Cybersecurity policy

Los recientes ciberataques perpetrados con el programa malicioso Wannacry (Wannacrypt0r 2.0) en contra de las redes digitales de instalaciones de salud, comunicaciones, mando y control de trenes, empresas de paquetería, servicio de gas, industria automotriz e instituciones gubernamentales de 150 países; y con el virus Firewall que, de acuerdo con la empresa de ciberseguridad Checkpoint, infectó a 250 mil máquinas alrededor del mundo, dejan de manifiesto que en cuestiones de ciberseguridad todos los actores de la sociedad son potenciales objetivos de ataques cibernéticos.

In 2001, the Convention on Cybercrime of the Council of Europe, also known as the Cybercrime Convention or the Budapest Convention, became the first binding international instrument to foster a common criminal policy and international cooperation to battle cybercrime in signatory States. Whether or not India should join the Convention has, since then, been a topic of intense debate. In this paper, the author considers the Convention’s major strengths and weaknesses in five areas of crucial importance to Indian stakeholders. To sign or not? There might not be an easy answer, as this paper will show.

With the arrival of cyberspace, a whole host of new security and other challenges have arisen which are not always adequately tackled. In order to deal with them more appropriately, India has repeatedly argued for a greater role of the UN in the formulation of international Internet-related public policies, particularly where cybersecurity is concerned. However, as the cybersecurity landscape is rather complex, it brings a range of challenges to especially India’s more ambitious proposals to mobilise the multilateral system. What are those challenges, how can we work through them, and what are possible alternative approaches to cybersecurity-related problems? We investigate.

Timely sharing of cyber security related information between organizations has long been perceived as an effective measure to address cyber security challenges. Even though information sharing is a cost-effective tool and a crucial step towards a more effective in combating cyber crime, it is not a magical solution for all of the problems for cyber security.

La ciberseguridad es un problema a hacer frente por los despachos de abogados, grandes y pequeños y en esta profesión lo estamos abordando realmente mal. Es difícil luchar contra algo que no se ve y poca gente entiende, sobre todo cuando no sabes qué es lo que tienes que buscar. El ciberataque a la OPM (Offices of Personnel Management) en Estados Unidos comprometió los datos personales de 21 millones de empleados que habían trabajado y trabajan para el gobierno de Estados Unidos incluido el personal contratado así como los ciberataques a aseguradoras médicas cuyo objetivo es robar información personal de sus clientes. Pero los ciberataques no solo tienen como objetivos a los gobiernos o grandes multinacionales, la ciberseguridad debe ser una prioridad para los despachos de abogados. A continuación se describen grandes errores que los abogados cometen en el ámbito de la ciberseguridad: 1. Contraseñas: aunque diariamente utilizamos contraseñas para abrir los ordenadores, no todas las contraseñas son iguales. Se deben implementar una política de contraseñas fuerte, por ejemplo doble autenticación, actualizar las contraseñas cada 2 a 4 meses, nunca repetir contraseñas. Las contraseñas deben tener un mínimo de 10 caracteres que combinen números, letras y caracteres especiales así como la exclusión del uso del nombre propio o apellido.

Information and communication technologies provide immediate means, motivations and opportunities for cybercrime. However, deeper cultural, social and psychological developments triggered by globalisation are the root causes of such motivations and opportunities. Successful strategies to prevent cybercrime cannot focus only on technological or infrastructural defences but must address these global developments. While scientific understanding and political awareness of such causes are still limited, studies from different disciplines, including sociology, criminology and psychology, allow to detect some global criminogenic patterns and to identify the state responsibilities of national governments for failing to address them adequately. This article integrates the findings of these studies to provide a preliminary interdisciplinary theory of the global causes of cybercrime and assess what national governments can do to mitigate them.

