The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government
agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of highlevel cybersecurity outcomes that can be used by any organization — regardless of its size,
sector, or maturity — to better understand, assess, prioritize, and communicate its
cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved. Rather, it
links to online resources that provide additional guidance on practices and controls that could
be used to achieve those outcomes. This document describes CSF 2.0, its components, and
some of the many ways that it can be used.

n liberal democratic countries, the role of the state in cybersecurity is a politically contested space. We investigate that role along three dimensions: the first is theoretical and we look at existing cybersecurity literature, showing that international affairs literature is almost exclusively highlighting the role of the state as a security actor. We argue that this view is too narrow and risks limiting the discussion to only a few aspects of what cybersecurity entails. The second is empirical and we analyse policy development, showing the diversity of the roles the state imagines for itself. The state occupies six different roles in cybersecurity: (1) security guarantor, (2) legislator and regulator, (3) supporter and representative of the whole of society, (4) security partner, (5) knowledge generator and distributor, and (6) threat actor. The third dimension is normative and we investigate what the role of the state should be.

The increasing demand for cybersecurity has been met by a global supply, namely, a rapidly growing market of private companies that offer their services worldwide. Cybersecurity firms develop both defensive (e.g. protection of own networks) and offensive innovations (e.g. development of zero days), whereby they provide operational capacities and expertise to overstrained states. Yet, there is hardly any systematic knowledge of these new cybersecurity warriors to date. Who are they, and how can we differentiate them? This contribution to the special issue seeks to give an initial overview of the coordination between public and private actors in cyberspace. I thus explore these new private security forces by mapping the emerging market for these goods and services. The analysis develops a generic typology from a newly generated data set of almost one hundred companies. As a result of this stock-taking exercise, I suggest how to theorize public-private coordination as network relationships in order to provide a number of preliminary insights into the rise of this ‘brave new industry’ and to point out critical implications for the future of private security forces.

This paper examines the multifaceted role of AI in cybersecurity, elucidating its applications in threat detection, vulnerability assessment, incident response, and predictive analysis.

The Russia-Ukraine war has clearly shown that critical infrastructures are prime targets for cyber operations in addition to the physical domain. In practice, in many cases, these critical infrastructures are protected by civilian cybersecurity companies in the context of a managed security service, so their defense operations must necessarily be coordinated with military defense activities. This includes among others the sharing of information classified under different classification systems (national, EU, NATO) between different actors in national cyber defense, the inclusion of appropriate civilian experts in the armed forces, and the usage of cutting-edge cybersecurity technologies (e.g. AI-enabled solutions) that are first introduced for civilian use, with military organizations only having access to them later or possibly not encountering them at all due to procurement difficulties. The main goal of this paper is to introduce the existing opportunities and obstacles to civilians’ involvement in military cyber operations in the areas of legislation, technology, and human resources from the European perspective. Moreover, the paper deals with the actual questions of cybersecurity intelligence sharing between civilian and military entities and the European Union’s actions in order to improve the overall cybersecurity posture of the region.

Civilian innovation is often said to be an important facilitator in the development of Lethal Autonomous Weapon Systems (LAWS). This claim is held up as both a reason to ban LAWS urgently, and why a ban would be impractical. But we know little about how this dynamic plays out in practice. Theoretical insights on technology transfer can help to analyse the situation. They suggest that obtaining and utilising the civilian technology is harder than often assumed. Civil-military cooperation is hindered by the stark differences between the civilian and defence industries. Business practices are out of sync, there are few social ties between the two worlds, innovative cultures do not translate, and many civilian engineers resist cooperation with the military. Additionally, defence still needs to modify civilian technologies to meet military standards and develop military-exclusive applications of autonomy. While civilian innovation thus advances what is technologically possible, this does not automatically translate into major advances or rapid diffusion of LAWS.

This paper investigates the role of general cybersecurity and cybersecurity policy awareness in enhancing supply chain cyber resilience reactive capabilities. Theorizing from the Protection Motivation Theory, 200 Small and Medium Enterprises (SMEs) were contacted to understand their perception of cybersecurity and policy awareness in affecting their overall cybersecurity hygiene. Data collection was carried out using a questionnaire survey and analysed via Partial Least Squares-based Structural Equation Modelling to validate the research framework.

This chapter addresses the central role played by dual-use technologies in security and defence research policies of the European Union. It puts forward the argument that the EU’s strong incentives to these technologies – on the grounds of its potential for generating economic, industrial and innovation synergies between the civilian and the military domains – are a political choice that have relevant consequences in the security politics of the Union.

The article studies urgent issues of the legal regulation of cyber security in Ukraine in view of current challenges. It is stated that under conditions of intensification of cyberattacks on the information and telecommunication systems of the state authorities of Ukraine, computer networks need reliable protection. It was determined that cyberattack and cyberterrorism are negative phenomena that cause social crises, so research and analysis of Ukrainian legislation on cybersecurity is extremely important and necessary. Due to the rapid growth of cyber risks and cyber threats, it is important to monitor the current state of cybersecurity in our country, highlight the main problems of building a national cyber defense system and identify areas for their solution. This requires an analysis of the measures that have been implemented in the field of protection of computer and telecommunications networks from cyberattacks, as well as the definition of measures needed to be implemented to create conditions for the safe operation of cyberspace. The study reveals significant political, economic and social efforts aimed to strengthen cyber resilience, which the state is making to develop national cybersecurity capabilities. Considering the purpose and objectives of the scientific article, the authors have studied in detail the legal aspect. As a result of scientific research, it has been established that the legal regulation of cyber security in Ukraine is carried out by normative acts of various legal force: the Constitution of Ukraine, laws and regulations of Ukraine. The Constitution of Ukraine contains initial provisions on the organization of security of both the national cyberspace as a whole and the virtual space of public authorities of Ukraine, which are reflected in the laws as well as normative and legal regulations of Ukraine. Analysis of the current legislation in the field of cyber security has revealed some of its imperfections. It has been found that effective cybersecurity needs to be addressed comprehensively and requires coordinated action at the national, regional and international levels to prevent, prepare, and respond to the incidents by the government, the private sector and civil society. © 2022, Berostav Druzstvo. All rights reserved.

This article describes Ukraine’s cybersecurity system, its place, and its role in a single configuration of national security. The methods used include formal-dogmatic, comparative-legal, sociological, and hermeneutics. The research revealed that effective cybersecurity must be addressed comprehensively, requiring coordinated action at the national, regional, and international levels to prevent, prepare, and respond to incidents by the government, the private sector, and civil society. © 2020 University of Jordan,Deanship of Scientific Research. All rights reserved.