Cyberspace relies on information technologies to mediate relations between different people, across different communication networks and is reliant on the supporting technology. These interactions typically occur without physical proximity and those working depending on cybersystems must be able to trust the overall human–technical systems that support cyberspace. As such, detailed discussion of cybersecurity policy would be improved by including trust as a key value to help guide policy discussions. Moreover, effective cybersystems must have resilience designed into them. This paper (...) argues that trustworthy cybersystems are a key element to resilient systems, and thus are core to cybersecurity policy. The paper highlights the importance of trustworthiness for resilient cybersystems. The importance of trustworthiness is shown through a discussion of three events where trustworthiness was the target or casualty of cyberattacks: Stuxnet, hacking of communications and the Edward Snowden revelations. The impact of losing trust is highlighted, to underpin the argument that a resilient cybersystem ought to design in trustworthiness. The paper closes off by presenting a general set of policy implications arising from recognition of the interplay between trust, trustworthiness and resilience for effective cybersecurity. (shrink)

Applications of artificial intelligence (AI) for cybersecurity tasks are attracting greater attention from the private and the public sectors. Estimates indicate that the market for AI in cybersecurity will grow from US$1 billion in 2016 to a US$34.8 billion net worth by 2025. The latest national cybersecurity and defence strategies of several governments explicitly mention AI capabilities. At the same time, initiatives to define new standards and certification procedures to elicit users’ trust in AI are emerging on (...) a global scale. However, trust in AI (both machine learning and neural networks) to deliver cybersecurity tasks is a double edged sword: it can improve substantially cybersecurity practices, but can also facilitate new forms of attacks to the AI applications themselves, which may pose severe security threats. We argue that trust in AI for cybersecurity is unwarranted and that, to reduce security risks, some form of control to ensure the deployment of ‘reliable AI’ for cybersecurity is necessary. To this end, we offer three recommendations focusing on the design, development and deployment of AI for cybersecurity. (shrink)

The ethical issues raised by cybersecurity practices and technologies are of critical importance. However, there is disagreement about what is the best ethical framework for understanding those issues. In this paper we seek to address this shortcoming through the introduction of a principlist ethical framework for cybersecurity that builds on existing work in adjacent fields of applied ethics, bioethics, and AI ethics. By redeploying the AI4People framework, we develop a domain-relevant specification of five ethical principles in cybersecurity: (...) beneficence, non-maleficence, autonomy, justice, and explicability. We then illustrate the advantages of this principlist framework by examining the ethical issues raised by four common cybersecurity contexts: penetration testing, distributed denial of service attacks (DDoS), ransomware, and system administration. These case analyses demonstrate the utility of this principlist framework as a basis for understanding cybersecurity ethics and for cultivating the ethical expertise and ethical sensitivity of cybersecurity professionals and other stakeholders. (shrink)

The advent of Generative AI, particularly through Large Language Models (LLMs) like ChatGPT and its successors, marks a paradigm shift in the AI landscape. Advanced LLMs exhibit multimodality, handling diverse data formats, thereby broadening their application scope. However, the complexity and emergent autonomy of these models introduce challenges in predictability and legal compliance. This paper analyses the legal and regulatory implications of Generative AI and LLMs in the European Union context, focusing on liability, privacy, intellectual property, and cybersecurity. It (...) examines the adequacy of the existing and proposed EU legislation, including the Artificial Intelligence Act (AIA), in addressing the challenges posed by Generative AI in general and LLMs in particular. The paper identifies potential gaps and shortcomings in the EU legislative framework and proposes recommendations to ensure the safe and compliant deployment of generative models. (shrink)

Abstract—The purpose of this study is to highlight and prove the positive impact in which blockchain could have on today’s IoT environment in terms of providing Cybersecurity for not just organizations, but other individuals who share data via the internet. The current IoT environs operates on a centralized cloud based server, meanwhile block chain operates on a decentralized server. The differentiation between the both plays a major role in the level of security they both provide; whereby, decentralized systems are (...) less vulnerable to cyber-attacks and centralized ones are not. In this report, real life illustrations are used to justify the knowledge that the block chain security could serve as a saving grace for internet users. Also, this form of security seems to be the only way to eradicate all forms of insecurity in supply chain and IoT breaches for businesses. An in depth understanding on how the block chain system operates would show why it’s held with such high hopes and how it can be beneficial for a wide range of industries. However, this research also highlights some difficulties that might arise in implementing the block chain system. It also gives ways in which the system can be gradually implemented. Firstly, the government needs to make it mandatory for businesses that deal with national based confidential data to implement block chain in their supply chain system to boost security. Secondly, top company officials like C.E. O’s need to take genuine interest in the block chain technology by investing in its development and making it a part of employee training, which in the long run would benefit the economy and business in return. Thirdly, a merge of more public and private businesses would help push the use of block chain further. Lastly, the government should make the block chain technology easily accessible, making the official permission to implement -easy and cost effective. (shrink)

