Search results
1 – 10 of 582This paper aims to manage the dilemma of cyberspace operations, as the incidence of cybercrimes has increased tremendously in the past few decades, turning cyberspace into a field…
Abstract
Purpose
This paper aims to manage the dilemma of cyberspace operations, as the incidence of cybercrimes has increased tremendously in the past few decades, turning cyberspace into a field of war in which all nations must fight. For many countries, cyberattacks and conflicts, and even the basic operation of cyberspace in general, are new territories. Furthermore, international law today does not address many aspects of cyber warfare, as it typically has dealt with only traditional warfare.
Design/methodology/approach
This study examined this crime whether it is a domestic or an international crime and whether cyber wars are under international law or domestic law to address these issues.
Findings
Although many attempts to criminalize these actions occurred, the findings suggest that the world has failed to frame the legal instruments against cyberattacks. The findings also suggest recommendations to solve this issue.
Originality/value
To the best of the author’s knowledge, this study analyzed the comparison between the same crime in the perspective of domestic and international law, highlighting an unsolved dilemma in the world, suggesting some unprecedented solutions to solve.
Details
Keywords
Hassan Younies and Tareq Na'el Al-Tawil
The purpose of this paper is to explore the extent to which cybercrime laws protect citizens and businesses in the United Arab Emirates (UAE). Pertinent questions over the lax…
Abstract
Purpose
The purpose of this paper is to explore the extent to which cybercrime laws protect citizens and businesses in the United Arab Emirates (UAE). Pertinent questions over the lax regulatory environment and incomprehensible cybersecurity policies have influenced the discussions.
Design/methodology/approach
This paper will first offer a global outlook of cybersecurity laws and legislation. The global outlook will present the basis for examining best practices that the UAE could emulate. The paper will then examine the legislative landscape of cyber laws in the UAE, including cross-country comparisons. The comparisons are critical, as the country’s cybercrime laws are in their infancy phase.
Findings
The UAE has taken decisive and proactive measures to deter the threat of cybercrimes and cyberattacks. The UAE strategy comprehensive strategy has been effective in protecting the economy and populations from the adverse effects of cybercrimes. The success lies in the enactment of comprehensive and streamlines laws and regulations with harsher penalties. The stringent legal measures, including longer jail terms, stiffer fines and deportation of foreigners, have ensured robust deterrence to cybercriminals.
Originality/value
The analysis has shown that the UAE has a higher score of preparedness against cybercrimes and cyberattacks. The UAE has specifically crafted a broader and effective legislative framework of cybercrime laws. Although the UAE has comprehensive cybercrime laws, the remarkable level of technological advances in the country makes citizens and businesses lucrative targets. The UAE now has the burden of doubling down its legal efforts to deter emerging cybersecurity risks.
Details
Keywords
Caner Asbaş and Şule Tuzlukaya
A cyberattack is an attempt by cybercriminals as individuals or organizations with unauthorized access using one or more computers and computer systems to steal, expose, change…
Abstract
A cyberattack is an attempt by cybercriminals as individuals or organizations with unauthorized access using one or more computers and computer systems to steal, expose, change, disable or eliminate information, or to breach computer information systems, computer networks, and computer infrastructures. Cyberattackers gain a benefit from victims, which may be criminal such as stealing data or money, or political or personal such as revenge. In cyberattacks, various targets are possible. Some potential targets for businesses include business and customer financial data, customer lists, trade secrets, and login credentials.
Cyberattackers use a variety of methods to gain access to data, including malware such as viruses, worms, and spyware and phishing methods, man-in-the-middle attacks, denial-of-service attacks, SQL injection, zero-day exploit, and DNS tunneling.
Related to cyberattack, the term cyberwarfare is gaining popularity nowadays. Cyberwarfare is the use of cyberattacks by a state or an organization to cause harm as in warfare against another state's or organization's computer information systems, networks, and infrastructures.
