New threats - old routines : bureaucratic adaptability in the security policy environment

Within the framework of state security policy, the focus of this dissertation are the relations between how new security threats are perceived and the policy planning and bureaucratic implementation that are designed to address them. In addition, this thesis explores and studies some of the inertias that might exist in the core of the state apparatus as it addresses new threats and how these could be better managed. The dissertation is built on five thematic and interrelated articles highlighting different aspects of when new significant national security threats are detected by different governments until the threats on the policy planning side translate into protective measures within the society. The timeline differs widely between different countries and some key aspects of this process are also studied. One focus concerns mechanisms for adaptability within the Intelligence Community, another on the policy planning process within the Cabinet Offices/National Security Councils and the third focus is on the planning process and how policy is implemented within the bureaucracy. The issue of policy transfer is also analysed, revealing that there is some imitation of innovation within governmental structures and policies, for example within the field of cyber defence. The main findings of the dissertation are that this context has built-in inertias and bureaucratic seams found in most government bureaucratic machineries. As much of the information and planning measures imply security classification of the transparency and internal debate on these issues, alternative assessments become limited. To remedy this situation, the thesis recommends ways to improve the decision-making system in order to streamline the processes involved in making these decisions. Another special focus of the thesis concerns the role of the public policy think tanks in the United States as an instrument of change in the country’s national security decision-making environment, which is viewed from the perspective as being a possible source of new ideas and innovation. The findings in this part are based on unique interviews data on how think tanks become successful and influence the policy debate in a country such as the United States. It appears clearly that in countries such as the United States think tanks smooth the decision making processes, and that this model with some adaptations also might be transferrable to other democratic countries.

Quantification of Toxin Biosynthesis Genes In Cyanobacteria and Dinoflagellates - Genetic Factors as Predictors of Toxin Production in the Environment

Harmful algal blooms (HABs) are events caused by the massive proliferation of microscopic, often photosynthetic organisms that inhabit both fresh and marine waters. Although HABs are essentially a natural phenomenon, they now cause worldwide concern. Recent anthropogenic effects, such as climate change and eutrophication via nutrient runoff, can be seen in their increased prevalence and severity. Cyanobacteria and dinoflagellates are often the causative organisms of HABs. In addition to adverse effects caused by the sheer biomass, certain species produce highly potent toxic compounds: hepatotoxic microcystins are produced exclusively by cyanobacteria and neurotoxic saxitoxins, also known as paralytic shellfish toxins (PSTs), by both cyanobacteria and dinoflagellates. Specific biosynthetic genes in the cyanobacterial genomes direct the production of microcystin and paralytic shellfish toxins. Recently also the first paralytic shellfish toxin gene sequences from dinoflagellate genomes have been elucidated. The public health risks presented by HABs are evident, but the monitoring and prediction of toxic events is challenging. Characterization of the genetic background of toxin biosynthesis, including that of microcystins and paralytic shellfish toxins, has made it possible to develop highly sensitive molecular tools which have shown promise in the monitoring and study of potentially toxic microalgae. In this doctoral work, toxin-specific genes were targeted in the developed PCR and qPCR assays for the detection and quantification of potentially toxic cyanobacteria and dinoflagellates in the environment. The correlation between the copy numbers of the toxin biosynthesis genes and toxin production were investigated to assess whether the developed methods could be used to predict toxin concentrations. The nature of the correlation between gene copy numbers and amount of toxin produced varied depending on the targeted gene and the producing organism. The combined mcyB copy numbers of three potentially microcystin-producing cyanobacterial genera showed significant positive correlation to the observed total toxin production. However, the presence of PST-specific sxtA, sxtG, and sxtB genes of cyanobacterial origin was found to be a poor predictor of toxin production in the studied area. Conversely, the dinoflagellate sxtA4 was a good qualitative indicator of a neurotoxic bloom both in the laboratory and in the field, and population densities reflected well the observed toxin concentrations. In conclusion, although the specificity of each potential targeted toxin biosynthesis gene must be assessed individually during method development, the results obtained in this doctoral study support the use of quantitative PCR -based approaches in the monitoring of toxic cyanobacteria and dinoflagellates.

