Dexe Author-Name: Ulrik Franke Author-X-Name-First: Ulrik Author-X-Name-Last: Franke Title: Nordic lights? National AI policies for doing well by doing good Abstract: Getting ahead on the global stage of AI technologies requires vast resources or novel approaches. The Nordic countries have tried to find a novel path, claiming that responsible and ethical AI is not only morally right but confers a competitive advantage. In this article, eight official AI policy documents from Denmark, Finland, Norway and Sweden are analysed according to the AI4People taxonomy, which proposes five ethical principles for AI: beneficence, non-maleficence, autonomy, justice and explicability. The principles are described in terms such as growth, innovation, efficiency gains, cybersecurity, malicious use or misuse of AI systems, data use, effects on labour markets, and regulatory environments. The authors also analyse how the strategies describe the link between ethical principles and a competitive advantage, and what measures are proposed to facilitate that link. Links such as a first-mover advantage and measures such as influencing international standards and regulations are identified. The article concludes by showing that while ethical principles are present, neither the ethical principles nor the links and measures are made explicit in the policy documents. Journal: Journal of Cyber Policy Pages: 332-349 Issue: 3 Volume: 5 Year: 2020 Month: 09 X-DOI: 10.1080/23738871.2020.1856160 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1856160 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:3:p:332-349 Template-Type: ReDIF-Article 1.0 Author-Name: Raffi Teperdjian Author-X-Name-First: Raffi Author-X-Name-Last: Teperdjian Title: Proposing cybersecurity regulations for smart contracts Abstract: Smart contracts have the potential to improve many existing transactions and to enable entirely new business models. However, the technology supporting this new method of transacting is complex and the legal framework applying to it is somewhat unclear. Though theorised several decades ago, it was not until the advent of the distributed ledger technology known as blockchain that smart contracts were able to be practically implemented. This paper summarises the concept of smart contracts while providing the background and context of its development. It then distinguishes those smart contracts which are considered legally binding within the scope of US laws from those that may not have legal effect. Next, it provides an in-depth example of an exploitation of smart contracts and explores how the legal reaction to it is inadequate. To reduce the likelihood of future smart contract exploitations and to improve confidence for contracting parties, this article suggests adding explicit smart contract cybersecurity provisions to existing US legal frameworks. Specifically, I propose adapting several of the National Institute of Standards and Technology’s Federal Information Processing Standards to create minimum cybersecurity requirements for all legally binding smart contracts. I also examine the shortcomings of the Computer Fraud and Abuse Act while identifying it as a piece of legislation ripe for reform which, if done adequately, may provide a legal deterrent to would-be cyber hackers of smart contracts. Journal: Journal of Cyber Policy Pages: 350-371 Issue: 3 Volume: 5 Year: 2020 Month: 09 X-DOI: 10.1080/23738871.2020.1839924 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1839924 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:3:p:350-371 Template-Type: ReDIF-Article 1.0 Author-Name: Aaron F. Brantly Author-X-Name-First: Aaron F. Author-X-Name-Last: Brantly Author-Name: Nataliya D. Brantly Author-X-Name-First: Nataliya D. Author-X-Name-Last: Brantly Title: Patient-centric cybersecurity Abstract: Advances in technologies relating to the provision of medical care are rapidly proliferating globally. These advances are being addressed piecemeal through a bevy of new laws, policies and regulations. Presently these efforts often fail to place the patient and his or her wellbeing at the core of legal, policy and regulatory developments. Rather there are efforts to balance issues of health outcomes, financial incentives and liability. An increasing threat particularly acute to patients resides in an inability to understand and manage their own health associated cybersecurity concerns. This paper builds the case for patient-centric approaches to not only medical care but also cybersecurity within health care. Journal: Journal of Cyber Policy Pages: 372-391 Issue: 3 Volume: 5 Year: 2020 Month: 09 X-DOI: 10.1080/23738871.2020.1856902 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1856902 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:3:p:372-391 Template-Type: ReDIF-Article 1.0 Author-Name: Carlos Solar Author-X-Name-First: Carlos Author-X-Name-Last: Solar Title: Cybersecurity and cyber defence in the emerging democracies Abstract: How do we interpret current cybersecurity and cyber defence affairs beyond what we know from the advanced democracies and industrialised states? This article argues that in the emerging democracies, the military is on its way to being the dominant force controlling cyber centres or commands emulating those already established in the global North. There are three main takeaways from such developments when using the case study of the western hemisphere. First, states in the region have decided to manage their cyber affairs through inter-governmental and military-to-military diplomacy with more powerful states, such as the United States. Second, governments are eager to set up interactive policy communities at the national level to review cyber risks together with those in the defence sector. Third, militarising cyberspace in fragile political and policy settings can become somewhat risky for democratic governing. Ultimately, marrying the protection of the digital space to highly politicised armed forces might turn into a challenge when trying to set up a secure and egalitarian internet. Journal: Journal of Cyber Policy Pages: 392-412 Issue: 3 Volume: 5 Year: 2020 Month: 09 X-DOI: 10.1080/23738871.2020.1820546 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1820546 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:3:p:392-412 Template-Type: ReDIF-Article 1.0 Author-Name: Niels Nagelhus Schia Author-X-Name-First: Niels Nagelhus Author-X-Name-Last: Schia Author-Name: Lars Gjesvik Author-X-Name-First: Lars Author-X-Name-Last: Gjesvik Title: Hacking democracy: managing influence campaigns and disinformation in the digital age Abstract: How are states responding to the threat of using digital technologies to subvert democratic processes? Protecting political and democratic processes from interference via digital technologies is a new and complicated security threat. In recent years the issue has been most prominent in terms of election security, yet the widespread usage of digital technologies allows for the subversion of democratic processes in multifaceted ways. From disrupting the political discourse with false information to inflaming and stoking political divisions digital technologies allows for a variety of ways for malicious actors to target democracies. This article compares different state experiences with interference in sovereign and contested political decisions. More specifically the article compares the Norwegian approach and experience in managing these challenges with those of Finland and the UK. Mapping both how the problem is understood, and the role of previous experiences in shaping public policy. Journal: Journal of Cyber Policy Pages: 413-428 Issue: 3 Volume: 5 Year: 2020 Month: 09 X-DOI: 10.1080/23738871.2020.1820060 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1820060 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:3:p:413-428 Template-Type: ReDIF-Article 1.0 Author-Name: Anjuli R. K. Shere Author-X-Name-First: Anjuli R. K. Author-X-Name-Last: Shere Title: Now you [don’t] see me: how have new legislation and changing public awareness of the UK surveillance state impacted OSINT investigations? Abstract: Open-source intelligence (OSINT) gathering and analysis techniques are used by investigators from a variety of fields, owing to their accessibility and exceptional capacity for corroboration. It has previously been argued that proposed data protection legislation can chill the free press, but there have been no studies assessing the effect of such reforms on more general OSINT capabilities. European Union’s General Data Protection Regulation (GDPR) was implemented in the UK through the 2018 Data Protection Act (DPA) to protect personal data against exploitation. This study surveyed 16 OSINT gathering and analysis practitioners across public and private sectors to determine firstly, what, if any impact the implementation of the GDPR/DPA have had on their ability to successfully operate as OSINT analysts and secondly, if they have noticed any subsequent changes in UK public perception around issues of the surveillance state and digital privacy. I argue that this initial survey shows that the GDPR is merely a first step in establishing societal expectations and regulations around digital privacy. While some changes to OSINT practice have been reported, to date few substantive changes to OSINT methods or analysis resulted or seemed poised to take effect, one year after the advent of the GDPR/DPA. Journal: Journal of Cyber Policy Pages: 429-448 Issue: 3 Volume: 5 Year: 2020 Month: 09 X-DOI: 10.1080/23738871.2020.1832129 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1832129 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:3:p:429-448 Template-Type: ReDIF-Article 1.0 Author-Name: Joe Burton Author-X-Name-First: Joe Author-X-Name-Last: Burton Author-Name: Clare Lain Author-X-Name-First: Clare Author-X-Name-Last: Lain Title: Desecuritising cybersecurity: towards a societal approach Abstract: Cybersecurity is often treated as a national security issue with responses to attacks implemented by military and intelligence agencies. This has created path dependencies in which tensions between the private sector and government have continued, where over-classification of cyberthreats has occurred, and where the broader societal impacts of malicious use of the internet have been underestimated. Drawing on the societal security concept established by the Copenhagen School of International Relations, we seek to reframe cybersecurity theory and policy. In the first section of the article we establish a theoretical approach to cybersecurity that emphasises the impact of cyberattacks on society, including on the health, energy and transport sectors. The second section draws on the history of cyberconflict to assess the ways the internet has been used to exacerbate societal tensions between identity groups and to create incohesion and societal security dilemmas. This section reinterprets the way the Kosovo War, Millennium (Y2 K) Bug, 9/11 and the WannaCry incident shaped and reflected cyber policy. The final section explores how a process of cyber desecuritisation might be achieved, including through discursive change and an enhanced role for the societal sector in the event of major cyberattacks. Journal: Journal of Cyber Policy Pages: 449-470 Issue: 3 Volume: 5 Year: 2020 Month: 09 X-DOI: 10.1080/23738871.2020.1856903 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1856903 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:5:y:2020:i:3:p:449-470 Template-Type: ReDIF-Article 1.0 Author-Name: Camille Francois Author-X-Name-First: Camille Author-X-Name-Last: Francois Author-Name: Herb Lin Author-X-Name-First: Herb Author-X-Name-Last: Lin Title: The strategic surprise of Russian information operations on social media in 2016 in the United States: mapping a blind spot Abstract: Despite many years of preparation for cyber conflict against US critical infrastructure and military forces, the US government and cybersecurity industry were unprepared for Russian information operations targeting the 2016 US presidential election. While the Russian campaign had many components, this article focuses specifically on the covert use of social media accounts and online properties impersonating Americans for the purpose of manipulation. This article addresses the strategic blind spot around Russian information operations and the technocentric Western approach to cybersecurity that led to it. The authors explore three fields contributing essential insights to the understanding of information operations on social media: cyber conflict and cybersecurity studies, Internet and Society studies, and the Information Controls literature within human rights scholarship. Each conceptualizes cyberspace differently, but a theory of information operations on social media will bridge conceptual gaps. The article concludes that despite this initial blind spot, great tactical progress in addressing information operations on social media has been made by the US government and large US social media platforms since the 2017 ‘reckoning’. A more robust and foundational theory of information operations on social media remains to be built, integrating and synthesizing concepts from the three fields described in this article.1 Journal: Journal of Cyber Policy Pages: 9-30 Issue: 1 Volume: 6 Year: 2021 Month: 01 X-DOI: 10.1080/23738871.2021.1950196 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1950196 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:1:p:9-30 Template-Type: ReDIF-Article 1.0 Author-Name: Frédérick Douzet Author-X-Name-First: Frédérick Author-X-Name-Last: Douzet Author-Name: Aude Gery Author-X-Name-First: Aude Author-X-Name-Last: Gery Title: Cyberspace is used, first and foremost, to wage wars: proliferation, security and stability in cyberspace Abstract: Cyberspace has completely revolutionised our ways of life, disrupted our economies, and allowed for important progress in our societies. But the advantages of the digital revolution are now threatened by the use of cyberspace for war purposes. This article explores the states’ security dilemma as they face cyber challenges and the ambivalence of