Cybersecurity and Privacy in Government
Permanent URI for this collection
Browse
Recent Submissions
Item Underwater Cyber Warfare: Submarine Communications Cables Architecture and Cybersecurity Analysis(2025-01-07) Boschetti, Nicolò; Falco, GregoryThe fiber-optic submarine communications cables (SCCs) are a critical infrastructure (CI) forming the cyber backbone of governments, economies, and security organizations. These networks are prone to cyber attacks that can compromise the availability, confidentiality, and integrity of civilian and military networks across the globe. This paper analyzes the cyber attack surface of SCCs, identifying vulnerabilities and single points of failure. Using the Svalbard Undersea Cable System as a case study, this study provides an attack analysis for several network nodes and shows the repercussions on interconnected CIs. Finally, it provides technical and policy recommendations to address current vulnerabilities in the SCC sector and SCC-dependent CIs.Item Understanding Zero Trust Security Implementations via the MITRE ATT&CK and D3FEND Frameworks: Uncovering Trends Across a Decade of Breaches(2025-01-07) Menard, Philip; Reyes, Elizabeth; Bateman, RayInformation sharing is paramount to operating within the modern business domain. However, with information sharing comes the risk of data breaches. One of the key challenges facing organizations is the ability to trace, and therefore trust, digital information flows. Due to its central philosophy of verifying network traffic before trusting it, zero trust security is an approach to cyber defense architecture that is rapidly gaining popularity across organizations. Although fully adopting zero trust should greatly reduce an organization’s likelihood of suffering a breach, organizations adopt zero trust in varying degrees. In this manuscript, we aim to better understand how zero trust has been adopted over the last decade, using Verizon’s Data Breach Incident Report dataset as a representative sample whereby we may infer lack of zero trust adoption via observable breaches. We find that certain aspects are positively correlated with breach occurrences, while others are negatively associated.Item Understanding Cybersecurity Outsourcing Processes in Local Governments(2025-01-07) Waltz, Craig; Gasco-Hernandez, MilaCybersecurity threats to local governments continue to grow along with the devastating costs of both prevention and recovery. The lack of skills to address these threats presses local governments to outsource cybersecurity services. Although the literature is extant when it comes to information technology (IT) services outsourcing, studies have not really differentiated between general IT contracting and contracting for cybersecurity. Our study aims at better understanding outsourcing of cybersecurity through two research questions: 1) what drives the decision to “make or buy” cybersecurity services? and 2) what determines the success of cybersecurity outsourcing initiatives? Based on interviews with local government officials, our analysis identifies three sets of drivers and two sets of determinants which have the greatest impact on outsourcing decisions and implementation efforts for cybersecurity. Our results indicate there is no single driver influencing the decision to outsource, but several which collectively lead local government managers to the decision.Item Introduction to the Minitrack on Cybersecurity and Privacy in Government(2025-01-07) Menard, Philip; Harrison, Keith; Nasi, Greta