The most significant new risk for businesses and governments is related to cyber security (NCSC, 2018). The formation of public-private partnerships (PPP) is perhaps the optimal way to facilitate...Show moreThe most significant new risk for businesses and governments is related to cyber security (NCSC, 2018). The formation of public-private partnerships (PPP) is perhaps the optimal way to facilitate collaboration between the parties. The purpose of this qualitative study is to shed light on the Information Sharing and Analysis Center (ISAC) for the cyber security of the critical infrastructure in the Netherlands, specifically the energy sector. To construct this thesis, the research question “To what extent could the Energy-ISAC be considered effective in supporting the state for cyber securing the Dutch Critical Infrastructure in the energy sector?” is used. Before assessing the efficacy of the Energy-ISAC, it is first determined what kind of PPP the Energy-ISAC is. Van Montfort et al. (2012) classified three types of PPPs, the alliance, concessions, and improvisation model. Moreover, the four problems of PPPs by Dunn-Cavelty and Suter (2009) are used to discover any shortcomings of the Energy-ISAC. As for the analysis, the alliance model is found most applicable to the Energy-ISAC due to the presence of a horizontal hierarchy and mutual dependency (Vos et al., 2017). Furthermore, the application of the public-private partnership of the energy-ISAC assures that there are very few to no adverse consequences currently. However, a contradiction between the logic of security and the logic of PPP, is an exception to this rule and evident in the energy-ISAC (Dunn-Cavelty & Suter, 2009). This study sheds light on the Dutch strategy to assuring cybersecurity in a critical industry, notably, the energy-ISAC, which has never been presented in studies yet. Moreover, by evaluating how effective the Dutch cyber security public-private partnership is in the energy sector, the Netherlands may strengthen their ability to withstand the effects of potential dangers, therefore improving their overall level of safety.Show less
In April and May 2007, the Republic of Estonia was the target of a coordinated cyberattack (Aday et al., 2019). The cyberattacks led to the realization that cybersecurity should be seen as a vital...Show moreIn April and May 2007, the Republic of Estonia was the target of a coordinated cyberattack (Aday et al., 2019). The cyberattacks led to the realization that cybersecurity should be seen as a vital security issue (The Estonian Foreign Policy Institute, 2008). This study dives deeper into the cybersecurity governance strategy of the Republic of Estonia concerning the protection of critical infrastructures. Through a qualitative case study design, the research question will be answered. In order to analyze the case study, the theoretical framework provided by Limba et al. (2017) will be used. This study found that the cybersecurity governance strategy of the Republic of Estonia has dramatically improved since 2007. The Republic of Estonia has sincerely matured as a country within the cybersecurity domain.Show less
Cyber defense is becoming more and more important for states' national security. The number of cyber-attacks has risen globally, including attacks against critical infrastructures. A trend that has...Show moreCyber defense is becoming more and more important for states' national security. The number of cyber-attacks has risen globally, including attacks against critical infrastructures. A trend that has also been observed in Italy in recent years. The cyber defense institutional framework went through significant development. This qualitative case study research aims to answer the following research question: To what extent does the Italian cyber defense meet the Potomac Institute Cyber Readiness Index 2.0 (CRI 2.0) Criteria? To answer this question, the indicators of the categories Statement, Organization, Resources, and Implementation of the element Defense and Crisis response in the CRI 2.0 (Hathaway et al., 2015) are analyzed in Italian cyber defense. The results by Hathaway et al. (2016) conclude that Italian cyber defense is partially operational due to an unfulfilled indicator of the following categories: Statement and Resources. Therefore two of the 12 indicators of the element Defense and Crisis response are not met. This paper shows Italy's development since the analysis of cyber defense by the Potomac Institute compared to the 2016 country report in which this element was labeled as Insufficient Evidence (Hathaway et al., 2016). This research aspires to contribute to a relatively small academic body of research on Italian cyber defense.Show less
