La sécurité intérieure européenne. Les rapports entretenus entre le droit et la politique publique / European internal security. The relationship between law and public policy

Berthelet, Pierre

28 November 2016

Le droit joue un rôle majeur dans l’élaboration d’une nouvelle politique de l’Union européenne : la sécurité intérieure. Il lui confère toute sa substance, mais surtout il est, au regard du principe de légalité, la condition et la limite de l’édification de cette politique intervenant dans un domaine sensible pour les États. En retour, le droit subit des fluctuations, conséquences des rapports interinstitutionnels. L’opérationnalité, comme forme de normativité spécifique, est une caractéristique essentielle de cette politique de nature très étatique. Intimement liée au succès de la nouvelle gouvernance dans la construction européenne, elle est la manifestation de nouvelles formes de régulations atypiques qui tendent à pénétrer le droit européen. La méthode communautaire ne disparaît pas pour autant, mais elle est repensée, tout comme le droit de l’Union dit « classique ». Sa rationalité change au fil de son évolution en direction d’un « droit néo-moderne » (C.-A. De Morand). / Law plays a major role in the development of a new policy of the European Union, named the internal security policy. It gives it all its substance, but, in the light of the legality principle, it is the condition and the limit to building this policy in a sensitive area for States. In return, law undergoes fluctuations, consequences of the interinstitutional relations. The operationality, as a form of « light » normativity, is an essential characteristic of this very nature of this state policy. Intimately linked to the success of the new governance in the European construction, the operationality is the manifestation of new forms of atypical regulations that tend to penetrate the European law. The Community method does not disappear, but it is redesigned, as well as the EU « classical » law. Rationality changes throughout its evolution towards a « neo-modern right » (C.-A. De Morand).

Union européenne

Sécurité intérieure

Sécurité nationale

Terrorisme

Cybersécurité

EU

Internal security

National security

Terrorism

Cybersecurity

341.242

User's Manual for Tardigrade Risk Assessment

Shook, Alexis M

18 May 2018

This user-guide provides instructions for operating Tardigrade 1.1.3, a cybersecurity software for Nollysoft, LLC. This guide instructs users step-by-step on how to set security controls, risk assessments, and administrative maintenance. Tardigrade 1.1.3 is a Risk Assessment Enterprise that evaluates the risk level of corporations and offers solutions to any security gaps within an organization. Tardigrade 1.1.3 is a role-based software that operates through three modules, Cybersecurity Assessment, Internal Control, and Security Requirement Traceability Matrix.

manual

cybersecurity

technicalwriting

user-guide

software

professionalwriting

Computer Engineering

Rhetoric and Composition

Technical and Professional Writing

Assessment Of Two Pedagogical Tools For Cybersecurity Education

Deshpande, Pranita

20 December 2018

Cybersecurity is an important strategic areas of computer science, and a difficult discipline to teach effectively. To enhance and provide effective teaching and meaningful learning, we develop and assess two pedagogical tools: Peer instruction, and Concept Maps. Peer instruction teaching methodology has shown promising results in core computer science courses by reducing failure rates and improving student retention in computer science major. Concept maps are well-known technique for improving student-learning experience in class. This thesis document presents the results of implementing and evaluating the peer instruction in a semester-long cybersecurity course, i.e., introduction to computer security. Development and evaluation of concept maps for two cybersecurity courses: SCADA security systems, and digital forensics. We assess the quality of the concept maps using two well-defined techniques: Waterloo rubric, and topological scoring. Results clearly shows that overall concept maps are of high-quality and there is significant improvement in student learning gain during group-discussion.

Concept Map

Peer Instruction

Cybersecurity

Computer Science

Assessment

Development

Information Security

Utilizing a Game Theoretical Approach to Prevent Collusion and Incentivize Cooperation in Cybersecurity Contexts

Unknown Date

In this research, a new reputation-based model is utilized to disincentivize collusion of defenders and attackers in Software Defined Networks (SDN), and also, to disincentivize dishonest mining strategies in Blockchain. In the context of SDN, the model uses the reputation values assigned to each entity to disincentivize collusion with an attacker. Our analysis shows that not-colluding actions become Nash Equilibrium using the reputationbased model within a repeated game setting. In the context of Blockchain and mining, we illustrate that by using the same socio-rational model, miners not only are incentivized to conduct honest mining but also disincentivized to commit to any malicious activities against other mining pools. We therefore show that honest mining strategies become Nash Equilibrium in our setting. This thesis is laid out in the following manner. In chapter 2 an introduction to game theory is provided followed by a survey of previous works in game theoretic network security, in chapter 3 a new reputation-based model is introduced to be used within the context of a Software Defined Network (SDN), in chapter 4 a reputation-based solution concept is introduced to force cooperation by each mining entity in Blockchain, and finally, in chapter 5, the concluding remarks and future works are presented. / Includes bibliography. / Thesis (M.S.)--Florida Atlantic University, 2017. / FAU Electronic Theses and Dissertations Collection

Blockchain

Cybersecurity

Does Cybersecurity Law and Emergency Management Provide a Framework for National Electric Grid Protection?

