Cybersecurity: Articles

Les infrastructures critiques en Europe connaissent actuellement une «révolution numérique ». La nature de cette révolution est complexe mais elle consiste essentiellement en un remplacement progressif des processus mécaniques et analogiques par des technologies numériques et des logiciels informatiques. Si elle offre de nombreux avantages, la «révolution numérique » est cependant à double tranchant dans la mesure où elle a aussi généré de nouvelles menaces et des risques sérieux en termes de cybersécurité et de confidentialité des données.

Drawing on literature from International Relations, international political economy and development studies, an analysis is offered of the formation of an international development agenda for cybersecurity, looking specifically at the consequences of the articulation of the concept of cyber capacities (what is necessary, acceptable, desirable and innovative in responding to cyber threats) as a key driver for setting particular visions for what 'being capable' and 'developed' is.

L’enjeu principal de la cybercriminalité peut aujourd’hui se décrire au travers des données qui sont protégées par leurs propriétaires et utilisateurs légitimes, mais qui sont aussi la cible et l’objet de détournements par les délinquants. Ces données sont aussi un outil pour ceux qui sont chargés de les préserver. Demain, la collecte de données permettra tout autant aux défenseurs de connaître les stratégies des attaquants potentiels (threat intelligence), qu’aux criminels de développer de nouvelles techniques d’attaque.

Richesse convoitée du XX1ème siècle, l’information numérique est aussi la proie d’une cybercriminalité croissante et de plus en plus sophistiquée, d’origine étatique autant que de droit commun, et nécessitant une véritable coordination des moyens de lutte technique et judiciaire.

The EU’s revised Cybersecurity Strategy (2020) has been constructed in the context of increasing geopolitical tension and within a dynamically evolving technological environment. The onset of new technologies has brought with it new opportunities but also perceived risks and threats in cyberspace, to which the EU has sought to elicit a more comprehensive approach underpinned by a move to become more “technologically sovereign”.

In December 2020, the European Union (EU) presented its new strategy on cybersecurity with the aim of strengthening Europe’s technological and digital sovereignty. The document lists reform projects that will link cybersecurity more closely with the EU’s new rules on data, algorithms, markets, and Internet services. However, it clearly falls short of the development of a European cyber diplomacy that is committed to both “strategic openness” and the protection of the digital single market. In order to achieve this, EU cyber diplomacy should be made more coherent in its supranational, demo­cratic, and economic/technological dimensions.

This report contains policy recommendations on cross-sectorial actions to implement the EU cybersecurity strategy. It finds that multistakeholder input would benefit all sectors, while serving as a tool to support innovative, collaborative, and institutional policy solutions

In the global cyber policy context, sanctions are important as they represent a central component of deterrence. In the EU, the success of such cyber sanctions depends on the Council of the EU’s solid situational awareness and the access to comprehensive cyber intelligence information.

The paper studies the measures useful for reducing the risks of conflicts in the cyber domain. The author assesses the diplomatic initiative put in place to guarantee international stability and security in cyberspace, the main strengths and weaknesses of these multilateral initiatives, and the Italian role in this context.

Pour éviter que ne se développe une Europe de la sécurité à deux vitesses, avec des États plus ou moins vulnérables, la mise en place de mécanismes de protection à l’échelle de l’UE était en fait inéluctable. D’autant que les « frontières » du cyberespace sont poreuses : une attaque affectant les systèmes d’information d’un opérateur au sein d’un État peut, par effet rebond, avoir un impact sur les services qu’il fournit dans d’autres pays. Quand on parle de protection informatique, les intérêts des uns sont souvent aussi ceux des autres.

This article deals with the complex theme of cybersecurity which represents the backbone for making “Europe fit for the digital age”, as digitalisation and cyber are understood as “two sides of the same coin”. It examines President von der Leyen’s intention to increase cooperation, suggesting the development of a “joint cyber unit” at the EU level to favour a more centralised cybersecurity approach and to boast some pretty solid pillars: resilience, deterrence and response.