Threat modeling a factory environment using Microsoft Security Development Lifecycle methodology

The number of security violations is increasing and a security breach could have irreversible impacts to business. There are several ways to improve organization security, but some of them may be difficult to comprehend. This thesis demystifies threat modeling as part of secure system development. Threat modeling enables developers to reveal previously undetected security issues from computer systems. It offers a structured approach for organizations to find and address threats against vulnerabilities. When implemented correctly threat modeling will reduce the amount of defects and malicious attempts against the target environment. In this thesis Microsoft Security Development Lifecycle (SDL) is introduced as an effective methodology for reducing defects in the target system. SDL is traditionally meant to be used in software development, principles can be however partially adapted to IT-infrastructure development. Microsoft threat modeling methodology is an important part of SDL and it is utilized in this thesis to find threats from the Acme Corporation’s factory environment. Acme Corporation is used as a pseudonym for a company providing high-technology consumer electronics. Target for threat modeling is the IT-infrastructure of factory’s manufacturing execution system. Microsoft threat modeling methodology utilizes STRIDE –mnemonic and data flow diagrams to find threats. Threat modeling in this thesis returned results that were important for the organization. Acme Corporation now has more comprehensive understanding concerning IT-infrastructure of the manufacturing execution system. On top of vulnerability related results threat modeling provided coherent views of the target system. Subject matter experts from different areas can now agree upon functions and dependencies of the target system. Threat modeling was recognized as a useful activity for improving security.

Institutional environment in North Korea: market structure and overcoming institutional voids

Tutkimus sai innoituksensa, kun tutkija huomasi tarpeen liiketaloudelliselle, ajantasaiselle ja realistiselle tutkimukselle Pohjois-Korean markkinoista, joka kuvailisi markkinoiden olemassaolevia ja puuttuvia rakenteita sekä tutkisi mahdollisuuksia ylittää puuttuvat rakenteet. Institutionaalinen teoria valittiin sopivaksi viitekehykseksi kuvailla ja tutkia markkinarakennetta. Tutkimuskysymys muotoiltiin seuraavasti: “Miten ulkomaiset yritykset voivat reagoida puuttuviin markkinarakenteisiin Pohjois-Koreassa?”. Tutkimuskysymys jaettiin kolmeen osakysymykseen: (1) Millainen on Pohjois-Korean markkinoiden institutionaalinen ympäristö? (2) Mitkä ovat merkittävimmät puuttuvat markkinarakenteet Pohjois-Koreassa? (3) Mitä mahdollisuuksia ulkomaisilla yrityksillä voisi olla reagoida puuttuviin markkinarakenteisiin? Tutkimus toteutettiin kvalitatiivisena, koska tutkimuskysymys on deskriptiivinen. Aineisto kerättiin asiantuntijahaastattelun ja kvalitatiivisen sisällönanalyysin keinoin. Primääriaineiston muodostavat 2 asiantuntijahaastattelua ja sekundääriaineiston muodostavat 95 artikkelia, jotka kerättiin 40 lähteestä. Aineisto analysoitiin kvalitatiivisen sisällönanalyysin keinoin. Aineisto koodattiin, luokiteltiin ja esitettiin kokonaisuuksina luokittelurungon avulla, joka laadittiin tutkimusta varten muodostetun teoreettisen viitekehyksen mukaan. Tulokset ja johtopäätökset voidaan tiivistää seuraavasti. (1) Pohjois-Korean markkinan instituutioihin vaikuttaa kaksoisrakenne, jossa muodollinen, sosialistinen rakenne ja epämuodollinen, markkinalähtöinen rakenne toimivat päällekkäin. (2) Puuttuvia rakenteita on sekä markkinan kontekstissa että markkinatasolla. Puutteet ovat osittain seurausta vanhojen rakenteiden korvaantumisesta uusilla, jotka eivät ole institutionalisoituneet. (3) Yritykset voivat käyttää samoja mahdollisuuuksia reagoida puuttuviin markkinarakenteisiin Pohjois-Koreassa, joita kehittyvien markkinoiden yhteydessä on esitetty. Sen tulkittiin vähentävän käsitystä, jonka mukaan Pohjois-Korean markkina on liian erikoinen yritystoiminnalle. (4) Kasvava keskiluokka sekä yrittäjyyden ja naisten yhä merkittävämpi rooli liike-elämässä aiheuttavat alhaalta ylöspäin suuntautuvaa kehitystä markkinoilla. Nämä ovat merkkejä viimeaikaisesta kehityksestä, jotka eivät ole saaneet laajaa huomiota länsimaisessa mediassa. Se korostaa tarvetta liiketaloudelliselle, ajantasaiselle jatkotutkimukselle Pohjois-Korean markkinoista.