the notion of security in cyberspace. It highlights how, in ten years, cyberspace has become a battlefield and a strategic priority for many states that have represented it as a geopolitical threat for their national security, hence justifying its progressive militarisation. Meanwhile, they have become cognizant to the systemic risk of proliferation of offensive cybertools and cyber-operations. This security dilemma – one that opposes a representation of cyber threats as a geopolitical risk to that of cyberspace as a systemic risk – is at the heart of the multilateral negotiations on the regulation of cyberspace. There, a multiplicity of non-state actors has forced their way to the table through a multitude of initiatives that emphasize the importance of the challenges at stake and how difficult it will be for the states to face them. Journal: Journal of Cyber Policy Pages: 96-113 Issue: 1 Volume: 6 Year: 2021 Month: 01 X-DOI: 10.1080/23738871.2021.1937253 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1937253 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:1:p:96-113 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Guest editorial – From cyberspace to the datasphere: strategic challenges of the digital revolution Journal: Journal of Cyber Policy Pages: 4-8 Issue: 1 Volume: 6 Year: 2021 Month: 01 X-DOI: 10.1080/23738871.2021.1944244 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1944244 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:1:p:4-8 Template-Type: ReDIF-Article 1.0 Author-Name: Martin Innes Author-X-Name-First: Martin Author-X-Name-Last: Innes Author-Name: Helen Innes Author-X-Name-First: Helen Author-X-Name-Last: Innes Author-Name: Colin Roberts Author-X-Name-First: Colin Author-X-Name-Last: Roberts Author-Name: Darren Harmston Author-X-Name-First: Darren Author-X-Name-Last: Harmston Author-Name: Daniel Grinnell Author-X-Name-First: Daniel Author-X-Name-Last: Grinnell Title: The normalisation and domestication of digital disinformation: on the alignment and consequences of far-right and Russian State (dis)information operations and campaigns in Europe Abstract: This article traces a normalising and domesticating process in the use of digital misinformation and disinformation as part of political campaigning in Europe. Specifically, the analysis highlights innovations associated with the digital influence engineering techniques pioneered by far-right groups and agencies linked to the Kremlin, showing how there are areas of alignment and differentiation in the agendas and interests of these two groups. Their individual and collective activities in this area are important because of how they have promoted the use of similar disinforming tactics and techniques in the conduct of domestic politics. Journal: Journal of Cyber Policy Pages: 31-49 Issue: 1 Volume: 6 Year: 2021 Month: 01 X-DOI: 10.1080/23738871.2021.1937252 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1937252 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:1:p:31-49 Template-Type: ReDIF-Article 1.0 Author-Name: Frédérick Douzet Author-X-Name-First: Frédérick Author-X-Name-Last: Douzet Author-Name: Kévin Limonier Author-X-Name-First: Kévin Author-X-Name-Last: Limonier Author-Name: Selma Mihoubi Author-X-Name-First: Selma Author-X-Name-Last: Mihoubi Author-Name: Elodie René Author-X-Name-First: Elodie Author-X-Name-Last: René Title: Mapping the spread of Russian and Chinese contents on the French-speaking African web Abstract: Russia and China have developed informational influence strategies over the past decade and are now deploying their vectors on the African continent. Both Moscow and Beijing have implanted their international media in Africa in order to broadcast positive speeches about their presence and activities in the continent. In addition, the informational content of these two States is rebroadcasted by online African relays, allowing for an increasing spread of the messages and representations conveyed by China and Russia through their media. How effective is the informational influence of these two countries on the African continent and how to map its vectors and relays? This study proposes a methodology to identify web actors who spread Chinese and Russian content, as well as an analysis of the public opinion influencing strategies led by these States for African audiences. Journal: Journal of Cyber Policy Pages: 50-67 Issue: 1 Volume: 6 Year: 2021 Month: 01 X-DOI: 10.1080/23738871.2021.1943477 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1943477 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:1:p:50-67 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Editorial introduction Journal: Journal of Cyber Policy Pages: 1-3 Issue: 1 Volume: 6 Year: 2021 Month: 01 X-DOI: 10.1080/23738871.2021.1943478 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1943478 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:1:p:1-3 Template-Type: ReDIF-Article 1.0 Author-Name: Marie-Gabrielle Bertran Author-X-Name-First: Marie-Gabrielle Author-X-Name-Last: Bertran Title: Free and open source software in the new digital public policies in Russia Abstract: During Dmitrij Medvedev’s presidency from 2008 to 2012, the Russian government chose to promote the development of a new digital economy, with the idea that it would become a competitive sector and a tool for the external power of the country on the international market. However, in 2013, Edward Snowden’s revelations were used by the Russian government to promote the development of a strong and diversified digital industry on the domestic market, as it presumably became necessary to ensure the digital sovereignty of a country dependent on foreign actors especially American public authorities and digital companies. This new strategy brought the Russian authorities to examine new kinds of development and new standards for the domestic digital market, especially regarding its regulatory framework, in order to ensure the technological independence of the country as soon as possible (before 2020, according to the ‘State Program for an information society 2010–2020’; and then, before 2030, after the adoption of the ‘State Program for an information society 2017–2030’). In this regard, free and open-source software appeared as a practical solution, since open (i.e. publicly readable) code ensures low exploitation costs and the possibility of controlling its functions. Journal: Journal of Cyber Policy Pages: 81-95 Issue: 1 Volume: 6 Year: 2021 Month: 01 X-DOI: 10.1080/23738871.2021.1942110 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1942110 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:1:p:81-95 Template-Type: ReDIF-Article 1.0 Author-Name: Hugo Estecahandy Author-X-Name-First: Hugo Author-X-Name-Last: Estecahandy Author-Name: Kevin Limonier Author-X-Name-First: Kevin Author-X-Name-Last: Limonier Title: Cryptocurrencies and processing power in Russia: a new strategic territory in eastern Siberia? Abstract: This paper analyses the emerging Russian cryptocurrency mining industry, with a particular focus on eastern Siberia. This major strategic industry provides the region with a growing calculation power and fosters potential innovations – in encryption especially. In fact, the crypto-mining industry has noticeably coalesced in eastern Siberia because the region offers a series of geographic, climatic, economic and technical advantages – the magnitude of which is hard to match anywhere else in the world. This article focuses on the oblast of Irkutsk and shows how crypto-mining has come to encompass both economic and political powers and to involve a number of Russian actors and infrastructures. Ultimately, the local dynamics in eastern Siberia teach us a lot about the fate of the industry nationally. Journal: Journal of Cyber Policy Pages: 68-80 Issue: 1 Volume: 6 Year: 2021 Month: 01 X-DOI: 10.1080/23738871.2021.1939746 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1939746 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:1:p:68-80 Template-Type: ReDIF-Article 1.0 Author-Name: Sylvia Ndanu Mutua Author-X-Name-First: Sylvia Ndanu Author-X-Name-Last: Mutua Author-Name: Zhang Yanqiu Author-X-Name-First: Zhang Author-X-Name-Last: Yanqiu Title: Online content regulation policy in Kenya: potential challenges and possible solutions Abstract: The digital explosion experienced in Africa has rendered old media laws and ethics inapplicable in dealing with cases of abuse and misuse on social media platforms. As a result, authorities in most African countries are playing catch-up in combating bloggers and citizens who keep flouting media laws and ethics in cyberspace. This paper, focussing on mis/disinformation, identifies the key concerns and challenges in the present online content regulation in Kenya. It offers an up-to-date, well-informed review of the Kenyan regulatory landscape and a critical analysis of its limitations and the risks associated with it. In responding to these limitations, the paper proposes a concept of Media Regulation and Media Literacy (MRAML). MRAML incorporates media literacy education as part of the existing cyber regulation in curbing harmful online content. MRAML is anchored in UNESCO's Triple E's Model and social responsibility theory and recognises internet users as crucial stakeholders who can also be incorporated in online content regulation. MRAML aims to empower Kenyan internet users by creating awareness of the existing cyber regulations, developing their skills in critical thinking and enhancing their ability to identify and tackle illegal and harmful online content, thereby ensuring a safe, respectful, harmonious and inclusive Kenyan cyberspace. Journal: Journal of Cyber Policy Pages: 177-195 Issue: 2 Volume: 6 Year: 2021 Month: 05 X-DOI: 10.1080/23738871.2021.1916974 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1916974 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:2:p:177-195 Template-Type: ReDIF-Article 1.0 Author-Name: Jan Martin Lemnitzer Author-X-Name-First: Jan Martin Author-X-Name-Last: Lemnitzer Title: Why cybersecurity insurance should be regulated and compulsory Abstract: This paper argues that promoting and regulating cybersecurity insurance could solve a key problem: despite the well-publicized hacks of businesses across the world and numerous government awareness campaigns, many small- and medium-sized companies (SMEs) in Europe do not practise proper cybersecurity. Introducing compulsory cybersecurity insurance for SMEs would be the single most effective way to achieve cyber resilience in a modern digital economy and protect businesses from both cybercriminals and state-sponsored hackers. Besides setting minimum standards for company cybersecurity and ensuring that post-breach support services are included in every insurance policy, governments must also address significant issues in the emerging cyber insurance market such as removing false incentives regarding ransoms and fines and creating a backstop mechanism to address aggregate risk. Moreover, they should ensure that all claims are collected in one database since this data would transform our understanding of malware threats and the costs they are causing. Combining these measures could unleash the potential of cyber insurance for the protection of all businesses and their customers, especially if the EU adopts a coherent policy for all member states. Journal: Journal of Cyber Policy Pages: 118-136 Issue: 2 Volume: 6 Year: 2021 Month: 05 X-DOI: 10.1080/23738871.2021.1880609 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1880609 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:2:p:118-136 Template-Type: ReDIF-Article 1.0 Author-Name: Noran Shafik Fouad Author-X-Name-First: Noran Shafik Author-X-Name-Last: Fouad Title: Securing higher education against cyberthreats: from an institutional risk to a national policy challenge Abstract: This article problematises the understudied nature of cybersecurity in the higher education sector as an area of research and policy analysis, despite the exponential rise in cyberthreats against colleges and universities worldwide, particularly following the Covid-19 pandemic. It explains how the peculiarities of higher education as a target for cyberthreats are often overlooked due to the dominance of high-profile cyber incidents as opposed to mundane, everyday threats in policymaking and academic discourses on cybersecurity. In contrast to some studies that approach cyberthreats against educational institutions and technologies as an information technology (IT) issue in which risks are transferred to targeted institutions, this article explores the complexities of securing higher education against cyberthreats as a national policy challenge that requires national strategies and policies to address. This sectoral approach to cybersecurity also discusses possible measures that governments can adopt to improve the higher education sector’s resilience against cyberthreats and to better prepare for the inherent security vulnerabilities that come with increasing digitisation. Journal: Journal of Cyber Policy Pages: 137-154 Issue: 2 Volume: 6 Year: 2021 Month: 05 X-DOI: 10.1080/23738871.2021.1973526 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1973526 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:2:p:137-154 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Vol 6.2 Editorial introduction Journal: Journal of Cyber Policy Pages: 115-117 Issue: 2 Volume: 6 Year: 2021 Month: 05 X-DOI: 10.1080/23738871.2021.1985553 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1985553 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:2:p:115-117 Template-Type: ReDIF-Article 1.0 Author-Name: Dennis Desmond Author-X-Name-First: Dennis Author-X-Name-Last: Desmond Author-Name: Paul Salmon Author-X-Name-First: Paul Author-X-Name-Last: Salmon Author-Name: David Lacey Author-X-Name-First: David Author-X-Name-Last: Lacey Title: Functional systems within cryptolaundering processes: a work domain analysis model of cryptolaundering activities Abstract: Cryptocurrencies are receiving significant attention owing to their volatility, affiliation with criminal activities and perceived role in