EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Risks to cybersecurity from data localization, organized by techniques, tactics and procedures

Peter Swire, DeBrae Kennedy-Mayo, Drew Bagley, Sven Krasser, Avani Modak and Christoph Bausewein

Journal of Cyber Policy, 2024, vol. 9, issue 1, 20-51

Abstract: The risks of data localization to cybersecurity – organizational effects”, we provided a framework for the risks of data localization to cybersecurity, finding that 13 of 14 ISO 27002 controls would be negatively affected by the localization of personal data. This paper complements that analysis, focusing on the techniques, tactics and procedures (TTPs) of threat actors and defenders. Using the ENISA Guidelines and the MITRE ATT&CK Framework as authoritative approaches for cataloguing relevant TTPs, we highlight three important tactics that defenders use for cybersecurity purposes – threat hunting; privilege-escalation attack; and red teaming/pen testing. These three categories, considered essential to a mature cybersecurity programme, would routinely require cybersecurity defenders to access personal data that would be restricted by current data localization laws and proposals. The paper then provides a quantitative model illustrating the effects of data localization, finding that halving the number of IP addresses available to a defender would more than double the likely time until a new attack was detected. The paper concludes by noting that until and unless the proponents of localization address the unintended effects of data localization, scholars, policymakers and practitioners have strong reason to expect significant cybersecurity harms from hard localization requirements.

Date: 2024
References: Add references at CitEc
Citations:

Downloads: (external link)
http://hdl.handle.net/10.1080/23738871.2024.2384724 (text/html)
Access to full text is restricted to subscribers.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:taf:rcybxx:v:9:y:2024:i:1:p:20-51

Ordering information: This journal article can be ordered from
http://www.tandfonline.com/pricing/journal/rcyb20

DOI: 10.1080/23738871.2024.2384724

Access Statistics for this article

Journal of Cyber Policy is currently edited by Emily Taylor

More articles in Journal of Cyber Policy from Taylor & Francis Journals
Bibliographic data for series maintained by Chris Longhurst ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-20
Handle: RePEc:taf:rcybxx:v:9:y:2024:i:1:p:20-51