The cybersecurity industry has a significant employment gap, with over 301,000 open
jobs in the United States, up from 285,000 jobs in 2017 (Cybersecurity Supply and
Demand Heat Map, n.d.). The unfilled positions span the country and the spectrum of
cybersecurity work. At the same time, the cybersecurity industry has a gender gap, with
women making up only 10-15% of the United States cybersecurity workforce while
making up about 50% of the general workforce (LeClair, Shih, & Abraham, 2014). One
of the reasons for the low representation of women in the cybersecurity workforce is that
the retention rate of women in these fields is significantly lower than the retention rate of
men (LeClair, et al., 2014). This study will be used to investigate factors that may impact
a woman’s decision to stay in the cybersecurity industry, including lack of mentorship,
Impostor Phenomenon, and hostile work environment. Respondents will assess the
perceived impact of these retention barriers on the desire to stay in the cybersecurity
industry. Results of this study present evidence that the selected barriers to retention are
noteworthy and that significant relationships exist between some demographic factors
and the perceived impact Impostor Syndrome on retention of women in the cybersecurity
industry. Additionally, a significant relationship was found between the composite
perceived impact of the retention barriers and the demographic time working in the
cybersecurity industry.

In 2013, Indonesia topped China and was acknowledged as the country with the highest rate of cyber attack traffic, in which with its 1,6 percent share of world Internet users, Indonesia contribute 38 percent of the total cyber attack in the world. Furthermore, as one of large emerging economic countries, Indonesia will definitely more rely on the use of Internet in the future. However, the current cyber security and defense policy of Indonesia has not adequately addressed the current cyber threats, so that leave vulnerability to its cyber environment. This policy brief identifies five inadequate cyber aspects of the contemporary policy and therefore recommends that the policy should have a larger strategy that covers all cyber possibilities, yet provide more detail and measurable approach. This recommendation contributes to the Indonesian national security and defense goals, as well as building regional collaboration, thereby supporting global cyber security resilience.

The debate on government access to encrypted data, popularly known as the “going dark” debate, has intensified over the years. On the one hand, law enforcement authorities have been pushing for mandatory exceptional access mechanisms on encryption systems in order to enable criminal investigations of both data in transit and at rest. On the other hand, both technical and industry experts argue that this solution compromises the security of encrypted systems and, thus, the privacy of their users. Some claim that other means of investigation could provide the information authorities seek without weakening encryption, with lawful hacking being one of the most suggested alternatives. “Lawful hacking,” also known as “government hacking,” consists in the deployment, by investigative authorities, of tools that allow for the intrusion into computer systems, enabling access to its contents. Although this form of investigation seems to be essential in an increasingly connected society, it is important to understand security and privacy risks of different lawful hacking regulatory approaches. Considering that some countries are already enacting legal frameworks related to it, I aim to highlight the issues that should be properly addressed in order to position lawful hacking as one of the viable answers to the “going dark” debate.

Deklaracja Wyszehradzka z 15 lutego 1991 roku zakładała intensywną współpracę sygnatariuszy ukierunkowaną na uzyskanie członkostwa w strukturach Unii Europejskiej i Sojuszu Północnoatlantyckiego. Potwierdzono w niej gotowość do ponoszenia zbiorowych wysiłków na rzecz integracji ekonomicznej i militarnej z szeroko rozumianym Zachodem. Podkreślono, że same zainteresowane państwa "będą prowadziły konsultacje w sprawach dotyczących ich bezpieczeństwa (...) skoordynują rozwój swoich systemów energetycznychi sieci telekomunikacyjnych". Kwestie bezpieczeństwa stanowiły zatem istotną przesłankę towarzyszącą utworzeniu tego nieformalnego stowarzyszenia państw Europy Środkowej, a poczesne miejsce zajmowała tu infrastruktura krytyczna,  w tym jej komponenty ICT.

Does the Internet facilitate democratization or democratic entrenchment? The body of literature on the Internet and democracy points to scholarly divergence on this issue. This article seeks to contribute to this debate by analyzing Thailand's Internet regime as a crucial test case in the larger debate over the Internet and democracy. First, it argues that the extent to which the Internet can be a force for democracy is contingent upon the state coercive capacity in cyberspace. State coercion online-measured in terms of regulatory, institutional, infrastructural, and ideational dimensions-can thwart the democratic potential the Internet may bring. Second, using a rationalist analytical framework, this article argues that the Thai state will continue to employ repression online as long as the benefits outweigh the costs for political elites. As such, any improvement in the country's overall democratic qualities may not affect the degree of state digital coercion.