Ziska, Matthew Ryan

01 January 2018

The U.S. government is responsible for protecting the country's energy and technology infrastructure. Critics argue the United States has failed to prepare, protect and respond to incidents involving the national electric grid leaving communities vulnerable to prolonged power outages. Protection of investor owned utilities' critical infrastructure is vulnerable to cyber and physical harm from the absence of criminalizing the intrusion of private sector computer networks, the lack of cybersecurity threats in emergency management, and the absence of cyber-intelligent leadership supports this argument. The purpose of this study was to introduce an electric grid protection theoretical concept, while identifying whether cybersecurity law and emergency management, amongst the investor-owned utility community, has an optimized relationship for protecting the national electric grid from harm. Easton's political system input/output model, Sommestad's cybersecurity theory, and Mitroff's crisis management theory provided the theoretical foundations for this study. The study utilized a mixed method research design that incorporated a Likert collection survey and combined quantitative chi-square and qualitative analysis. The key findings identified that cybersecurity law and the use of emergency management in the electric grid protection theory were not optimized to protect the national electric grid from harm. The recommendations of this study included the optimization of the theory elements through educational outreach and amending administrative cybersecurity law to improve the protection of the national electric grid and positively impacting social change by safeguarding the delivery of reliable electric energy to the millions of Americans who depend upon it.

Computer Fraud

Cybersecurity

Electric Grid

Emergency Management

Incident Command System

Technology

Law

Public Administration

Public Policy

Exploring the Cybersecurity Hiring Gap

Pierce, Adam O.

01 January 2016

Cybersecurity is one of the fastest growing segments of information technology. The Commonwealth of Virginia has 30,000 cyber-related jobs open because of the lack of skilled candidates. The study is necessary because some business managers lack strategies for hiring cybersecurity professionals for U.S. Department of Defense (DoD) contracts. The purpose of this case study was to explore strategies business managers in DoD contracting companies used to fill cybersecurity positions. The conceptual framework used for this study was the organizational learning theory. A purposeful sample of 8 successful business managers with cybersecurity responsibilities working for U.S. DoD contracting companies that successfully hired cybersecurity professionals in Hampton Roads, VA participated in the study. Data collection included semistructured interviews and a review of job postings from the companies represented by the participants. Coding, content, and thematic analysis were the methods used to analyze data. Within-methods triangulation was used to add accuracy to the analysis. At the conclusion of the data analysis, two main themes emerged: maintaining contractual requirements and a strong recruiting process. Contractual requirements guided how hiring managers hired cybersecurity personnel and executed the contract. A strong hiring process added efficiency to the hiring process. The findings of the study may contribute to positive social change by encouraging the recruitment and retention of cybersecurity professionals. Skilled cybersecurity professionals may safeguard businesses and society from Internet crime, thereby encouraging the safe exchange and containment of data.

Contracting

Cybersecurity

Department of Defense

Hiring Strategies

Human Resources

Information Security

Business

Databases and Information Systems

Cybersecurity Policy Development at the State Level: A Case Study of Middle Tennessee

Scherr, Daniel Leslie

01 January 2019

Cybersecurity is a growing threat not only to nations, critical infrastructure, and major entities, but also to smaller organizations and individuals. The growing number of successful attacks on all manner of U.S. targets highlights the need for effective and comprehensive policy from the local to federal level, though most research focuses on federal policy issues, not state issues. The purpose of this study was to examine the effectiveness of the decision-making process within the current cybersecurity policy environment in a southern state of the United States. Sabatier's advocacy coalition framework served as the theoretical framework for the study. Data were collected through 5 semistructured interviews with individuals who were either elected or appointed officials, emergency managers, or subject matter experts. These data were transcribed, then coded and analyzed with McCracken's analytic categorization procedure. Participants recognized that the federal government provides some resources but acknowledged that action at the state level is largely funded through the state resulting in a network of dissimilar policies and protocols in states across the country. Findings also revealed that state leadership in some locations better grasps what resources are needed and is more likely to earmark in order to plan for unanticipated cybersecurity needs of the public. Analysis of study data also highlighted areas for future study and identified needed resources or areas of opportunity for creating a more comprehensive and effective cybersecurity policy environment. Implications for positive social change include recommendations for state and federal decision makers to engage in community partnerships in order to more effectively protect the public from cybersecurity threats.

