Incidencia de las agresiones a la seguridad cibernética en el desarrollo informático de las Fuerzas Armadas de Estados Unidos (2003-2013)

La presente investigación tiene como objetivo analizar la incidencia de las agresiones cibernéticas en el desarrollo informático de las Fuerzas Armadas de Estados Unidos. Los diferentes estudios que se han realizado sobre el ciberespacio se han enfocado en el papel del individuo como actor principal y se ha dejado de lado las repercusiones que éste ha tenido para el Estado, como un nuevo eje de amenazas. Teniendo en cuenta lo anterior, esta investigación demostrará a partir del concepto de securitización, que se busca priorizar la “ciberseguridad” dentro de la agenda del gobierno estadounidense. Al ser este un estudio que aborda experiencias concretas durante un periodo de tiempo de más de 10 años, el diseño metodológico de la investigación será longitudinal, ya que abarcará estudios, artículos, textos y resoluciones que se han realizado desde 2003 hasta la actualidad.

An emergent security risk : critical infrastructures and information warfare

This paper examines the emergent security risk that information warfare poses to critical infrastructure systems, particularly as governments are increasingly concerned with protecting these assets against attack or disruption. Initially it outlines critical infrastructure systems and the notion of information warfare. It then discusses the potential implications and examining the concerns and vulnerabilities such cyber attacks would pose, utilising exemplar online attack occurrences. It then examines the current Australian situation before suggesting some considerations to mitigate the potential risk that information warfare poses to critical infrastructure systems, and by association: government, industry and the wider community.

Development of a supply chain management security risk management method : a conceptual model

This paper continues the prior research undertaken by Warren and Leitch (2009), in which a series of initial research findings were presented. These findings identified that in Australia, Supply Chain Management (SCM) systems were the weak link of Australian critical infrastructure. This paper focuses upon the security and risk issues associated with SCM systems and puts forward a new SCM Security Risk Management method, continuing the research presented at the European Conference of Information Warfare in 2009.This paper proposes a new Security Risk Analysis model that deals with the complexity of protecting SCM critical infrastructure systems and also introduces a new approach that organisations can apply to protect their SCM systems. The paper describes the importance of SCM systems from a critical infrastructure protection perspective. The paper then discusses the importance of SCM systems in relation to supporting centres of populations and gives examples of the impact of failure. The paper proposes a new SCM security risk analysis method that deals with the security issues related to SCM security and the security issues associated with Information Security. The paper will also discuss a risk framework that can be used to protect against high and low level associated security risks using a new SCM security risk analysis method.

Past and future evolution of Abies alba forests in Europe - comparison of a dynamic vegetation model with palaeo data and observations

Information on how species distributions and ecosystem services are impacted by anthropogenic climate change is important for adaptation planning. Palaeo data suggest that Abies alba formed forests under significantly warmer-than-present conditions in Europe and might be a native substitute for widespread drought-sensitive temperate and boreal tree species such as beech (Fagus sylvatica) and spruce (Picea abies) under future global warming conditions. Here, we combine pollen and macrofossil data, modern observations, and results from transient simulations with the LPX-Bern dynamic global vegetation model to assess past and future distributions of A. alba in Europe. LPX-Bern is forced with climate anomalies from a run over the past 21 000 years with the Community Earth System Model, modern climatology, and with 21st-century multimodel ensemble results for the high-emission RCP8.5 and the stringent mitigation RCP2.6 pathway. The simulated distribution for present climate encompasses the modern range of A. alba, with the model exceeding the present distribution in north-western and southern Europe. Mid-Holocene pollen data and model results agree for southern Europe, suggesting that at present, human impacts suppress the distribution in southern Europe. Pollen and model results both show range expansion starting during the Bølling–Allerød warm period, interrupted by the Younger Dryas cold, and resuming during the Holocene. The distribution of A. alba expands to the north-east in all future scenarios, whereas the potential (currently unrealized) range would be substantially reduced in southern Europe under RCP8.5. A. alba maintains its current range in central Europe despite competition by other thermophilous tree species. Our combined palaeoecological and model evidence suggest that A. alba may ensure important ecosystem services including stand and slope stability, infrastructure protection, and carbon sequestration under significantly warmer-than-present conditions in central Europe.

Dialogue, partnership and empowerment for network and information security:the changing role of the private sector from objects of regulation to regulation shapers

The protection of cyberspace has become one of the highest security priorities of governments worldwide. The EU is not an exception in this context, given its rapidly developing cyber security policy. Since the 1990s, we could observe the creation of three broad areas of policy interest: cyber-crime, critical information infrastructures and cyber-defence. One of the main trends transversal to these areas is the importance that the private sector has come to assume within them. In particular in the area of critical information infrastructure protection, the private sector is seen as a key stakeholder, given that it currently operates most infrastructures in this area. As a result of this operative capacity, the private sector has come to be understood as the expert in network and information systems security, whose knowledge is crucial for the regulation of the field. Adopting a Regulatory Capitalism framework, complemented by insights from Network Governance, we can identify the shifting role of the private sector in this field from one of a victim in need of protection in the first phase, to a commercial actor bearing responsibility for ensuring network resilience in the second, to an active policy shaper in the third, participating in the regulation of NIS by providing technical expertise. By drawing insights from the above-mentioned frameworks, we can better understand how private actors are involved in shaping regulatory responses, as well as why they have been incorporated into these regulatory networks.