In an age when cybersecurity vulnerabilities can be used as a pretext for a blockade, as in the case of Qatar prompted by a hack of the Qatar News Agency, it becomes incumbent upon states to consider legislating the capability maturity measurement and the development of their cybersecurity programs across the community. This paper proposes a Qatar Cybersecurity Capability Maturity Model (Q-C2M2) with a legislative framework. The paper discusses the origin, purpose and characteristics of a capability maturity model and its adoption in the cybersecurity domain. Driven by a thematic analysis under the document analysis methodology, the paper examines existing globally recognized cybersecurity capability maturity models and Qatar's cybersecurity framework using publicly available documents. This paper also conducts a comparative analysis of existing cybersecurity capability maturity models in light of the Qatari cybersecurity framework, including a comparative analysis of cybersecurity capability maturity model literature. The comparative document analysis helped identify gaps in the existing Qatar National Information Assurance Policy and specifically the Qatar National Information Assurance Manual. The proposed Q-C2M2 aims to enhance Qatar's cybersecurity framework by providing a workable Q-C2M2 with a legislative component that can be used to benchmark, measure and develop Qatar's cybersecurity framework. The Q-C2M2 proposes the USERS domains consisting of Understand, Secure, Expose, Recover and Sustain. Each domain consists of subdomains, under which an organization can create cybersecurity activities at initial benchmarking. The Q-C2M2 uses the following five levels to measure the cybersecurity capability maturity of an organization: Initiating, Implementing, Developing, Adaptive and Agile.

Russia's exercise of cyberpower forms an integral part of the far broader concept known as information warfare. The key principle of the Russian approach to information warfare, including cyber activities, is that information is the most important object of operations, independent of the channel through which it is transmitted. The aim is to control-or weaponize-information in whatever form it takes. Thus, "cyber" in particular is just a technical representation of information. In short, in Russia's comprehensive approach to the information domain, cyber is not a stand-alone discipline. This principle underpins all Russian efforts to extract, exfiltrate, manipulate, distort, or insert information. Alongside cyber activities, the channels available for doing this are as diverse as using fake or real news media to plant disinformation, trolling campaigns, issuing official government statements, giving speeches at rallies or demonstrations, posting defamatory online videos, and sending direct text messages. Russian information activities are not limited to cyberspace. Rather than using the term "cyberspace," Russian officials refer to "information space," which includes both computer and human information processing. This essay starts with an explanation of the terminological, doctrinal, and practical distinguishing features of Russian cyber activities as part of information warfare. It goes on to look at a number of Russia's agencies and capabilities involved in the prosecution of cyber activities, both offensive and defensive. In conclusion, the essay emphasizes the main implication of this distinctive approach: the need for nations to prepare a broad range of defenses against Russia's holistic approach to offensive cyber, information warfare, and other forms of hostile online activity.

Difficulties in matching cyber security supply with demand have been reported in Australia, Japan, the United Kingdom and the United States; these countries have also been among the most active in mitigating the shortage through comprehensive policy strategies. Apart from them, however, and despite the claims of a global cyber security workforce shortfall, there is only anecdotal evidence on the presence of the shortage in other parts of the world. This report, funded by the not-for-profit Global Cyber Security Center, seeks to fill this gap and investigates the cyber security skills shortage in Italy. This research argues that Italy seems to be affected by the same challenges that are impeding a smooth match between cyber security supply and demand as in other countries, but given the budgetary constraints and the weak development of Italian cyber security policy, Rome’s actions to counter the shortage have been lagging behind those of its international peers.

“Italy Cyber Readiness at a Glance” is the sixth of a series of country reports assessing national-level preparedness for cyber risks based on the Cyber Readiness Index (CRI) 2.0 methodology. This report provides an extensive analysis of Italian cyber security-related efforts and capabilities, and follows similar reports of other G7 countries evaluating their commitment and maturity to closing the gap between their current cyber security posture and the national cyber capabilities needed to support their digital future.

