Review and comparison of US, EU, and UK regulations on cyber risk/security of the current Blockchain Technologies - viewpoint from 2023

radanliev, Petar Review and comparison of US, EU, and UK regulations on cyber risk/security of the current Blockchain Technologies - viewpoint from 2023., 2023 [Preprint]

[thumbnail of Preprint Cyber risk and Blockchain Techologies_v3.pdf]
Preview
 Text
Preprint Cyber risk and Blockchain Techologies_v3.pdf
Download (2MB) | Preview

English abstract

The results of this study show that cybersecurity standards are not designed in close cooperation between the two major western blocks - US and EU. In addition, while the US is still leading in this area, the security standards for cryptocurrencies, internet-of-things, and blockchain technologies have not evolved as fast as the technologies have. The key finding from this study is that although the crypto market has grown into a multi-trillion industry, the crypto market has also lost over 70% since its peak, causing significant financial loss for individuals and cooperation’s. Despite this significant impact to individuals and society, cybersecurity standards and financial governance regulations are still in their infancy.

['eprint_fieldopt_linguabib_' not defined] abstract

The first cryptocurrency was invested in 2008/09, but the Blockchain-Web3 concept is still in its infancy, and the cyber risk is constantly changing. Our cybersecurity should also be adapting to these changes to ensure security of personal data and continuation of business for organisations. This review paper starts with a comparison of existing cybersecurity standards and regulations from the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO) - ISO27001, followed by a discussion on more specific and recent standards and regulations, such as the Markets in Crypto-Assets Regulation (MiCA), Committee on Payments and Market Infrastructures and the International Organisation of Securities Commissions (CPMI-IOSCO), and more general cryptography and post-quantum cryptography, in the context of cybersecurity. These topics are followed up by a review of recent technical reports on cyber risk/security and a discussion on cloud security questions. Comparison of Blockchain cyber risk is also performed on the recent EU standards on cyber security, including European Cybersecurity Certification Scheme (EUCS) – cloud, and additional US standards – The National Vulnerability Database (NVD) Common Vulnerability Scoring System (CVSS). The study includes a review of Blockchain endpoint security, and new technologies e.g., IoT. The research methodology applied is a review and case study analysing secondary data on cybersecurity. The research significance is the integration of knowledge from the United States (US), the European Union (EU), the United Kingdom (UK), and international standards and frameworks on cybersecurity that can be alighted to new Blockchain projects.

Item type: Preprint
Keywords: Cyber Risk Assessment; Cloud Cybersecurity Standards; Financial Governance, DeFi, NIST; ISO27001; IoT; Blockchain Technologies, Metaverse, Cryptocurrencies.
Subjects: B. Information use and sociology of information > BJ. Communication
B. Information use and sociology of information > BC. Information in society.
B. Information use and sociology of information > BE. Information economics.
B. Information use and sociology of information > BF. Information policy
Depositing user: Dr Petar Radanliev
Date deposited: 04 Jul 2023 23:03
Last modified: 04 Jul 2023 23:03
URI: http://hdl.handle.net/10760/44229

References

[1] J. Srinivas, A. K. Das, and N. Kumar, “Government regulations in cyber security:

Framework, standards and recommendations,” Future Generation Computer Systems,

vol. 92, pp. 178–188, Mar. 2019, doi: 10.1016/J.FUTURE.2018.09.063.

[2] K. de Fine Licht and J. de Fine Licht, “Artificial intelligence, transparency, and public

decision-making,” AI & SOCIETY, pp. 1–10, Mar. 2020, doi: 10.1007/s00146-020-

00960-w.

[3] G. Falco, A. Noriega, and L. Susskind, “Cyber negotiation: a cyber risk management

approach to defend urban critical infrastructure from cyberattacks,” Journal of Cyber

Policy, vol. 4, no. 1, pp. 90–116, Jan. 2019, doi: 10.1080/23738871.2019.1586969.