A cyber exercise post assessment framework: In Malaysia perspectives

Critical infrastructures are based on complex systems that provide vital services to the nation. The complexities of the interconnected networks, each managed by individual organisations, if not properly secured, could offer vulnerabilities that threaten other organisations’ systems that depend on their services. This thesis argues that the awareness of interdependencies among critical sectors needs to be increased. Managing and securing critical infrastructure is not isolated responsibility of a government or an individual organisation. There is a need for a strong collaboration among critical service providers of public and private organisations in protecting critical information infrastructure. Cyber exercises have been incorporated in national cyber security strategies as part of critical information infrastructure protection. However, organising a cyber exercise involved multi sectors is challenging due to the diversity of participants’ background, working environments and incidents response policies. How well the lessons learned from the cyber exercise and how it can be transferred to the participating organisations is still a looming question. In order to understand the implications of cyber exercises on what participants have learnt and how it benefits participants’ organisation, a Cyber Exercise Post Assessment (CEPA) framework was proposed in this research. The CEPA framework consists of two parts. The first part aims to investigate the lessons learnt by participants from a cyber exercise using the four levels of the Kirkpatrick Training Model to identify their perceptions on reaction, learning, behaviour and results of the exercise. The second part investigates the Organisation Cyber Resilience (OCR) of participating sectors. The framework was used to study the impact of the cyber exercise called X Maya in Malaysia. Data collected through interviews with X Maya 5 participants were coded and categorised based on four levels according to the Kirkpatrick Training Model, while online surveys distributed to ten Critical National Information Infrastructure (CNII) sectors participated in the exercise. The survey used the C-Suite Executive Checklist developed by World Economic Forum in 2012. To ensure the suitability of the tool used to investigate the OCR, a reliability test conducted on the survey items showed high internal consistency results. Finally, individual OCR scores were used to develop the OCR Maturity Model to provide the organisation cyber resilience perspectives of the ten CNII sectors.

Identificação e Caraterização de Infraestruturas Críticas – Uma Metodologia

A proteção das Infraestruturas Críticas tornou-se numa questão essencial no sistema internacional e nos Estados. Mais recentemente, Portugal começou a acompanhar esta tendência. Neste debate, torna-se de crucial importância, a identificação das infraestruturas que devem ser consideradas como críticas. Esta identificação terá como principal objetivo a redução das suas vulnerabilidades e a eficiência no emprego de recursos para a proteção das mesmas. Mas que critérios e indicadores, em cada setor/subsetor, possibilitam uma adequada metodologia para a identificação e caraterização das Infraestruturas Críticas em Portugal? Com vista a responder a esta problemática será analisada a metodologia adotada por Portugal, bem como as componentes da metodologia de identificação e caraterização de Infraestruturas Críticas utilizadas em países e organizações de referência. Esta investigação tem como objetivo geral identificar de áreas de melhoria na metodologia adotada pela Autoridade Nacional de Proteção Civil e, com base na análise da metodologia usada em organizações e países de referência, contribuir para a identificação e caraterização das IC em Portugal. Conclui-se que a Identificação e Caraterização de Infraestruturas Críticas nacionais deve ser aplicada na primeira fase do processo de elaboração do Programa Nacional de Proteção de Infraestruturas Críticas, apresentando, simultaneamente, uma definição de Infraestrutura Crítica, através de possíveis agrupamentos em setores, critérios e indicadores a adotar. Abstract: Critical infrastructure protection has become a key issue for states in the international system. Recently, Portugal has joined this trend. In this debate, the identification of structures to be considered critical infrastructure becomes crucial. This process of identification should have as key purpose the reduction of these infrastructures, and an efficient use of resources in protecting them. However, which criteria and indicators, for each sector/ sub-sector, allow for an adequate methodology for identifying and characterizing critical infrastructures in Portugal? In order to answer this, this research will analyse the methodology adopted by the National Civil Protection Authority, as well as some methodology components for identifying and characterizing critical infrastructure used by reference countries and organizations. The main purpose of this research is thus to contribute to the development of a methodology to be used in Portugal, through the development of criteria and indicators that prove adequate to identifying and characterizing Portuguese critical infrastructure. It concludes that the identification and characterization of national critical infrastructures should be applied in the first phase of elaborating a national program for the protection of critical infrastructures, while simultaneously presenting a definition of critical infrastructure, through possible grouping in sectors, criteria and indicators to adopt.

Security protection for critical infrastructure

Understanding and managing information infrastructure (II) security risks is a priority to most organizations dealing with information technology and information warfare (IW) scenarios today (Libicki, 2000). Traditional security risk analysis (SRA) was well suited to these tasks within the paradigm of computer security, where the focus was on securing tangible items such as computing and communications equipment (NCS,1996; Cramer, 1998). With the growth of information interchange and reliance on information infrastructure, the ability to understand where vulnerabilities lie within an organization, regardless of size, has become extremely difficult (NIPC, 1996). To place a value on the information that is owned and used by an organization is virtually an impossible task. The suitability of risk analysis to assist in managing IW and information infrastructure-related security risks is unqualified, however studies have been undertaken to build frameworks and methodologies for modeling information warfare attacks (Molander, Riddile, & Wilson, 1996; Johnson, 1997; Hutchinson & Warren, 2001) which will assist greatly in applying risk analysis concepts and methodologies to the burgeoning information technology security paradigm, information warfare.