From the Editors

Special Issue: Legal, Social, and Technical Considerations for Cyber Security 
in the Digital Revolution

The current digital revolution is often synonymous with the Fourth Industrial Revolution, where there is increasing focus on the use of artificial intelligence and machine learning, big data and data science, and cyber-physical systems with particular focus on the Internet of Things (IoT). The introduction of new technologies has the potential to increase the attack surface as well as the legal liabilities of security flaws and failures with or by the technology. In addition, there exist gaps in terms of cybersecurity governance and policy that need to be addressed.

The Cambridge Analytica scandal illustrated how big data can be misused to aid in potentially influencing the outcomes of voting, with severe social and legal repercussions for the organisation when their role was discovered (Meredith 2018). In addition, big data is often not as helpful as expected; Lui (2016) indicates that 32% of organisations found big data made decision-making more problematic.

The security concerns with IoT were demonstrated when a casino was hacked through the Inter-net-connected sensors for the lobby fish tank (Schiffer 2017). At a larger scale, distributed denial of service attacks from the Mirai botnet (consisting of compromised IoT devices) targeted Dyn and disrupted access to social media across the U.S. and Western Europe (Woolf 2016), and then essentially severed Liberia from the Internet (Kirk 2019). The varying scale of the attacks means that there is a greater need to consider both national laws and regulations, as wells as international laws. An example of the growing efforts for common international frameworks includes the Paris Call (Macron 2018) and the norms proposed by the Global Commission for the Stability of Cyberspace (2019).

This special issue invited authors who presented papers at three mini-tracks (chaired by the editors for this special issue) at the 2019 International Conference on Cyber Warfare and Security to expand upon their work by including additional content and contributions not presented at the conference. The papers submitted to this issue have undergone a double-blind peer review process in addition to the review process for the conference. Of ten papers invited, eight have been selected for inclusion in this special issue.

A series of articles on the security of cyber-physical systems begin the issue. The first is by Simon Duque Antón, Michael Gundall, Daniel Fraunholz, and Hans Dieter Schotten. They investigate the use of both quantitative and qualitative methods to detect various attack scenarios in industrial environments, using the example of a pump filling water tanks.

In the second article, Kenneth James and Kenneth Hopkinson focus on a method to test the fault tolerance of backup protection systems in smart grids. They demonstrate that their proposed SPIN model checker is able to identify failure situations through automated analysis of the state space.

The third article is authored by Christoph Lipps, Pascal Ahr, and Hans Dieter Schotten. They investigate Physical Layer Security to provide trust and security for Industrial Internet of Things (IIoT) over wireless networks. They demonstrate this by using Raspberry PIs to test secret key generation algorithms and static random-access-memory physical unclonable functions.

Barend Pretorius and Brett van Niekerk consider the security requirements for the IIOT in the transportation sector in the fourth article. They provide particular focus on the maritime and freight rail domains and give recommendations for these domains based on analysis of multiple frame-works and advisories for IoT and IIoT.

In the fifth article, the transportation sector is again relevant in Virginia Greiman’s discussion of the legal challenges of cybersecurity in the maritime domain. She concludes by advocating for a reworking of legal liabilities in the sector to take into account the growing threat of cyberattacks.

The previous two articles illustrate how technical vulnerabilities in equipment can disrupt the long-established legal frameworks for an entire sector internationally. This is further complicated by differing international approaches within a broader international context. The next two articles discuss local legislation and strategies within regional and international contexts.

In the sixth article, Joey Jansen van Vuuren, Louise Leenen, and Piet Pieterse continue the legal and governance discussion by analysing South Africa’s strategies against cyber-crime within the broader African context through the use of a proposed framework for cyber-crime strategy imple-mentation.

Trishana Ramluckan completes the legal discussion in the seventh article by considering the lo-cal legislations of South Africa in the context of proposed international frameworks for applying international humanitarian law to cyber-space. She concludes that the South African legal stance related to cyber-operations can benefit by aligning to proposed international frameworks such as the Tallinn Manuals.

In the final article, Anna-Marie Jansen van Vuuren and Louise Leenen focus on how apparent bi-ases occur in providing image search results. They conclude that it is the data that creates apparent biases. This finding is important for basing decisions made on big data analysis, because if large quantities of data exhibit such biases, they will potentially reinforce poor decisions.

Lastly, we would like to thank the authors and staff at the Journal of Information Warfare who helped make this special edition possible. We hope you find the varied perspectives informative.

Dr. Brett van Niekerk, University of KwaZulu-Natal, South Africa
Professor Joey Jansen van Vuuren, Tshwane University of Technology, South Africa
Dr. Trishana Ramluckan, University of KwaZulu-Natal, South Africa

References
Global Commission for the Stability of Cyberspace 2019. Advancing cyberstability: Final report, November, viewed 21 April 2020, <https://cyberstability.org/report/>.

Kirk, J 2019, ‘UK sentences man for Mirai DDoS attacks against Liberia’, BankInfoSecurity, 14 January, viewed 21 April 2020, <https://www.bankinfosecurity.com/uk-sentenced-man-for-mirai-ddos-attacks....

Lui, S 2016, ‘When big data leads to bad decisions’, LifeHacker Australia, 10 June, viewed 21 April 2020, <https://www.lifehacker.com.au/2016/06/when-big-data-leads-to-bad-decisio....

Meredith, S 2018, ‘Here’s everything you need to know about the Cambridge Analytica scandal’, CNBC, 21 March, viewed 25 January 2019, <https://www.cnbc.com/2018/03/21/facebook-cam-bridge-analytica-scandal-ev....

E Macron 2018, The Paris call for trust and security in cyberspace, 12 November, viewed 21 April 2020, <https://pariscall.international/en/>.

Schiffer, A 2017, ‘How a fish tank helped hack a casino’, The Washington Post, 21 July, viewed 21 April 2020, <https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish....

Woolf, N 2016, ‘DDoS attack that disrupted Internet was largest of its kind in history, experts say’, The Guardian, 26 October, viewed 14 October 2019, <https://www.theguardian.com/technol-ogy/2016/oct/26/ddos-attack-dyn-mira....