Volume 19, Issue 3 Editorial

Stilized image of Word

From the Editors

Special Issue: Legal, Social, and Technical Considerations for Cyber Security 
in the Digital Revolution

The current digital revolution is often synonymous with the Fourth Industrial Revolution, where there is increasing focus on the use of artificial intelligence and machine learning, big data and data science, and cyber-physical systems with particular focus on the Internet of Things (IoT). The introduction of new technologies has the potential to increase the attack surface as well as the legal liabilities of security flaws and failures with or by the technology. In addition, there exist gaps in terms of cybersecurity governance and policy that need to be addressed.

The Cambridge Analytica scandal illustrated how big data can be misused to aid in potentially influencing the outcomes of voting, with severe social and legal repercussions for the organisation when their role was discovered (Meredith 2018). In addition, big data is often not as helpful as expected; Lui (2016) indicates that 32% of organisations found big data made decision-making more problematic.

The security concerns with IoT were demonstrated when a casino was hacked through the Inter-net-connected sensors for the lobby fish tank (Schiffer 2017). At a larger scale, distributed denial of service attacks from the Mirai botnet (consisting of compromised IoT devices) targeted Dyn and disrupted access to social media across the U.S. and Western Europe (Woolf 2016), and then essentially severed Liberia from the Internet (Kirk 2019). The varying scale of the attacks means that there is a greater need to consider both national laws and regulations, as wells as international laws. An example of the growing efforts for common international frameworks includes the Paris Call (Macron 2018) and the norms proposed by the Global Commission for the Stability of Cyberspace (2019).

This special issue invited authors who presented papers at three mini-tracks (chaired by the editors for this special issue) at the 2019 International Conference on Cyber Warfare and Security to expand upon their work by including additional content and contributions not presented at the conference. The papers submitted to this issue have undergone a double-blind peer review process in addition to the review process for the conference. Of ten papers invited, eight have been selected for inclusion in this special issue.

A series of articles on the security of cyber-physical systems begin the issue. The first is by Simon Duque Antón, Michael Gundall, Daniel Fraunholz, and Hans Dieter Schotten. They investigate the use of both quantitative and qualitative methods to detect various attack scenarios in industrial environments, using the example of a pump filling water tanks.

In the second article, Kenneth James and Kenneth Hopkinson focus on a method to test the fault tolerance of backup protection systems in smart grids. They demonstrate that their proposed SPIN model checker is able to identify failure situations through automated analysis of the state space.

The third article is authored by Christoph Lipps, Pascal Ahr, and Hans Dieter Schotten. They investigate Physical Layer Security to provide trust and security for Industrial Internet of Things (IIoT) over wireless networks. They demonstrate this by using Raspberry PIs to test secret key generation algorithms and static random-access-memory physical unclonable functions.

Barend Pretorius and Brett van Niekerk consider the security requirements for the IIOT in the transportation sector in the fourth article. They provide particular focus on the maritime and freight rail domains and give recommendations for these domains based on analysis of multiple frame-works and advisories for IoT and IIoT.

In the fifth article, the transportation sector is again relevant in Virginia Greiman’s discussion of the legal challenges of cybersecurity in the maritime domain. She concludes by advocating for a reworking of legal liabilities in the sector to take into account the growing threat of cyberattacks.

The previous two articles illustrate how technical vulnerabilities in equipment can disrupt the long-established legal frameworks for an entire sector internationally. This is further complicated by differing international approaches within a broader international context. The next two articles discuss local legislation and strategies within regional and international contexts.

In the sixth article, Joey Jansen van Vuuren, Louise Leenen, and Piet Pieterse continue the legal and governance discussion by analysing South Africa’s strategies against cyber-crime within the broader African context through the use of a proposed framework for cyber-crime strategy imple-mentation.

Trishana Ramluckan completes the legal discussion in the seventh article by considering the lo-cal legislations of South Africa in the context of proposed international frameworks for applying international humanitarian law to cyber-space. She concludes that the South African legal stance related to cyber-operations can benefit by aligning to proposed international frameworks such as the Tallinn Manuals.

In the final article, Anna-Marie Jansen van Vuuren and Louise Leenen focus on how apparent bi-ases occur in providing image search results. They conclude that it is the data that creates apparent biases. This finding is important for basing decisions made on big data analysis, because if large quantities of data exhibit such biases, they will potentially reinforce poor decisions.

Lastly, we would like to thank the authors and staff at the Journal of Information Warfare who helped make this special edition possible. We hope you find the varied perspectives informative.

Dr. Brett van Niekerk, University of KwaZulu-Natal, South Africa
Professor Joey Jansen van Vuuren, Tshwane University of Technology, South Africa
Dr. Trishana Ramluckan, University of KwaZulu-Natal, South Africa

References
Global Commission for the Stability of Cyberspace 2019. Advancing cyberstability: Final report, November, viewed 21 April 2020, <https://cyberstability.org/report/>.

