Criminological Features of the Cybersecurity Threats

Authors

DOI:

https://doi.org/10.26512/lstr.v15i2.45997

Keywords:

Cybersecurity Threats. Criminology. Information Security. Cybersecurity. Determinants of Crime.

Abstract

[Purpose] Currently, novel tools have converted many traditional phenomena into cyber ones. The absence of a standardized terminology and classification of cybersecurity threats has raised significant concerns among researchers and lawmakers. Ignoring the emerging risks that necessitate appropriate responses is impracticable. Prior to devising countermeasures to combat cybercrime, it is imperative to accurately define the concept of cybersecurity threat and differentiate it from other related notions such as information security, computer security, cyberattack, cyberspace attack, cyber incident, cybersecurity incident, cyber threat, and cybersecurity event, whose definitions may be ascertained from the glossaries of various standardization institutes.

[Methodology/Approach/Design] This study presents a descriptive investigation of cybersecurity threats and their causes, utilizing genetic, systematic-functional, and systematization methods. Cyberattacks are identified as the primary threat, and data is represented through qualitative research and summarized in tables. The study also considers the historical background of concepts and cyber-criminality.

[Findings] The present study delves into a comprehensive analysis of distinct categories of cybersecurity threats, the trajectory of cybercrime, and the factors that underpin the emergence of new cybersecurity threats. The research scrutinizes both the general causes for cyber-criminality and the specific determinants for criminal activities that target the energy sector, a critical component of a state's infrastructure. The study reveals that the major sources of threats comprise terrorists, insiders (i.e., disgruntled employees), commercial spies, and black hackers or crackers, whose malicious acts are themselves considered threats to cybersecurity.

Downloads

Download data is not yet available.

Author Biographies

Viktor Anatolievich Shestak, Moscow Academy of the Investigative Committee of the Russian Federation

Doctor of Juridical Science, Professor of the Department Criminal Procedure, Moscow Academy of the Investigative Committee of the Russian Federation (Moscow, Russian Federation). Address: 12, Vrubel Street, Moscow, Russia, 125080. E-mail: viktor_shestak@mail.ru.

Alyona Dmitrievna Tsyplakova, MGIMO University

Bachelor of Laws (LL.B.), Master’s Degree Student of the Department of Criminal Law, Criminal Procedure and Criminology of MGIMO University (Moscow, Russian Federation). E-mail: tsyplakova.a.d@my.mgimo.ru.

References

Alabdulatif, A. (2018). Cybercrime and analysis of laws in Kingdome of Saudi Arabia. [Master of Science in Information System Security, Technology of University of Houston]. Available at: https://uh-ir.tdl.org/bitstream/handle/10657/3107/ALABDULATIF-THESIS-2018.pdf?sequence=1.

Bailey, T., Maruyama, A. & Wallance, D. (2020). The energy-sector threat: How to address cybersecurity vulnerabilities. McKinsey & Company, 2020. Available at: https://www.mckinsey.com/business-functions/risk-and-resilience/our-insights/the-energy-sector-threat-how-to-address-cybersecurity-vulnerabilities.

Desarnaud, G. (2017). Cybersecurity attacks and energy infractutures. Anticipating Risks. Études de l’Ifri. Available at: https://www.ifri.org/sites/default/files/atoms/files/desarnaud_cyber_attacks_energy_infrastructures_2017_2.pdf.

Belous, A.I. (2020). Cybersecurity of fuel and energy complex facilities. Concepts, methods and tools for ensuring. Moscow, Vologda: Infra-Inzheneriya.

Black Kite (2021). The 2021 ransomware risk pulse: energy sector. Ransomware on the Rise Across Critical Infrastructure. Available at: https://blackkite.com/wp-content/uploads/2021/09/The-2021-Ransomware-Risk-Pulse-_-Energy-Sector.pdf.

Bowcut, S. (2021). Cybersecurity in the energy industry. Cybersecurityguide. Available at: https://cybersecurityguide.org/industries/energy/.

Canadian Centre for Cyber Security. National Cyber Threat Assessment. An Introduction to the Cyber Threat Environment. Available at: https://cyber.gc.ca/sites/default/files/cyber/publications/Intro-ncta-2020_e.pdf.

CISA. Bad Practices. Available at: https://www.cisa.gov/BadPractices.

Department for Digital, Culture, Media & Sport (2020). Online Harms White Paper 2020. Available at: https://www.gov.uk/government/consultations/online-harms-white-paper/online-harms-white-paper.

Duke Energy. (2019). Accounting request related to cybersecurity informational technology–operational technology program: letter to Kimberly D. Bose, US Federal Energy Regulatory Commission No. AC19-75-000. Available at: https://www.federalregister.gov/documents/2019/03/22/2019-05482/duke-energy-corporation-notice-of-filing.

Dolgova, A.I. (2020). Criminology. Moscow: Norma.

Dzafarli, V. F. (2021). Criminology of cybersecurity: Criminological means of crime prevention in the field of information and communication technologies. (S. Ya. Lebedeva, Ed.). Moscow: Prospekt.

IT Governance. What is Cyber Security? Definition and Best Practices. Available at: https://www.itgovernance.co.uk/what-is-cybersecurity.

