Abstract
Malicious cyber activities are no longer a matter of if but of when, and in our increasingly interconnected world, threats to our national sovereignty can come from unexpected sources and directions—a 360°globalised challenge. Cyber threats are increasingly important and strategically relevant in both developed and developing countries. Cyber security is one of the highest priority items on the global policy and national security agendas, and an increasingly challenging policy area for governments. Our thesis is that cyber security is no longer the preserve of any single country, entity, (industry) sector or disciplinary field because of the nature and extent of an increasingly connected and sophisticated technological and user bases. There is, therefore, a need to bring together perspectives and approaches from different disciplines and countries, and investigate what we can do singularly and collaboratively to secure our cyberspace and future. This essay proposes a conceptual framework that allows theories from different disciplines and different strategies, techniques and best practices to be “plugged-and-played” when studying/understanding and responding to malicious cyber activities. Three potential research topics are also identified to seek to provide more evidence to support the proposed framework.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The US Department of Defense (2011: 5), for example, considers “cyberspace is now as relevant a domain for DoD activities as the naturally occurring domains of land, sea, air, and space.”
- 2.
As noted by Marcus Tullius Cicero, Roman philosopher, orator and statesman (106–43 B.C.), “Man’s character is such that no one undertakes crimes without hope of gain” (Szasz 2002: 26), which can be both material (e.g. illicit financial gains) and non-material (e.g. sexual gratification in the case of child exploitation).
- 3.
- 4.
As Felson (2006) pointed out, crime stimuli and responses to crime are not perfectly paired, and they reflect the diversity of a living system.
- 5.
- 6.
An analysis of criminology theories by Pratt and Cullen (2005: 376) found that “[d]espite the theoretical and empirical advances made, however, there has been a dearth of efforts to synthesize and make sense of the existing body of scholarship. Most articles focusing on macro-level issues begin with a review of existing research, but such reviews are often selective in the studies included and discussed. Even more problematic, the reviews contained in most empirical articles are imprecise in their estimates of the relative effects of theoretically relevant macro-level variables on crime.”
References
Agnew, R. (1992). Foundation for a general strain theory of crime and delinquency. Criminology, 30(1), 47–87.
Ajzen, I. (1991). Theory of planned behavior. Organizational Behavior and Human Decision Processes, 50(2), 179–211.
Akamai Technologies. (2012). The state of the internet: 4th quarter, 2011 Report. Cambridge, MA: Akamai Technologies.
Akerlof, G. A. (1970). The market for “Lemons”: Quality uncertainty and the market mechanism. The Quarterly Journal of Economics, 84(3), 488–500.
Akers, R. L. (1985). Deviant behavior: A social learning approach (3rd ed.). Belmont, CA: Wadsworth.
Akers, R. L. (2009). Social learning and social structure: A general theory of crime and deviance. New Brunswick, NJ: Transaction.
Anderson, R. (2001). Why information security is hard - An economic perspective. In Proceedings of the 17th annual computer security applications conference, New Orleans, Louisiana, USA (pp. 358–365). Washington, DC: IEEE.
Anderson, M. S., North, C. J. G., & Yiu, K. K. (2008). Towards countering the rise of the silicon trojan. Edinburgh, SA: Defence Science and Technology Organisation, Commonwealth of Australia.
Applegae, S. D. (2011). Cyber militias and political hackers: Use of irregular forces in cyberwarfare. IEEE Security and Privacy, 9(5), 16–22.
Australian Government, Department of the Prime Minister and Cabinet (2013) Strong and secure: a strategy for Australia’s national security. Commonwealth of Australia, ACT, Australia.
Azfar, A., Choo, K.-K. R., & Liu, L. (2014). A study of ten popular Android mobile VoIP applications: Are the communications encrypted? In: 47th Annual Hawaii international conference on system sciences (HICSS 2014), pp. 4858–4867, January 6–9, 2014, IEEE Computer Society Press.
Becker, G. S. (1968). Crime and punishment: An economic approach. Journal of Political Economy, 76, 169–217.
Bammer G (2012) Strengthening interdisciplinary research: what it is, what it does, how it does it and how it is supported. Report for the Australian Council of Learned Academies.