Cybersecurity has become a key issue for Europe in the global digital transformation. The EU cybersecurity act lays down a legal framework whose aim is to achieve global reach. Embedded in a policy that combines digital sovereignty with strategic inter-dependence, the act could represent the gateway to a third European pathway in cyber¬space, something in between the US model of a liberal market economy and the Chinese model of authoritarian state capitalism.

The last three decades have seen the development of the European Union (EU) as a security actor. The transnational character of the security threats and the challenges identified by the EU have led to progressive integration between internal and external security concerns. These concerns have often led to calls for greater coherence within EU security policies. The literature, however, indicates that this need for coherence has, so far, not been systematically operationalized, leading to a fragmented security field. This article has two main aims: To devise a framework for the analysis of the EU's coherence as a security actor, and to apply it to the cybersecurity field. By focusing on EU cybersecurity policy, this article will explore whether the EU can be considered a coherent actor in this field or whether this policy is being implemented according to different and uncoordinated rationales.

Face à la multiplication des attaques visant les systèmes d’information, l’Union européenne a décidé de renforcer leur sécurité, en particulier les structures de certaines entreprises afin de prévenir tout risque d’intrusion malveillante et de piratage. La mise en place d’une gouvernance et de processus de pilotage de la sécurité de l’information s’avère désormais indispensable. La stratégie de cybersécurité de l’UE définit son approche pour prévenir au mieux les perturbations et les attaques informatiques et y apporter une réponse. Elle passe en revue une série d’actions visant à augmenter la cyber résilience des systèmes informatiques, à réduire la cybercriminalité et à renforcer la politique de l’UE en matière de cybersécurité et de cyberdéfense à l’échelle internationale.

In the last few years many scholars, public and private organizations have been involved in the definition of guidelines and frameworks for individuating the principles to adopt in the development and deployment of AI systems. Some authors, however, noted that the effectiveness of these guidelines or ethical codes on the developer’s community is very marginal. A possible solution to such an issue could be the adoption of a risk-based approach which is also advocated by many sources. In this paper authors introduce a framework based on a qualitative risk analysis approach for assessing the ethical impact underneath the introduction of an innovation either technological or organizational in a system.

Depuis 2020 et la publication concomitante d’une Stratégie européenne pour les données Commission européenne, Communication « Une stratégie européenne… et d’un Livre blanc sur l’intelligence artificielle  Commission européenne, Livre blanc « Intelligence artificielle.…, l’IA et les données sont au cœur des propositions législatives de la Commission européenne. Pour les données, la Commission européenne entend créer un…. L’une d’elles est le projet de règlement « établissant des règles harmonisées concernant l’intelligence artificielle » publié le 21 avril 2021 sous le nom de Artificial Intelligence Act Commission européenne, proposition de règlement établissant des…. Ce texte est en cours de négociation au niveau européen et, sous réserve de son adoption, il s’appliquera directement aux États membres comme le Règlement général sur la protection des données (RGPD).

This paper aims to investigate the emerging
threat of AI-powered cyberattacks and provide insights into malicious used of AI in cyberattacks. The study was performed
through a three-step process by selecting only articles based on
quality, exclusion, and inclusion criteria that focus on AI-driven
cyberattacks.

CEPS launched a Task Force on Artificial Intelligence and Cybersecurity in the autumn of 2019, to consider the technical, ethical, market and governance challenges posed by the intersection of AI and cybersecurity. The resulting report contributes to EU efforts to establish a sound policy framework for AI

Machine learning (ML) algorithms can improve the fight against anti-money laundering and countering financing of terrorism (AML/CFT) by better detecting suspicious activities. However, the introduction of ML in AML/CFT monitoring systems will require a careful review of their compatibility with European fundamental rights and the General Data Protection Regulation (GDPR). This article examines how algorithmic-based monitoring systems would be analysed under European fundamental rights law, and in particular the Court of Justice of the European Union’s (CJEU’s) case law on the processing of personal data for the purpose of fighting crime.

