Open Access Publisher and Free Library
03-crime prevention.jpg

CRIME PREVENTION

CRIME PREVENTION-POLICING-CRIME REDUCTION-POLITICS

Posts tagged cybercrime
Curtailing cyber and information security vulnerabilities through situational crime prevention

By: Sameer Hinduja and Brandon Kooi

Information can be considered as an invaluable commodity for all business entities, and has brought about the development of various security architectures devoted to its protection. Corporations have tended to react to the exploitation of information security (InfoSec) vulnerabilities through the implementation of technological measures. Indeed, most security policies and procedures are highly technologically inclined, making use of hardware and software to protect and safeguard the confidentiality, integrity and availability of data. Unfortunately, these tactics have achieved limited success because of inattention to the opportunistic aspects of crime commission. Situational crime prevention can address the importance of these aspects by concentrating on the circumstances associated with a crime, and how the setting, conditions and context can be modified to preclude its manifestation. Its specific application to cyber and InfoSec in a corporate setting is advantageous in developing competent proactive strategies to reduce the presence and attractiveness of criminal possibilities for would-be offenders.

Security Journal advance online publication, 17 June 2013; doi:10.1057/sj.2013.25

Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society

UNITED STATES. DEPARTMENT OF HOMELAND SECURITY. OFFICE OF INTELLIGENCE AND ANALYSIS; UNITED STATES. FEDERAL BUREAU OF INVESTIGATION; CANADIAN CENTRE FOR CYBER SECURITY; ESTONIAN NATIONAL CYBER SECURITY CENTRE; JAPAN COMPUTER EMERGENCY RESPONSE TEAM COORDINATION CENTER; NATIONAL CENTER OF INCIDENT READINESS AND STRATEGY FOR CYBERSECURITY JAPAN; FINLAND. NATIONAL CYBER SECURITY CENTRE; JAPAN. NATIONAL POLICE AGENCY; UNITED KINGDOM. NATIONAL CYBER SECURITY CENTRE

From the document: "Civil society--nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident, and diaspora organizations, communities, and individuals involved in defending human rights and advancing democracy--are considered high-risk communities. Often, these organizations and their employees are targeted by state-sponsored threat actors who seek to undermine democratic values and interests. Regularly conducted as a type of transnational repression (also referred to as digital transnational repression), state-sponsored actors compromise organizational or personal devices and networks to intimidate, silence, coerce, harass, or harm civil society organizations and individuals. According to industry reporting, state-sponsored targeting of high-risk communities predominantly emanates from the governments of Russia, China, Iran, and North Korea. Actors typically perform extensive pre-operational research to learn about potential victims, gather information to support social engineering, or obtain login credentials. Actors target organization networks or personal accounts (e.g., email) and devices of individuals for surveillance and monitoring, often via spyware applications--malicious software that collects data from affected devices. This guide provides recommendations for civil society organizations and individuals to mitigate the threat of state-sponsored cyber operations based on observed malicious behavior. The guide also provides recommendations for software manufacturers to improve the security posture of their customers."

UNITED STATES. CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY. 14 MAY, 2024. 19p.

Special Report: Common Cybersecurity Weaknesses Related to the Protection of DoD Controlled Unclassified Information on Contractor Networks

United States. Department Of Defense. Office Of The Inspector General

From the document: "This special report provides insight into the common cybersecurity weaknesses identified in DoD Office of Inspector General (OIG) audit reports and through our support to the Defense Criminal Investigative Service and the Department of Justice on Civil Cyber-Fraud Initiative investigations related to DoD contractor compliance with Federal cybersecurity requirements for protecting controlled unclassified information (CUI). CUI is not classified information but is information created or possessed by the Government that requires safeguarding or dissemination controls according to applicable laws, regulations, and Government-wide policies as defined in Executive Order 13526, 'Classified National Security Information,' December 29, 2009. From 2018 through 2023, the DoD OIG issued five audit reports focusing on DoD contractors' inconsistent implementation of Federal cybersecurity requirements for protecting CUI that are contained in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. Since 2022, the DoD OIG has provided support for five investigations under the Civil Cyber Fraud Initiative, which targets government contractors and grant recipients suspected of fraudulently attesting their compliance with the NIST SP 800-171 cybersecurity requirements. The common cybersecurity weaknesses identified in this special report provide DoD contracting officers with potential focus areas when assessing contractor performance and DoD contractors and grant recipients with potential focus areas before attesting to their compliance with NIST SP 800-171."

Department of Defense, Office of Inspector General, Report No. DODIG-'2024-'031. 24p.

Cybersecurity Futures 2030: New Foundations

By Cleaveland, Ann; Cohn, Alan, 1964-; Nagamine, Matthew; Thomas, Dawn H.; Rimsky Vernon, Alison

From the document: "This report presents findings from Cybersecurity Futures 2030, a global research initiative focused on exploring how digital security could evolve over the next five to seven years. The goal of this project is to help shape a future-focused research and policy agenda that is widely applicable across countries and sectors. The findings are based on discussions held at a series of in-person workshops conducted throughout 2023 in Dubai (United Arab Emirates), Washington DC (USA), Kigali (Rwanda), New Delhi (India) and Singapore, as well as a virtual workshop with participants from multiple European countries and the United Kingdom. The workshops centred on discussion of four scenarios that portray diverse 'cybersecurity futures' that are fictional (but plausible) depictions of the world roughly in the year 2030. UC [University of California] Berkeley Center for Long-Term Cybersecurity (CLTC) independently designed the scenarios to explore trade-offs in goals and values that decision-makers will have to contend with in the near future."

