This study describes what supply chain cyber-attacks are and how the energy sector is affected by this problem. The goal of the paper is to answer the research question: ‘To what extent can an...Show moreThis study describes what supply chain cyber-attacks are and how the energy sector is affected by this problem. The goal of the paper is to answer the research question: ‘To what extent can an increased institutional cooperation between the EU and the US create more secure supply chains within the energy sector?’. By assessing the Dragonfly 2.0 and the NotPetya cyberattacks on specifically energy sector companies, the study shows the limitations of the sectors’ cyber resilience. Possibilities in creating a more secure energy sector and its supply chains are to be found in increased cooperation between states. The transatlantic cooperation between the EU and the US is analyzed to examine how the two can support each other in creating a more secure cyberspace in the energy sector. More specifically, neoliberal institutionalism is used to explain the cooperation between the two via institutions. When states cooperate via institutions, they need to follow the same rules and need to adhere to the same security standards. For the energy supply chains, this can be one of the main ways to increase security, as there are collective rules and standards for these interconnected and complex chains. The study tries to build upon this theory of institutional neoliberalism to explore when states are willing to cooperate via institutions.Show less
Disruptions to the routine operations of ICTs in conflict situations have made cybersecurity come to ascend a prominent position in the legal and political decision-makeing of the EU....Show moreDisruptions to the routine operations of ICTs in conflict situations have made cybersecurity come to ascend a prominent position in the legal and political decision-makeing of the EU. Europeanization has been used to describe the processes by which EU decision-makeing manifests itself in the logic of, for example, national policy outcomes of those processes (see Radaelli, 2012, p. 1 as cited by Fererro & Ackrill, 2016, p.880). The literature has pointed to the significant amount of soft law which the EU has issued to regulate cybersecurity. However, per definition EU member states are not legally obliged to implement soft law. Accordingly, by utilizing Europeanization as a conceptual frame, this thesis has sought to answer the question: To what extent has non-legally binding EU soft law on cybersecurity influenced the making of the national cybersecurity policies of its MS over time? To address the research, question the thesis has taken a small-scale empirical mixed-method approach by analyzing the extent to which specifically, Germany's and Slovakia's national cybersecurity strategies have harmonized over time toward the 2020 EU cybersecurity strategy (EUCSS) as a consequence of using the soft law document in their stagey-making. The analysis suggest that the EU cybersecurity strategy did influence the national strategy-making, but that the degree of harmonization depended on the extent to which the EUCSS aligned with national ambitions and priorities. To this end, the member states actively strived to 'Europeanize' their national cybersecurity strategies.Show less
In the recent years, the maritime industry is applying Industrial Internet of Things devices, data trending and high-speed satellite connections. While these advances in technology make business...Show moreIn the recent years, the maritime industry is applying Industrial Internet of Things devices, data trending and high-speed satellite connections. While these advances in technology make business easier for the industry, there are also drawbacks with these advances. In the past the maritime industry had an air-gap between the different systems. The probability of a cyber incident would be limited, let alone the probability of an incident propagating to a different system. Now, systems are interconnected and the risk of a cyber incident occurring is high, similar for the risk of an incident on one system propagating to another system. There are different academic studies, which have looked at maritime cyber threats as well as measures. However, there are not many qualitative studies in how the maritime industry is actually dealing with cyber threats. For this thesis, first a literature survey was conducted on cyber security onboard ships. The survey showed that most of the literature is focussed on navigation and communication systems, where there are more systems which can be attacked, such as propulsion control systems and engine control systems. The literature study also shows that the focus on measurements against attacks are solved mainly in the governance domain. The main driver that is mentioned in the literature is IMO resolution MSC.428(98). The role of the shipyards and suppliers are equipment and systems are not mentioned in the literature, as these actors are not in the scope of the resolution. Following the literature survey, semi-interviews were held with eight people working at different organisations in the maritime industry. The interviewees were selected using expert sampling and snowballing. The interviews took approximately 30-45 minutes and were held online via Teams. After the interviews were held, the interviews were transcribed and subjected to thematic analysis, where the interviews were coded and themed. The combination of the literature survey and the semi-structured interviews provided the answer to what the maritime industry is doing to deal with cyber security on board ships. The conclusion is that while the maritime industry is lagging behind other industries, it is improving. The maritime industry is realising that cyber security is an important aspect of their daily business. Due to the many different actors involved in the maritime industry, there is a need for clear requirements and responsibilities. From top down, this starts with international organisations and classification societies in combination with owners enforcing requirements during the life time of a ship to the shipyards and suppliers of equipment and systems. To ensure that all parties are complying with the rules and regulations and that the systems on board the vessel work as intended, it is recommended to put one party in charge of cyber security on board ships.Show less