21

[4] M. D. Workman, J. A. Luévanos, and B. Mai, “A Study of Cybersecurity Education

Using a Present-Test-Practice-Assess Model,” IEEE Transactions on Education, vol. 65,

no. 1, pp. 40–45, 2021.

[5] K. D. Mitnick and W. L. Simon, The art of deception: Controlling the human element of

security. John Wiley & Sons, 2003.

[6] G. Watson, A. Mason, and R. Ackroyd, Social engineering penetration testing:

executing social engineering pen tests, assessments and defense. Syngress, 2014.

[7] A. Smith, M. Papadaki, and S. M. Furnell, “Improving awareness of social engineering

attacks,” in Information Assurance and Security Education and Training, Springer,

2013, pp. 249–256.

[8] J. Long, No tech hacking: A guide to social engineering, dumpster diving, and shoulder

surfing. Syngress, 2011.

[9] A. McIlwraith, Information security and employee behaviour: how to reduce risk

through employee education, training and awareness. Routledge, 2021.

[10] P. Dixit and S. Silakari, “Deep learning algorithms for cybersecurity applications: A

technological and status review,” Computer Science Review, vol. 39, p. 100317, 2021.

[11] B. Zohuri, M. Moghaddam, and F. Mossavar-Rahmani, “Business Resilience System

Integrated Artificial Intelligence System,” International Journal of Theoretical &

Computational Physics, vol. 3, pp. 1–7, 2022.

[12] D. U. Case, “Analysis of the cyber attack on the Ukrainian power grid,” Electricity

Information Sharing and Analysis Center (E-ISAC), vol. 388, pp. 1–29, 2016.

[13] V. Schlatt, T. Guggenberger, J. Schmid, and N. Urbach, “Attacking the trust machine:

Developing an information systems research agenda for blockchain cybersecurity,”

Int J Inf Manage, vol. 68, p. 102470, Feb. 2023, doi:

10.1016/J.IJINFOMGT.2022.102470.

[14] S. Mahmood, M. Chadhar, and S. Firmin, “Cybersecurity Challenges in Blockchain

Technology: A Scoping Review,” Hum Behav Emerg Technol, vol. 2022, pp. 1–11, Apr.

2022, doi: 10.1155/2022/7384000.

[15] V. Wylde et al., “Cybersecurity, Data Privacy and Blockchain: A Review,” SN Computer

Science 2022 3:2, vol. 3, no. 2, pp. 1–12, Jan. 2022, doi: 10.1007/S42979-022-01020-4.

[16] S. He et al., “Blockchain-based automated and robust cyber security management,” J

Parallel Distrib Comput, vol. 163, pp. 62–82, May 2022, doi:

10.1016/J.JPDC.2022.01.002.

[17] A. Hazra, A. Alkhayyat, and M. Adhikari, “Blockchain-aided Integrated Edge

Framework of Cybersecurity for Internet of Things,” IEEE Consumer Electronics

Magazine, 2022, doi: 10.1109/MCE.2022.3141068.

[18] Y. I. Ll. Lucio, K. Marceles Villalba, and S. A. Donado, “Adaptive Blockchain Technology

for a Cybersecurity Framework in IIoT,” Revista Iberoamericana de Tecnologias del

Aprendizaje, vol. 17, no. 2, pp. 178–184, May 2022, doi: 10.1109/RITA.2022.3166857.

22

[19] O. Cheikhrouhou, I. Amdouni, K. Mershad, M. Ammi, and T. N. Gia, “Blockchain for

the Cybersecurity of Smart City Applications,” Jun. 2022, Accessed: Mar. 29, 2023.

[Online]. Available: https://arxiv.org/abs/2206.02760v1

[20] M. Liu, W. Yeoh, F. Jiang, and K. K. R. Choo, “Blockchain for Cybersecurity: Systematic

Literature Review and Classification,”

https://doi.org/10.1080/08874417.2021.1995914, vol. 62, no. 6, pp. 1182–1198,

2021, doi: 10.1080/08874417.2021.1995914.