A review was conducted to identify possible applications of artificial intelligence and related technologies in the perpetration of crime. The collected examples were used to devise an approximate taxonomy of criminal applications for the purpose of assessing their relative threat levels.

One of the most important foundations for the success and acceptance of artificial intelligence technologies is trust. This paper makes the case for a forceful European regulatory and political answer to establish trust in emerging technologies. It examines three areas where AI will have disruptive effects: IT-security and product safety, re-skilling of workers affected by automation and the governance of automated decision-making systems.

In the coming decade, as many as 50% of work tasks will be subject to automation by the use of Artificial Intelligence (AI). This paper looks at what steps can help ensure a responsible use of AI, concluding with a practical roadmap for policymakers, executives and researchers, merging recommendations from across a wide range of disciplines and discussions.

Richesse convoitée du XX1ème siècle, l’information numérique est aussi la proie d’une cybercriminalité croissante et de plus en plus sophistiquée, d’origine étatique autant que de droit commun, et nécessitant une véritable coordination des moyens de lutte technique et judiciaire.

The report analyses both NATO and its MS initiatives taken to better tackle the cyber challenge. It compares approaches to cyber defence that is performed differently in major NATO’s countries, generating a division among countries that pursue a more active defence – US, UK and France – and those that prefer a more defensive approach – Germany and Spain.

The authors outline that in the wake of Russia’s invasion of Ukraine, the cyber threat landscape is quickly evolving. Now, Europe, the United States, and like-minded democracies must prepare for persistent “gray zone” conflict in their own cyberspaces.

In this study, authors conduct an extensive analysis of cybersecurity-related papers in the accounting, information systems, computer science, and general business disciplines. The review integrates and classifies 68 cybersecurity papers, examines cybersecurity determinants, consequences, and remedial strategies, and identifies future research opportunities based on the current state of the literature.

Aujourd’hui, tout est numérique, et ce qui ne l’est pas le sera bientôt. Conçu par l’homme, le cyberespace est à la fois porteur de croissance et d’innovation tout en demeurant profondément vulnérable face à des risques inédits, et en proie à l’exploitation malveillante de ses failles et vulnérabilités. Le développement d’un monde numérique serein et de confiance passe donc nécessairement par la sécurisation de cet espace, au juste niveau.

La manipulation, apparue en même temps que l'être humain comme son corollaire naturel, est devenue un outil prisé des acteurs de la cybercriminalité. Les techniques d'ingénierie sociale mises au service de la captation des données informatiques frappent désormais l'ensemble des entreprises autant que les particuliers. Dans cet article, Franck DeCloquement, enseignant à l'IRIS et spécialiste en intelligence stratégique pour le groupe KER-MEUR, livre des éléments de compréhension et d'intelligence à ce sujet en mettant l'accent sur la centralité de la dimension humaine beaucoup plus que sur les failles techniques permettant aux cybercriminels de commettre leurs forfaits. L'Homme doit être placé au centre de toute politique de protection des données, rappelle l'auteur, suivant un des principes fondateurs du philosophe chinois Sun Tzu dans son célèbre Art de la guerre. « Connais ton ennemi et connais-toi toi-même ; eussiez-vous cent guerres à soutenir, cent fois vous serez victorieux.

The first Global Cybersecurity Outlook flagship report identifies the trends and analyses the near-term future cybersecurity challenges. The accelerated shift to remote working during the COVID-19 pandemic coupled with recent high-profile cyberattacks have resulted in bringing cybersecurity top of mind among key decision-makers in organizations and nations.

This article argues that the EU should reap the benefits of cybersecurity by pursuing a more ambitious cybersecurity agenda and putting EU values at the core of its approach. It also calls for cybersecurity to be included in all EU pillars, including the EU industrial research and innovation policy, as well as in EU investment plans and diplomatic strategy.

