State-level Cyber Resilience: A Conceptual Framework

Hubbard, Geoffrey

doi:10.5604/01.3001.0053.7401

Artykuł - szczegóły

Tytuł artykułu

State-level Cyber Resilience: A Conceptual Framework

Autorzy

Hubbard Geoffrey

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.5604/01.3001.0053.7401

Warianty tytułu

Języki publikacji

Abstrakty

There is currently a gap in our academic and practical understanding of the concept of resilience in cyber space at the level of the state, hampering research and policy- making due to the lack of a rigorously constructed, shared terminology. This article contributes to this area by providing a comprehensive capacities-based conceptualisation of state-level cyber resilience. After establishing that cyber resilience is necessary and that it should be developed at the state level, we perform a rigorous exploration of the concept of resilience as it pertains to the different areas involved in state-level cyber resilience. Seeking the most salient characteristics of each one, we identify from the general concept of resilience that it is a non-static process requiring an availability of assets; from state resilience, we identify that resilience capacities are harboured at multiple levels and across actors within the polity; and from cyber resilience, we identify that there is a plethora of different potential damages. Taking all this into consideration, our resulting concept of state-level cyber resilience is the following: the ability of a state, which (a) is made up of multiple layers, to (b) harness a set of key assets in order to (c) confront a particular type of damage to its cyber space, by (d) going through the stages of coping and eventually recovering to its normal state. Having constructed this conceptual framework, this work aids researchers and decision-makers by providing a common terminology and fostering a systematic, multidimensional approach to states’ capacity for resilience in cyber-space.

Słowa kluczowe

cybersecurity cyberspace critical infrastructure national security smart cities

cyberbezpieczeństwo cyberprzestrzeń infrastruktura krytyczna bezpieczeństwo narodowe inteligentne miasta