The use of the internet in the current government environment continues to grow. The increasingly complex use of the internet can cause vulnerabilities to cyber attacks in information security, which include aspects of confidentiality, integrity, and service availability, so that it can disrupt the performance of public service delivery. The systematic literature review research method was carried out because of the large amount of information and data regarding cyber security strategies. This can be traced through various information in books, scientific (...) journals, newspapers, magazines, as well as sources of information from web pages/websites via the internet. This method is important in analyzing the concept of cyber security strategy in Indonesia. The obstacles that the government has are expired devices that are still used on local government networks, which may not have the latest updates, security devices such as antiviruses have expired, human resources have not fully supported this cybersecurity. Indonesia needs policies that regulate all elements related to cyber security. This infrastructure standard must comply with international standards for dealing with cyber warfare. (shrink)

The Internet of Things (IoT) connects schemes, programs, data management, and operations, and as they continuously assist in the corporation, they may be a fresh entryway for cyber-attacks. Presently, illegal downloading and virus attacks pose significant threats to IoT security. These risks may acquire confidential material, causing reputational and financial harm. In this paper hybrid optimization mechanism and deep learning,a frame is used to detect the attack prevention in IoT. To develop a cybersecurity warning system in a huge data (...) set, the cybersecurity warning systems index system is first constructed, then the index factors are picked and measured, and finally, the situation evaluation is done.Numerous bio-inspired techniques were used to enhance the productivity of an IDS by lowering the data dimensionality and deleting unnecessary and noisy input. The Grey Wolf Optimization algorithm (GWO) is a developed bio-inspired algorithm that improves the efficacy of the IDS in detecting both regular and abnormal congestion in the network. The smart initialization step integrates the different pre-processing strategies to make sure that informative features are incorporated in the early development stages, has been improved. Researchers pick multi-source material in a big data environment for the identification and verification of index components and present a parallel reduction approach based on the classification significance matrix to decrease data underlying data characteristics. For the simulation of this situation, grey wolf optimization and whale optimization were combined to detect the attack prevention and the deep learning approach was presented. Utilizing system software plagiarism, the TensorFlow deep neural network is intended to classify stolen software. To reduce the noise from the signal and to zoom the significance of each word in the perspective of open-source plagiarism, the tokenization and weighting feature approaches are utilized. Malware specimens have been collected from the Mailing database for testing purposes. The experimental findings show that the suggested technique for measuring cyber security hazards in IoT has superior classification results to existing methods. Hence to detect the attack prevention in IoT process Whale with Grey wolf optimization (WGWO) and deep convolution network is used. (shrink)

The increasingly prominent role of digital technologies during the coronavirus pandemic has been accompanied by concerning trends in privacy and digital ethics. But more robust protection of our rights in the digital realm is possible in the future. -/- After surveying some of the challenges we face, I argue for the importance of diplomacy. Democratic countries must try to come together and reach agreements on minimum standards and rules regarding cybersecurity, privacy and the governance of AI.

The Internet of Things (IoT) is a rapidly growing technology that connects and integrates billions of smart devices, generating vast volumes of data and impacting various aspects of daily life and industrial systems. However, the inherent characteristics of IoT devices, including limited battery life, universal connectivity, resource-constrained design, and mobility, make them highly vulnerable to cybersecurity attacks, which are increasing at an alarming rate. As a result, IoT security and privacy have gained significant research attention, with a particular focus (...) on developing anomaly detection systems. In recent years, machine learning (ML) has made remarkable progress, evolving from a lab novelty to a powerful tool in critical applications. ML has been proposed as a promising solution for addressing IoT security and privacy challenges. In this article, we conducted a study of the existing security and privacy challenges in the IoT environment. Subsequently, we present the latest ML-based models and solutions to address these challenges, summarizing them in a table that highlights the key parameters of each proposed model. Additionally, we thoroughly studied available datasets related to IoT technology. Through this article, readers will gain a detailed understanding of IoT architecture, security attacks, and countermeasures using ML techniques, utilizing available datasets. We also discuss future research directions for ML-based IoT security and privacy. Our aim is to provide valuable insights into the current state of research in this field and contribute to the advancement of IoT security and privacy. (shrink)

