This book argues that cybersecurity’s informational ontology offers empirical challenges, and introduces a new interdisciplinary theoretical and conceptual framework of ‘entropic security’. Cyber-attacks have been growing exponentially in number and sophistication; ranging from those conducted by non-state actors to state-backed cyber-attacks. Accordingly, cybersecurity now constitutes an integral part of public, private, and academic discourses on contemporary (in)security. Yet, because its emergence as a novel security field occurred after many long-established frameworks had already been developed, cybersecurity has been repeatedly scrutinised for its compatibility with conventional security theories, concepts, and understandings, particularly with that of military security. This book, however, argues that cybersecurity differs profoundly from many other security sectors because of the ontological nature of ‘information’ that sits at the heart of this field. Through this new framework, the book investigates three key empirical challenges in cybersecurity that are co-produced by its informational ontology: (1) the disordered nature of cybersecurity and its tendency towards increasing insecurity as a manifestation of the intrinsic uncertainties in information systems; (2) the unpredictable and unintended consequences resulting from autonomous cyber-attacks that challenge human control of cybersecurity environments; and (3) the persistent harms engendered by ‘mundane’ cyber threats that do not fit within conventional understandings of existentiality in security theories. Through a detailed analysis of cybersecurity discourses and practices in the USA (2003-present), the book goes on to show how these complex cybersecurity challenges are better analysed and theorised through the new information-theoretic notion of ‘entropic security’. This book will be of much interest to students of cyber-security, critical security studies, science and technology studies and International Relations in general.

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. Modern military forces use weapons that are increasingly coordinated through computer-based networks. Cybersecurity is vital to protecting all of these functions. Cyberspace is vulnerable to a broad spectrum of hackers, criminals, terrorists, and state actors. Working in cyberspace, these malevolent actors can steal money, intellectual property, or classified information; impersonate law-abiding parties for their own purposes; damage important data; or deny the availability of normally accessible services. Cybersecurity issues arise because of three factors taken together - the presence of malevolent actors in cyberspace, societal reliance on IT for many important functions, and the presence of vulnerabilities in IT systems. What steps can policy makers take to protect our government, businesses, and the public from those would take advantage of system vulnerabilities? At the Nexus of Cybersecurity and Public Policy offers a wealth of information on practical measures, technical and nontechnical challenges, and potential policy responses. According to this report, cybersecurity is a never-ending battle; threats will evolve as adversaries adopt new tools and techniques to compromise security. Cybersecurity is therefore an ongoing process that needs to evolve as new threats are identified. At the Nexus of Cybersecurity and Public Policy is a call for action to make cybersecurity a public safety priority. For a number of years, the cybersecurity issue has received increasing public attention; however, most policy focus has been on the short-term costs of improving systems. In its explanation of the fundamentals of cybersecurity and the discussion of potential policy responses, this book will be a resource for policy makers, cybersecurity and IT professionals, and anyone who wants to understand threats to cyberspace.

Electric power is a critical infrastructure that is vital to the U.S. economy and national security. Today, the nation's electric power infrastructure is threatened by malicious attacks, accidents, and failures, as well as disruptive natural events. As the electric grid evolves and becomes increasingly interdependent with other critical infrastructures, the nation is challenged to defend against these threats and to advance grid capabilities with reliable defenses. On November 1, 2019, the National Academies of Sciences, Engineering, and Medicine convened a workshop to gather diverse perspectives on current and future threats to the electric power system, activities that the subsector is pursuing to defend itself, and how this work may evolve over the coming decades. This publications summarizes the presentations and discussions from the workshop.

Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE) introduces a new methodology to help critical infrastructure owners, operators and their security practitioners make demonstrable improvements in securing their most important functions and processes. Current best practice approaches to cyber defense struggle to stop targeted attackers from creating potentially catastrophic results. From a national security perspective, it is not just the damage to the military, the economy, or essential critical infrastructure companies that is a concern. It is the cumulative, downstream effects from potential regional blackouts, military mission kills, transportation stoppages, water delivery or treatment issues, and so on. CCE is a validation that engineering first principles can be applied to the most important cybersecurity challenges and in so doing, protect organizations in ways current approaches do not. The most pressing threat is cyber-enabled sabotage, and CCE begins with the assumption that well-resourced, adaptive adversaries are already in and have been for some time, undetected and perhaps undetectable. Chapter 1 recaps the current and near-future states of digital technologies in critical infrastructure and the implications of our near-total dependence on them. Chapters 2 and 3 describe the origins of the methodology and set the stage for the more in-depth examination that follows. Chapter 4 describes how to prepare for an engagement, and chapters 5-8 address each of the four phases. The CCE phase chapters take the reader on a more granular walkthrough of the methodology with examples from the field, phase objectives, and the steps to take in each phase. Concluding chapter 9 covers training options and looks towards a future where these concepts are scaled more broadly.

This book is devoted primarily to papers prepared by American and Russian specialists on cyber terrorism and urban terrorism. It also includes papers on biological and radiological terrorism from the American and Russian perspectives. Of particular interest are the discussions of the hostage situation at Dubrovko in Moscow, the damge inflicted in New York during the attacks on 9/11, and Russian priorities in addressing cyber terrorism.