Military, civil, and ideological motivations, or hacktivism can be used to launch a cyberwarfare. For these reasons, cyberwarfare may be used to conduct espionage, sabotage, propaganda, and economic disruption.
Considering highly digitalized business processes such as e-mails, digital banking, online conference, and digital manufacturing methods, damage of cyberwarfare to businesses and countries are unavoidable. As a result, developing strategies for defending against cyberattacks and cyberwarfare is critical for businesses. The concepts of cyberattack and cyberwarfare, as well as business strategies to be protected against them will be discussed in this chapter.
Details
Keywords
Cyber attribution initiatives.
Details
DOI: 10.1108/OXAN-DB249497
ISSN: 2633-304X
Keywords
Geographic
Topical
The contribution of this study aims to twofold: First, it provides an overview of the current state of research on cyberattacks on Chinese supply chains (SCs). Second, it offers a…
Abstract
Purpose
The contribution of this study aims to twofold: First, it provides an overview of the current state of research on cyberattacks on Chinese supply chains (SCs). Second, it offers a look at the Chinese Government’s approach to fighting cyberattacks on Chinese SCs and its calls for global governance.
Design/methodology/approach
A comprehensive literature review was conducted on Clarivate Analytics’ Web of Science, in Social Sciences Citation Index journals, Scopus and Google Scholar, published between 2010–2021. A systematic review of practitioner literature was also conducted.
Findings
Chinese SCs have become a matter of national security, especially in the era of cyber warfare. The risks to SC have been outlined. Cybersecurity regulations are increasing as China aims to build a robust environment for cyberspace development. Using the Technology-organization-environment (TOE) framework, the results show that the top five factors influencing the adoption process in firms are as follows: relative advantage and technological readiness (Technology context); top management support and firm size (Organization context) and government policy and regulations (Environment context).
Research limitations/implications
This review focuses on cyberattacks on Chinese SCs and great care was taken when selecting search terms. However, the author acknowledges that the choice of databases/terms may have excluded a few articles on cyberattacks from this review.
Practical implications
This review provides managerial insights for SC practitioners into how cyberattacks have the potential to disrupt the global SC network.
Originality/value
Past researchers proposed a taxonomic approach to evaluate progress with SC integration into Industry 4.0; in contrast, this study is one of the first steps toward an enhanced understanding of cyberattacks on Chinese SCs and their contribution to the global SC network using the TOE framework.
Details
Keywords
The paper aims to explore the national security implications of a potential for a World Trade Organization (WTO) dispute on data flow restrictions. It proposes a basic conceptual…
Abstract
Purpose
The paper aims to explore the national security implications of a potential for a World Trade Organization (WTO) dispute on data flow restrictions. It proposes a basic conceptual framework to assess data flows’ restrictions under General Agreement on Trade in Services (GATS) security exception.
Design/methodology/approach
If a case were to be brought before the WTO dispute settlement, the defender could support its case by invoking the security exception. This paper analyzes three main arguments that could be brought up: protection from cyber espionage, protection from cyberattacks on critical infrastructure and access to data needed to prevent terrorist threats. These three cases are analyzed both legally and technically to assess the relevance of restrictions on data flows under GATS security exception. This analysis can, more generally, inform the debate on the protection of national security in the digital era.
Findings
In the three cases, restrictions on data considered critical for national security might raise the cost of certain attacks. However, the risks would remain pervasive and national security would not be significantly enhanced both legally and technically. The implementation of good security standards and encryption techniques appears to be a more effective way to ensure a better response to cyber threats. All in all, it will be important to investigate on a case by case basis whether the scope of the measure (sectors and data covered) is considered proportionate and whether the measure in question in practice reduces the exposure of the country to cyber espionage, cyberattacks and terrorist threats.
Originality/value
This paper represents a contribution to the literature because it is the first paper to address systematically the issue of data flows and national security in the context of a GATS dispute and because it provides a unique perspective that looks both at legal and technical arguments.
