By Adam Clark
This briefing provides an overview of cybersecurity in the UK. It explains the nature of the cyber threat, including how cyber attacks work. It describes the policy and regulatory frameworks, as well areas of reform such as 'ethical hacking'.
Research Briefing
London: House of Commons Library, 2024. 68p.
MAY CONTAIN MARKUP
BY DAVID S. WALL
Looking at the full range of cybercrime, and computer security he shows how the increase in personal computing power available within a globalized communications network has affected the nature of and response to criminal activities. We have now entered the world of low impact, multiple victim crimes in which bank robbers, for example, no longer have to meticulously plan the theft of millions of dollars. New technological capabilities at their disposal now mean that one person can effectively commit millions of robberies of one dollar each. Against this background, David Wall scrutinizes the regulatory challenges that cybercrime poses for the criminal (and civil) justice processes, at both the national and the international levels.
Polity, 2007, 276 pages
By Sergi D. Bray , Shane D. Johnson and Bennett Kleinberg
Deepfakes’ are computationally created entities that falsely represent reality. They can take image, video, and audio modalities, and pose a threat to many areas of systems and societies, comprising a topic of interest to various aspects of cybersecurity and cybersafety. In 2020, a workshop consulting AI experts from academia, policing, government, the private sector, and state security agencies ranked deepfakes as the most serious AI threat. These experts noted that since fake material can propagate through many uncontrolled routes, changes in citizen behaviour may be the only effective defence. This study aims to assess human ability to identify image deepfakes of human faces (these being uncurated output from the StyleGAN2 algorithm as trained on the FFHQ dataset) from a pool of non-deepfake images (these being random selection of images from the FFHQ dataset), and to assess the effectiveness of some simple interventions intended to improve detection accuracy. Using an online survey, participants (N = 280) were randomly allocated to one of four groups: a control group, and three assistance interventions. Each participant was shown a sequence of 20 images randomly selected from a pool of 50 deepfake images of human faces and 50 images of real human faces. Participants were asked whether each image was AI-generated or not, to report their confidence, and to describe the reasoning behind each response. Overall detection accuracy was only just above chance and none of the interventions significantly improved this. Of equal concern was the fact that participants’ confidence in their answers was high and unrelated to accuracy. Assessing the results on a per-image basis reveals that participants consistently found certain images easy to label correctly and certain images difficult, but reported similarly high confidence regardless of the image. Thus, although participant accuracy was 62% overall, this accuracy across images ranged quite evenly between 85 and 30%, with an accuracy of below 50% for one in every five images. We interpret the findings as suggesting that there is a need for an urgent call to action to address this threat.
Journal of Cybersecurity, 2023, 1–18
By Carter, Sarah R.; Wheeler, Nicole E.; Chwalek, Sabrina; Isaac, Christopher R.; Yassif, Jaime
From the document: "Rapid scientific and technological advances are fueling a 21st-century biotechnology revolution. Accelerating developments in the life sciences and in technologies such as artificial intelligence (AI), automation, and robotics are enhancing scientists' abilities to engineer living systems for a broad range of purposes. These groundbreaking advances are critical to building a more productive, sustainable, and healthy future for humans, animals, and the environment. Significant advances in AI in recent years offer tremendous benefits for modern bioscience and bioengineering by supporting the rapid development of vaccines and therapeutics, enabling the development of new materials, fostering economic development, and helping fight climate change. However, AI-bio capabilities--AI tools and technologies that enable the engineering of living systems--also could be accidentally or deliberately misused to cause significant harm, with the potential to cause a global biological catastrophe. [...] To address the pressing need to govern AI-bio capabilities, this report explores three key questions: [1] What are current and anticipated AI capabilities for engineering living systems? [2] What are the biosecurity implications of these developments? [3] What are the most promising options for governing this important technology that will effectively guard against misuse while enabling beneficial applications? To answer these questions, this report presents key findings informed by interviews with more than 30 individuals with expertise in AI, biosecurity, bioscience research, biotechnology, and governance of emerging technologies."
Nuclear Threat Initiative. 2023. 88p.
By SLEDJESKI, CHRISTOPHER L.
From the document: "Artificial Intelligence (AI) brings many benefits, but disruption of AI could, in the future, generate impacts on scales and in ways not previously imagined. These impacts, at a societal level and in the context of critical infrastructure, include disruptions to National Critical Functions. A prioritized risk-based approach is essential in any attempt to apply cybersecurity requirements to AI used in critical infrastructure functions. The topics of critical infrastructure and AI are simply too vast to meaningfully address otherwise. The National Institute of Standards and Technology (NIST) defines cyber secure AI systems as those that can 'maintain confidentiality, integrity and availability through protection mechanisms that prevent unauthorized access and use.' Cybersecurity incidents that impact AI in critical infrastructure could impact the availability, reliability, and safety of these vital services. [...] This paper was prompted by questions presented to MITRE about to what extent the original NIST Cybersecurity Risk Framework, and the efforts that accompanied its release, enabled a regulatory approach that could serve as a model for AI regulation in critical infrastructure. The NIST Cybersecurity Risk Framework was created a decade ago as a requirement of Executive Order (EO) 13636. When this framework was paired with the list of cyber-dependent entities identified under the EO, it provided a voluntary approach for how Sector Risk Management Agencies (SRMAs) prioritize and enhance the cybersecurity of their respective sectors."
MITRE CORPORATION. 2023. 18p.