Blockchain technologie heeft een aantal kenmerken die er voor zorgen dat het gezien wordt als dé toekomst voor veilige informatieopslag. Echter zijn er nog weinig onderzoeken gedaan naar de werking...Show moreBlockchain technologie heeft een aantal kenmerken die er voor zorgen dat het gezien wordt als dé toekomst voor veilige informatieopslag. Echter zijn er nog weinig onderzoeken gedaan naar de werking van deze technologie binnen de publieke sector. Estland is een van de weinige landen waar blockchain technologie reeds is geïmplementeerd. Echter bleek uit de bevindingen van dit onderzoek dat Estland slechts een aantal elementen van de technologie heeft gebruikt, voornamelijk hebben ze ingezet op het gebruiken van het hashing systeem, dat een belangrijke rol speelt binnen de blockchain technologie. Daarnaast bleef het land grote aantallen cyberincidenten kennen. Om die redenen is geconcludeerd dat binnen de case van blockchain technologie in Estland een geringe impact van de technologie op gebied van de cybersecurity in het land is aangetroffen. Meer onderzoek naar blockchain in de publieke sector is nodig om de daadwerkelijke impact op gebied van cybersecurity vast te stellen.Show less
The expanding prominence of the internet in people’s daily lives presents them with having to make increasingly more decisions regarding their privacy online. The privacy paradox brings an...Show moreThe expanding prominence of the internet in people’s daily lives presents them with having to make increasingly more decisions regarding their privacy online. The privacy paradox brings an interesting phenomenon into these decisions. This concept describes the discrepancy between people’s attitude and behaviour towards privacy. Following one of the explanatory models of the privacy paradox, this quantitative thesis investigates the role of privacy awareness on privacy encroaching policies. It does so by an experimental research design consisting of a survey, which resulted in a sample of 69 participants. Results of this study show that, although a negative relationship between the two variables exist, this relationship cannot be concluded with certainty as the results prove not statistically significant. Therefore, this thesis aligns with the argument of the ongoing debate on privacy awareness that states that privacy awareness does not have a significant influence on support for privacy encroaching policies. Concluding, this thesis emphasizes the need for reassessment of the factor privacy awareness in other conditions, as well as the continuation of research of other explanatory factors.Show less
Cybercrime is not clearly defined. This is an important issue as academics, but also law and policymakers are not able to tackle the issue sufficiently without knowing the boundaries of the concept...Show moreCybercrime is not clearly defined. This is an important issue as academics, but also law and policymakers are not able to tackle the issue sufficiently without knowing the boundaries of the concept. Defining what the boundaries are, is important to identify if it is a crime and to establish international consensus on the topic with regards to law enforcement. This thesis aimed to map out the debate regarding the definition of ‘cybercrime’. A database of 139 sources was created and divided into three categories; sources that used no definition, sources that were about the debate itself and the last category, sources that provided/stated a definition on cybercrime (see Appendix A). In this category, two main camps were identified. One following the Budapest Convention on Cybercrime definition and one where the role of technology was deemed the centre point of the definition. ‘Technology’ was an important concept but the meaning of this term differed across the definitions. Finally, to provide new angles for this research gap, the ‘cybercrime’ definition debate was compared to the ‘white-collar crime’ definition debate. Three uncertainties that Quinney (1964) described were compared to the findings from the database. Two uncertainties were comparable. This means that this is not a new discussion but rather history repeating itself in another form. This opens up possible new opportunities and angles for research.Show less
This thesis aims at exploring the relationship between the EU’s formulated ambition to be more active at the international level and the EU’s external cybersecurity strategy. In order to do that,...Show moreThis thesis aims at exploring the relationship between the EU’s formulated ambition to be more active at the international level and the EU’s external cybersecurity strategy. In order to do that, the thesis will answer the following research question: “How coherent is the European Union’s external cybersecurity strategy with the EU’s willingness to become more active at the international level ?” More precisely, the thesis will assess whether the EU’s external cybersecurity strategy corresponds to the key principles and helps fulfill the objectives set out by the 2016's European Union Global Strategy (EUGS) for the EU to become more active externally. The thesis is based on content analysis of the documents on cybersecurity published by the EU from 2013, the year of the first EU cybersecurity strategy's publication, to december 2020, when the second EU cybersecurity strategy was released.Show less