The internet has made the world more linked than ever before. While taking advantage of this online transition, cybercriminals target flaws in online systems, networks, and infrastructure. Businesses, government organizations, people, and communities all across the world, particularly in African countries, are all severely impacted on an economic and social level. Many African countries focused more on developing secure electricity and internet networks; yet, cybersecurity usually receives less attention than it should. One of Africa's major issues is the lack (...) of adequate digital security infrastructure, which has harmed businesses, governmental institutions, and individual communities more than it has helped. The majority of African countries operate without cybersecurity measures in place to combat cyberattacks. Only a few examples of today's cyber risks include digital extortion, business email intrusion, data breaches, online fraud, ransomware, and phishing, and new types of cybercrime are always developing. Due to the advent of new technology, cybercriminals have become more organized and quicker in their attacks and alliance creation. To maintain a secure digital environment for all internet users, this study focused on the challenges, solutions, and need for African countries to improve their online safety by tackling cybercrime, online fraud, and cybersecurity concerns. The objective of this study is to offer practical and long-term answers to the problems posed by cybercrime, with a continuing emphasis on enhancing online safety. It will assess the effectiveness of cutting-edge cybersecurity measures, legislative frameworks, and cross-border cooperative efforts, as well as potential areas for improvement. Additionally, the study will examine cutting-edge methods like blockchain technology, machine learning, and other cutting-edge methods that could improve our using digital defences to stop cybercrime. (shrink)

Bayesian classifiers perform well when each of the features is completely independent of the other which is not always valid in real world applications. The aim of this study is to implement and compare the performances of each variant of the Bayesian classifier (Multinomial, Bernoulli, and Gaussian) on anomaly detection in network intrusion, and to investigate whether there is any association between each variant’s assumption and their performance. Our investigation showed that each variant of the Bayesian algorithm blindly follows its (...) assumption regardless of feature property, and that the assumption is the single most important factor that influences their accuracy. Experimental results show that Bernoulli has accuracy of 69.9% test (71% train), Multinomial has accuracy of 31.2% test (31.2% train), while Gaussian has an accuracy of 81.69% test (82.84% train). Going deeper, we investigated and found that each Naïve Bayes variants performances and accuracy is largely due to each classifier assumption, Gaussian classifier performed best on anomaly detection due to its assumption that features follow normal distributions which are continuous, while multinomial classifier have a dismal performance as it simply assumes discreet and multinomial distribution. (shrink)

The main purpose of the study is to determine the key aspects of the mechanisms of state management of the exchange of information about cyberattacks, cyber incidents, and information security incidents. The methodology includes a set of theoretical methods. Modern government, on the one hand, must take into account the emergence of such a new weapon as cyber, which can break various information systems, can be used in hybrid wars, influence political events, pose a threat to the national security of (...) any state. As a result of the study, key elements of the mechanisms of state management of the exchange of information about cyberattacks, cyber incidents, and information security incidents were identified. (shrink)

This book reports on theoretical and practical analyses of the ethical challenges connected to driving automation. It also aims at discussing issues that have arisen from the European Commission 2020 report “Ethics of Connected and Automated Vehicles. Recommendations on Road Safety, Privacy, Fairness, Explainability and Responsibility”. Gathering contributions by philosophers, social scientists, mechanical engineers, and UI designers, the book discusses key ethical concerns relating to responsibility and personal autonomy, privacy, safety, and cybersecurity, as well as explainability and human-machine interaction. (...) On the one hand, it examines these issues from a theoretical, normative point of view. On the other hand, it proposes practical strategies to face the most urgent ethical problems, showing how the integration of ethics and technology can be achieved through design practices. All in all, this book fosters a multidisciplinary approach where philosophy, ethics, and engineering are integrated, rather than just juxtaposed. It is meant to inform and inspire an audience of philosophers of technology, ethicists, engineers, developers, manufacturers, and regulators, among other interested readers. (shrink)