money laundering. Traditional anti-money laundering enforcement techniques are proving ineffective due to a lack of a body of knowledge about the cryptocurrency system and the continued use of traditional approaches to disruption. This study presents a first-of-its-kind systems model of the cryptolaundering system. The authors applied Work Domain Analysis (WDA) to describe the functioning of the cryptolaundering sociotechnical system using the unique language and perspective of cryptolaunderers. The resulting WDA abstraction hierarchy demonstrates the difference between cryptolaundering and traditional money laundering efforts. Cryptolaunderers operate outside of the traditional financial system relying primarily on unregistered laundering services and employ cyber tradecraft methods while circumventing regulatory and enforcement efforts. The WDA model aided with the understanding of cryptocurrency technologies, identifies avenues for intervention in cryptolaundering activities, and provides a basis for expanding anti-cryptolaundering laws and regulations. Journal: Journal of Cyber Policy Pages: 155-176 Issue: 2 Volume: 6 Year: 2021 Month: 05 X-DOI: 10.1080/23738871.2021.1948088 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1948088 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:2:p:155-176 Template-Type: ReDIF-Article 1.0 Author-Name: Eric Jardine Author-X-Name-First: Eric Author-X-Name-Last: Jardine Title: Blame the messenger: perceived mis/disinformation exposure on social media and perceptions of newsfeed algorithmic bias Abstract: Does perceived exposure on social media to mis/disinformation affect user perceptions of social media newsfeed algorithmic bias? Using survey data from eight liberal democratic countries and propensity score matching statistical techniques, this paper details the average treatment effect (ATE) of self-reported perceived exposure to mis/disinformation on perceptions that social media newsfeed algorithms are biased. Overall, the results show that self-reported perceived exposure to misleading content on social media increases perceptions of algorithmic bias. The results also detail interesting platform/country variation in the estimated average treatment effect. The ATE of perceived fake news exposure on perceptions of algorithmic bias are similar on Twitter and Facebook but are amplified in countries with high society-wide issue salience surrounding ‘fake news’ and, especially, ‘algorithmic bias’. Journal: Journal of Cyber Policy Pages: 196-213 Issue: 2 Volume: 6 Year: 2021 Month: 05 X-DOI: 10.1080/23738871.2021.1953557 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1953557 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:2:p:196-213 Template-Type: ReDIF-Article 1.0 Author-Name: Valentin Weber Author-X-Name-First: Valentin Author-X-Name-Last: Weber Title: China’s quest for foreign technology: beyond espionage Journal: Journal of Cyber Policy Pages: 262-263 Issue: 2 Volume: 6 Year: 2021 Month: 05 X-DOI: 10.1080/23738871.2021.1913201 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1913201 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:2:p:262-263 Template-Type: ReDIF-Article 1.0 Author-Name: Dimitrios Anagnostakis Author-X-Name-First: Dimitrios Author-X-Name-Last: Anagnostakis Title: The European Union-United States cybersecurity relationship: a transatlantic functional cooperation Abstract: This article explores the European Union (EU)-United States (US) cybersecurity relationship through an international relations perspective focusing on threat perceptions and interests, principles and norms and institutions. It uses data from publicly available EU and US documents and speeches and from three interviews conducted by the author with EU officials. The main argument of this research is that the transatlantic security relationship is not in a process of rift with regard to cybersecurity; cooperation and coordination continues despite the broader political disagreements that arise from time to time. The EU and the US share common threat perceptions and interests, they converge around a number of cybersecurity principles and norms, and they coordinate their actions in practice. In other words, the EU-US cybersecurity relationship has taken the form of a functional cooperation which aims at safeguarding common interests and avoiding the costs and the vulnerabilities that arise from the EU-US interdependencies in the cyber realm. At the same time, not all policy areas related to cybersecurity have been equally prioritised by the two actors. Journal: Journal of Cyber Policy Pages: 243-261 Issue: 2 Volume: 6 Year: 2021 Month: 05 X-DOI: 10.1080/23738871.2021.1916975 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1916975 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:2:p:243-261 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Cybersecurity in Southeast Asia: a vision for Vietnam. Interview with Dr Nguyen Viet Lam Journal: Journal of Cyber Policy Pages: 236-242 Issue: 2 Volume: 6 Year: 2021 Month: 05 X-DOI: 10.1080/23738871.2021.1985552 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1985552 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:2:p:236-242 Template-Type: ReDIF-Article 1.0 Author-Name: S. Creese Author-X-Name-First: S. Author-X-Name-Last: Creese Author-Name: W. H. Dutton Author-X-Name-First: W. H. Author-X-Name-Last: Dutton Author-Name: P. Esteve-González Author-X-Name-First: P. Author-X-Name-Last: Esteve-González Author-Name: R. Shillair Author-X-Name-First: R. Author-X-Name-Last: Shillair Title: Cybersecurity capacity-building: cross-national benefits and international divides Abstract: The growing centrality of cybersecurity has led many governments and international organisations to focus on building the capacity of nations to withstand threats to the public and its digital resources. These initiatives entail a range of actions that vary from education and training to technology and related standards, as well as new legal and policy frameworks. While efforts to proactively address security problems seem intuitively valuable, they are new, meaning there is relatively little research on whether they achieve their intended objectives. This paper takes a cross-national comparative approach to determine whether there is empirical support for investing in capacity-building. Marshalling field research from 73 nations, the comparative data analysis: (1) describes the status of capacity-building across the nations; (2) determines the impact of capacity-building when controlling for other key contextual variables that might provide alternative explanations for key outcomes and (3) explores the factors that are shaping national advances in capacity-building. The analysis finds a low, formative status of cybersecurity capacity in most of the nations studied and also shows that relatively higher levels of maturity translate into positive outcomes for nations. The study provides empirical support to international efforts aimed at building cybersecurity capacity. Journal: Journal of Cyber Policy Pages: 214-235 Issue: 2 Volume: 6 Year: 2021 Month: 05 X-DOI: 10.1080/23738871.2021.1979617 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1979617 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:2:p:214-235 Template-Type: ReDIF-Article 1.0 Author-Name: Harriet Moynihan Author-X-Name-First: Harriet Author-X-Name-Last: Moynihan Title: Letter to the Editor Journal: Journal of Cyber Policy Pages: 264-265 Issue: 2 Volume: 6 Year: 2021 Month: 05 X-DOI: 10.1080/23738871.2021.1987492 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1987492 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:2:p:264-265 Template-Type: ReDIF-Article 1.0 Author-Name: Emily Taylor Author-X-Name-First: Emily Author-X-Name-Last: Taylor Author-Name: Joyce Hakmeh Author-X-Name-First: Joyce Author-X-Name-Last: Hakmeh Title: Editorial introduction vol 6.3 – cyberspace4all: towards an inclusive cyberspace governance Journal: Journal of Cyber Policy Pages: 267-270 Issue: 3 Volume: 6 Year: 2021 Month: 09 X-DOI: 10.1080/23738871.2021.2016880 File-URL: http://hdl.handle.net/10.1080/23738871.2021.2016880 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:3:p:267-270 Template-Type: ReDIF-Article 1.0 Author-Name: Kubo Mačák Author-X-Name-First: Kubo Author-X-Name-Last: Mačák Title: Unblurring the lines: military cyber operations and international law Abstract: The bright lines between certain fundamental legal categories may appear to have dimmed in the cyber environment, especially in relation to military cyber operations. This article thus unblurs the lines between five such pairs of categories, proceeding from the general to the specific: Firstly, what separates international law from international norms as the two principal regulatory frameworks governing the conduct of military cyber operations? Secondly, what is the distinction between domain-specific and general rules of international law as they apply to military cyber operations? Thirdly, is it possible to distinguish between peacetime and armed conflict with respect to the regulation of such operations? Fourthly, once an armed conflict is underway, how do we distinguish combatants from non-combatants in cyberspace? And fifthly, what is the distinction between objects and non-objects in cyberspace, particularly with respect to computer data affected by military cyber operations during armed conflicts? Overall, the article's goal is to reduce the opacity surrounding the relationship between military cyber operations and international law. In doing so, it aims to contribute to the long-term goal of making cyberspace a more open, secure, stable, accessible and peaceful environment. Journal: Journal of Cyber Policy Pages: 411-428 Issue: 3 Volume: 6 Year: 2021 Month: 09 X-DOI: 10.1080/23738871.2021.2014919 File-URL: http://hdl.handle.net/10.1080/23738871.2021.2014919 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:3:p:411-428 Template-Type: ReDIF-Article 1.0 Author-Name: Robert Collett Author-X-Name-First: Robert Author-X-Name-Last: Collett Title: Understanding cybersecurity capacity building and its relationship to norms and confidence building measures Abstract: International cybersecurity capacity building emerged in the mid-2000s as a mechanism for countries and organisations to assist each other, across borders, in protecting the safe, secure and open use of the digital environment. In parallel with this practical cooperation, the international community negotiated norms and confidence building measures to support peace and stability in cyberspace. The purpose of this paper is threefold. Having critiqued previous definitions and frameworks for cybersecurity capacity building, the paper proposes alternatives that both better represent actual practice and are of more use to the negotiations on stability in cyberspace. The proposed framework shifts capacity building beyond developed-developing country relationships and stresses the many goals that it serves. The paper then explores the relationship between cybersecurity capacity building, norms and confidence building measures. It contends that capacity building does not just support norms and confidence building measures, but is also an instance of them, and it benefits from norms of its own. The paper concludes by considering the proposals for cybersecurity capacity building principles that emerged from the 2019–2021 round of cyberspace diplomacy at the United Nations and by recommending the next steps. Journal: Journal of Cyber Policy Pages: 298-317 Issue: 3 Volume: 6 Year: 2021 Month: 09 X-DOI: 10.1080/23738871.2021.1948582 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1948582 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:3:p:298-317 Template-Type: ReDIF-Article 1.0 Author-Name: Alexandra Kulikova Author-X-Name-First: Alexandra Author-X-Name-Last: Kulikova Title: Cyber norms: technical extensions and technological challenges Abstract: Since the late 1990s, the UN has been home to debates and negotiations on the rules, norms and principles of states' responsible behaviour in cyberspace. As these discussions matured over years, they have been taken further to different fora and have been embedded in various stakeholder initiatives. In early 2021, the Open-Ended Working Group on Developments in the Field of ICTs in the context of international security (OEWG) and the UN Group of Governmental Experts on advancing responsible state behaviour in cyberspace in the context of international security (GGE) presented their respective consensus reports, the result of over two years work. It is not only the content of this work per se that is of interest - both in what has been achieved and which parts of these mandates were less successful. These processes, historically due to the two-decades-long GGE efforts, are shaping more than just the states' commitments around cyber strategies. They help build an overarching normative environment shifting priorities in cyber risk management and contribute to the development of voluntary tech-norms, while doing this out of sync with the implications of the emerging technologies for state as well as non-state actors' accountability in cyberspace. Journal: Journal of Cyber Policy Pages: 340-359 Issue: 3 Volume: 6 Year: 2021 Month: 09 X-DOI: 10.1080/23738871.2021.2020316 File-URL: http://hdl.handle.net/10.1080/23738871.2021.2020316 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:3:p:340-359 Template-Type: ReDIF-Article 1.0 Author-Name: Kaja Ciglic Author-X-Name-First: Kaja Author-X-Name-Last: Ciglic Author-Name: John Hering Author-X-Name-First: John Author-X-Name-Last: Hering Title: A multi-stakeholder foundation for peace in cyberspace Abstract: In this article we first explore the concept of ‘multi-stakeholderism’, focusing on how the term was understood when internet governance was first envisioned. We then elaborate on how the concept has evolved in recent years. The focus of the article here, given the shift in how cyberspace is treated by state actors – increasingly as a domain of conflict. We detail how the United Nations (UN) has approached international peace and security online since 2004, via a series