Nations and their citizens rely on infrastructures. Their incapacitation or destruction could prevent nations from protecting themselves from threats, cause substantial economic harm, and even result in the loss of life. Therefore, safeguarding these infrastructures is an obvious strategic task for any sovereign state. While the need to protect critical infrastructures (CIs) is far from novel, digitization brings new challenges as well as increased cyber-risks. This need is self-evident; yet, the optimal policy regime is debatable. The United States and other nations have thus far opted for very light regulation, merely encouraging voluntary steps while choosing to intervene only in a handful of sectors. Over the past few years, several novel laws and regulations addressing this emerging issue have been legislated. Yet, the overall trajectory of limited regulatory intervention has not changed. With that, the wisdom of such a limited regulatory framework must be revisited and possibly reconsidered. This Article fills an important gap in the legal literature by contributing to and promoting this debate on cyber-risk regulation of CIs, while mapping out the relevant rights, options, and interests this ‘critical’ debate entails and setting forth a regulatory blueprint that balances the relevant factors and considerations.

The Article begins in Part II by defining CIs and cyber risks and explaining why cyber risk requires a reassessment of CI protection strategies. Part III describes the means used by the United States and several other nations to address cyber risks of CIs. Part IV examines a market-based approach with minimal governmental intervention to critical infrastructure cyber-regulation, along with the various market failures, highlighting assorted minimal measures to correct these problems. It further examines these limited forms of regulation, which merely strive to bridge information and expertise barriers, assign ex post liability for security-related harms, or provide other specific incentives — and finds them all insufficient. Part V continues the normative evaluation of CI cyber-protection models, focusing on ex ante approaches, which require more intrusive government involvement in terms of setting and enforcing standards. It discusses several concerns with this regulatory strategy, including the lack of governmental expertise, regulatory capture, compromised rights, lack of transparency, and the centralization of authority. Finally, in Part VI, the Article proposes a blueprint for CI cyber protection that goes beyond the mere voluntary regulatory strategy applied today.

À l'occasion cette fin d’année épidémique, ATLANTICO a demandé à ses contributeurs les plus fidèles de s'interroger sur l'année à venir. A quoi pourrait bien ressembler 2022 ? Franck DeCloquement aborde le dossier et se penche sur les prochaines cybermenaces.

Acknowledging the fundamental importance of CI for national security, the Kosciusko Institute decided to devote the present report to the problem of its protection focusing primarily on cyber security of CI due to its growing role and signi cance. Our ambition is that the report contribute to the on-going debate over CI protection especially in the context of cyber criminality.
The main objective of the report is to provide entities directly responsible for CI protection with recommendations improving security. The recommendations have been developed following an analysis of factors in uencing both CI protection in its general aspect as well as ICT security of CI. The factors were selected from individual chapters in the report and consti- tute their most important element.

Angeles (UCLA). Thank you to the dedicated Federal Communications Law Journal staff for bringing this Note to publication. Special thanks to Meredith Rose, Journal Adjunct, and Atena Sheibani-Nejad, Notes Editor, for their patience and encouragement from start to finish. I would also like to express my gratitude to Professor Daniel J. Solove for his guidance during the writing process and mentorship throughout my law school career. Finally, many thanks to my family for their unconditional love and support.

The technological transformation story of Azerbaijan is marked by the popular embrace of digital banking, implementation of centralized e-government services, and the automation of critical energy infrastructure. However, this march towards modernization brings with it inherent vulnerabilities, which make cybersecurity an emerging critical frontier. Cybersecurity is a new paradigm, where traditional concepts of security falter as national boundaries blur and perpetrators often remain shrouded in anonymity. In this new territory Azerbaijan confronts three primary challenges: the difficulty in establishing clear cyber trigger lines akin to physical borders, the near impossibility of attributing attacks and assigning responsibility, and the daunting task of developing proportionate countermeasures in an evolving and unregulated domain. This paper argues how through a comprehensive and proactive cyber-defense strategy, Azerbaijan can not only shield its critical infrastructures and government databases but also establish a resilient digital presence in the global arena.

In the present scenario all software systems are imperfect because they cannot be built with mathematical or physical certainty, Hence in this research paper the comparison of various software development models has been carried out. According SDLC each and every model have the advantage and drawbacks so in this research we have to calculate the performance of each model on behalf of some important features. The concept of system lifecycle models came into existence that emphasized on the need to follow some structured approach towards building new or improved system. Many models were suggested like waterfall, Iterative model, prototype model, spiral model etc.

