ABSTRACT
In this study, we contributed on research of policing cyberspace by analysing how different stakeholder groups (nodal clusters) participate in the formal security network during detecting and handling of data system break-ins in practice. The goal of this article was to study whether citizens have roles within the security network. The analysis was based on data system break-ins (n = 220) reported to the Finnish national computer emergency response team, CERT-FI, in 2012. We detected five types of nodal clusters: computer emergency response teams (CERTs), companies, public organisations, private persons and associations. The roles of nodal clusters were described by using cultural, social, political, economic and symbolic capital. However, the results show that there are differences not only between the nodal clusters but also inside them regarding their positioning within the network. We argue that instead of a type of nodal cluster, division based on the roles and individual needs could be more relevant. Recognition of roles could encourage netizens to co-produce cybersecurity from their respective premises.
Acknowledgments
Anna Leppänen’s work was supported by the Foundation of Economic Education; the Scandinavian Research Council for Criminology [Grant number 25-13]; and the Jenny and Antti Wihuri Foundation [Grant number 130231]. The authors are grateful to CERT-FI (NCSC-FI) for the deposition of valuable data and assistance with classifying data system break-ins. Authors wish to thank Professor Sirpa Virta for constructive comments.
Disclosure statement
No potential conflict of interest was reported by the authors.
Notes
1. http://www.cert.org/incident-management/national-csirts/national-csirts.cfm 15.4.2015. The official name of a unit may be other than CERT too, such as computer security incident response team (CSIRT) or cybersecurity centre.
2. Since then, CERT-FI has been referred as acronym NCSC-FI.
3. Since the small size of the data (n = 220), tables are presented as frequency distributions regarding the cases instead of cross tabulations differing each nodal cluster. However, typical cases regarding to each nodal cluster and cases otherwise important in defining nodal clusters’ roles are described as examples.
4. The Finnish Information Society Code (917/2014) does not recognise a concept of Internet service provider. Instead in the part 1 chapter 1 section 3, 27 ‘telecommunications operator means a network operator or a communications service operator offering services to a set of users that is not subject to any prior restriction, i.e. provides public telecommunications services’. However, in this paper, telecommunications operators are referred as Internet service providers as the concept has been quite established in criminology.
5. According to the 275 § Information Society Code (917/2014) ‘The telecommunications operator shall notify Ficora without undue delay of significant information security violations or threats to information security in the services and of anything else that prevents or significantly interferes communication services.’
6. ‘The telecommunications operator shall notify subscribers and users without undue delay of significant information security violations or threats to information security in the services and of anything else that prevents or significantly interferes communication services. If a significant violation or threat is posed to the information security of an added value service, the added value service provider shall immediately notify the user.’ If a communications network, service or device creates serious economic or operational hindrance to other communications networks, services or connected services, device, the user or other person, the telecommunications operator or owner or holder of the communications network or device shall take immediate measures to correct the situation and, if necessary, disconnect the communications network, service or device’ The Information Society Code (917/2014) part 10, chapter 33, sections 273–274.
Additional information
Funding
Notes on contributors
Anna Leppänen
Anna Leppänen is a doctoral student of Administrative Sciences at the University of Tampere, JKK on School of Management. She works at the Police University College as a researcher. Her cybersecurity related research concentrates on cybercrimes and security networks.
Terhi Kankaanranta
Terhi Kankaanranta (PhD) is working as a senior researcher at the research, development and innovation department of Polamk. Her current research topics are related to economic crimes, environmental crimes, social media, cybercrimes and work welfare.