Avoiding the internet of insecure industrial things

Security incidents such as targeted distributed denial of service (DDoS) attacks on power grids and hacking of factory industrial control systems (ICS) are on the increase. This paper unpacks where emerging security risks lie for the industrial internet of things, drawing on both technical and regulatory perspectives. Legal changes are being ushered by the European Union (EU) Network and Information Security (NIS) Directive 2016 and the General Data Protection Regulation 2016 (GDPR) (both to be enforced from May 2018). We use the case study of the emergent smart energy supply chain to frame, scope out and consolidate the breadth of security concerns at play, and the regulatory responses. We argue the industrial IoT brings four security concerns to the fore, namely: appreciating the shift from offline to online infrastructure; managing temporal dimensions of security; addressing the implementation gap for best practice; and engaging with infrastructural complexity. Our goal is to surface risks and foster dialogue to avoid the emergence of an Internet of Insecure Industrial Things

A multi-level approach to understanding the impact of cyber crime on the financial sector

This paper puts forward a multi-level model, based on system dynamics methodology, to understand the impact of cyber crime on the financial sector. Consistent with recent findings, our results show that strong dynamic relationships, amongst tangible and intangible factors, affect cyber crime cost and occur at different levels of society and value network. Specifically, shifts in financial companies’ strategic priorities, having the protection of customer trust and loyalty as a key objective, together with considerations related to market positioning vis-à-vis competitors are important factors in determining the cost of cyber crime. Most of these costs are not driven by the number of cyber crime incidents experienced by financial companies but rather by the way financial companies choose to go about in protecting their business interests and market positioning in the presence of cyber crime. Financial companies’ strategic behaviour as response to cyber crime, especially in regard to over-spending on defence measures and chronic under-reporting, has also an important consequence at overall sector and society levels, potentially driving the cost of cyber crime even further upwards. Unwanted consequences, such as weak policing, weak international frameworks for tackling cyber attacks and increases in the jurisdictional arbitrage opportunities for cyber criminals can all increase the cost of cyber crime, while inhibiting integrated and effective measures to address the problem

Urban security in Europe: Translating a concept in public criminology

A key challenge for public criminology is the translation between concepts employed in policy discourse and those used by social scientists. Given that concepts constitute social problems and they can have multiple meanings for policy-makers and social scientists, then deliberation about what they signify matters in understanding how these actors can talk to, rather than past, one another in framing policy discourse about crime and revealing alternative policy agendas. This challenge is accentuated in the comparative context of European criminology, which is characterized by competing tendencies to generalize about problems of ‘Freedom, Security and Justice’ and to recognize the variegated problems and cultures of control across Europe. In this context, the presumption of universality can mistranslate concepts of crime and control by obscuring contextual insight, while the presumption of particularity can inhibit cross-cultural dialogue and deliberation. The paper explores this challenge in relation to the concept of ‘urban security’, which is prevalent in the policy discourse on social crime prevention, particularly in Central and Southern Europe. To establish the provenance, prevalence and significance of this concept, the paper discusses findings from a policy Delphi that structured deliberation about the meaning of urban security among criminologists sampled from the European Society of Criminology and policy-makers sampled from the European Crime Prevention Network. It concludes with reflections on the value of deliberative methods, such as the policy Delphi, for the cross-cultural validation of criminological constructs in comparative research