Kirk, J 2019, ‘UK sentences man for Mirai DDoS attacks against Liberia’, BankInfoSecurity, 14 January, viewed 21 April 2020, <https://www.bankinfosecurity.com/uk-sentenced-man-for-mirai-ddos-attacks....

Lui, S 2016, ‘When big data leads to bad decisions’, LifeHacker Australia, 10 June, viewed 21 April 2020, <https://www.lifehacker.com.au/2016/06/when-big-data-leads-to-bad-decisio....

Meredith, S 2018, ‘Here’s everything you need to know about the Cambridge Analytica scandal’, CNBC, 21 March, viewed 25 January 2019, <https://www.cnbc.com/2018/03/21/facebook-cam-bridge-analytica-scandal-ev....

E Macron 2018, The Paris call for trust and security in cyberspace, 12 November, viewed 21 April 2020, <https://pariscall.international/en/>.

Schiffer, A 2017, ‘How a fish tank helped hack a casino’, The Washington Post, 21 July, viewed 21 April 2020, <https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish....

Woolf, N 2016, ‘DDoS attack that disrupted Internet was largest of its kind in history, experts say’, The Guardian, 26 October, viewed 14 October 2019, <https://www.theguardian.com/technol-ogy/2016/oct/26/ddos-attack-dyn-mira....


AUTHORS

Photo of Dr. Brett van Niekerk

University of KwaZulu-Natal Durban,
South Africa

Dr. Brett van Niekerk is currently a senior lecturer in computer science at the University of KwaZulu-Natal, and previously was a senior information security analyst at Transnet. He has 10 years’ experience in information security, cybersecurity and information operations spanning academia, industry, and civil society. He serves as secretary for the International Federation of Information Processing, Working Group 9.10 on ICT in Peace and War, is Co-Editor-in-Chief of the International Journal of Cyber Warfare and Terrorism, Associate Editor for the International Journal of Information Security and Privacy, on the international advisory board for the Journal of Information Warfare, and serves as a reviewer for multiple other international and local journal and conferences such as the International Conference on Cyber Warfare and Security and the European Conference on Cyber Warfare and Security. He previously served as ISACA South Africa’s Academic Relations Coordinator (2016-2018) and a contributor to the SABS Working Group for ISO/IEC 27000-series standards. In 2012, he graduated with his PhD and has subsequently completed two years of postdoctoral research into information warfare and critical infrastructure protection. He is an NRF-rated researcher, has made over 30 presentations at local and international conferences, and has published ten book chapters and over 20 journal articles. He is a Certified Information Security Manager, achieving the third highest score in South Africa in the December 2014 exam period. In 2018, he was awarded ISACA South Africa’s Contribution Award for his work in information security and cybersecurity.

Photo of Professor Joey Jansen van Vuuren (PhD)

Tshwane University of Technology Pretoria,
South Africa

Prof. Joey Jansen van Vuuren (PhD) heads the Computer Science Department at Tshwane University of Technology and is Vice Chair of IFIP (International Federation for Information Processing) Working Group 9.10. Her research focus is on cybersecurity, education, government, and policy. She was the coordinator of the South African Cybersecurity Centre of Innovation for the Council for Scientific and Industrial Research (CSIR) that initiated several cybersecurity government initiatives in South Africa. The centre focused on the promotion of research collaboration, cybersecurity education, and the exchange of cyber threats. Previously as the Research Group Leader for Cyber Defence at CSIR, she set the strategic research direction for the research conducted for the South African National Defence Force and Government sectors on Cyber Defence.

Photo of Dr. Trishana Ramluckan

School of Law University of KwaZulu-Natal Durban,
South Africa

Trishana Ramluckan is an academic and researcher in the Information Technology and Governance field and has worked in the Higher Education sector for the past 12 years. In 2017, she graduated with a Doctor of Administration degree in Information Systems &Technology and Public Administration, School of Management, IST and Governance from the University of KwaZulu-Natal. She is currently a Post-Doctoral Researcher in International Cyber Law at the University of KwaZulu-Natal’s School of Law. Further to this, she serves on the International Federation for Information Processing (IFIP) Working Group 9.10 on ICT uses in Peace and War and the Global Commission on the Stability of Cyberspace (GCSC) Research Advisory Group (RAG). She has contributed to the SABS Working Group for ISO/IEC Standards for Information Security and is an ISACA South Africa Chapter Academic Advocate at UKZN. She is a reviewer for the International Journal of Cyber Warfare and Terrorism, the Journal of Contemporary Management, the Annual International Conference on Cyber Warfare and Security and the annual European Conference on Cyber Warfare and Security. Her research areas include IT Governance and International Relations.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.871.3949
  • jiw@gbpts.com