Monitoring the cybersecurity landscape and the increase of COVID-19 related cybercrimes reporting by cyber experts and law enforcement agencies worldwide, the ECHO network of cybersecurity centres (ECHO) has joined forces to establish its COVID-19 Cyber Defence Alliance. Its aim is to support all initiatives that aim at protecting the EU Member States, key services and critical infrastructure from cyberattacks.

Cyber incidents are consistently ranked at the top of business concerns, and it’s easy to see why: According to one estimate, the global cost of cybercrime will rise to $6 trillion a year by the end of 2021. And this was before the COVID-19 pandemic disrupted businesses worldwide and offered new opportunities for hackers and bad actors. Working from home may change a lot of employee behaviour, but relaxed security standards shouldn’t be one of them. Here is the experts’ top advice for cybersecurity leaders, during the pandemic and beyond.

Cyber criminals love a crisis. And with more people working remotely by the day, we all need to take the utmost care to protect ourselves as well as confidential company information. Here are four things for employers and four things for employees to keep in mind to minimize the risk.

Cyberattacks are a growing threat facing businesses, major cities, and political campaigns. Cyber risk ranked as the top business concern for 2020, according to a recent survey of more than 2,700 global business leaders and security experts. Cybersecurity solutions aren’t always complicated. From planning ahead to simple fixes, here’s what you should be doing right now.

The methods for measuring cyber risk have evolved in recent years, but they still skew technical and narrow — truly effective cyber ratings must be holistic assessments that consider technical analysis, governance, culture, and the financial impact of adverse cyber events. To bridge the gap, company leaders need to learn how to interpret what the assessments and their underlying components really mean for them. Becoming literate in cyber risk doesn’t mean that every executive needs to be a technical expert, however. What it does mean is that they need to be able to establish their company’s tolerance for cyber risk, define the outcomes that are most important to their business to guide cybersecurity investment, and be able to foster a culture of cybersecurity and resilience.

This paper aims to introduce the state of art on hybrid warfare and seeks to address the conceptual confusion regarding an ever-expanding concept of hybrid warfare. It attempts to assess the growing significance of cyber and information domains within the hybrid warfare, which can be clearly illustrated by the example of the Russian hybrid warfare strategy.

Unless action is taken now, by 2025 next generation technology, on which the world will increasingly rely, has the potential to overwhelm the defences of the global security community. This report claims that enhanced cybersecurity is the only means by which this challenge can be addressed, but the approach to cybersecurity needs to be overhauled before the industry finds itself in any fit state to tackle the threat.

Cyberattacks have increased in both frequency and sophistication since the pandemic began as threat actors seek to take advantage of the unusual circumstances under which nearly all of us are working. Once a cyberattack occurs, companies largely are on their own to deal with the aftermath, so companies should take seven steps to ensure they’re ready.

When cybersecurity efforts address only technology, the result is company leaders who are poorly informed and organizations that are poorly protected. Discussions of cyberthreats end up being filled with specialized tech jargon, and senior executives can’t participate meaningfully in them. The responsibility for addressing risks then gets relegated entirely to cybersecurity and IT staff, whose attention falls mainly on corporate computer systems. The outcome tends to be a long, ill-prioritized list of mitigation tasks. Since no company has the resources to fix every cybersecurity problem, important threats can go unaddressed. A more fruitful approach is to adopt the view that cybersecurity should focus more on threats’ potential impact on a business’s activities. That adjustment might seem minor, but when leaders start with crucial activities, they can better prioritize the development of cyberdefenses.

Since it is not feasible to thoroughly examine the software, firmware, and hardware of every single product, what should countries and companies do to prevent cyber intrusions? Countries and companies need to consider their options. At present, there is no framework for understanding and categorizing the cybersecurity concerns involved in trade. Without a clear understanding, governments may implement policies that result in cyber conflicts, while businesses will struggle to keep up with how cybersecurity concerns and restrictions are evolving. We have developed a framework to systematically organize these cases, basing it on our in-depth interviews with domain experts.

Avec le développement du télétravail, de nouveaux risques menacent les entreprises. Il revient aux salariés de redoubler de vigilance.