Besides being the title of an EP by The (International) Noise Conspiracy, “Bigger cages, longer chains!” is an anarchist rallying cry. It’s meant to ridicule those political activists who compromise their ideals, make demands and then settle for partial concessions or, to put it bluntly, bargain with the Man. In the T.V. series Mr. Robot, Christian Slater plays the anarchist leader of a hacktivist group known as fsociety. Mr. Robot won’t negotiate with the FBI and E(vil) Corp for bigger cages (...) and longer chains. He tells Elliot Anderson, the young cybersecurity expert and hacker, “We live in a kingdom of bullshit!” Victory over the tyranny of corporations and states requires radical means to achieve radical ends. Mr. Robot wants freedom without limits, total liberation from corporate and statist control, and the opportunity to live in a world without bullshit. Mr. Robot’s objective is to free citizens of first-world nations from the cages of consumer debt and citizens of third-world nations from the shackles of extreme poverty. Meeting half-way will not do. So what are the inspirations for Mr. Robot’s hacktivist philosophy? The most proximate sources are David Graeber’s anarchism, which also influenced the Occupy Wall Street movement, and the hacktivist group Anonymous’s moralfaggery, that is, the policy of some of its members to use collective computer hacking to serve the greater good. Candidates for more remote sources are Marxism and pragmatism; the former, a blueprint for freeing the working class from their bourgeois oppressors; the latter, a philosophy of action, intelligent inquiry and democratic reform. Some might object that pragmatism is too conventional to be compatible with the radical ideas that motivate Mr. Robot’s worldview. Hacktivism demands action, not mere thinking! But any organized social-political movement requires a well-thought-out plan as well as a vision of what its participants hope to achieve. Since pragmatism is a philosophy of action and reform, it’s possible that Mr. Robot is a closet pragmatist! (shrink)

Enterprise Risk Management involves the process of identification, evaluation, treatment, and communication regarding risks throughout the enterprise. To support the tasks associated with this process, several frameworks and modeling languages have been proposed, such as the Risk and Security Overlay (RSO) of ArchiMate. An ontological investigation of this artifact would reveal its adequacy, capabilities, and limitations w.r.t. the domain of risk and security. Based on that, a language redesign can be proposed as a refinement. Such analysis and redesign have been (...) executed for the risk elements of the RSO grounded in the Common Ontology of Value and Risk. The next step along this line of research is to address the following research problems: What would be the outcome of an ontological analysis of security-related elements of the RSO? That is, can we identify other semantic deficiencies in the RSO through an ontological analysis? Once such an analysis is provided, can we redesign the security elements of the RSO accordingly, in order to produce an improved artifact? Here, with the aid of the Reference Ontology for Security Engineering (ROSE) and the ontological theory of prevention behind it, we address the remaining gap by proceeding with an ontological analysis of the security-related constructs of the RSO. The outcome of this assessment is an ontology-based redesign of the ArchiMate language regarding security modeling. In a nutshell, we report the following contributions: (1) an ontological analysis of the RSO that identifies six limitations concerning security modeling; (2) because of the key role of the notion of prevention in security modeling, the introduction of the ontological theory of prevention in ArchiMate; (3) a well-founded redesign of security elements of ArchiMate; and (4) ontology-based security modeling patterns that are logical consequences of our proposal of redesign due to its underlying ontology of security. As a form of evaluation, we show that our proposal can describe risk treatment options, according to ISO 31000. Finally, besides presenting multiple examples, we proceed with a real-world illustrative application taken from the cybersecurity domain. (shrink)