[21] A. Deshmukh, N. Sreenath, A. K. Tyagi, and U. V. E. Abhichandan, “Blockchain Enabled

Cyber Security: A Comprehensive Survey,” 2022 International Conference on

Computer Communication and Informatics, ICCCI 2022, 2022, doi:

10.1109/ICCCI54379.2022.9740843.

[22] R. Prakash, V. S. Anoop, and S. Asharaf, “Blockchain technology for cybersecurity: A

text mining literature analysis,” International Journal of Information Management

Data Insights, vol. 2, no. 2, p. 100112, Nov. 2022, doi: 10.1016/J.JJIMEI.2022.100112.

[23] M. in C. R. (MiCA), “Proposal for a Regulation of the European Parliament and of the

Council on Markets in Crypto-assets, and amending Directive (EU) 2019/1937

(MiCA),” 2022.

[24] NIST, “NIST Version 1.1,” National Institute of Standards and Technology, U.S.

Department of Commerce, 2018. https://www.nist.gov/news-

events/news/2018/04/nist-releases-version-11-its-popular-cybersecurity-framework

[25] NIST, “Cybersecurity Framework,” 2022.

https://www.nist.gov/cyberframework/getting-started

[26] Advisera, “What is the meaning of ISO 27001?,” 2022.

https://advisera.com/27001academy/what-is-iso-27001/

[27] NIST 800-53, “Security and Privacy Controls for Information Systems and

Organizations,” 2020.

[28] ISO, “ISO/IEC 27001 and related standards Information security management,” 2022.

[29] M. Petrov, “Adapted SANS Cybersecurity Policies for NIST Cybersecurity Framework,”

2021.

[30] J. E. Catril Opazo, “NIST cybersecurity framework in south america: Argentina, Brazil,

Chile, Colombia, And Uruguay,” 2021.

[31] M. J. ALDhanhani, “Review of Cyber Security on Oil and Gas Industry in United Arab

Emirates: Analysis on the Effectiveness of the National Institute of Standards and

Technology’s (NIST) Cybersecurity Framework,” Turkish Journal of Computer and

Mathematics Education (TURCOMAT), vol. 12, no. 11, pp. 714–720, 2021.

[32] A.-M. Udroiu, M. Dumitrache, and I. Sandu, “Improving the cybersecurity of medical

systems by applying the NIST framework,” in 2022 14th International Conference on

Electronics, Computers and Artificial Intelligence (ECAI), IEEE, 2022, pp. 1–7.

[33] NIST, “NIST Special Publication 800-128,” 2011.

[34] NIST, “Block Cipher Techniques,” 2020. https://csrc.nist.gov/Projects/block-cipher-

techniques

23

[35] NIST, “Hash Functions,” 2020. https://csrc.nist.gov/Projects/Hash-Functions

[36] NIST, “Key Management - Symmetric Block Ciphers, Pair-Wise Key Establishment

Schemes,” 2022.

[37] NIST, “Post-Quantum Cryptography PQC,” 2022. https://csrc.nist.gov/Projects/post-

quantum-cryptography

[38] NIST, “Lightweight Cryptography,” 2022. https://csrc.nist.gov/Projects/lightweight-

cryptography

[39] NIST, “Privacy-Enhancing Cryptography PEC,” 2022. https://csrc.nist.gov/Projects/pec

[40] MITRE, “MESSAGETAP,” 2020.

[41] T. Kovanen, J. Pöyhönen, and M. Lehto, “Cyber-Threat Analysis in the Remote

Pilotage System,” in ECCWS 2021 20th European Conference on Cyber Warfare and

Security, Academic Conferences Inter Ltd, 2021, p. 221.