By Isabella Voce and Anthony Morgan
This is the first report in the Cybercrime in Australia series, which aims to provide a clearer picture of the extent of cybercrime victimisation, help-seeking and harms among Australian computer users. It is based on a survey of 13,887 computer users conducted in early 2023. In the 12 months prior to the survey, 27 percent of respondents had been a victim of online abuse and harassment, 22 percent had been a victim of malware, 20 percent had been a victim of identity crime and misuse, and eight percent had been a victim of fraud and scams. Overall, 47 percent of respondents experienced at least one cybercrime in the 12 months prior to the survey—and nearly half of all victims reported experiencing more than one type of cybercrime. Thirty-four percent of respondents had experienced a data breach. Cybercrime victimisation was not evenly distributed, with certain sections of the community more likely to have been a victim, and certain online activities associated with a higher likelihood of victimisation.
Most cybercrime victimisation went unreported to police or to ReportCyber, meaning official statistics significantly underestimate the size of the problem. Satisfaction with the outcomes of these reports was mixed, and relatively few reports resulted in an offender being apprehended. Rates of help-seeking varied and were influenced by the perceived seriousness of cybercrime and knowledge of how and where to report it.
The financial losses experienced by victims were wide ranging. Some victims reported losing large sums of money, but most victims reported relatively small financial losses. This report measures, for the first time, the harms experienced by individual victims and small businesses that extend beyond these financial costs. Twenty-five percent of respondents were negatively impacted by cybercrime in the 12 months prior to the survey, while 22 percent of respondents who owned or operated a small to medium business said their business was negatively impacted by cybercrime.
Statistical Bulletin, 43. Canberra: Australian Institute of Criminology, 2023. 113p.
By Abhineet Gupta
The internet can broadly be divided into three parts: surface, deep and dark among which the latter offers anonymity to its users and hosts. The dark web has become notorious in the media for being a hidden part of the web where all manner of illegal activities take place. The more restrictions placed upon the free exchange of information, goods and services between people the more likely there exist hidden spaces for it to take place. The ‘black market’ of the internet – the dark web - represents such a hidden space. This review looks at the purposes it is widely used for with an emphasis on cybercrime, and how the law enforcement plays the role of its adversary. The review describes these hidden spaces, sheds light on their history, the activities that they harbour – including cybercrime, the nature of attention they receive, and methodologies employed by law enforcement in an attempt to defeat their purpose. More importantly, it is argued that these spaces should be considered a phenomenon and not an isolated occurrence to be taken as merely a natural consequence of technology. The review is conducted by looking at existing literature in academic journal databases. It contributes to the area of the dark web by serving as a reference document and by proposing a research agenda.
Melbourne: University of Melbourne, 2018. 46p.
By Eddy Willems
This book describes the key cybercrime threats facing individuals, businesses, and organizations in our online world. The author first explains malware and its origins; he describes the extensive underground economy and the various attacks that cybercriminals have developed, including malware, spam, and hacking; he offers constructive advice on countermeasures for individuals and organizations; and he discusses the related topics of cyberespionage, cyberwarfare, hacktivism, and anti-malware organizations, and appropriate roles for the state and the media. The author has worked in the security industry for decades, and he brings a wealth of experience and expertise. In particular he offers insights about the human factor, the people involved on both sides and their styles and motivations. He writes in an accessible, often humorous way about real-world cases in industry, and his collaborations with police and government agencies worldwide, and the text features interviews with leading industry experts. The book is important reading for all professionals engaged with securing information, people, and enterprises. It’s also a valuable introduction for the general reader who wants to learn about cybersecurity.
Cham: Springer Nature, 2019. 231p.
By Jonathan Clough
We live in a digital age. The proliferation of digital technology, and the convergence of computing and communication devices, has transformed the way in which we socialise and do business. While overwhelmingly positive, there has also been a dark side to these developments. Proving the maxim that crime follows opportunity, virtually every advance has been accompanied by a corresponding niche to be exploited for criminal purposes; so-called 'cybercrimes'. Whether it be fraud, child pornography, stalking, criminal copyright infringement or attacks on computers themselves, criminals will find ways to exploit new technology. The challenge for all countries is to ensure their criminal laws keep pace. The challenge is a global one, and much can be learned from the experience of other jurisdictions. Focusing on Australia, Canada, the UK and the US, this book provides a comprehensive analysis of the legal principles that apply to the prosecution of cybercrimes.
Cambridge, UK; New York: Cambridge University Press, 2010. 505p.
By Majid Yar
Cybercrime and Society provides a clear, systematic, and critical introduction to current debates about cybercrime. It locates the phenomenon in the wider contexts of social, political, cultural, and economic change. It is the first book to draw upon perspectives spanning criminology, sociology, law, politics, and cultural studies to examine the whole range of cybercrime issues.
Thousand Oaks, CA; London: SAGE, 2006. 200p.
By United States. Department of the Treasury
From the Introduction: "This action plan responds to Section 7(c) of Executive Order (E.O.) 14067, 'Ensuring Responsible Development of Digital Assets,' which calls for the development of a coordinated interagency action plan for mitigating the digital-asset-related illicit finance and national security risks as identified in the U.S. government's National Strategy for Combating Terrorist and Other Illicit Financing (Illicit Financing Strategy). [...] E.O. 14067 recognizes that digital assets may pose significant illicit financing risks and commits the U.S. government to mitigating these and any other national security risks. This action plan identifies priority and supporting actions to support this commitment in line with the priorities and supporting actions identified in the Illicit Financing Strategy specific to uncovering and mitigating the misuse of digital assets by illicit actors. These priority actions include monitoring risks, working with international partners to improve cooperation on and implementation of international AML/CFT [anti-money-laundering/countering-the-financing-of-terrorism] standards, strengthening our regulations and operational frameworks, and improving private sector compliance and information sharing, among others. The action plan begins with an overview of the illicit financing risks and U.S. government efforts to mitigate these risks before laying out these priority actions."
United States. Department of the Treasury. 2022-09-16. 20p.