Brandtzæg, P. B. (2012). Social networking sites: Their users and social implications—A longitudinal study. Journal of Computer-Mediated Communication, 17(4), 467–488.
Broadhurst, R. (2010). A new global convention on cybercrime. Pakistan Journal of Criminology, 2(4), 1–10.
Broadhurst, R., & Choo, K. K. R. (2011). Cybercrime and on-line safety in cyberspace. In C. Smith, S. Zhang, & R. Barberet (Eds.), Routledge international handbook of criminology (pp. 153–165). New York, NY: Routledge.
Brown, S. E., Esbensen, F. A., & Geis, G. L. (2010). Criminology: Explaining crime and its context (7th ed.). New Providence, NJ: Matthew Bender & Company.
Bursik, R., Jr., & Grasmick, H. (1993). Economic deprivation and neighborhood crime rates, 1960-1980. Law and Society Review, 27(2), 263–283.
Center for Strategic and International Studies (CSIS). (2011). Cybersecurity two years later. Washington. DC: CSIS.
Choo, K. K. R. (2008). Organised crime groups in cyberspace: A typology. Trends in Organized Crime, 11(3), 270–295.
Choo, K. K. R. (2011). The cyber threat landscape: Challenges and future research directions. Computers and Security, 30(8), 719–731.
Choo, K. K. R., & Grabosky, P. (2013). Cyber crime. In L. Paoli (Ed.), Oxford handbook of organized crime. New York, NY: Oxford University Press.
Choo, K. -K. R., & Smith, R. G. (2008). Criminal exploitation of online systems by organised crime groups. Asian Journal of Criminology, 3(1), 37–59.
Clarke, R. (1997). Situational crime prevention: Successful case studies (Vol. 2). New York, NY: Harrow and Heston.
Clarke, R. V. (2005). Seven misconceptions of situational crime prevention. In N. Tilley (Ed.), Handbook of crime prevention and community safety (pp. 39–70). Cullompton: Willan Publishing.
Clarke, R. V., & Eck, J. (2003). Become a problem solving crime analyst. Devon, UK: Jill Dando Institute of Crime Science.
Cohen, L. E., & Felson, M. (1979). Social change and crime rate trends: A routine activity approach. American Sociological Review, 44(4), 588–608.
D’Orazio, C., Ariffin, A., & Choo, K.- K. R. (2014). IOS anti-forensics: How can we securely conceal, delete and insert data? In: 47th Annual Hawaii international conference on system sciences (HICSS 2014), pp. 4838–4847, January 6–9, 2014, IEEE Computer Society Press.
Davies, A., Lewis, J., Herrera-Flanigan, J., & Mulvenon, J. (2012). ANZUS 2.0: Cybersecurity and Australia–US relations. Special Report No 46
DiMaggio, P. J., & Powell, W. W. (1983). The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields. American Sociological Review, 48(2), 147–160.
Felson, M. (1998). Crime and everyday life. New York, NY: Pine Forge Press.
Felson, M. (2006). Crime and nature. Thousand Oaks, CA: SAGE Publications.
Findlay, M., & Hanif, N. (2012). Taking crime out of crime business. International Journal of Law, Crime and Justice, 40(4), 338–368.
Gendron, A. & Rudner, M. (2012). Assessing cyber threats to Canadian infrastructure: Report prepared for the Canadian Security Intelligence Service. Retrieved from, http://www.csis-scrs.gc.ca/pblctns/cdmctrch/20121001_ccsnlpprs-eng.asp
Giddens, A. (1984). The constitution of society: Outline of a theory of structuration. Berkeley, CA: University of California Press.
Gottfredson, M. R., & Hirschi, T. (1990). A general theory of crime. Stanford, CA: Stanford University Press.
Herath, T., & Rao, H. R. (2009a). Encouraging information security behavior in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154–165.
Herath, T., & Rao, H. R. (2009b). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106–125.
Hitchings, J. (1995). Deficiencies of the traditional approach to information security and the requirements for a new methodology. Computers and Security, 14(5), 377–383.
HM Government (2010). A strong Britain in an age of uncertainty: the national security strategy. The Stationery Office, Whitehall, London.