The critical infrastructure is at the core of a well-functioning society (Mussington, 2021). Through technological developments, the critical infrastructure is increasingly regulated through the...Show moreThe critical infrastructure is at the core of a well-functioning society (Mussington, 2021). Through technological developments, the critical infrastructure is increasingly regulated through the internet. However, digitalization has made the critical infrastructure more vulnerable to digital disruptions (OECD, 2012). Therefore, it is a vital interest for national governments to protect the critical infrastructure from digital threats (Mussington, 2021). Within this cybersecurity domain, a multitude of stakeholders is collaborating to carry out the governance of cybersecurity. However, yet little attention has been designated to the organizational structure of the cybersecurity governance domain, according to Kuerbis & Baldiei (2017). While zooming in on the organizational aspect, this research aims to fill this gap in academic knowledge by gaining insight into the cybersecurity governance approaches of Spain and the Netherlands regarding critical infrastructure protection. The findings of the research indicate that public-private partnerships are more prominent in the Dutch context. The Spanish cybersecurity governance approach revolves around the security services present in the country. Moreover, the study concludes that the Spanish approach is characterized by a market governance structure, whereas the Dutch are following a networked governance structure. The research framework and findings have offered the foundations to unpack the organizational structure within the cybersecurity domain. Applying other lenses on this matter will increase the academic confidence in the organizational aspect within the cybersecurity domain.Show less
This thesis aims to test the Swedish cybersecurity strategy on the ‘Guide to Developing a National Cybersecurity Strategy’ provided by the ITU et al. (2018), which consists of seven focus areas...Show moreThis thesis aims to test the Swedish cybersecurity strategy on the ‘Guide to Developing a National Cybersecurity Strategy’ provided by the ITU et al. (2018), which consists of seven focus areas with associated good practices. The research design of this study is therefore a form of qualitative descriptive data analysis with Sweden’s national cybersecurity strategy as a case study. The two primary policy documents which are analysed are ‘A National Cyber Security Strategy’, proposed by the Ministry of Justice (2017), and the ‘Swedish Cyber Security National Action Plan for the years 2019-2022’ established by the MSB et al. (2020). The results show that the Swedish national cybersecurity strategy incorporates the majority of the focus areas and associated good practices of what the ITU considers necessary to establish a sufficient national cybersecurity strategy.Show less
As society becomes increasingly dependent on networked technologies and infrastructures, the importance of good cyber defence and crisis response mechanisms becomes increasingly important (Tiirma...Show moreAs society becomes increasingly dependent on networked technologies and infrastructures, the importance of good cyber defence and crisis response mechanisms becomes increasingly important (Tiirma-Klaar, 2016). Multiple researchers have formed indices to assess how mature a country is in its cybersecurity, such as the National Cyber Security Index, the National Cyber Power Index and the Cyber Readiness Index (Cassidy et al., 2020; EGovernance Academy, 2022; Hathaway & Spidalieri, 2017). In 2017, Hathaway and Spidalieri applied the Cyber Readiness Index 2.0 on the Netherlands and concluded that in terms of defence and crisis response mechanisms, the Netherlands is not cyber ready (Hathaway & Spidalieri, 2017). Now, five years later, this paper conducts a qualitative research with a case study design by reapplying the same framework used in the CRI 2.0, consisting of 12 indicators of cyber defence and crisis response maturity, to the Netherlands in order to answer the question how the Dutch cyber defence and crisis response capabilities altered since the analysis by Hathaway and Spidalieri in 2017. It concludes that although improvements have been made, the Netherlands is still not cyber ready.Show less
Despite the fact that the number of cybersecurity attacks in the EU and their impact have continued to increase in 2020 and 2021 (ENISA, 2021) and Belgium’s – the EU capital’s country – main...Show moreDespite the fact that the number of cybersecurity attacks in the EU and their impact have continued to increase in 2020 and 2021 (ENISA, 2021) and Belgium’s – the EU capital’s country – main cybersecurity governance organization’s effectiveness has been questioned in the past (Rondelez 2018), its new cybersecurity governance strategy from 2021 (CCB, 2021) has received little scholarly attention. This paper aims to assist in filling this literature gap and to provide information in the pursuit of creating the most appropriate networked (cybersecurity) governance model (e.g., Tagarev, 2020; Yusif & Hafeez-Baig, 2021) by performing qualitative research that applies Provan and Kenis (2008) their influential three models of network governance. This paper argues that the lead organization model convincingly fits the current Belgian cybersecurity landscape, largely because of the large, authoritative, and central role of the main organization: the Centre for Cybersecurity Belgium (CCB, n.d., 2021; VSSE, n.d.-a, n.d.-b). This confirms an earlier academic prediction from 2018 that the Belgian landscape would develop into a lead organization network (Rondelez, 2018).Show less