O acelerado processo de globalização e as suas dinâmicas, causaram nos Estados um
aumento da sua vulnerabilidade e dos seus receios relativamente à segurança e defesa do
seu território, assim, dadas as caraterísticas dos ciberataques, estes podem colocar em risco
a soberania dos Estados e a sobrevivência dos restantes atores do Sistema Internacional.
Portugal não se encontra à margem desta realidade, pelo que, o presente artigo analisa a
política de cibersegurança em Portugal, fazendo-se uma revisão normativa relativamente
às Leis internacionais de que o Estado é parte, às leis nacionais, bem como uma revisão de
literatura alusiva às instituições envolvidas neste processo e a um estudo de caso, de modo
a provar-se, se Portugal se encontra preparado para as ameaças provenientes do ciberespaço.

O artigo conclui que, embora Portugal tenha vindo a evoluir neste campo, existe ainda um
longo caminho a percorrer na efetivação e eficácia da Estratégia Nacional de Cibersegurança.

Today cyber space is easily accessible and has presence beyond geo-political boundaries; also rapidly becoming a global battlefield for various states and non-states entities. With the advent of the Internet of Things (IoT), every compromised device has potential to become soldier or adversary.  It has become a necessity for each state to have its own separate individual cyber security policy. In 2003 the United States of America (USA) was first to understand the significance of cyber security policy and was the first country in the world to have a cyber-security policy. Cyberspace communication exposes countries to various challenges. This can be tackled by states by drafting and implementing effective cyber security policies. This project critically analysis the recent National Cyber Security Policies (NCSP’s) of UK, India, USA and Germany. The documents will be analysed in the light of derived framework. This project intends to do the comparative analysis for academic purposes only and can act as a stepping stone for bridging gaps in cyber security policies.

Cyber threats are fundamentally different from any other because they usually do not involve any kinetic, or in other words physical, effects or actions. Yet they nonetheless have a huge potential for damage because digital and networked enabled elements permeate our governments, infrastructure, businesses and even private lives.

Such threats are fundamentally borderless and global in nature. They can originate from absolutely any place in the world and target virtually any other place. In addition some attacks may originate in one country, use a botnet (a group of voluntarily or involuntarily remotely controlled computers, used to increase the effect of some types of cyber attacks) of computers in another (or even several other) country and target a server or website in a third. Thus effective solutions for such global threats have to in turn also be truly global.

El objetivo de este texto es mostrar cómo los Estados han buscado mediante normas nacionales e internacionales, así como alianzas con países y actores estratégicos, aprovechar las ventajas del ciberespacio y reducir las vulnerabilidades.

https://www.gob.mx/imr/acciones-y-programas/notas-del-analisis-del-imr

In 2017, the WannCry and NotPeya showed that attacks targeting the cyber component of infrastructures (e.g. attacks on power plants), services (e.g. attacks to banks or hospitals servers), and endpoint devices (e.g. attacks on mobiles and personal computers) have a great disruptive potential and could cause serious damage to our information societies. WannaCry crippled hundreds of IT systems. And NotPetya costed pharmaceutical giant Merck, shipping firm Maersk and logistics company FedEx around US$300 million each. At a global level, cyber crime causes multibillion dollar losses to businesses, with average losses per organization running from US$3.8 to US$16.8 million in the smallest and largest quartiles respectively (Accenture 2017).

Eight U.S. states are leading the rest in cybersecurity readiness. In “State of the States on Cybersecurity,” Senior Fellow Francesca Spidalieri reviews the efforts of state governments in California, Maryland, Michigan, New Jersey, New York, Texas, Virginia, and Washington. These states provide a collective overview of sound approaches to “protect infrastructure, information, and operations.”

The study highlights effective mechanisms and creative solutions that state governments and their leaders have devised to take advantage of existing assets, to better protect critical infrastructure, to promote information sharing, to grow their cybersecurity industry, and to attract qualified talent to their states.

It is important that cybersecurity measures are enforced at the state-level to protect citizens and reduce cyber risks. Maintaining the most recent security products, tools, and plans is just as important as educating users in the proper practices to reduce their cyber risks. The initiatives exemplified throughout this new report provide models for other states and jurisdictions to follow and offer a useful set of effective mechanisms and activities at the state-level to put recommended action into practice.

