Proceedings of the 7th International Conference on Information Systems Security and Privacy, February 11-13, 2021
This book contains the proceedings of the 7th International Conference on Information Systems Security and Privacy (ICISSP 2021), which was organized and sponsored by the Institute for Systems and Technologies of Information, Control and Communication (INSTICC). ICISSP 2021 was held in cooperation with the Associação para a Promoção e Desenvolvimento da Sociedade da Informação (AP2SI), ISACA Lisbon Chapter, and the Trusted Computing Group. Due to the exceptional situation of the COVID-19 pandemic, ICISSP has run entirely in remote and adopted online format, from 11 – 13 of February. The Conference Program included oral presentations (full papers and short papers) and posters, organized in different technical sessions.
Most modern democracies and states have adopted a large number of standards and norms to promote and harmonize international trade. The precautionary principle has come to complete this regulatory arsenal especially in the field of security of states and citizens, their health, their private life ... The aim is also to protect government agencies against wrong decisions, especially when uncertain, immature technologies are concerned. Social, political, institutional security and stability and now cybersecurity has become heavily dependent on these new forms of regulation. In this article we will show how this regulation arsenal could be exploited by cybercriminals. It is indeed possible through a broader vision of the notion of cyber attack to turn these norms and standards and this precautionary principle precisely against those they are supposed to protect. Among many possible scenarios, we consider a specific one for illustration with respect to the attack of voting machines. The m ain conclusion is that any (cyber)security risk analysis should now extend the mostly favoured technical view to a more operational vision in which non technical aspects also be included.