of ad hoc working groups that have been largely exclusive to a small number of state participants, and the expansion of interstate conflict online during this same period.The article also introduces a number of informal initiatives that have been spearheaded by multi-stakeholder groups outside the auspices of the UN since 2018 – the Charter of Trust, the Cybersecurity Tech Accord, the Paris Call for Trust and Security in Cyberspace, the Contract for the Web, and the Let’s Talk Cyber dialogue series – focusing on the role of the private sector in particular to promote peace and security online. Finally, the article explores what could help ensure that the next generation of cybersecurity dialogues at the UN are structured to address escalating conflict in cyberspace and to take full advantage of external voices in this effort. Journal: Journal of Cyber Policy Pages: 360-374 Issue: 3 Volume: 6 Year: 2021 Month: 09 X-DOI: 10.1080/23738871.2021.2023603 File-URL: http://hdl.handle.net/10.1080/23738871.2021.2023603 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:3:p:360-374 Template-Type: ReDIF-Article 1.0 Author-Name: Christopher Painter Author-X-Name-First: Christopher Author-X-Name-Last: Painter Title: The United Nations’ cyberstability processes: surprising progress but much left to do Journal: Journal of Cyber Policy Pages: 271-276 Issue: 3 Volume: 6 Year: 2021 Month: 09 X-DOI: 10.1080/23738871.2021.2014920 File-URL: http://hdl.handle.net/10.1080/23738871.2021.2014920 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:3:p:271-276 Template-Type: ReDIF-Article 1.0 Author-Name: Harriet Moynihan Author-X-Name-First: Harriet Author-X-Name-Last: Moynihan Title: The vital role of international law in the framework for responsible state behaviour in cyberspace Abstract: This article explores the importance of international law in debates about responsible behaviour in cyberspace – in providing a rules-based framework, in legitimising states’ actions in response to unlawful activity in cyberspace by other states, and in lending normative force to statements calling out malicious cyber activity. At the same time, the article seeks to highlight the challenges involved in applying international law, and uses the application of two peacetime precepts of international law – the principle of sovereignty and the principle of non-intervention in other states’ internal affairs – to illustrate some of the doctrinal issues with which states are grappling. While acknowledging these challenges, the article concludes that even if the UN parallel processes in the form of the Open Ended Working Group and Group of Government Experts do not result in substantial agreement between states on issues of international law, the debates in themselves are valuable in encouraging states to deliberate on these issues and to make their views public. By publicising their views, states add momentum to the journey towards cyber-specific understandings of international law. Journal: Journal of Cyber Policy Pages: 394-410 Issue: 3 Volume: 6 Year: 2021 Month: 09 X-DOI: 10.1080/23738871.2020.1832550 File-URL: http://hdl.handle.net/10.1080/23738871.2020.1832550 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:3:p:394-410 Template-Type: ReDIF-Article 1.0 Author-Name: Dennis Broeders Author-X-Name-First: Dennis Author-X-Name-Last: Broeders Title: The (im)possibilities of addressing election interference and the public core of the internet in the UN GGE and OEWG: a mid-process assessment Abstract: This paper investigates whether and how the twin UN processes of the UN Group of Governmental Experts (UN GGE) and the Open-Ended Working Group (OEWG) are willing and able to address two ‘below-the-threshold’ problems in their deliberations. The call for the protection of the public core of the internet and the call for the protection against foreign election interference have been flagged by many state and non-state parties for consideration by both processes. This paper analyses the threats that the vulnerability of the public core of the internet and foreign election interference pose for stability in cyberspace, as well as the legal and normative proposals that have been suggested to promote responsible state behaviour. On the basis of the public documents that states have submitted to the more transparent OEWG process, the contours are sketched of what the inclusion of these issues in possible consensus reports for both processes may look like. The OEWG concluded its deliberations with a consensus report that addresses some aspects of these issues, shifting the task of further elaboration and guidance firstly onto the ongoing UN GGE process, as well as onto the new OEWG 2021–2025 and other UN processes that are emerging. Journal: Journal of Cyber Policy Pages: 277-297 Issue: 3 Volume: 6 Year: 2021 Month: 09 X-DOI: 10.1080/23738871.2021.1916976 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1916976 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:3:p:277-297 Template-Type: ReDIF-Article 1.0 Author-Name: Irene Poetranto Author-X-Name-First: Irene Author-X-Name-Last: Poetranto Author-Name: Justin Lau Author-X-Name-First: Justin Author-X-Name-Last: Lau Author-Name: Josh Gold Author-X-Name-First: Josh Author-X-Name-Last: Gold Title: Look south: challenges and opportunities for the ‘rules of the road’ for cyberspace in ASEAN and the AU Abstract: As the inaugural United Nations Open-Ended Working Group (UN OEWG) has not significantly updated nor advanced the ‘rules of the road’ for cyberspace, regional organizations such as the Association of Southeast Asian Nations (ASEAN) and the African Union (AU) provide additional venues wherein deliberations can continue among a smaller group of states. Several ASEAN and AU member states are also active participants at the UN OEWG. Nonetheless, questions remain on how and where agreement on international law and cyber norms at the regional level can be achieved. To assess the challenges and opportunities for progress, this paper examines the public positions of two ASEAN member states, Indonesia and Singapore, and two AU member states, Kenya and South Africa, during the 2019–2021 UN OEWG meetings and situates them in their respective regions. We argue that substantial progress at the regional level is challenging to achieve, due to varying attitudes and levels of technological development among states, long-standing concerns over state sovereignty, and the vital role that a highly motivated and well-resourced regional actor plays in championing the cause. Opportunities exist, however, in that ASEAN and the AU provide paths for leveraging existing partnerships on cybersecurity and building trust in the region. Journal: Journal of Cyber Policy Pages: 318-339 Issue: 3 Volume: 6 Year: 2021 Month: 09 X-DOI: 10.1080/23738871.2021.2011937 File-URL: http://hdl.handle.net/10.1080/23738871.2021.2011937 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:3:p:318-339 Template-Type: ReDIF-Article 1.0 Author-Name: Joe Devanny Author-X-Name-First: Joe Author-X-Name-Last: Devanny Author-Name: Ciaran Martin Author-X-Name-First: Ciaran Author-X-Name-Last: Martin Author-Name: Tim Stevens Author-X-Name-First: Tim Author-X-Name-Last: Stevens Title: On the strategic consequences of digital espionage Abstract: Digital espionage has Cold War origins, but states are still determining how to respond when they are found to be its latest victims. In multilateral discussions about norms of responsible state behaviour in cyberspace, digital political espionage is the elephant in the room. Like other aspects of inter-state intelligence competition, digital espionage is ‘business as usual’ but can also lead to tensions, particularly when operations become public. The strategic consequences of digital espionage appear significant, as asymmetries of state power and poor understanding of technical aspects of cyber operations lead to uncertainty about appropriate responses to ‘cyber victimhood’. We offer multiple propositions to frame state responses to digital espionage, focusing on the relational power of the victim and spying states and their bilateral relationships. States will generally respond proportionately to state-on-state digital espionage, whilst domestic-political factors pressure them to adopt more robust, cost-imposing measures that may exacerbate the strategic consequences of digital espionage. We illustrate these propositions with three recent cases – the Snowden revelations (2013); the Office of Personnel Management breach (2014); and the SolarWinds breach (2020) – and explore the importance of calibrated responses to digital political espionage for strategic stability and state behavioural norms in cyberspace. Journal: Journal of Cyber Policy Pages: 429-450 Issue: 3 Volume: 6 Year: 2021 Month: 09 X-DOI: 10.1080/23738871.2021.2000628 File-URL: http://hdl.handle.net/10.1080/23738871.2021.2000628 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:3:p:429-450 Template-Type: ReDIF-Article 1.0 Author-Name: Sheetal Kumar Author-X-Name-First: Sheetal Author-X-Name-Last: Kumar Title: The missing piece in human-centric approaches to cybernorms implementation: the role of civil society Abstract: The importance of a human-centric approach to peace and security in cyberspace has been consistently noted in cybernorms discussions, including in the UN First Committee’s Open-Ended Working Group on ICTs. However, an analysis of what a human-centric approach to implementing cybernorms means in practice has so far been lacking. Furthermore, literature and discussions about the role of cybernorms in maintaining international peace and security have, to date, dealt mainly with the role of state actors and the private sector, while the role of civil society has not been widely or adequately researched and documented. This article posits that civil society actors, working in collaboration with other stakeholders, have an important role to play in defining and implementing the human-centric approach to cybersecurity through their implementation of cybernorms. It unpacks the human-centric approach through three practical case studies and examples of the implementation of cybernorms grounded in different contexts. In this way, it aims to contribute to the understanding of what it means to implement cybernorms in a human-centric manner, and, by extension, to implement a human-centric approach to cybersecurity. Journal: Journal of Cyber Policy Pages: 375-393 Issue: 3 Volume: 6 Year: 2021 Month: 09 X-DOI: 10.1080/23738871.2021.1909090 File-URL: http://hdl.handle.net/10.1080/23738871.2021.1909090 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:6:y:2021:i:3:p:375-393 Template-Type: ReDIF-Article 1.0 Author-Name: George Berry Author-X-Name-First: George Author-X-Name-Last: Berry Title: The hacker and the state: cyber attacks and the new normal of geopolitics Journal: Journal of Cyber Policy Pages: 95-96 Issue: 1 Volume: 7 Year: 2022 Month: 01 X-DOI: 10.1080/23738871.2022.2059385 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2059385 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:1:p:95-96 Template-Type: ReDIF-Article 1.0 Author-Name: Clément Perarnaud Author-X-Name-First: Clément Author-X-Name-Last: Perarnaud Title: Power to the connected? Determinants of member states’ bargaining success in the making of the EU Digital Single Market Abstract: This research investigates the determinants of European governments’ bargaining success in negotiations related to the EU’s Digital Single Market (DSM). Investigating the making process of the recent Geoblocking Regulation and the Directive establishing the Electronic Communications Code, this article shows how member states’ capabilities to form coalitions at the EU level can be dependent upon their resources in Brussels and the efficiency of their coordination processes, translating in turn into asymmetries of influence. Drawing on interviews with national negotiators and EU officials, these two case studies indicate configurations in which states’ varying capabilities to liaise with EU institutions may partly determine their bargaining success in the adoption process of EU digital policies. This research confirms in particular that informal coordination mechanisms mobilised by the most digitally advanced countries of the EU can grant them significant influence over the shaping process of DSM legislations. Journal: Journal of Cyber Policy Pages: 55-71 Issue: 1 Volume: 7 Year: 2022 Month: 01 X-DOI: 10.1080/23738871.2022.2030382 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2030382 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:1:p:55-71 Template-Type: ReDIF-Article 1.0 Author-Name: Nori Katagiri Author-X-Name-First: Nori Author-X-Name-Last: Katagiri Title: Assessing Japan’s cybersecurity policy: change and continuity from 2017 to 2020 Abstract: Through close observation of Japanese cybersecurity policy between 2017 and 2020, I demonstrate that changes made to the policy during the period were kept to a modest level largely by the resilience of existing constraints on the use of force. Investigating a set of key Japanese government documents such as the Cybersecurity Strategy, National Defence Programme Guidelines and Midterm Defence Programme, I show that, while Japan did much to reduce its vulnerability to hostile cyber operations and enhance long-term security through organisational overhaul and operational redesign, the developments turned out to be more cumulative than revolutionary in nature. That is, Japan’s traditionally defensive defence posture continued to retain the restrained core of its cyber strategy, observable in the status-quo orientation of the legal system and compliance with the way the international community expects countries to behave in cyberspace. As such, I contend that structural impact will only emerge across government-led performance in the long run. The modest changes reflect Tokyo’s established preference to adopt a patchwork approach to enduring problems in cyberspace. Journal: Journal of Cyber Policy Pages: 38-54 Issue: 1 Volume: 7 Year: 2022 Month: 01 X-DOI: 10.1080/23738871.2022.2033805 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2033805 