El progreso de los medios cibernéticos y su aplicación como medio de defensa – ataque por parte de diversos actores de la sociedad internacional, así como la utilización del campo de batalla virtual (ciberespacio) por parte de los Estados y sus fuerzas armadas
para garantizar la seguridad nacional, ofrecen la oportunidad de examinar el poder de la tecnología digital y el espectro electromagnético como medios de ataque y destrucción de los potenciales enemigos
así como medio de defensa de la información estratégica crítica. De igual forma, esta fórmula entre tecnologías de la información y poder, presenta una nueva condición de conflicto internacional que debe ser regulado, a fin de: evitar las atrocidades del pasado observadas en conflictos interestatales, garantizar el respeto de los no combatientes y definir claramente cuando se debe utilizar la fuerza militar para responder a un ataque cibernético.

Ciberseguridad Nacional en México y sus desafíos RESUMEN 1 Debido a los avances tecnológicos los Estados enfrentan nuevos desafíos en la llamada Era de la Información. Estos desafíos están ligados a la falta de protección y al mal uso del ciberespacio, que se ha convertido en el quinto ámbito de la guerra. Visto desde la perspectiva de la seguridad nacional, la dependencia en las tecnologías de la información y comunicaciones (TIC) ha acelerado los procesos, pero aumentado las vulnerabilidades. Por ello, los Estados han buscado salvaguardar la ciberseguridad a través de medidas políticas, tecnológicas y estratégicas que incluyen claridad en los conceptos y atribuciones de los actores. Es decir, el concepto de seguridad ha evolucionado para incluir los aspectos tecnológicos que hoy predominan bajo el termino de ciberseguridad nacional. Por ello, los Estados han diseñado ciberestrategias para contrarrestar las diversas amenazas del ciberespacio y los desafíos que deben enfrentar en cuestiones de estrategia, recursos humanos y desarrollo tecnológico. Abstract Due to technological advances, States face new challenges in the so-called Information Age. These challenges are linked to the lack of protection and misuse of cyberspace, which has become the fifth domain of war. Seen from the perspective of national security, reliance on information and communication technologies (ICT) has accelerated processes, but it has also increased vulnerabilities. Therefore, States have sought to safeguard cybersecurity through political, technological and strategic measures that include clarity in the concepts and attributions of the actors. In other words, the concept of national security has evolved to include the predominant technological aspects of today´s world under the term of national cybersecurity.

In liberal democratic countries, the role of the state in cybersecurity is a politically contested space. We investigate that role along three dimensions: the first is theoretical and we look at existing cybersecurity literature, showing that international affairs literature is almost exclusively highlighting the role of the state as a security actor. We argue that this view is too narrow and risks limiting the discussion to only a few aspects of what cybersecurity entails. The second is empirical and we analyse policy development, showing the diversity of the roles the state imagines for itself. The state occupies six different roles in cybersecurity: (1) security guarantor, (2) legislator and regulator, (3) supporter and representative of the whole of society, (4) security partner, (5) knowledge generator and distributor, and (6) threat actor. The third dimension is normative and we investigate what the role of the state should be. To do that, we outline three main areas of tension between the state, the economy, and society in which cybersecurity policies are situated. Diverse coalitions of interests, spanning across the three social fields, support or challenge the six roles. Thus, two types of questions occupy the centre stage of cybersecurity policy: a question regarding the boundaries of responsibility (i.e., where does the responsibility of the state, economic, and societal actors start and end?) and a question regarding the concrete assumption of responsibilities (i.e., which means is an actor allowed to use to assume the responsibilities of his/her roles?). In sum, our conceptualisation enhances the understanding of cybersecurity as a diverse and crosscutting policy field. The result is a more comprehensive understanding of different roles of the state, which will help researchers with finding innovative research questions in the future.

