Rewired - Cybersecurity Governance

Read more

Examines the governance challenges of cybersecurity through twelve, real-world case studies
 
Through twelve detailed case studies, this superb collection provides an overview of the ways in which government officials and corporate leaders across the globe are responding to the challenges of cybersecurity. Drawing perspectives from industry, government, and academia, the book incisively analyzes the actual issues, and provides a guide to the continually evolving cybersecurity ecosystem. It charts the role that corporations, policymakers, and technologists are playing in defining the contours of our digital world.
 
Rewired: Cybersecurity Governance places great emphasis on the interconnection of law, policy, and technology in cyberspace. It examines some of the competing organizational efforts and institutions that are attempting to secure cyberspace and considers the broader implications of the in-place and unfolding efforts--tracing how different notions of cybersecurity are deployed and built into stable routines and practices. Ultimately, the book explores the core tensions that sit at the center of cybersecurity efforts, highlighting the ways in which debates about cybersecurity are often inevitably about much more.
* Introduces the legal and policy dimensions of cybersecurity
* Collects contributions from an international collection of scholars and practitioners
* Provides a detailed "map" of the emerging cybersecurity ecosystem, covering the role that corporations, policymakers, and technologists play
* Uses accessible case studies to provide a non-technical description of key terms and technologies
 
Rewired: Cybersecurity Governance is an excellent guide for all policymakers, corporate leaders, academics, students, and IT professionals responding to and engaging with ongoing cybersecurity challenges.

List of contents

Notes on Contributors xi
 
Acknowledgments xv
 
Introduction xvii
 
1 Cybersecurity Information-Sharing Governance Structures: An Ecosystem of Diversity, Trust, and Trade-offs 1
Elaine Sedenberg and Jim Dempsey
 
1.1 Introduction 1
 
1.2 Taxonomy of Information-sharing Governance Structures and Policies 4
 
1.2.1 Government-centric Sharing Models 4
 
1.2.2 Government-Prompted, Industry-Centric Sharing Models 8
 
1.2.3 Corporate-initiated, Peer-based Groups 10
 
1.2.4 Small, Highly Vetted, Individual-based Groups 10
 
1.2.5 Open Communities and Platforms 11
 
1.2.6 Proprietary Products and Commercialized Services 12
 
1.3 Discussion and Conclusions 13
 
1.3.1 Trust and the Trade-offs 13
 
1.3.2 The Ecosystem and the Role of the Federal Government 14
 
Acknowledgments 15
 
Notes 15
 
2 Cybersecurity Governance in the GCC 19
James Shires
 
2.1 Introduction 19
 
2.2 Why the GCC? 20
 
2.3 Key Cybersecurity Incidents 21
 
2.4 Government Organizations 22
 
2.5 Strategies, Laws, and Standards 24
 
2.6 The Cybersecurity Industry 26
 
2.7 Conclusion 28
 
Acknowledgments 29
 
Notes 29
 
3 The United Kingdom's Emerging Internet of Things (IoT) Policy Landscape 37
Leonie Maria Tanczer, Irina Brass, Miles Elsden, Madeline Carr, and Jason Blackstock
 
3.1 Introduction 37
 
3.2 The IoT's Risks and Uncertainties 39
 
3.3 Adaptive Policymaking in the Context of IoT 41
 
3.4 The UK Policy Landscape 42
 
3.5 The IoT and its Governance Challenges 46
 
3.6 Conclusion 48
 
Notes 49
 
4 Birds of a Feather: Strategies for Collective Cybersecurity in the Aviation Ecosystem 57
Emilian Papadopoulos and Evan Sills
 
4.1 Introduction: The Challenge of Ecosystem Risk 57
 
4.1.1 Aviation Is a National and Global Target 58
 
4.1.1.1 The Cyber Harm 59
 
4.1.1.2 Economic Harm 60
 
4.1.1.3 Political/Governmental Harm 60
 
4.1.1.4 Reputational Harm 60
 
4.1.1.5 Physical Harm 61
 
4.1.1.6 Psychological and Emotional Harm 61
 
4.1.2 Domestic and International Challenges of Aviation Governance 61
 
4.2 Progress So Far 63
 
4.2.1 The AIAA's Decision Paper, "The Connectivity Challenge: Protecting Critical Assets in a Networked World" (August 2013) 64
 
4.2.2 The Aviation Information Sharing and Analysis Center (A-ISAC) (September 2014) 66
 
4.2.3 The Civil Aviation Cybersecurity Action Plan (December 2014) 66
 
4.2.4 Connecting the Dots on Connectivity (2015) 67
 
4.2.5 Hackers Allege Aircraft Vulnerabilities (2015) 67
 
4.2.6 United Airlines Opens Bug Bounty Program (2015) 68
 
4.2.7 Aviation Security World Conference (2015) 68
 
4.2.8 Conferences and Organizations Mature (2015 and Beyond) 69
 
4.2.9 Industry Takes the Lead (2017) 70
 
4.3 Aviation's Tools for Cyber Risk Governance 70
 
4.4 The Path Forward 71
 
4.4.1 Collective Third-Party Risk Management 71
 
4.4.2 Secure Design 72
 
4.4.3 Information Sharing, "Plus" 73
 
4.4.4 International Norms and Standards 74
 
4.5 Conclusion 75
 
Notes 75
 
5 An Incident-Based Conceptualization of Cybersecurity Governance 81
Jacqueline Eggenschwiler
 
5.1 Introduction 81
 
5.2 Conceptualizing Cybersecurity Governance 82
 
5.3 Case Studies 84
 
5.3.1 RUAG 84
 
5.3.1.1 Background 84
 
5.3.1.2 Events 85
 
5.3.1.3 Learnings 86
 
5.3.2 The Conficker

About the author

RYAN ELLIS is an Assistant Professor of Communication Studies at Northeastern University. His research and teaching focuses on topics related to communication law and policy, infrastructure politics, and cybersecurity. VIVEK MOHAN is an attorney in private practice based in Northern California. Before entering private practice, he was associated with the Privacy, Data Security, and Information Law group at Sidley Austin LLP and the Cybersecurity Project at Harvard University.

Summary

Examines the governance challenges of cybersecurity through twelve, real-world case studies

Through twelve detailed case studies, this superb collection provides an overview of the ways in which government officials and corporate leaders across the globe are responding to the challenges of cybersecurity. Drawing perspectives from industry, government, and academia, the book incisively analyzes the actual issues, and provides a guide to the continually evolving cybersecurity ecosystem. It charts the role that corporations, policymakers, and technologists are playing in defining the contours of our digital world.

Rewired: Cybersecurity Governance places great emphasis on the interconnection of law, policy, and technology in cyberspace. It examines some of the competing organizational efforts and institutions that are attempting to secure cyberspace and considers the broader implications of the in-place and unfolding efforts--tracing how different notions of cybersecurity are deployed and built into stable routines and practices. Ultimately, the book explores the core tensions that sit at the center of cybersecurity efforts, highlighting the ways in which debates about cybersecurity are often inevitably about much more.
* Introduces the legal and policy dimensions of cybersecurity
* Collects contributions from an international collection of scholars and practitioners
* Provides a detailed "map" of the emerging cybersecurity ecosystem, covering the role that corporations, policymakers, and technologists play
* Uses accessible case studies to provide a non-technical description of key terms and technologies

Rewired: Cybersecurity Governance is an excellent guide for all policymakers, corporate leaders, academics, students, and IT professionals responding to and engaging with ongoing cybersecurity challenges.