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:1:p:38-54 Template-Type: ReDIF-Article 1.0 Author-Name: Dennis Broeders Author-X-Name-First: Dennis Author-X-Name-Last: Broeders Author-Name: Els de Busser Author-X-Name-First: Els Author-X-Name-Last: de Busser Author-Name: Fabio Cristiano Author-X-Name-First: Fabio Author-X-Name-Last: Cristiano Author-Name: Tatiana Tropina Author-X-Name-First: Tatiana Author-X-Name-Last: Tropina Title: Revisiting past cyber operations in light of new cyber norms and interpretations of international law: inching towards lines in the sand? Abstract: This article traces the evolution of interpretations of international law and international cyber norms on responsible state behaviour in cyberspace by reassessing five major – and allegedly state-led – cyber operations: Stuxnet 2010; Belgacom 2013-2014, the Ukrainian power grid 2015, the US presidential election 2016, and NotPetya 2017. Taking recent normative developments and emerging state practices as primary points of refence, it investigates how the current normative landscape can shed light on the nature, (il)legitimacy, and (un)lawfulness of these past operations. For each case, the analysis engages with: i) the elements triggering the violation of norms, principles and international law; ii) the legal and normative significance of recent sources of norms and interpretations of international law; and iii) the legal and political obstacles still lying beyond their application. Taken together, the reassessment of these cyber operations reveals how, in hindsight, the international community has come a long way in calibrating its normative language and practices in calling out irresponsible behaviour in cyberspace. With states taking small, but unprecedented, steps through public attributions and statements on international law in cyberspace, most of the past cyber operations analysed here would arguably feature an attribution in the current climate. At the same time, substantial differences in national interpretations of international law continue to stand in the way of clarity on the terms of its application. In light of this, this article ultimately suggests that cyber norms and the interpretations of international law require further granularity to become ‘lines in the sand’. Journal: Journal of Cyber Policy Pages: 97-135 Issue: 1 Volume: 7 Year: 2022 Month: 01 X-DOI: 10.1080/23738871.2022.2041061 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2041061 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:1:p:97-135 Template-Type: ReDIF-Article 1.0 Author-Name: Babatunde Okunoye Author-X-Name-First: Babatunde Author-X-Name-Last: Okunoye Title: Digital identity for development should keep pace with national cybersecurity capacity: Nigeria in focus Abstract: Target 16.9 of the United Nations (UN) Sustainable Development Goals (SDGs) is the provision of legal identity for all, including birth registration by 2030. Approximately 1 billion people globally do not have basic ID credentials. To close this gap, governments in developing countries, including Nigeria, with the backing of international agencies like the World Bank, have launched digital identity schemes for residents. These schemes typically include smart cards which are required to access public and private services. The speed of implementation of these projects has come at the expense of a thorough consideration of cybersecurity and privacy. This is set against the backdrop of the rising threat of cybersecurity breaches in the world against targets such as national identity databases. This paper seeks to provide an overview of digital identity in Nigeria and use the Oxford Global Cyber Security Capacity Centre’s Cybersecurity Maturity Model Report 2019 for Nigeria to illustrate how, although progress has been made in key sectors, the implementation of the Nigeria’s digital identity programme has progressed faster than cybersecurity maturity in the country. This increases the risk of cyberattacks and opens both the national identity database and users of the digital identity to security vulnerabilities. Journal: Journal of Cyber Policy Pages: 24-37 Issue: 1 Volume: 7 Year: 2022 Month: 01 X-DOI: 10.1080/23738871.2022.2057865 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2057865 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:1:p:24-37 Template-Type: ReDIF-Article 1.0 Author-Name: Juan Jung Author-X-Name-First: Juan Author-X-Name-Last: Jung Author-Name: Angel Melguizo Author-X-Name-First: Angel Author-X-Name-Last: Melguizo Title: Rules, institutions, or both? Estimating the drivers of telecommunication investment in Latin America Abstract: This paper analyses the impact of regulation and institutions on telecommunications investment in Latin America. The investment levels of the region lag behind those of advanced economies and are impeding substantial progress on digital transformation. Using a database built for this analysis, which covers nearly 90 percent of Latin American countries for 2007–2017, we confirm the relevance of regulatory and institutional frameworks to explain investment trends in the sector. We also show that a good institutional quality contributes significantly to counteracting partially a bad regulatory environment, and vice versa. However, the impact is significantly stronger when good regulation and institutions interact, suggesting that comprehensive reforms to improve institutions and the regulatory environment would pay off. In particular, improving cybersecurity and piracy control regulation, and fighting corruption and undue influence stand out as the priorities to increase telecommunication investment in Latin America. Journal: Journal of Cyber Policy Pages: 5-23 Issue: 1 Volume: 7 Year: 2022 Month: 01 X-DOI: 10.1080/23738871.2022.2034910 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2034910 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:1:p:5-23 Template-Type: ReDIF-Article 1.0 Author-Name: The Editors Title: Vol 7.1 Editorial introduction Journal: Journal of Cyber Policy Pages: 1-4 Issue: 1 Volume: 7 Year: 2022 Month: 01 X-DOI: 10.1080/23738871.2022.2060754 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2060754 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:1:p:1-4 Template-Type: ReDIF-Article 1.0 Author-Name: Lance Y. Hunter Author-X-Name-First: Lance Y. Author-X-Name-Last: Hunter Author-Name: Craig D. Albert Author-X-Name-First: Craig D. Author-X-Name-Last: Albert Author-Name: Eric Garrett Author-X-Name-First: Eric Author-X-Name-Last: Garrett Author-Name: Josh Rutland Author-X-Name-First: Josh Author-X-Name-Last: Rutland Title: Democracy and cyberconflict: how regime type affects state-sponsored cyberattacks Abstract: A large body of research in international relations has focused on the relationship between regime type (i.e., the degree a nation is democratic or authoritarian) and traditional military conflict between states. However, to date, no research has examined how regime type affects conflict in the cyber domain. Thus, we attempt to analyze the effect regime type has on the initiation of state-sponsored cyberattacks. We examine 143 states from 2005 - 2013 utilizing cyber data on known state-sponsored cyberattacks taken from the Council on Foreign Relations Cyber Operations Tracker dataset (CFR-COTD) and economic, political, military, and social data collected by the authors. In conducting a cross-sectional, time series analysis we find that democratic institutions have a pacifying effect on the initiation of state-sponsored cyberattacks. Journal: Journal of Cyber Policy Pages: 72-94 Issue: 1 Volume: 7 Year: 2022 Month: 01 X-DOI: 10.1080/23738871.2022.2041060 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2041060 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:1:p:72-94 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2111997_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20220907T060133 git hash: 85d61bd949 Author-Name: Brandon Valeriano Author-X-Name-First: Brandon Author-X-Name-Last: Valeriano Title: The need for cybersecurity data and metrics: empirically assessing cyberthreat Abstract: Without assessment metrics and data, the cybersecurity community maintains no ability to evaluate the success or scope of operations. Calls for the collection of cybersecurity indicators are empty without strategic guidance on what indicators to collect, for what purpose, and for what method of analysis. This paper reviews the purpose, function and need for cybersecurity data and metrics with an in-depth review of United States metrics guidance offered in the National Defense Authorisation Act (NDAA) and National Institute of Standards and Technology (NIST) publications on metrics. Mission assessment is critical to evaluate the efficacy of ongoing and future cybersecurity efforts; assessments require quantitative metrics that place concrete values on indicators rather than subjective judgments. Journal: Journal of Cyber Policy Pages: 140-154 Issue: 2 Volume: 7 Year: 2022 Month: 05 X-DOI: 10.1080/23738871.2022.2111997 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2111997 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:2:p:140-154 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2116346_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20220907T060133 git hash: 85d61bd949 Author-Name: Chris Bronk Author-X-Name-First: Chris Author-X-Name-Last: Bronk Author-Name: Wm Arthur Conklin Author-X-Name-First: Wm Arthur Author-X-Name-Last: Conklin Title: Who’s in charge and how does it work? US cybersecurity of critical infrastructure Abstract: The protection of critical infrastructure (water, energy, food supply, healthcare etc.) from cyberattack has moved from a hypothetical concern to a very real one for the United States. Unfortunately, the cybersecurity for such infrastructure is provided by a multiplicity of organisations, inside and outside the US federal government. In this paper, the authors address how the US Department of Homeland Security and US Department of Defense have evolved to address the cyber critical infrastructure protection (CIP) mission and the issues that have emerged in doing so. Presented here is a description of critical infrastructure’s vulnerability to cyberattack, an assessment of relevant cybersecurity efforts by the US government, and consideration of the civilian–military issues involved in finding remedies to the problem of cybersecurity in critical infrastructure. Journal: Journal of Cyber Policy Pages: 155-174 Issue: 2 Volume: 7 Year: 2022 Month: 05 X-DOI: 10.1080/23738871.2022.2116346 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2116346 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:2:p:155-174 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2071748_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20220907T060133 git hash: 85d61bd949 Author-Name: Ayden Férdeline Author-X-Name-First: Ayden Author-X-Name-Last: Férdeline Title: The cryptopians: idealism, greed, lies, and the making of the first big cryptocurrency craze Journal: Journal of Cyber Policy Pages: 251-252 Issue: 2 Volume: 7 Year: 2022 Month: 05 X-DOI: 10.1080/23738871.2022.2071748 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2071748 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:2:p:251-252 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2071747_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20220907T060133 git hash: 85d61bd949 Author-Name: Walid Tijerina Author-X-Name-First: Walid Author-X-Name-Last: Tijerina Title: Industrial policy and governments’ cybersecurity capacity: a tale of two developments? Abstract: Are industrial policies having an impact on countries’ cybersecurity capacity across the globe? When analysing the securitisation of countries’ cyberspace, the empirical assessment of industrial policies is still rather unexplored. In parallel, scholars in the field of development have already raised their concerns regarding the risk for developing countries falling further behind vis-à-vis developed countries as a consequence of the disruptive dynamics brought forth by new technologies. Still, empirical studies that contrast the dynamics that new technologies are posing among developed and developing countries are rather scant. This paper looks to contribute to the empirical literature by assessing the role of industrial policy in cyber-related challenges through a cross-country OLS estimation model. Results show that industrial policies are having a significant impact across countries’ cyber capacities and that, moreover, there is an interactive relationship between countries’ cybersecurity capacities and R&D efforts once development values are controlled. Journal: Journal of Cyber Policy Pages: 194-212 Issue: 2 Volume: 7 Year: 2022 Month: 05 X-DOI: 10.1080/23738871.2022.2071747 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2071747 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:2:p:194-212 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2125331_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20220907T060133 git hash: 85d61bd949 Author-Name: Lokendra Sharma Author-X-Name-First: Lokendra Author-X-Name-Last: Sharma Title: Four internets: data, geopolitics, and the governance of cyberspace Journal: Journal of Cyber Policy Pages: 249-250 Issue: 2 Volume: 7 Year: 2022 Month: 05 X-DOI: 10.1080/23738871.2022.2125331 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2125331 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:2:p:249-250 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2131449_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20220907T060133 git hash: 85d61bd949 Author-Name: The Editors Title: Vol 7.2 Editorial Introduction Journal: Journal of Cyber Policy Pages: 137-139 Issue: 2 Volume: 7 Year: 2022 Month: 05 X-DOI: 10.1080/23738871.2022.2131449 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2131449 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:2:p:137-139 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2116345_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20220907T060133 git hash: 85d61bd949 Author-Name: Sico van der Meer Author-X-Name-First: Sico