In light of the growth in cyberattacks occurring over the past few years, especially after the devastating effects of NotPetya and WannaCry malwares, this thesis reviews the application of the...Show moreIn light of the growth in cyberattacks occurring over the past few years, especially after the devastating effects of NotPetya and WannaCry malwares, this thesis reviews the application of the securitisation theory to the phenomenon of cyberattacks. It addresses the shortcomings of the theoretical framework proposed by the Copenhagen School of thoughts with regards to this particular security area and suggests an adapted approach, more flexible and contextual. The paper develops its thesis in the context of Russian cyberattacks against the Ukrainian power grid and infrastructures that occurred in recent years.Show less
In the European debate on the Common Foreign and Security Policy (CFSP) there has been little success in the achievement of a Union-wide security strategy. This sensitive area of national defense...Show moreIn the European debate on the Common Foreign and Security Policy (CFSP) there has been little success in the achievement of a Union-wide security strategy. This sensitive area of national defense and security causes member states to rely on their own resources and capabilities in this field. The European Network and Infrastructure Security Agency (ENISA) was created in 2004. This agency gained more responsibilities and opportunities when their mandates were extended. Working in the field of cybersecurity, the Agency offers advice to member states on a voluntary basis, and works closely with industries in the private sector. As recent as December 2018, ENISA has the possibility to legislate in the field of common security. Does this Agency cautiously open the door to a Union with a Common Security Policy? As we will see there is an inevitable political influence of the Agency which underlines its relevance in the CFSP debate.Show less
This thesis provides an analysis of international cybersecurity regulations within the United Nations Group of Governmental Experts. With China as one of the world's largest influential actors...Show moreThis thesis provides an analysis of international cybersecurity regulations within the United Nations Group of Governmental Experts. With China as one of the world's largest influential actors within the field of cybersecurity, a perspective from the country's foreign policy is given. This is realised using documents and meeting reports of the United Nations GGEs from 2013 to 2017 in order to measure the impact of China within its decision-making. By incorporating China's international objectives on information security within the broader context of the United Nations, the reasons for success and failure within the UN GGEs are determined. China's impact on cybersecurity seems to be significant but not determinative within the outcome of the international cooperation of United Nations cybersecurity policy.Show less
There are few inventions whose impact on political, economic and social life is comparable to that of the Internet, as an increasing number of functions are conducted online. As the report...Show moreThere are few inventions whose impact on political, economic and social life is comparable to that of the Internet, as an increasing number of functions are conducted online. As the report Cybersecurity Policy Making at a Turning Point highlights: “Cybersecurity strategies recognize that the economy, society and governments now rely on the Internet for many essential functions and that cyber-threats have been increasing and evolving at a fast pace” (OECD,9). Increased reliance on the Internet presents significant security challenges, as the more services that are conducted online, the greater the risks associated with cyber-attacks. This risk is intensified by cyberspace’s disregard for national borders allows cyber-threats to move rapidly across the globe and in that manner cause harm to civilians and governments (Green and Rossini, 4). Therefore, this thesis aims to develop a deeper understanding of cyberspace’s effects on global affairs, especially in regards to situations of interstate tension or conflict. Central to this study, is the question of how inter-state tensions and conflicts are being shaped by developments in cyberspace.Show less
In the past five years, a variety of social movements have used the information and communication technologies (ICTs) in ways that were not foreseen in order to coordinate, debate, denounce and...Show moreIn the past five years, a variety of social movements have used the information and communication technologies (ICTs) in ways that were not foreseen in order to coordinate, debate, denounce and protest. The participants in these actions have brought publicity to practices of hacktivism, an integration of activism and ICTs (mobile phones, Internet, computers, and dedicated applications) which aims to expand political, social and economic freedom. The aim of this paper is to identify which aspects of hacktivism are problematic in regulatory terms, hindering the fulfilment of its positive effects. This study conducts a preliminary, descriptive and analytical account of these problems focusing, first, on hacktivism internally (its conceptualisation, typology and consequences), to proceed to the problems linked to its context (global Internet governance, EU multilateralism and self-regulated regulation). Lastly, these challenges are briefly categorised and attention is paid to how new directions in decision-making methods may be incorporated into EU Impact Assessment in order to systematically identify new problems that may arise in the future.Show less