Cyber policy

Cybersecurity

Public Policy

State and Local Policy

Tennessee

Computer Sciences

Databases and Information Systems

Public Administration

Efficient Secure E-Voting and its Application In Cybersecurity Education

Nathan Robert Swearingen (12447549)

22 April 2022

<p>As the need for large elections increases and computer networking becomes more widely used, e-voting has become a major topic of interest in the field of cryptography. However, lack of cryptography knowledge among the general public is one obstacle to widespread deployment. In this paper, we present an e-voting scheme based on an existing scheme. Our scheme features an efficient location anonymization technique built on homomorphic encryption. This technique does not require any participation from the voter other than receiving and summing location shares. Moreover, our scheme is simplified and offers more protection against misbehaving parties. We also give an in-depth security analysis, present performance results, compare our scheme with existing schemes, and describe how our research can be used to enhance cybersecurity education.</p>

Other education not elsewhere classified

System and network security

e-voting

cybersecurity

education

Computer System Security

Education

Improving the Security of Building Automation Systems Through an seL4-based Communication Framework

Habeeb, Richard

22 March 2018

Existing Building Automation Systems (BASs) and Building Automation Networks (BANs) have been shown to have serious cybersecurity problems. Due to the safety-critical and interconnected nature of building subsystems, local and network access control needs to be finer grained, taking into consideration the varying criticality of applications running on heterogeneous devices. In this paper, we present a secure communication framework for BASs that 1) enforces rich access control policy for operating system services and objects, leveraging a microkernel-based architecture; 2) supports fine-grained network access control on a per-process basis; 3) unifies the security control of inter-device and intra-device communication using proxy processes; 4) tunnels legacy insecure communication protocols (e.g., BACnet) through a secure channel, such as SSL, in a manner transparent to legacy applications. We implemented the framework on seL4, a formally verified microkernel. We conducted extensive experiments and analysis to compare the performance and effectiveness of our communication systems against a traditional Linux-based implementation of the same control scenario. Our experiments show that the communication performance of our system is faster or comparable to the Linux-based architecture in embedded systems.

Cyber Physical Systems

Cybersecurity of Smart Buildings

High-Assurance Systems

Microkernel

Access Control Mechanisms

Computer Sciences

SDN-based Proactive Defense Mechanism in a Cloud System

January 2015

abstract: Cloud computing is known as a new and powerful computing paradigm. This new generation of network computing model delivers both software and hardware as on-demand resources and various services over the Internet. However, the security concerns prevent users from adopting the cloud-based solutions to fulfill the IT requirement for many business critical computing. Due to the resource-sharing and multi-tenant nature of cloud-based solutions, cloud security is especially the most concern in the Infrastructure as a Service (IaaS). It has been attracting a lot of research and development effort in the past few years. Virtualization is the main technology of cloud computing to enable multi-tenancy. Computing power, storage, and network are all virtualizable to be shared in an IaaS system. This important technology makes abstract infrastructure and resources available to users as isolated virtual machines (VMs) and virtual networks (VNs). However, it also increases vulnerabilities and possible attack surfaces in the system, since all users in a cloud share these resources with others or even the attackers. The promising protection mechanism is required to ensure strong isolation, mediated sharing, and secure communications between VMs. Technologies for detecting anomalous traffic and protecting normal traffic in VNs are also needed. Therefore, how to secure and protect the private traffic in VNs and how to prevent the malicious traffic from shared resources are major security research challenges in a cloud system. This dissertation proposes four novel frameworks to address challenges mentioned above. The first work is a new multi-phase distributed vulnerability, measurement, and countermeasure selection mechanism based on the attack graph analytical model. The second work is a hybrid intrusion detection and prevention system to protect VN and VM using virtual machines introspection (VMI) and software defined networking (SDN) technologies. The third work further improves the previous works by introducing a VM profiler and VM Security Index (VSI) to keep track the security status of each VM and suggest the optimal countermeasure to mitigate potential threats. The final work is a SDN-based proactive defense mechanism for a cloud system using a reconfiguration model and moving target defense approaches to actively and dynamically change the virtual network configuration of a cloud system. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2015

Computer science

Attack Graph

Cloud Computing

Cloud Security

Cybersecurity

Network security

Software Defined Networking