Author-X-Name-Last: van der Meer Title: Responding to large-scale cyberattacks: a toolbox for policymakers Abstract: This article explores the response options available to states experiencing a large-scale cyberattack from abroad, as well as the potential benefits and risks of these policy tools. The aim is to develop a toolbox for policymakers searching for effective responses. The policy options are split into two groups: those aimed at attacks by state actors; and those aimed at attacks by non-state actors. While the benefit of most response options is deterring new cyberattacks to some extent, many also bear a risk of escalation. The article indicates that carefully deliberating the pros and cons of any option is crucial, and that most of them can only be applied if effective attribution capabilities are available. Journal: Journal of Cyber Policy Pages: 175-193 Issue: 2 Volume: 7 Year: 2022 Month: 05 X-DOI: 10.1080/23738871.2022.2116345 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2116345 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:2:p:175-193 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2083976_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20220907T060133 git hash: 85d61bd949 Author-Name: Bryan James Nakayama Author-X-Name-First: Bryan James Author-X-Name-Last: Nakayama Title: Information vs the cyberspace domain Abstract: Faced with ongoing large-scale cyber espionage and the rising prominence of information operations targeting social media, the cyber conflict scholarship has entered into a renewed debate over how to characterise the role and place of cyberspace conflict in broader patterns of international security. In response to these empirical challenges, this paper argues that the current scholarship is limited because it uses the ‘cyberspace domain’ – a doctrinal concept originating in the U.S. military – as a conceptual foundation. This paper argues that the cyberspace domain should be replaced with a holistic conception of "information competition" of which there are three paradigms: cyberspace domain, mixed, and information. All states seek to intervene in the flow and storage of information across domestic and international contexts; information competition is better able to capture information-related interactions between states and observed empirical variation in how states approach information technology and conflict. For example, China and Russia centre ‘information’ as the core organising framework for their approach to information technology and conflict. This paper also demonstrates how an information competition framework better clarifies the role that the U.S. has played in shaping Russian and Chinese approaches to information competition. Journal: Journal of Cyber Policy Pages: 213-229 Issue: 2 Volume: 7 Year: 2022 Month: 05 X-DOI: 10.1080/23738871.2022.2083976 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2083976 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:2:p:213-229 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2081089_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20220907T060133 git hash: 85d61bd949 Author-Name: Melissa-Ellen Dowling Author-X-Name-First: Melissa-Ellen Author-X-Name-Last: Dowling Title: Cyber information operations: Cambridge Analytica’s challenge to democratic legitimacy Abstract: In an era of digital governance, liberal democracy is rapidly transforming to leverage new information technologies as well as contend with them. However, the digitisation of democracy is not without vulnerability. Digitisation has enabled non-state information operations actors (IOAs) to interfere with democratic processes at an unprecedented level and jeopardise the legitimacy of democratic decision-making. One of the first IOAs to digitally interfere in elections was Cambridge Analytica. While some commentators have acknowledged the potential harm that Cambridge Analytica posed to democracy, we are yet to fully understand how the quality of legitimacy, as a crucial component of democracy, can be eroded by non-state IOAs’ electoral interference. The paper explores the growing digital threat landscape to offer scholars a new way of thinking about political campaigning as a vector of electoral interference and deepen conceptualizations of input legitimacy. Adopting a case-study approach, I apply theories of political legitimacy alongside democratic theory to analyse the ways in which Cambridge Analytica challenged three axioms of liberal democracy pertinent to decision-making – participation, pluralism and enlightened understanding – and provide policy recommendations for mitigating the threat to democratic legitimacy. Journal: Journal of Cyber Policy Pages: 230-248 Issue: 2 Volume: 7 Year: 2022 Month: 05 X-DOI: 10.1080/23738871.2022.2081089 File-URL: http://hdl.handle.net/10.1080/23738871.2022.2081089 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:2:p:230-248 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2192227_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20230119T200553 git hash: 724830af20 Author-Name: Nori Katagiri Author-X-Name-First: Nori Author-X-Name-Last: Katagiri Title: The soft underbelly of cyber defence in democracy: how interest groups soften Japan’s cyber policy Abstract: This article investigates the impact that interest groups exert on the cybersecurity strategy of democratic countries. My findings are twofold. First, interest groups have shaped the strategy of many democracies by promoting transparency and civil rights as well as through open debate and policy scrutiny. They have consolidated their role as guardians of institutional accountability. They have subjected lawmakers to the power of the electoral majority to veto offensive policy and demanded that government officials comply with international rules of behaviour. Second, I explore interest groups in mature democracies in the United States, Europe and Japan to show that the national response to cyber threats is broadly shaped by interest groups working closely with the government to ensure that its policy remain within the general framework of a larger, vibrant civil society. Specifically, I demonstrate these points by using Japan as a case study. Japanese interest groups have acknowledged that cyberattacks pose a threat to Japanese consumers and opposed the adoption of radical policy to counter them. Japan's case indicates how interest groups can promote voters' preferences through the advocacy of privacy protection and the collective opposition to constitutional revision that is needed for radical policy. Journal: Journal of Cyber Policy Pages: 336-352 Issue: 3 Volume: 7 Year: 2022 Month: 09 X-DOI: 10.1080/23738871.2023.2192227 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2192227 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:3:p:336-352 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2178318_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20230119T200553 git hash: 724830af20 Author-Name: Anthony J. S. Craig Author-X-Name-First: Anthony J. S. Author-X-Name-Last: Craig Author-Name: Richard A. I. Johnson Author-X-Name-First: Richard A. I. Author-X-Name-Last: Johnson Author-Name: Max Gallop Author-X-Name-First: Max Author-X-Name-Last: Gallop Title: Building cybersecurity capacity: a framework of analysis for national cybersecurity strategies Abstract: States propose a range of policies to combat cyber threats. This article explores the approaches they take to build cybersecurity preparedness through a content analysis of the national cybersecurity strategies of 83 nation-states. We introduce a new typology for cybersecurity policies which conceptualises them according to their international versus domestic and collaborative versus non-collaborative focus. We describe trends in the content of these documents and discuss the policy implications of our findings. Journal: Journal of Cyber Policy Pages: 375-398 Issue: 3 Volume: 7 Year: 2022 Month: 09 X-DOI: 10.1080/23738871.2023.2178318 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2178318 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:3:p:375-398 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2192234_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20230119T200553 git hash: 724830af20 Author-Name: Tim Hall Author-X-Name-First: Tim Author-X-Name-Last: Hall Author-Name: Ulrike Ziemer Author-X-Name-First: Ulrike Author-X-Name-Last: Ziemer Title: Exploring the relationship between IT development, poverty and cybercrime: an Armenia case study Abstract: This paper explores the relationship between IT development, regional poverty, and cybercrime, through the case of Armenia. Armenia was selected as it is a former Soviet state that has sought to promote the development of its IT sector in recent years, which has occurred within a context of widespread regional poverty. The paper acknowledges the potentially cyber-criminogenic interactions between developed socio-technological and impoverished legitimate economic conditions, that the literature has noted in several high cybercrime nations. It then examines the case of Armenia by exploring potentially cyber-criminogenic conditions there and by constructing an overview of economic cybercrime trends in Armenia since 2010. The paper finds that, despite the promotion of IT development within the context of regional poverty, cybercrime in Armenia remains low. It explores, through a series of expert interviews, characteristics of the IT sector in Armenia that have mitigated against the cyber-criminogenic interactions between these two conditions. Finally, it identifies potentially transferable policy lessons, wider theoretical implications, and avenues of future research that emerge from this case. Journal: Journal of Cyber Policy Pages: 353-374 Issue: 3 Volume: 7 Year: 2022 Month: 09 X-DOI: 10.1080/23738871.2023.2192234 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2192234 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:3:p:353-374 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2178946_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20230119T200553 git hash: 724830af20 Author-Name: Courtney J. Fung Author-X-Name-First: Courtney J. Author-X-Name-Last: Fung Title: China’s use of rhetorical adaptation in development of a global cyber order: a case study of the norm of the protection of the public core of the internet Abstract: How does China shape a global information order, regarding the norms and institutions that manage cyberspace? Cyber norms are the preferred tool to govern cyberspace given the rapidity of technological change. China’s advances ‘cyber sovereignty’ (wangluo zhuquan) norms to reorient internet governance to the United Nations and specialist state-led international fora and emphasise the dominant position of the state regarding information management. The paper uses a critical case study of a foundational cyber norm: the protection of the public core of the internet, which focuses on ‘safeguarding the functionality and integrity of the core logical and physical infrastructure of the internet from unwarranted state interventions’ (Broeders 2017a). Using descriptive research drawing from primary and secondary sources in Chinese and English languages, I highlight China’s use of rhetorical adaptation – a strategy and set of tactics that simultaneously modify norm content while also deflecting and reducing critiques of norm obstructionism to modify cyber norms. China’s use of rhetorical adaptation renovates norm content by centring the state as the public core of the internet that must be protected – in short internet infrastructure security is in service to state security. Journal: Journal of Cyber Policy Pages: 256-274 Issue: 3 Volume: 7 Year: 2022 Month: 09 X-DOI: 10.1080/23738871.2023.2178946 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2178946 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:3:p:256-274 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2184708_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20230119T200553 git hash: 724830af20 Author-Name: Gil Baram Author-X-Name-First: Gil Author-X-Name-Last: Baram Title: A sliding scale of secrecy: toward a better understanding of the role of publicity in offensive cyber operations Abstract: In recent years, offensive cyber operations are becoming another tool among many in the diplomatic toolbox of states, with countries discussing cyberattacks more openly than before. This change in practice from covertness to openness warrants a closer look at the interests and motivations of countries in ‘going public’.This paper offers a conceptual framework for understanding why attackers and defenders might choose publicity over secrecy, and analyzes the possible outcomes of choosing each. The framework is examined through a series of mutual cyberattacks and intrusions between Iran and Israel during 2020–2021 serving as an illustrative case study.The research demonstrates that each strategy along the axis spanning from silence to full publicity and attribution is enabled by, or serves, a particular set of circumstances on both the defender and attacker’s sides. Each combination reflects a particular dynamic, demonstrating that the choice of strategy is more evolved than an outdated silence-or-publicity perception. Journal: Journal of Cyber Policy Pages: 275-293 Issue: 3 Volume: 7 Year: 2022 Month: 09 X-DOI: 10.1080/23738871.2023.2184708 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2184708 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:3:p:275-293 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2193606_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20230119T200553 git hash: 724830af20 Author-Name: Elia Duran-Smith Author-X-Name-First: Elia Author-X-Name-Last: Duran-Smith Title: Cyber Threats and Nuclear Weapons Journal: Journal of Cyber Policy Pages: 399-400 Issue: 3 Volume: 7 Year: 2022 Month: 09 X-DOI: 10.1080/23738871.2023.2193606 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2193606 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:3:p:399-400 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2178319_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20230119T200553 