Wydawca

NASK – National Research Institute

Czasopismo

Applied Cybersecurity & Internet Governance

Rocznik

2023

Tom

Vol. 2, No. 1

Strony

1--14

Opis fizyczny

Bibliogr. 33 poz., tab

Twórcy

autor

Hubbard Geoffrey

geoffrey.hubbard@tum.de

Bavarian School of Public Policy, Technical University of Munich, Germany

https://orcid.org/0000-0002-0771-292X

Bibliografia

1. J. Ryan, A history of the Internet and the digital future. London: Reaktion Books, 2010.
2. H. Kissinger, World order. New York: Penguin Press, 2014.
3. World Economic Forum, The Global Risks Report 2018, 2018. [Online]. Available: http://www3.weforum.org/docs/WEF_GRR18_Report.pdf. [Accessed: May 4, 2023].
4. C. Bing, S. Kelly. (2021). Cyber attack shuts down U.S. fuel pipeline “jugular,” Biden briefed. [Online].Available: https://www.reuters.com/technology/colonial-pipeline-halts-all-pipeline-operations-aftercybersecurity-attack-2021-05-08/. [Accessed: Dec. 1, 2021].
5. U.S. Government Accountability Office. (2021, May 18). Colonial Pipeline Cyberattack Highlights Need for Better Federal and Private-Sector Preparedness (infographic), U.S. GAO. [Online]. Available: https://www.gao.gov/blog/colonial-pipeline-cyberattack-highlights-need-better-federal-and-private-sector-preparednessinfographic. [Accessed: May 4, 2023].
6. U.S. Department of Justice. (2021, June 7). Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside. [Online]. Available: https://www.justice.gov/opa/pr/department-justiceseizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside. [Accessed: May 4, 2023].
7. C. Thorbecke. (2021). Gas hits highest price in 6 years, fuel outages persist despite Colonial Pipeline restart. [Online]. Available: https://abcnews.go.com/US/gas-hits-highest-price-years-fuel-outagespersist/story?id=77735010. [Accessed: May 5, 2023].
8. E. Bellini, S. Marrone, “Towards a novel conceptualization of Cyber Resilience,” 2020 IEEE World Congress on Services (SERVICES), pp. 189–196, 2020, doi: 10.1109/SERVICES48979.2020.00048.
9. F. Björck, M. Henkel, J. Stirna, J. Zdravkovic, “Cyber Resilience – Fundamentals for a Definition,” in New Contributions in Information Systems and Technologies, vol. 353, A. Rocha, A. M. Correia, S. Costanzo, and L. P. Reis, Eds. Cham: Springer International Publishing, pp. 311–316, 2015, doi: 10.1007/978-3-319-16486-1_31.
10. H. Tiirmaa-Klaar, “Building national cyber resilience and protecting critical information infrastructure,” Journal of Cyber Policy, vol. 1, no. 1, pp. 94–106, 2016, doi: 10.1080/23738871.2016.1165716.
11. D. Kuehl, “From Cyberspace to Cyberpower: Defining the Problem,” in Cyberpower and National Security, F. D. Kramer, S. H. Starr, L. K. Wentz, Eds. 1st ed.Washington, DC: National Defense University Press, 2009, pp. 24–42.
12. M. Dunn Cavelty, “Cyber-Security,” in Contemporary Security Studies, A. Collins, Ed., Oxford: Oxford University Press, 2016, pp. 400–416.
13. J. S. Nye, The future of power, 1st ed. New York: Public Affairs, 2011.
14. N. Choucri, “Emerging Trends in Cyberspace: Dimensions & Dilemmas,” Cyberspace: Malevolent Actors, Criminal Opportunities and Strategic Competition, 2012, pp. 1–19. [Online]. Available: https://nchoucri.mit.edu/sites/default/files/documents/[Choucri]%202012%20Emerging%20Trends%20in%20Cyberspace-Dimensions%20%26%20Dilemmas.pdf. [Accessed: May 5, 2023].
15. C. Demchak, “Cybered Conflict, Cyber Power, and Security Resilience as Strategy,” in Cyberspace and national security: threats, opportunities, and power in a virtual world, D. S. Reveron, Ed., Washington, DC: Georgetown University Press, 2012, pp. 121–136.
16. U. Beck, "Risk society: towards a new modernity," in Theory, culture & society. London, Newbury Park, New Delhi: Sage Publications, 1992.
17. U. Beck, World at risk. Cambridge: Polity Press, 2009.
18. M. Shimizu, A. L. Clark, Nexus of Resilience and Public Policy in a Modern Risk Society. Singapore: Springer Singapore, 2019. doi: 10.1007/978-981-10-7362-5.
19. T. Prior, J. Hagmann, “Measuring resilience: methodological and political challenges of a trend security concept,” Journal of Risk Research, vol. 17, no. 3, pp. 281–298, 2014, doi: 10.1080/13669877.2013.808686.
20. C. Fjäder, “The nation-state, national security and resilience in the age of globalisation,” Resilience, vol. 2, no. 2, pp. 114–129, 2014, doi: 10.1080/21693293.2014.914771.
21. I. Linkov, A. Kott, "Fundamental Concepts of Cyber Resilience: Introduction and Overview," in Cyber Resilience of Systems and Networks, A. Kott, I. Linkov, Eds. Cham: Springer International Publishing, 2019, pp. 1–25. doi: 10.1007/978-3-319-77492-3_1.
22. D. A. Sepúlveda Estay, R. Sahay, M. B. Barfod, C. D. Jensen, “A systematic review of cyber-resilience assessment frameworks,” Computers & Security, vol. 97, 2020, doi: 10.1016/j.cose.2020.101996.
23. K. Hausken, “Cyber resilience in firms, organizations and societies,” Internet of Things, vol. 11, 2020, doi: 10.1016/j.iot.2020.100204.
24. E. G. Carayannis, E. Grigoroudis, S. S. Rehman, N. Samarakoon, “Ambidextrous Cybersecurity: The Seven Pillars (7Ps) of Cyber Resilience,” IEEE Trans. Eng. Manage., vol. 68, no. 1, pp. 223–234, 2021, doi: 10.1109/TEM.2019.2909909.
25. S. Walklate, R. McGarry, G. Mythen, “Searching for Resilience: A Conceptual Excavation,” Armed Forces & Society, vol. 40, no. 3, pp. 408–427, 2014, doi: 10.1177/0095327X12465419.
26. A. F. K. Organski, World politics, 2nd ed. New York: Alfred A. Knopf, 1968.
27. J. Rowland, M. Rice, S. Shenoi, “The anatomy of a cyber power,” International Journal of Critical Infrastructure Protection, vol. 7, no. 1, pp. 3–11, 2014, doi: 10.1016/j.ijcip.2014.01.001.
28. G. Ahmadi-Assalemi, H. Al-Khateeb, G. Epiphaniou, C. Maple, “Cyber Resilience and Incident Response in Smart Cities: A Systematic Literature Review,” Smart Cities, vol. 3, no. 3, pp. 894–927, 2020, doi: 10.3390/smartcities3030046.
29. A. Vespignani, “The fragility of interdependency,” Nature, vol. 464, no. 7291, pp. 984–985, 2010, doi: 10.1038/464984a.
30. H.M. Government. (2021). National Cyber Strategy 2022. [Online]. Available: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1040805/National_Cyber_Strategy_-_FINAL_VERSION.pdf. [Accessed: May 5, 2023].
31. M. Flournoy, M. Sulmeyer, “Battlefield Internet,” Foreign Affairs, vol. 97, no. 5, pp. 40–46, 2018.
32. J. Voo, I. Hemani, S. Jones, D. Winnona, D. Cassidy, et al. (2020). National Cyber Power Index 2020. [Online]. Available: https://www.belfercenter.org/publication/national-cyber-power-index-2020. [Accessed: Dec. 10, 2021].
33. I. Linkov, D. A. Eisenberg, K. Plourde, T. P. Seager, J. Allen, A. Kott, “Resilience metrics for cyber systems,”Environ Syst Decis, vol. 33, no. 4, pp. 471–476, 2013, doi: 10.1007/s10669-013-9485-y.

Uwagi

Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-2d706910-2c90-43af-a2e0-838884ce7ea6