Search

You searched for: Publishing Institution Center for International and Security Studies at Maryland (CISSM) Remove constraint Publishing Institution: Center for International and Security Studies at Maryland (CISSM) Political Geography United States Remove constraint Political Geography: United States Publication Year within 3 Years Remove constraint Publication Year: within 3 Years Topic Cybersecurity Remove constraint Topic: Cybersecurity
Number of results to display per page

Search Results

  • Author: Charles Harry, Nancy Gallagher
  • Publication Date: 02-2018
  • Content Type: Working Paper
  • Institution: Center for International and Security Studies at Maryland (CISSM)
  • Abstract: Publicity surrounding the threat of cyber-attacks continues to grow, yet immature classification methods for these events prevent technical staff, organizational leaders, and policy makers from engaging in meaningful and nuanced conversations about the risk to their organizations or critical infrastructure. This paper provides a taxonomy of cyber events that is used to analyze over 2,431 publicized cyber events from 2014-2016 by industrial sector. Industrial sectors vary in the scale of events they are subjected to, the distribution between exploitive and disruptive event types, and the method by which data is stolen or organizational operations are disrupted. The number, distribution, and mix of cyber event types highlight significant differences by sector, demonstrating that strategies may vary based on deeper understandings of the threat environment faced across industries. EXPLORE:
  • Topic: Security, Science and Technology, Cybersecurity
  • Political Geography: United States, Washington, D.C.
  • Author: Nancy Gallagher, Theresa Hitchens
  • Publication Date: 03-2018
  • Content Type: Working Paper
  • Institution: Center for International and Security Studies at Maryland (CISSM)
  • Abstract: As use of the Internet has become critical to global economic development and international security, there is near-unanimous agreement on the need for more international cooperation to increase stability and security in cyberspace. Several multilateral initiatives over the last five years have begun to spell out cooperative measures, norms of behavior, and transparency and confidence-building measures (TCBMs) that could help improve mutual cybersecurity. These efforts have been painstakingly slow, and some have stalled due to competing interests. Nonetheless, a United Nations (UN) Group of Governmental Experts (GGE) and the Organization for Cooperation and Security in Europe (OSCE) have achieved some high-level agreement on principles, norms, and “rules of the road” for national Internet activities and transnational cyber interactions. Their agreements include commitments to share more information, improve national protective capacities, cooperate on incident response, and restrain certain destabilizing state practices. Voluntary international agreements are worth little, unless states implement their commitments. So far, implementation has been crippled by vague language, national security considerations, complex relations between public and private actors in cyberspace, and privacy concerns. This is particularly true regarding the upfront sharing of information on threats and the willingness of participants to cooperate on incident investigations, including identifying perpetrators. With multilateral forums struggling to find a way forward with norm-setting and implementation, alternate pathways are needed to protect and build on what has been accomplished so far. Different strategies can help advance implementation of measures in the UN and OSCE agreements. Some commitments, such as establishing and sharing information about national points of contact, are best handled unilaterally or through bilateral or regional inter-governmental cooperation. Other objectives, such as protecting the core architecture and functions of the Internet that support trans-border critical infrastructure and underpin the global financial system, require a multi-stakeholder approach that includes not only governments but also private sector service providers, academic experts, and nongovernmental organizations. This paper compares what the GGE and OSCE norm-building processes have achieved so far and what disagreements have impeded these efforts. It identifies several priorities for cooperation identified by participants in both forums. It also proposes three practical projects related to these priorities that members of regional or global organizations might be able to work on together despite political tensions and philosophical disputes. The first would help state and non-state actors share information and communicate about various types of cybersecurity threats using a flexible and intuitive effects-based taxonomy to categorize cyber activity. The second would develop a more sophisticated way for state and non-state actors to assess the risks of different types of cyber incidents and the potential benefits of cooperation. The third would identify aspects of the Internet that might be considered the core of a public utility, worthy of special protection in their own right and for their support of trans-border critical infrastructure.
  • Topic: International Cooperation, United Nations, Infrastructure, Cybersecurity
  • Political Geography: United States, Europe