git hash: 724830af20 Author-Name: Donald F. Norris Author-X-Name-First: Donald F. Author-X-Name-Last: Norris Author-Name: Laura K. Mateczun Author-X-Name-First: Laura K. Author-X-Name-Last: Mateczun Title: Cyberattacks on local governments 2020: findings from a key informant survey Abstract: Based on empirical data from a survey that we conducted in 2020 of key informants in local governments (CIOs, CISOs, and IT Directors), this paper examines patterns of cyberattacks, types of attackers, the frequencies of incidents and breaches of local government IT systems, and purposes of attacks. The paper also examines whether and to what extend local governments offer cybersecurity awareness training to their officials and staff and whether a nexus exists between training and these persons support for cybersecurity in their governments. Throughout the paper, we compare data from the 2020 survey with data from a nationwide local government cybersecurity survey that a team that included the authors conducted in 2016. We conclude with recommendations to local governments to improve their practice and management of cybersecurity in their organisations. Journal: Journal of Cyber Policy Pages: 294-317 Issue: 3 Volume: 7 Year: 2022 Month: 09 X-DOI: 10.1080/23738871.2023.2178319 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2178319 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:3:p:294-317 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2198545_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20230119T200553 git hash: 724830af20 Author-Name: The Editors Title: Editorial introduction Journal: Journal of Cyber Policy Pages: 253-255 Issue: 3 Volume: 7 Year: 2022 Month: 09 X-DOI: 10.1080/23738871.2023.2198545 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2198545 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:3:p:253-255 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2167607_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20230119T200553 git hash: 724830af20 Author-Name: Robert Siudak Author-X-Name-First: Robert Author-X-Name-Last: Siudak Title: Cybersecurity discourses and their policy implications Abstract: Since the end of the twentieth century, cybersecurity has become present in multiple sectoral debates in various fields and communities. This makes digital security a highly polysemantic domain. Simply put, there is no single universal understanding of cybersecurity. This paper analyses how different discourses on cybersecurity impact the policies and regulations introduced at the nation-state level. Taking the case study of Poland, it looks at the social and political dynamics between 2008 and 2020. Results indicate that two specific discourses on cybersecurity have been the most influential in terms of impact on public policy – technical and national security. The dominant role of the aforementioned narratives significantly limited the importance of cybercrime topics on the political agenda. Journal: Journal of Cyber Policy Pages: 318-335 Issue: 3 Volume: 7 Year: 2022 Month: 09 X-DOI: 10.1080/23738871.2023.2167607 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2167607 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:7:y:2022:i:3:p:318-335 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2281675_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20231214T103247 git hash: d7a2cb0857 Author-Name: Sarah Backman Author-X-Name-First: Sarah Author-X-Name-Last: Backman Title: Normal cyber accidents Abstract: Several of the most serious cyber incidents affecting critical infrastructure to date have been the result of collateral damage, indirect effects, malware that ‘escaped’ their intended target and/or incontrollable malware proliferation. This tendency has so far been under-explored in the International Relations (IR) literature, and its potential implications largely overlooked. By focusing on the role of socio-technical system dynamics, this article aims to contribute to advancing our understanding of collateral (incidental) damage and unexpected consequences connected to offensive cyber operations. More specifically, it introduces an analytical framework based on Normal Accidents (NA) theory. The framework highlights dynamics which make complex systems more difficult to analyse and more prone to cascading failures. Its application is explored using in-depth interviews and empirical case examples of large-scale cyber incidents. The results highlight the difficulty of achieving controlled and precise effects when disrupting components in complex systems. The article concludes with a discussion on the need for renewed attention to escalatory risks connected to destructive offensive cyber. Journal: Journal of Cyber Policy Pages: 114-130 Issue: 1 Volume: 8 Year: 2023 Month: 01 X-DOI: 10.1080/23738871.2023.2281675 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2281675 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:1:p:114-130 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2238712_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20231214T103247 git hash: d7a2cb0857 Author-Name: W. Alec Cram Author-X-Name-First: W. Alec Author-X-Name-Last: Cram Author-Name: Jonathan Yuan Author-X-Name-First: Jonathan Author-X-Name-Last: Yuan Title: Out with the old, in with the new: examining national cybersecurity strategy changes over time Abstract: The development and implementation of a national cybersecurity strategy (NCS) is becoming increasingly common for countries around the world that seek to define an approach for addressing their cybersecurity risks. Although past research has sought to classify the individual characteristics contained within an NCS, it remains unclear how the core content within a strategy evolves over time in the face of new cyberthreats and fluctuating priorities. By better understanding such changes (and their underlying drivers), policymakers can be increasingly attuned to essential NCS updates and citizens can more readily evaluate the adequacy of their country’s plans. This study examines multiple NCS versions in Canada, the United Kingdom and Australia using a qualitative, content analysis approach. Our results point to four core themes that characterise NCS stability and change over time. Based on our observations, we articulate several theoretical propositions and outline a plan for future research. Journal: Journal of Cyber Policy Pages: 26-47 Issue: 1 Volume: 8 Year: 2023 Month: 01 X-DOI: 10.1080/23738871.2023.2238712 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2238712 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:1:p:26-47 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2250358_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20231214T103247 git hash: d7a2cb0857 Author-Name: Harriet Moynihan Author-X-Name-First: Harriet Author-X-Name-Last: Moynihan Title: Unpacking due diligence in cyberspace Abstract: There is controversy as to whether due diligence in cyberspace is required as the result of a general rule in international law – namely, that States must not allow their territory to be used for acts contrary to the rights of other States – or because of a voluntary norm of responsible State behaviour, i.e. something that is expected but not legally required.This paper analyses the legal status and content of due diligence in the cyber context, including with reference to position statements published by a growing number of States on these issues.The paper also considers what due diligence measures are expected of States as a matter of policy, in order for them to act responsibly to tackle – on their own territory – malicious cyber activity that may have harmful effects in the territory of other States. The article concludes with recommendations – including that the debate on legal status should not hinder discussion on the implementation of stronger standards on due diligence as a matter of policy. Those standards should be the focus of the discussions on due diligence in the UN’s Open-Ended Working Group on developments in the field of information and telecommunications (OEWG). Journal: Journal of Cyber Policy Pages: 4-25 Issue: 1 Volume: 8 Year: 2023 Month: 01 X-DOI: 10.1080/23738871.2023.2250358 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2250358 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:1:p:4-25 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2284233_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20231214T103247 git hash: d7a2cb0857 Author-Name: Andrew Cormack Author-X-Name-First: Andrew Author-X-Name-Last: Cormack Author-Name: Éireann Leverett Author-X-Name-First: Éireann Author-X-Name-Last: Leverett Title: Patchy incentives: using law to encourage effective vulnerability response Abstract: Data breach reports suggest that managing patches is hard: too many major incidents are caused by well-known software vulnerabilities with available fixes. Legal sanctions – from mandates to liability – apparently have limited effect. This paper discusses how an effective vulnerability response process can help software users allocate their remediation effort to minimise overall risk and disruption. We analyse laws and regulations on liability, product quality and patching mandates to see why they fail to promote good practice. Recent cases under privacy laws highlight features that make risk-based patching a better basis for system managers, executives and regulators to agree a common approach to effective vulnerability response. Journal: Journal of Cyber Policy Pages: 88-113 Issue: 1 Volume: 8 Year: 2023 Month: 01 X-DOI: 10.1080/23738871.2023.2284233 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2284233 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:1:p:88-113 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2283598_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20231214T103247 git hash: d7a2cb0857 Author-Name: The Editors Title: Editorial introduction – Vol 8.1 Journal: Journal of Cyber Policy Pages: 1-3 Issue: 1 Volume: 8 Year: 2023 Month: 01 X-DOI: 10.1080/23738871.2023.2283598 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2283598 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:1:p:1-3 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2282688_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20231214T103247 git hash: d7a2cb0857 Author-Name: Sally K. Burt Author-X-Name-First: Sally K. Author-X-Name-Last: Burt Title: President Obama and China: cyber diplomacy and strategy for a new era Abstract: President Obama was a cyber president. He understood the importance of cybersecurity and its implications for national security. Cyber issues were a major focus of Sino-US relations during his time in office. There was, however, a notable shift in the approach that the US took in its engagement in cyber diplomacy with China between Obama’s first (2009–2012) and second terms (2013–2016). It is important to understand why this shift occurred. Examining Sino-US cyber diplomacy in isolation will not provide the answers. There is a need to understand the broader context of Sino-US relations and what was occurring in more traditional diplomacy to get a more complete picture of the situation, particularly the impact of the pivot that occurred in late 2011. Despite the complexities of modern international relations and the difficulties of integrating cyber strategy and policy with broader Grand Strategy, it is important to examine how this was done. Analysing the example of Sino-US relations during Obama’s time in office demonstrates some important lessons for how cyber diplomacy cannot be isolated from the broader diplomatic context of a relationship, but needs to be analysed in the context of its integration into broader Grand Strategy. Journal: Journal of Cyber Policy Pages: 48-66 Issue: 1 Volume: 8 Year: 2023 Month: 01 X-DOI: 10.1080/23738871.2023.2282688 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2282688 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:1:p:48-66 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2237522_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20231214T103247 git hash: d7a2cb0857 Author-Name: Julia Cournoyer Author-X-Name-First: Julia Author-X-Name-Last: Cournoyer Title: Original sin: power, technology and war in outer space Journal: Journal of Cyber Policy Pages: 133-134 Issue: 1 Volume: 8 Year: 2023 Month: 01 X-DOI: 10.1080/23738871.2023.2237522 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2237522 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:1:p:133-134 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2237981_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20231214T103247 git hash: d7a2cb0857 Author-Name: Sachin Tiwari Author-X-Name-First: Sachin Author-X-Name-Last: Tiwari Title: Atlas of AI: power, politics and the planetary costs of artificial intelligence Journal: Journal of Cyber Policy Pages: 131-133 Issue: 1 Volume: 8 Year: 2023 Month: 01 X-DOI: 10.1080/23738871.2023.2237981 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2237981 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:1:p:131-133 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2249008_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20231214T103247 git hash: d7a2cb0857 Author-Name: Callum J. Harvey Author-X-Name-First: Callum J. Author-X-Name-Last: Harvey Author-Name: Christopher L. Moore Author-X-Name-First: Christopher L. Author-X-Name-Last: Moore Title: Cyber statecraft by net states: the case of Meta, 2016–2021 Abstract: Comparisons of social media companies and their platforms to states have become common as their size, reach and influence continues to expand. While such comparisons are usually metaphoric, the identification of 'net states' as state-like cyber actors calls for a closer inspection of the concept. While it is clear that 'net states' are not states in the traditional sense, it is also apparent that greater analytic depth is required to examine precisely how these actors become state-like. This paper argues that the state-like nature of actors in cyberspace can be best framed and perceived through the use of actor-network theory, specifically the sociology of translation. In a case