Strategies of Cyber Crisis Management: Lessons from the Approaches of Estonia and the United Kingdom

Collier, Jamie

doi:10.1007/978-3-319-45300-2_11

Cited by 7 publications

(3 citation statements)

References 10 publications

(1 reference statement)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As a collective, these corporations cannot neatly be categorised as 'private' given the variety of entities including the presence of both partially and fully state-owned entities. Corporations provide cyber security alongside a range of government departments, including GCHQ and its subsidiary, the National Cyber Security Centre (NCSC); the Cabinet Office, the various government departments that are largely responsible for infrastructure related to their department and related institutions such as the Centre for the Protection of National Infrastructure (Collier, 2016). All of these government entities have their own identities, agendas and motivations-a reality that means that 'the government' is not necessarily a coherent entity at all.…”

Section: Cyber Security Assemblagesmentioning

confidence: 42%

Cyber Security Assemblages: A Framework for Understanding the Dynamic and Contested Nature of Security Provision

Collier

2018

PaG

Self Cite

View full text Add to dashboard Cite

In the context of globalisation and privatisation, an emerging body of literature has applied the concept of an 'assemblage' to international relations and security studies. This article will argue that an assemblage framework provides the best means for understanding the complex configuration of cyber security actors, given that contemporary cyber security practices do not conform to the traditional public-private and global-local distinctions used in security studies and International Relations literature. With the configuration of cyber security actors, and the relationships between them in constant flux, an assemblage framework provides a means for understanding the contested, dynamic and diachronic nature of contemporary cyber security provision. While the concept of security assemblages is favoured in this article, the process and context in which the term has traditionally been used cannot be blindly imposed on the issue of cyber security. This article will therefore propose a different model of how cyber security assemblages have developed and explain the implications this has on contemporary security dynamics.

show abstract

Section: Cyber Security Assemblagesmentioning

confidence: 42%

Cyber Security Assemblages: A Framework for Understanding the Dynamic and Contested Nature of Security Provision

Collier

2018

PaG

Self Cite

View full text Add to dashboard Cite

show abstract

“…Different approaches are also found regarding the willingness of the examined states to cooperate or even request support from other states and international organizations when dealing with significant cyber incidents. For example, the UK is cautious about the possibility of cooperating with another country against a known cyberthreat, even if it is ascertained that the source of the cyber-attack is in this country (Collier, 2017). Although the UK is actively involved in international efforts to tackle cybercrime, it appears to distrust other countries to the extent of allowing them to participate in addressing a national crisis on its soil, especially after Brexit.…”

Section: Discussionmentioning

confidence: 99%

A Survey on National Cyber Emergency Plans

Adamos¹,

Filippopoulos²,

Stergiopoulos

et al. 2023

eccws

View full text Add to dashboard Cite

Operators of Essential services (OESs) and Critical infrastructures (CIs), whether private companies or public organizations are going through a digital transformation to pace with the evolution of technology and to bring better services to customers and countries’ citizens. Operational Technology (OT) systems like Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) used to control and monitor functions in such infrastructures are converging with Information Technology (IT) environments. This convergence has exposed infrastructures to new cyber risks. For this reason, EU Member States have been trying to build resilience against cyber-attacks to ensure the stable operation of their states. Several countries have established cybersecurity incident response procedures as well as steps or phases of response before, during, and after a cyber incident. The sum of these procedures and guidelines constitutes their national cyber emergency plans (NCEPs). Still, these NCEPs differ widely in their approaches. These differences manifest as both managerial, governmental, legal, and technical, creating a complex environment worldwide. In this paper, we gather four major NCEPs worldwide to analyze and compare them with prominent standards and industry guidelines in cybersecurity, like the ISO 27001 and NIST 800 series. We investigate NCEP approaches to building cyber resilience based on their response models, their involved entities, the cooperation between agencies and other countries, and their risk-based categorization for cyber incidents. We elaborate on their differences, potential issues and divergences and argue whether these plans can be combined to bridge potential weaknesses. We selected and surveyed four (4) cyber emergency plans from four (4) countries that are frequent targets of cyber-attacks and have long experience in managing and responding to cyber incidents.

show abstract

“…During more recent years, an increasing body of literature has been focusing on the phenomenon from crisis management and governance perspectives. For example, authors have shed light on how different models of public-private partnerships shape national cyber crisis management structures (Boeke, 2018), the evolution of the European Union's governance approaches towards the transboundary threats and risks connected to cyber space tems without leaving out privacy during crisis management (Hiller & Russell, 2017) and the role historical, cultural and political variables play in the definition of national cyber crisis strategies (Collier, 2017). This article, however, aims to shed light on a so-far overlooked perspective on cyber crises.…”

mentioning

confidence: 99%

Conceptualizing cyber crises

Backman

2020

Contingencies & Crisis Mgmt

View full text Add to dashboard Cite

In a few decades, cybersecurity issues have risen from being mainly the concern of IT-security experts to become a national security priority of modern states, with a considerable impact on contemporary diplomatic, financial and political affairs.Despite this rapid increase in cybersecurity interest, the speed of technological development and innovation cannot be matched by state cybersecurity initiatives or even the private cybersecurity sector. Combined with the digitalization of modern societies, including the quick expansion of IoTs (Internet of Things) and connectivity of critical infrastructure through ICS-systems (industrial digital control systems), societies are more vulnerable than ever when it comes to cyber related risks and threats.Meanwhile, we struggle with defining what cyber space should be for us as a globalized society and how to frame it as a security issue, both practically and academically. The internet grew out of structures and norms based on a worldview of developers which emphasized transboundary freedom, consensus, connection and sharing of information. This, however, might not be the internet of tomorrow. National approaches to cybersecurity and cyber crisis prevention today range from the openness-oriented line echoing the founding principles of the internet to protectionism and state-centric lines. The fact that an increasing number of actors are involved in cyber space and that it tends to blur important dichotomies such as internal/external, public/ private and civilian/military (Carrapico & Barrinha, 2017) adds to the challenge. As Pawlak and Missiroli put it, "The growing number of actors involved in the governance of cyberspace and the wide range of institutional and legal solutions adopted by those actors make a shared understanding of what 'cyber' is about more elusive. This occurs not only at the level of conceptual clarity (i.e. what is cyber?) but also, and maybe especially, with regard to transparency and accountability of decision-making for cyberspace (i.e. who is responsible and/ or accountable for what?)" (Pawlak & Missiroli, 2019:129).

show abstract

Strategies of Cyber Crisis Management: Lessons from the Approaches of Estonia and the United Kingdom

Cited by 7 publications

References 10 publications

Cyber Security Assemblages: A Framework for Understanding the Dynamic and Contested Nature of Security Provision

Cyber Security Assemblages: A Framework for Understanding the Dynamic and Contested Nature of Security Provision

A Survey on National Cyber Emergency Plans

Conceptualizing cyber crises

Contact Info

Product

Resources

About