Holt, T. J. (2013). Examining the forces shaping cybercrime markets online. Social Science Computer Review, 31(2), 165–177.
Hooper, C., Martini, B., & Choo, K. K. R. (2013). Cloud computing and its implications for cybercrime investigations in Australia. Computer Law and Security Review, 29(2), 152–163.
Iswaran, S. (2013). Response speech by Mr. S. Iswaran, Minister in Prime Minister’s Office and Second Minister for Home Affairs and Trade & Industry on the second reading of the computer misuse (Amendment) bill. Media Release 14 January.
Kellerman, T. (2012). Peter the great versus Sun Tzu. Cupertino, CA: Trend Micro.
Krekel, B., Adam, P., & Bakos, G. (2012). Occupying the information high ground: Chinese capabilities for computer network operations and cyber espionage. Retrieved from, http://www.uscc.gov/RFP/2012/USCC%20Report_Chinese_CapabilitiesforComputer_NetworkOperationsandCyberEspionage.pdf
Maddux, J. E., & Rogers, R. W. (1983). Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change. Journal of Experimental Social Psychology, 19(5), 469–479.
Marcus, D., & Sherstobitoff, R. (2012). Dissecting operation high roller. Santa Clara, CA: McAfee.
Martini, B., & Choo, K.-K. R. (2013). Cloud storage forensics: OwnCloud as a case study. Digital Investigation, 10(4), 287–299. http://dx.doi.org/10.1016/j.diin.2013.08.005.
Merton, R. (1938). Social structure and anomie. American Sociological Review, 3(5), 672–682.
Mills, E. (2009). Q&A: FBI agent looks back on time posing as a cybercriminal. CNET. Retrieved on May 7, 2009, from http://news.cnet.com/8301-1009_3-10234872-83.html
Ngo, F. T., & Paternoste, R. (2011). Cybercrime victimization: An examination of individual and situational level factors. International Journal of Cyber Criminology, 5(1), 773–793.
Nielsen, S. C. (2012). Pursuing security in cyberspace: Strategic and organizational challenges. Orbis Summer, 2012, 336–356.
Pahnila, S., Siponen, M., & Mahmood, A. (2007). Employees’ behaviour towards IS security policy compliance. In Proceedings of 40th Hawaii international conference on system sciences Hawaii USA. Washington, DC: IEEE.
Pratt, T. C., & Cullen, F. T. (2005). Assessing macro-level predictors and theories of crime: A meta-analysis. Crime and Justice, 32, 373–450.
Quick, D., & Choo K-K, R. (2013a). Digital droplets: Microsoft SkyDrive forensic data remnants. Future Generation Computer Systems, 29(6), 1378–1394.
Quick, D., & Choo K-K, R. (2013b). Dropbox analysis: Data remnants on user machines. Digital Investigation, 10(1), 3–18.
Quick, D. & Choo, K.- K. R. (2014). Google drive: Forensic analysis of cloud storage data remnants. Journal of Network and Computer Applications, 40, 179–193.
Rosenbaum, D. P., Lurigio, A. J., & Davis, R. C. (1998). The prevention of crime: Social and situational strategies. Belmont, CA: Wadsworth.
Sanger, D. E. (2012a). Confront and conceal: Obama’s secret wars and surprising use of American power. New York, NY: Crown.
Sanger, D. E. (2012, June 1). Obama order sped up wave of cyberattacks against Iran. New York Times.
Scott, W. R. (2008). Institutions and organizations; ideas and interests. Reference and research book news (3rd ed.). Thousand Oaks, CA: Sage Publications.
Shou, D. (2011). Ethical considerations of sharing data for cybersecurity research. In Workshop on ethics in computer security research (Lecture notes in computer science, Vol. 7126, pp. 169–177). Berlin: Springer.
Siponen, M., Willison, R., & Baskerville, R. (2008). Power and practice in information systems security research. In Proceedings of the International Conference on Information Systems (pp. 14–17). France: Paris.
Skinner, W. F., & Fream, A. M. (1997). A social learning theory analysis of computer crime among college students. Journal of Research in Crime and Delinquency, 34(4), 495–518.