Kaspersky, E. (2017). StoneDrill: We’ve Found New Powerful ‘Shamoon-ish’ Wiper Malware – and It’s Serious. Official Blog of Eugene Kaspersky. Available at: https://eugene.kaspersky.com/2017/03/06/stonedrill-weve-found-new-powerful-shamoon-ish-wiper-malware-and-its-serious/.

Kaspersky Laboratory (2020). Kaspersky Security Bulletin. Statistics 2020. Available at: http://go.kaspersky.com/rs/802-IJN-240/images/KSB_statistics_2020_ru.pdf.

Kim, C., Newberger, B. & Shack, B. (2012). Computer Crimes. American Criminal Law Review. 49(2), 443-488.

Kleymenov, M. P. (2018). Criminology. Moscow: NORMA.

Kovacs, E. (2018). Shamoon 3 Attacks Targeted Several Sectors. Security Week. Available at: https://www.securityweek.com/shamoon-3-attacks-targeted-several-sectors.

Kuznetsova, N. F. (2004). Criminology. (N. F. Kuznetsova, V. V. Luneev, Ed.). Moscow: Wolters Kluwer.

Livingston, S., Sanborn, S., Slaughter, A., Zonneveld, P. (2019). Managing cyber risk in the electric power sector. Emerging threats to supply chain and industrial control. Deloitte. Available at: https://www2.deloitte.com/content/dam/insights/us/articles/4921_Managing-cyber-risk-Electric-energy/DI_Managing-cyber-risk.pdf.

Lewis, J. A. (2002). Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats Center for Strategic and International Studies. Washington, D. C.

Misbrener, K. (2019). Cyberattacks threaten smart inverters, but scientists have solutions. Solar Power World. Available at: https://www.solarpowerworldonline.com/2019/04/cyberattacks-threaten-smart-inverters-but-scientists-have-solutions/.

Nescout. (2021). Threat Intelligence Report 2021. Available at: https://www.netscout.com/threatreport.

National Institute of Standards and Technology (NIST). Cyber Attack. Available at: https://csrc.nist.gov/glossary/term/cyber_attack.

National Institute of Standards and Technology (NIST). Cyber incident. Available at: https://csrc.nist.gov/glossary/term/cyber_incident.

National Institute of Standards and Technology (NIST). Cyber Security. Available at: https://csrc.nist.gov/glossary/term/cyber_security.

National Institute of Standards and Technology (NIST). Cyber Threat. Available at: https://csrc.nist.gov/glossary/term/cyber_threat.

National Institute of Standards and Technology (NIST). Cybersecurity. Available at: https://csrc.nist.gov/glossary/term/cybersecurity.

National Institute of Standards and Technology (NIST). Cybersecurity event. Available at: https://csrc.nist.gov/glossary/term/cybersecurity_event.

National Institute of Standards and Technology (NIST). Cybersecurity Incident. Available at: https://csrc.nist.gov/glossary/term/cybersecurity_incident.

National Institute of Standards and Technology (NIST). Cyberspace. Available at: https://csrc.nist.gov/glossary/term/cyberspace.

National Institute of Standards and Technology (NIST). Cyberspace attack. Available at: https://csrc.nist.gov/glossary/term/cyberspace_attack.

Ovchinsky, V. S. (2016). Criminology of the Digital World. Moscow: Norma. INFRA-M.

Petcu, A. G. (2022). Emotet Malware Over the Years: The History of an Infamous Cyber-Threat. Heimdal security. Available at: https://heimdalsecurity.com/blog/emotet-malware-history/.

Rspectr. (2021) Bulk encryption weapons. Available at: https://www.rspectr.com/articles/828/oruzhie-massovogo-shifrovaniya.

Schur, E. M. (1969). Our criminal society: the social and legal sources of crime in America. New Jersey: Prentice-Hall.

Shestak, V. A. (2020). Foreign experience in the legal regulation to counter cybercrime. SSRN, 2020 Criminal Law: development strategy in the XXI century. Materials of the XVII International Scientific-Practical Conference, 23.01-24.01.2020. Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3524513.

Siegel, L. J. (2006). Criminology. Thomson Wadsworth.

Staggs, J. (2017). Adventures in attacking windfarm control networks. Black Hat USA. Available at: https://www.blackhat.com/us-17/briefings/schedule/#adventures-in-attacking-wind-farm-control-networks-6394.

U.S. Small Business Administration. Stay safe from cybersecurity threats. Available at: https://www.sba.gov/business-guide/manage-your-business/stay-safe-cybersecurity-threats.

Vadimova, E. (2021). Digital against Fuel and energy complex. Oil and Capital. Available at: https://oilcapital.ru/article/general/29-06-2021/tsifra-protiv-tek.

Volevodz, A. G. (2001). Combating computer-related crime: the legal framework for international cooperation. Moscow: Yurlitinform.

Willett, M. (2021) Lessons of the SolarWinds Hack. Survival. 63(2): 7-26.

World Economic Forum. (2021). The Global Risks Report 2021. Available at: http://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2021.pdf.

Downloads

Published

2023-09-07

How to Cite

ANATOLIEVICH SHESTAK, Viktor; DMITRIEVNA TSYPLAKOVA, Alyona. Criminological Features of the Cybersecurity Threats. Law, State and Telecommunications Review, [S. l.], v. 15, n. 2, p. 187–203, 2023. DOI: 10.26512/lstr.v15i2.45997. Disponível em: https://periodicos.unb.br/index.php/RDET/article/view/45997. Acesso em: 26 dec. 2024.