The article deals with a new financial tool of attracting capital, known as Initial Coin Offering (ICO). In conditions of reduced banking lending and difficult access to finance for SMEs, ICO is viewed to be one of the possible ways to access capital. It considers the main advantages and disadvantages of ICO performance, including its typical features, challenges and regulatory approaches to tax regulation, cybersecurity. The authors of the article determine stages of the ICO mechanism, identifying potential risks and (...) ways to mitigate them, focusing primarily on the need to control and regulate ICO projects. The authors identify the main types of ICO funding, including hybrid and pure funding. The research contains an analysis of ICO trends and their duration for the period of 2013-2017. The capital raised through ICO performance over the period of 2013-2017 is analysed, and determination of the exponential trend line showing the level of its approximation is determined. The study covers the territorial distribution of ICO, in which the top positions regarding the amount of capital raised by ICO are attributed to the USA and EU member states. The existence of ICO regulation in European countries, such as Switzerland and UK, was defined positive in terms of further development of the relevant regulation in the financial market. The article considers the best ICO practices in EU member states. To mitigate risks relating to ICO performance and to increase the level of investment, it would be reasonable to create regulatory rules in every country where cases of ICO performance are reported, based on the practice of the mentioned European countries. The authors give recommendations regarding ICO regulation in Ukraine, taking into consideration the relevant European experience. (shrink)

Ambient assisted living technologies are increasingly presented and sold as essential smart additions to daily life and home environments that will radically transform the healthcare and wellness markets of the future. An ethical approach and a thorough understanding of all ethics in surveillance/monitoring architectures are therefore pressing. AAL poses many ethical challenges raising questions that will affect immediate acceptance and long-term usage. Furthermore, ethical issues emerge from social inequalities and their potential exacerbation by AAL, accentuating the existing access gap between (...) high-income countries and low and middle-income countries. Legal aspects mainly refer to the adherence to existing legal frameworks and cover issues related to product safety, data protection, cybersecurity, intellectual property, and access to data by public, private, and government bodies. Successful privacy-friendly AAL applications are needed, as the pressure to bring Internet of Things devices and ones equipped with artificial intelligence quickly to market cannot overlook the fact that the environments in which AAL will operate are mostly private. The social issues focus on the impact of AAL technologies before and after their adoption. Future AAL technologies need to consider all aspects of equality such as gender, race, age and social disadvantages and avoid increasing loneliness and isolation among, e.g. older and frail people. Finally, the current power asymmetries between the target and general populations should not be underestimated nor should the discrepant needs and motivations of the target group and those developing and deploying AAL systems. Whilst AAL technologies provide promising solutions for the health and social care challenges, they are not exempt from ethical, legal and social issues. A set of ELSI guidelines is needed to integrate these factors at the research and development stage. (shrink)

The letter analyzes the country-specific structural stigma in the modern media development of People’s Republic of China. It raises the issues on unconventional cybersecurity risks in mental & psychological health with a lens of justice in gender & marriage, and critical discourses in the media environment with the Chinese revisionist nationalism. It studied media coercion in relation to the breaches of humanitarian law in the constitutionalism context of PRC, and adopted a critical theory approach to religion with the background (...) of the militarization of religion by the Chinese “United Front”. With the non-identity problem in the totalitarian regime, structural stigma is analyzed with coercion theory and religion in queer gender. Ménage à trois is justified by case specificity in human development and global economy. (shrink)

A summary assessment of the dimensions and concentrations of military equipment manufacture primarily in the United States and western Europe and the extent of availability of this equipment to buyers throughout the world. Treaty-based limitations are also listed.

Introduction: Online eye-tracking has been used in this study to assess the impacts of different cultural backgrounds on information discernment. An online platform called RealEye allowed participants to engage in the eye-tracking study from their personal computer webcams, allowing for higher ecological validity and a closer replication of social media interaction. -/- Methods: The study consisted of two parts with a total of five visuals of social media posts mimicking news posts on Twitter, Instagram, and Facebook. Participants were asked to (...) view examples of real and fake news taken from a news fact-checking website, Snopes, and their eye movements were recorded during the process. Participants were recruited through Prolific and SONA; the total sample size for study 1.1 was 29 participants, and the total for study 1.2 was 25 participants, after removing poor eye-tracking data. A total of five visual images comprising true and false news were shown to the participant, study 1.1 had three examples and study 1.2 had two examples. There were two main cultural backgrounds in focus: participants born in China or the United Kingdom. -/- Results: Results suggested that participants follow a similar visual pattern of attention to Areas of Interest (AOIs) on the posts, which leads us to believe that due to the global standardisation of popular social media platforms, a bias might have occurred during information discernment. -/- Discussion: It is suggested that regardless of country background, users may have similar eye-tracking results while viewing a social media post because social media platform formats are standardised globally. Further research would recommend looking at language and linguistic traits when seeking differences between country backgrounds during online information discernment. (shrink)