Smith, S. (2012, October 24). Minister for defence – Speech to the Defence Signals Directorate (DSD) cyber security conference 2012. Media Release.
Straub, D. W. (1990). Effective IS security: An empirical study. Information Systems Research, 1(3), 255–276.
Sutton, A., Cherney, A., & White, R. (2008). Crime prevention: Principles, perspectives and practices. Port Melbourne, VIC: Cambridge University Press.
Symantec. (2012). Internet security threat report 2011 trends (Vol. 17). Mountain View, CA: Symantec Corporation.
Szasz, T. (2002). Fatal freedom: The ethics and politics of suicide. Syracuse, NY: Syracuse University Press.
TechAmerica. (2012). TechAmerica’s twenty-second annual survey of federal chief information officers: May 2012. Washington, DC: TechAmerica.
Thomson, K., & von Solms, R. (2005). Information security obedience: A definition. Computers and Security, 24(1), 69–75.
UK House of Commons Defence Committee. (2013). Sixth report of session 2012–13 (Volume I: Report, together with formal minutes, oral and written evidence). London: The Stationery Office Limited.
UK Intelligence and Security Committee. (2011). Annual report 2010–2011 (Presented to Parliament by the Prime Minister by Command of Her Majesty July 2011). Retrieved from, http://www.official-documents.gov.uk/document/cm81/8114/8114.pdf
US Department of Defense. (2011). Department of Defense strategy for operating in cyberspace. Retrieved from, http://www.defense.gov/news/d20110714cyber.pdf
US Government Accountability Office (US GAO). (2012a). Cybersecurity: Threats impacting the nation. Washington, DC: US GAO.
US Government Accountability Office (US GAO). (2012b). DOD supply chain: Suspect counterfeit electronic parts can be found on internet purchasing platforms. GAO-12-375. Washington, DC: US GAO.
US Government Accountability Office (US GAO). (2013). A better defined and implemented national strategy is needed to address persistent challenges. GAO-13-462T. Washington, DC: US GAO.
US Office of the National Counterintelligence Executive. (2011). Foreign spies stealing us economic secrets in cyberspace: Report to Congress on foreign economic collection and industrial espionage, 2009–2011. Retrieved from, http://www.ncix.gov/publications/reports/fecie_all/Foreign_Economic_Collection_2011.pdf
US White House. (2011). International strategy for cyberspace: Prosperity, security, and openness in a networked world. Retrieved from, http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf
US White House. (2013). Executive order: Improving critical infrastructure cybersecurity. Retrieved from, http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity
von Solms, B. (2001). Information security – A multidimensional discipline. Computers and Security, 20(6), 504–508.
Weber, R. (2003). Theoretically speaking. MIS Quarterly, 27(3), iii–xi.
Weber, R. (2012). Theory building in the information systems discipline: Some critical reflections. In D. N. Hart & S. D. Gregor (Eds.), Information systems foundations: Theory building in information systems (pp. 1–20). Canberra, ACT: Australian National University.
Williams, M. & Levi, M. (2013). Perceptions of the eCrime controllers: Modelling the influence of cooperation and data source factors. Security Journal. In press, http://dx.doi.org/10.1057/sj.2012.47
Acknowledgments
The views and opinions expressed in this chapter are those of the author alone and not the organisations with whom the author is or has been associated. The author would like to thank the anonymous reviewers and his colleagues including Professor Peter Grabosky (Australian National University) for their constructive feedback on previous drafts of this essay. Despite their invaluable assistance, any errors remaining in this essay are solely attributed to the author. This research is partially supported by the 2010 Australian Research Council Discovery Projects (DP1096833).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media New York
About this chapter
Cite this chapter
Choo, KK.R. (2014). A Conceptual Interdisciplinary Plug-and-Play Cyber Security Framework. In: Kaur, H., Tao, X. (eds) ICTs and the Millennium Development Goals. Springer, Boston, MA. https://doi.org/10.1007/978-1-4899-7439-6_6
Download citation
DOI: https://doi.org/10.1007/978-1-4899-7439-6_6
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4899-7438-9
Online ISBN: 978-1-4899-7439-6
eBook Packages: Computer ScienceComputer Science (R0)