study of Meta Platforms, we examine the net state as a model for mapping cyber statecraft through material and social relations to provide an understanding of how cyber actors build state-like relations with other actors. This research encourages an interdisciplinary approach combining international relations, cybercultural and actor-network theory, and highlights how cyber statecraft is attempted by actors other than states. Journal: Journal of Cyber Policy Pages: 67-87 Issue: 1 Volume: 8 Year: 2023 Month: 01 X-DOI: 10.1080/23738871.2023.2249008 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2249008 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:1:p:67-87 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2310030_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20240209T083504 git hash: db97ba8e3a Author-Name: Joyce Hakmeh Author-X-Name-First: Joyce Author-X-Name-Last: Hakmeh Title: Introduction from the editor Journal: Journal of Cyber Policy Pages: 135-136 Issue: 2 Volume: 8 Year: 2023 Month: 05 X-DOI: 10.1080/23738871.2024.2310030 File-URL: http://hdl.handle.net/10.1080/23738871.2024.2310030 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:2:p:135-136 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2294759_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20240209T083504 git hash: db97ba8e3a Author-Name: Georgia Osborn Author-X-Name-First: Georgia Author-X-Name-Last: Osborn Author-Name: Nathan Alan Author-X-Name-First: Nathan Author-X-Name-Last: Alan Title: Web 3 disruption and the domain name system: understanding the trends of blockchain domain names and the policy implications Abstract: Blockchain or Web3 technology has the potential to disrupt the everyday use of the internet. The polarized discussion around blockchain technology makes it notoriously difficult to navigate between the opposing narratives of blockchain evangelists and skeptics. This article provides a data–led approach to blockchain domain names, a rapidly growing trend that is currently non–interoperable with the Domain Name System. Alternative DNS roots have previously not become popular due to the lack of supporting browsers. Blockchain domain names could offer an exciting prospect of a decentralized and novel way to manage online naming and addressing according to one view, others regard them as insignificant and undeserving of attention. This study explores their burgeoning growth, assesses the challenges of blockchain domain names and provides five recommendations to address them. A pragmatic response should be adopted to blockchain domain name as, even if it is not clear that blockchain domain names solve any problems not currently solved by the DNS, the registrations continue to rise. Furthermore, the technologies will continue to advance, and due to the decentralized nature of the blockchain, developments or changes can be more rapidly implemented than within the DNS. Journal: Journal of Cyber Policy Pages: 142-164 Issue: 2 Volume: 8 Year: 2023 Month: 05 X-DOI: 10.1080/23738871.2023.2294759 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2294759 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:2:p:142-164 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2287116_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20240209T083504 git hash: db97ba8e3a Author-Name: Niamh Healy Author-X-Name-First: Niamh Author-X-Name-Last: Healy Title: Cloud empires: how digital platforms are overtaking the state and how we can regain control Journal: Journal of Cyber Policy Pages: 277-279 Issue: 2 Volume: 8 Year: 2023 Month: 05 X-DOI: 10.1080/23738871.2023.2287116 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2287116 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:2:p:277-279 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2286271_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20240209T083504 git hash: db97ba8e3a Author-Name: Derrick L. Cogburn Author-X-Name-First: Derrick L. Author-X-Name-Last: Cogburn Author-Name: Theodore Andrew Ochieng Author-X-Name-First: Theodore Andrew Author-X-Name-Last: Ochieng Author-Name: Haiman M. Wong Author-X-Name-First: Haiman M. Author-X-Name-Last: Wong Title: Towards an understanding of global ‘private ordering’ in ICANN: text mining 23 years of Uniform Domain-Name Dispute-Resolution Policy (UDRP) Decisions Abstract: To assess the prospect of the ICANN Uniform Domain-Name Dispute Resolution Policy (UDRP) enabling global ‘private ordering’ for domain-name disputes, this study analyses textual data from 75,590 UDRP complaints involving 142,423 domain names. Using data provided by DNS Research Federation’s Data Analytics Platform (DAP.Live), we ask three major research questions: To what extent does the UDRP process differ between resolution bodies? What are the most prevalent themes as represented by keywords and topics? To what extent have these topics changed over time? Using descriptive statistics and a series of inductive text-mining techniques (term-frequency, term frequency-inverse document frequency, and topic modelling), we find substantial evidence for the ongoing stability of the UDRP. Case growth has continued since 2000. There is strong global support for two of the six DRSPs, WIPO and NAF. Average decision time varies substantially by DRSP with WIPO at 63 days and CAC at 36. Panelists heavily employ precedent when adjudicating complaints. Trademark holders continue to dominate the process, winning about 90% of complaints; however, successfully contested cases show strong UDRP jurisprudence supporting non-trademark holders. Topic models created capture both abstract (jurisprudential) and concrete (cybercrime) concepts and show spikes in cybercrime during COVID-19. Journal: Journal of Cyber Policy Pages: 186-217 Issue: 2 Volume: 8 Year: 2023 Month: 05 X-DOI: 10.1080/23738871.2023.2286271 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2286271 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:2:p:186-217 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2308209_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20240209T083504 git hash: db97ba8e3a Author-Name: Mark W. Datysgeld Author-X-Name-First: Mark W. Author-X-Name-Last: Datysgeld Title: Establishing baseline criteria for the mitigation of the illegitimate sale of health-related products using the DNS Abstract: There is no unified framework or accepted set of recommendations concerning the sale of health-related products online, which negatively impacts the most vulnerable populations. We propose the DNS as an avenue for advancing solutions via the broader DNS community, outside ICANN’s remit. The existing mechanisms available to curb malicious action are inconsistent due to a combination of jurisdictional conflicts and a lack of guidelines, and the establishment of baseline criteria would lay the groundwork for regulation and the creation of relevant Trusted Notifiers. The current status quo hinders legitimate online pharmacies while facilitating illegitimate operations. Our scope is limited to legal medicines, focusing on medicines requiring a medical prescription. Making use of the DNS in this manner may be a blunt tool, but it is effective if used in a measured manner to stop threats to human safety. We conclude by proposing that there are recommendations that can be transposed to the online world to help assess actor legitimacy, with the following initial criteria: requirement of a valid prescription; requirement of a licensed pharmacist on staff; clear indication of the country in which the pharmacy is based; and limited dispensing of controlled substances. Journal: Journal of Cyber Policy Pages: 257-276 Issue: 2 Volume: 8 Year: 2023 Month: 05 X-DOI: 10.1080/23738871.2024.2308209 File-URL: http://hdl.handle.net/10.1080/23738871.2024.2308209 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:2:p:257-276 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2290057_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20240209T083504 git hash: db97ba8e3a Author-Name: Carolina Aguerre Author-X-Name-First: Carolina Author-X-Name-Last: Aguerre Title: The legacies of long tail and the unfolding of consolidation and concentration in the top-level domain sector Abstract: This paper addresses the evolution of the generic TLD sector against the backdrop of changes introduced by ICANN with the expansion of the TLD space in 2012 and the relaxation of rules concerning structural separation between registries and registrars. From a business and technical perspective, the market moves that have taken place can be described as part of a long tail effect. This is relevant, for policy and theoretical reasons, to inform possible future rounds of new TLDs but also to integrate this issue into broader competition policy and diversity concerns. Has market concentration and consolidation increased in the DNS registry and registrar sector? What are the consequences of the new TLD programme from a diversity perspective? The work undertakes statistical analysis from several databases and desk research to develop a ten-year mapping. The potential implications of increased consolidation trends loom over the DNS registry and registrar field. The capacity to challenge some of these features in the TLD sector needs more than the prevailing market rules. Increased political commitments should be undertaken, at least to uphold geographic and linguistic diversity in this scenario. Journal: Journal of Cyber Policy Pages: 218-238 Issue: 2 Volume: 8 Year: 2023 Month: 05 X-DOI: 10.1080/23738871.2023.2290057 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2290057 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:2:p:218-238 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2312922_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20240209T083504 git hash: db97ba8e3a Author-Name: James Burrell Author-X-Name-First: James Author-X-Name-Last: Burrell Title: Special issue on domain name system (DNS) Journal: Journal of Cyber Policy Pages: 137-141 Issue: 2 Volume: 8 Year: 2023 Month: 05 X-DOI: 10.1080/23738871.2024.2312922 File-URL: http://hdl.handle.net/10.1080/23738871.2024.2312922 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:2:p:137-141 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2238723_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20240209T083504 git hash: db97ba8e3a Author-Name: Samuel Bashfield Author-X-Name-First: Samuel Author-X-Name-Last: Bashfield Author-Name: James Mortensen Author-X-Name-First: James Author-X-Name-Last: Mortensen Title: Self-regulation, internet domains and Indian Ocean territories Abstract: In this article we survey the digital geography of seven Indian Ocean overseas territories. We examine the country code Top-Level Domains (ccTLD) of Australia (.cc – Cocos (Keeling) Islands,.cx – Christmas Island and.hm – Heard and McDonald Islands), Britain (.io – British Indian Ocean Territory) and France (.re – Réunion,.yt – Mayotte and.tf – French Southern and Antarctic Lands). We find there exists divides between the management of digital geography between differing colonial inheritances – broadly, that islands historically tied to the Anglophone states are managed by the private sector, and those that are Francophone are managed with far more central government oversight. This difference has implications for ccTLD use, disputes and who benefits from domain sale profits. We assert these administrative differences are due to France's active and conscious involvement in the internet administration of its territories, an important difference given the importance of self-regulation in current ccTLD management. Journal: Journal of Cyber Policy Pages: 165-185 Issue: 2 Volume: 8 Year: 2023 Month: 05 X-DOI: 10.1080/23738871.2023.2238723 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2238723 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:2:p:165-185 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2295937_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20240209T083504 git hash: db97ba8e3a Author-Name: Roxana Radu Author-X-Name-First: Roxana Author-X-Name-Last: Radu Title: DNS4EU: a step change in the EU’s strategic autonomy? Abstract: The Domain Name System (DNS) is vital to the internet, enabling everyday uses such as browsing, emailing and chatting. One function in particular – the DNS resolution, performed by resolver operators – allows us to reach what we are looking for online. The market of recursive resolution is highly dynamic and is currently shifting towards open or public resolvers, which tend to belong to large tech companies. In 2022, the European Commission launched the DNS4EU initiative, which established a European resolver as part of the new EU cybersecurity strategy, in order to respond to the resilience, security and privacy needs of the union. This article provides a comprehensive analysis of the DNS4EU project, which provided seed funding to a European competitor in a market increasingly dominated by non-EU players. As a critical infrastructure service, the DNS4EU represents one of the first concrete steps towards enhancing the strategic autonomy of the union. But it also constitutes an unprecedented public intervention in a largely private market relying on voluntary adoption. This article contextualises the DNS4EU initiative, outlining both advantages and limitations of the European strategy and related tender process and implementation plan, concluding with a discussion on the future of DNS resolution. Journal: Journal of Cyber Policy Pages: 239-256 Issue: 2 Volume: 8 Year: 2023 Month: 05 X-DOI: 10.1080/23738871.2023.2295937 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2295937 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:2:p:239-256 Template-Type: ReDIF-Article 1.0 # input file: RCYB_A_2316406_J.xml processed with: repec_from_jats12.xsl darts-xml-transformations-20240209T083504 git hash: db97ba8e3a Author-Name: The Editors Title: Correction Journal: Journal of Cyber Policy Pages: I-II Issue: 2 Volume: 8 Year: 2023 Month: 05 X-DOI: 10.1080/23738871.2023.2316406 File-URL: http://hdl.handle.net/10.1080/23738871.2023.2316406 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:rcybxx:v:8:y:2023:i:2:p:I-II