World Economic Forum . 2023. 16p.

Offensive Cyber Operations: States' Perceptions of Their Utility and Risks

Chatham House

From the webpage: "Cyberspace is now established as an important domain of national and international security. Until recently, informed and open discussion on the responsible use of offensive cyber capabilities has been constrained by high levels of secrecy around national strategies for their use. Insights as to how individual states view the utility of offensive cyber, and how they perceive and manage associated risks of escalation and conflict, have been hard to access. A lack of open debate around the limitations of cyber operations has also led to inaccurate portrayals of cyber capabilities as versatile 'silver bullet' solutions which can address a widening variety of security challenges. This paper offers an in-depth exploration of new or revised national cyber strategies, authorization mechanisms and legislation in nine NATO states, and draws on interviews with national cyber experts. As well as aiming to promote more informed debate on the key issues, it presents important policy recommendations to support the responsible use of offensive cyber and to contribute to the achievement of a secure cyberspace for all."

Royal Institute Of International Affairs Skingsley, Charlotte . 2023. 37p.

Profile of Canadian Businesses Who Report Cybercrime to Police: The 2017 Canadian Survey of Cyber Security and Cybercrime

By Kayla A. Wanamaker

Cybercrime – crimes where the Internet and information technology (IT) are used, such as hacking, virus dissemination, and organized crime – is a growing concern for governments, organizations, individuals and businesses worldwide. Research conducted in the United States, United Kingdom and Canada has concluded that cybercrime and cyber security incidents are underreported to law enforcement. The reasons why this is the case, however, are not well known, especially within a Canadian context. As such, the goal of the current study was to examine the phenomenon of underreporting of cyber security incidents to police services using data from the 2017 Canadian Survey of Cyber Security and Cybercrime that was administered to Canadian businesses. Results indicated that while just over 20% of businesses experienced cyber-related incidents, only about 10% are reporting these incidents to the police. Businesses did not report incidents because they were resolved internally or through an IT consultant, or were thought to be too minor to report to police. Risk management, formal training, and sharing best practices were found to be related to businesses’ likelihood of reporting incidents to police. Larger businesses were more likely to report cybercrime to police when they implemented less security measures, whereas scores on security measures were not related to police reporting for small businesses. Results suggest a need to increase awareness of the frequency of cybercrime, as well as the availability of formal training options on cyber-related issues. They also underscore the importance of having enhanced cyber security protocols in place.

Ottawa: Public Safety Canada, 2019. 16p.

National Cybersecurity Strategy Implementation Plan

By The White House

President Biden has made clear that all Americans deserve the full benefits and potential of our digital future. The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace:

  1. Ensuring that the biggest, most capable, and best-positioned entities – in the public and private sectors – assume a greater share of the burden for mitigating cyber risk

  2. Increasing incentives to favor long-term investments into cybersecurity

Today, the Administration is announcing a roadmap to realize this bold, affirmative vision. It is taking the novel step of publishing the National Cybersecurity Strategy Implementation Plan (NCSIP) to ensure transparency and a continued path for coordination. This plan details more than 65 high-impact Federal initiatives, from protecting American jobs by combatting cybercrimes to building a skilled cyber workforce equipped to excel in our increasingly digital economy. The NCSIP, along with the Bipartisan Infrastructure Law, CHIPS and Science Act, Inflation Reduction Act, and other major Administration initiatives, will protect our investments in rebuilding America’s infrastructure, developing our clean energy sector, and re-shoring America’s technology and manufacturing base.

Washington, DC: White House, 2023. 57p.

Action Plan 2023: Our Internet, Our Future: Protecting the Internet for Today and Tomorrow

By Internet Society

From the introduction:

In 2023, we will:

  • Engage in at least 900 advocacy activities

  • Urge government officials to make pro-

    encryption statements at least 10 times

  • Encourage governments or press to reference Internet Society encryption-focused documents or statements at least 30 times

Internet Society.2023. 21p.

Cybersecurity: Public Sector Threats and Responses

Edited by Kim Andreasson.

The Internet has given rise to new opportunities for the public sector to improve efficiency and better serve constituents in the form of e-government. But with a rapidly growing user base globally and an increasing reliance on the Internet, digital tools are also exposing the public sector to new risks. An accessible primer, Cybersecurity: Public Sector Threats and Responses focuses on the convergence of globalization, connectivity, and the migration of public sector functions online. It identifies the challenges you need to be aware of and examines emerging trends and strategies from around the world. Offering practical guidance for addressing contemporary risks, the book is organized into three sections: Global Trends—considers international e-government trends, includes case studies of common cyber threats and presents efforts of the premier global institution in the field. National and Local Policy Approaches—examines the current policy environment in the United States and Europe and illustrates challenges at all levels of government. Practical Considerations—explains how to prepare for cyber attacks, including an overview of relevant U.S. Federal cyber incident response policies, an organizational framework for assessing risk, and emerging trends.

Boca Raton, FL: CRC Press, 2011. 391p.