Master thesis | Crisis and Security Management (MSc)
closed access
The focus of this paper is the security cooperation between FIU-NL and Europol, organizations that annually process transaction data on millions of EU-citizens. The author makes the case that...Show moreThe focus of this paper is the security cooperation between FIU-NL and Europol, organizations that annually process transaction data on millions of EU-citizens. The author makes the case that Function Creep, “the expansion of the use of a system or token to include other functions not originally envisioned by their promotors” undermines trust and therefore hinders security cooperations. Through the application of Whelans network theory and the concept of Function Creep in a case study design. The case study is of the implementation of the integration of FIU.net, a decentralized system, into SIENA, Europols centralized database. The author argues that a clear negative impact on trust is found, even when the Function Creep is only ‘intended’ and aims to expand upon the commonly understood conceptualization of Function Creep.Show less
Master thesis | Crisis and Security Management (MSc)
open access
Increasingly, law enforcement focuses on the prevention of crime. In this approach, the role of information is important. Especially combined with the technological advancements of Internet and...Show moreIncreasingly, law enforcement focuses on the prevention of crime. In this approach, the role of information is important. Especially combined with the technological advancements of Internet and social media make that using publicly accessible information is inevitable. Whether this implies that such “open-source information” is freely accessible to law enforcement officers tasked with intelligence-led policing and creating intelligence remains to be the question. By means of a literary analysis, document analysis, interviews with practitioners and a single case study this research aimed to find out how intelligence officers can make use of this vast and valuable amount of information whilst adhering to security principles of surveillance and entrapment. This study found that there is no judicial framework built around creating intelligence as is the case with ongoing criminal investigations and surveillance is only partially possible. Article 3 of the Police Directive functions as the basis of officer’s functioning and any privacy breach that is more than necessary needs to be carefully considered under principles of proportionality and necessity. The assessment of these is thus vital, especially when applied to issues of national security – e.g. right-wing extremism – where these two principles have the opportunity of clashing. The study also found that a clear distinction between tasks of the public prosecutor and the municipality is of importance in order for intelligence officers to engage in effective intelligence-led policing. Finally, the attitude towards information as merely “nice-to-have” within intelligence-led policing needs to shift towards “need-to-have” to properly assess necessity and proportionality.Show less
"Companies in the Netherlands - and elsewhere in the world - do not spend enough resources on Cybersecurity,” a statement that can be found often in Cybersecurity reports either published by...Show more"Companies in the Netherlands - and elsewhere in the world - do not spend enough resources on Cybersecurity,” a statement that can be found often in Cybersecurity reports either published by governmental organisations as well as private Cybersecurity companies, the latter suspiciously for commercial purposes. But what is the real impact that Cybersecurity Incidents have on the Dutch economy, especially on legal-entities in the Netherlands? Where is the data that objectively provides insight in the havoc that is wrecked by Cybersecurity Incidents and would justify an increase in investment? The conclusion drawn after analysing available data is puzzling: no reliable overview of actual Cybersecurity incidents and their impact on companies in the Netherlands exists. The landscape is a scattered scene of puzzle pieces, consisting of crime data, insurance claims, data breach reports and incidents reported to the National Cyber Security Center. So we are not sure whether companies over- or underinvest in Cyber Security, we simply cannot tell on the basis of facts. Threats are out there for sure, but when they do not materialize, it could well be that the defences are fit for purpose. The annual Cybersecurity Monitor produced by Statistics Netherlands (CBS) since 2017 is available, but not based on actual incidents occurred, but on surveys, which tend to show perception rather than reality. Though it is the best dataset available and the trends of four years (2017-2020) of data are valuable, despite lack of quantified financial impact. Is the Dutch situation unique? What have other nations done to get a better and more reliable view on the size and dimension of the impact of Cybersecurity Incidents? And what solutions could be available to get an objective view of the impact of Cybersecurity incidents on Dutch legal-entities? In the domain of Road Safety, impact data is carefully measured as policy- and lawmakers use it for improving policies with the objective to decrease the impact. Similar to natural disasters of which impact is reported in scales, such as Beaufort for storms, Mercalli for earthquakes, a scale may help to report on Cybersecurity Incident impact, and serve for policy makers to obtain objective and comparable data justifying their policy proposals. With this Thesis I aim to make a contribution towards providing objective insight into the impact of Cybersecurity Incidents, by means of proposing the Cybersecurity v Incident Impact (CSI2) scale. Only by proper measuring and reporting we know what is happening out there in Dutch Cyberspace, allowing for the right policies and laws to be proposed, as well as the right level of investments to be made.Show less