Cybercafé administrator used to be a major player in cybercrimes control in conjunction with security operatives, until the advent and popularity of internet service by the GSM operators in Nigeria. This study investigates the level of awareness of the existing cyber security measures among the cyberspace users and the level of enforcement of these measures by the cybercafé administrators and government security agencies within Ilorin metropolis, Kwara State, Nigeria. Questionnaires were administered to 10 cybercafé administrators and 100 cyberspace users in both University of Ilorin and Kwara State University. The findings show that 76% of the respondents are not aware of any existing cyber security policies, or any standard agency or outfit charged with the responsibility of enforcing cyber security policies. 80% of the cybercafé administrators agreed that most of the cyberspace users overlook the cyber security measures being used in the cybercafés. The paper suggested the way forward, presents various preventive and control measures of cybercrimes most especially the one being committed by the GSM users when accessing the internet and observed that if nothing urgent and precise is done, the combined effect of the present world economic meltdown with the raging cybercrimes will cripple the nations' fragile political and socio-economic systems. This will no doubt, make the nations' effort at becoming one of the twenty top world economies by 2020, a mission impossible or a mirage. The need for inclusion of cyber ethics into citizenship education in Nigeria, and the need for establishment of relevant cyber security agencies were recommended among others.

Internet can be considered as one of the greatest achievements of humanity of the last century, which connected the entire world. It created a new space for connections, information and communications, as well as cooperation. Thus, it created also a new platform for conflicts that involved not only individuals but also states. The invention of the twentieth century, the Internet, has become another sphere for international relations, and a new space for defensive and offensive policies for regulating and balancing those affairs. The space called cyberspace has become a platform for interactions not only between individuals , but also between states. The interactions on their side were not only developed in a positive manner, but were also transformed into attacks, which pose a real threat to the security of states. Thus, the following questions arise: Can cyberspace be considered a new sphere for war? Can conflicts and offensive and defensive operations in cyberspace be considered a real war? The aim of this article is to specify offensive and defensive actions occurring in cyberspace and to explain the differences and similarities between them and the classical approach to war present in other spheres: land, water, air, and space. Despite the overgrowth of offensive interactions in cyberspace and defensive strategies for enriching the cyber arsenal of states, military specialists have concerns over the reality of cyberwars in general. Parallels are drawn to show the similarities and differences between definitions and perceptions of war, and whether concepts from the classical approach can be transferred to describe wars in the cyber sphere. This research puts cyberwars in line with other wars, thus analyzing their peculiarities, whilst Cyberspace is seen as another sphere for war and international relations in addition to the existing spheres of land, water, air, and space * Doctoral Student, Nanjing University, School of International Studies.

Cyberspace poses a great challenge to the traditional governance, that is mainly state-centric-it challenges the traditional concepts like security, borders, privacy and sovereignty. Legal discussions about cyberspace governance often focus on international cybercrime arrangements, international standards and national sovereignty. Due to the globalisation and the interconnected nature of cyberspace and the cross-border impacts of attacks, it has been made impossible for any organisation to manage cyberspace and cyber threats without an adequate level of cooperation with various partners and allies. This is especially relevant in certain areas of national security, as well as in the Common Foreign and Security Policy (CFSP) of the European Union. But what does cybersecurity mean for the European Union and how its viewpoint changed through the past decades? This paper analyses the EU acquis to provide an overview on EU cybersecurity policy and to understand the challenges EU currently facing as a cyber-actor.

The ongoing digitization leads to a deepening dependence of the next life spheres on information technology. The global net- work has become the basic tool for work, communication and entertainment. The changes that are taking place have an impact on security conditions, which the state and its institutions are obliged to ensure both individually and collectively. The grow- ing scale of threats related to cyberspace activity requires an ade- quate response from public administration, which is currently fac- ing challenges related to building structures capable of ensuring internal, external and military security including digital threats, acquiring expert staff and developing national technological and scientific potential that can face new threats.
***
kolejnych sfer życia od technologii informatycznych. Globalna sieć stała się podstawowym narzędziem pracy, komunikacji i rozrywki. Zachodzące zmiany nie pozostają bez wpływu na uwarunkowania związane z bezpieczeństwem, do którego zapewnienia tak w wymia- rze indywidualnym, jak i zbiorowym zobowiązane są państwo oraz jego instytucje. Rosnąca skala zagrożeń związanych z aktywnością w cyberprzestrzeni wymaga adekwatnej reakcji ze strony admini- stracji publicznej, która stoi obecnie przed wyzwaniami związanymi z budowaniem struktur zdolnych do zapewnienia wewnętrznego, zewnętrznego i militarnego bezpieczeństwa z uwzględnieniem cyfrowych zagrożeń, pozyskiwaniem kadr eksperckich oraz roz- wojem narodowego potencjału technologicznego i naukowego mogącego stawić czoło nowym zagrożeniom.