[42] Y. Cao, H. Jiang, Y. Deng, J. Wu, P. Zhou, and W. Luo, “Detecting and mitigating ddos

attacks in SDN using spatial-temporal graph convolutional network,” IEEE

Transactions on Dependable and Secure Computing, 2021.

[43] CISCO, “Cisco Firepower Next-Generation Firewall Overview,” 2022.

https://www.router-switch.com/cisco-firepower-ngfw.html#:~:text=The Cisco

FirepowerTM Next,the network to the endpoint.

[44] S. Creese, W. H. Dutton, P. Esteve-González, and R. Shillair, “Cybersecurity capacity-

building: cross-national benefits and international divides,”

https://doi.org/10.1080/23738871.2021.1979617, vol. 6, no. 2, pp. 214–235, May

2021, doi: 10.1080/23738871.2021.1979617.

[45] Y. Hong and S. Furnell, “Understanding cybersecurity behavioral habits: Insights from

situational support,” Journal of Information Security and Applications, vol. 57, p.

102710, Mar. 2021, doi: 10.1016/J.JISA.2020.102710.

[46] W. Kitler, Cybersecurity in Poland: The Cybersecurity Strategy of the Republic of

Poland. 2021. doi: 10.1007/978-3-030-78551-2.

[47] F. R. Moreira, D. A. Da Silva Filho, G. D. A. Nze, R. T. De Sousa Junior, and R. R. Nunes,

“Evaluating the Performance of NIST’s Framework Cybersecurity Controls

Through a Constructivist Multicriteria Methodology,” IEEE Access, 2021, doi:

10.1109/ACCESS.2021.3113178.

[48] R. T. Williams and A. Capstone, “Banking and Cybersecurity Governance,” Utica

College, Utica, New York, 2021.

[49] A. Khan and M. Malaika, “Central Bank Risk Management, Fintech, and Cybersecurity

- Mr. Ashraf Khan, Majid Malaika - Google Books,” 2021.

[50] P. Cheng, “Decoding the rise of Central Bank Digital Currency in China: designs,

problems, and prospects,” Journal of Banking Regulation 2022, pp. 1–15, Feb. 2022,

doi: 10.1057/S41261-022-00193-5.

[51] T. Hansen and K. Delak, “Security Considerations for a Central Bank Digital Currency,”

FEDS Notes, vol. 2022, no. 2970, Feb. 2022, doi: 10.17016/2380-7172.2970.

24

[52] The Federal Reserve, “Central Bank Digital Currency (CBDC),” 2022.

[53] The Federal Reserve, “Research & Publications - Central Bank Digital Currency

(CBDC),” 2022. https://www.federalreserve.gov/cbdc-research-and-publications.htm

[54] ENISA, “EUCS – Cloud Services Scheme,” 2020.

[55] ENISA, “Cloud Computing Risk Assessment,” 2009.

[56] NIST, “Product Integration using NVD CVSS Calculators,” 2022.

[57] CVE, “Current CVSS Score Distribution For All Vulnerabilities,” 2022.

[58] N. Stephenson, Snow crash: A novel. Spectra, 2003.

[59] Coinmarketcap, “Cryptocurrency Prices by Market Cap,” 2022.

https://coinmarketcap.com/

[60] Coingecko, “Cryptocurrency Prices by Market Cap,” 2022.

https://www.coingecko.com/

[61] E. Howcroft, “Investors pull $1.6 billion from Binance after CFTC lawsuit | Reuters,”

Reuters, Mar. 2023. https://www.reuters.com/legal/investors-pull-16-billion-binance-

after-cftc-lawsuit-2023-03-29/ (accessed Mar. 29, 20


Downloads

Downloads per month over past year

Actions (login required)

View Item View Item
Contact us
Send email Sponsors
Sponsor: AIMS Sponsor: D&P Sponsor: UniNa CAB Get connected
Facebook Facebook Twitter Twitter Linkedin LinkedIn RSS RSS