Details
Keywords
Fabian Maximilian Johannes Teichmann and Chiara Wittmann
The threat of cybercrime is pervasive. Corporations cannot be convinced, out of sheer luck or naïve conviction, that they will remain unaffected. When targeted, the stark reality…
Abstract
Purpose
The threat of cybercrime is pervasive. Corporations cannot be convinced, out of sheer luck or naïve conviction, that they will remain unaffected. When targeted, the stark reality is that a company also incurs a liability risk. This paper aims to explore the boundaries of liability resulting from a data breach and privacy concerns according to the emerging regulations on cybersecurity.
Design/methodology/approach
The nature of cybercrime and its constant evolution is analysed as a threat of liability. Its distinctly modern developments require consideration. In response to the threat of hackers, the protection that a corporation can invoke is also considered as a mitigating factor in ascribing liability.
Findings
Preventative steps to protect a corporation from cyberthreats must remain a consistent priority in the running of a company. The influence of human behaviour has become a foreseeable element in cybersecurity and as such the management of unreliable user behaviour is a key determining factor in ascribing liability in hindsight.
Originality/value
Foresight is everything in the prevention of cyberattacks. Cyberattacks can no longer be dismissed as an unlikely eventuality. Legislation on data security and data privacy is demanding higher standards of preventative action, under the duty of care to stakeholders. There is a substantial literature deficit on data security and data liability regulations in light of the liability risk incurred by cyberattacks.
Details
Keywords
Eileen M. Decker, Matthew Morin and Eric M. Rosner
Cyber threats present constantly evolving and unique challenges to national security professionals at all levels of government. Public and private sector entities also face a…
Abstract
Cyber threats present constantly evolving and unique challenges to national security professionals at all levels of government. Public and private sector entities also face a constant stream of cyberattacks through varied methods by actors with myriad motivations. These threats are not expected to diminish in the near future. As a result, homeland security and national security professionals at all levels of government must understand the unique motivations and capabilities of malicious cyber actors in order to better protect against and respond to cyberattacks. This chapter outlines the most common cyberattacks; explains the motivations behind these attacks; and describes the federal, state, and local efforts to address these threats.
Details
Keywords
Eline Punt, Jochen Monstadt, Sybille Frank and Patrick Witte
Cyber resilience has emerged as an approach for seaports to deal with cyberattacks; it emphasizes ports’ ability to prepare for an attack and to keep operating and recover…
Abstract
Purpose
Cyber resilience has emerged as an approach for seaports to deal with cyberattacks; it emphasizes ports’ ability to prepare for an attack and to keep operating and recover quickly. However, little research has been undertaken on the challenges of governing cyber risks in seaports. This study aims to address this gap.
Design/methodology/approach
Governing cyber resilience is shaped by distributed responsibilities, uncertainties and ambiguities. The authors use this conceptualization to explore the governance of cyber risks in seaports, taking the Port of Rotterdam as a case study and analyzing semistructured interviews with stakeholders, participatory observation and policy documents and legislation.
Findings
The authors found that many strategies for governing cyber risks remain dedicated to protecting computer systems against cyberattacks. Nevertheless, port stakeholders have also developed strategies in anticipation of disruptions. However, these strategies appear informal and uncoordinated due to a lack of information exchange, insufficient knowledge regarding cyber risks and disagreement about how to make the Port of Rotterdam cyber resilient. What mainly hampers the cyber resilience of the port is the lack of a comprehensive regulatory framework and economic incentives. The authors conclude that resilience is merely an ideal at the Port of Rotterdam, meaning related governance strategies remain incremental and await institutionalization.
Originality/value
This paper offers insights into the cyber resilience of critical socio-technical systems, which have been underexposed in cyber resilience debates, but, when exploited, can manifest in large-scale disruptions.
Details
Keywords
US-Iran cyberwars