More and more of our world has become connected through the wonders of modern technology. While this online connectedness has increased global productivity and made the world smaller, it has also increased our individual and collective vulnerability via cybercrime. Cybercrime is difficult to counter for a variety of reasons. Many cybersecurity incidents cross national borders, complicating issues of jurisdiction for both the investigation and the prosecution of these crimes. Additionally, many institutions, such as investment firms, are unwilling to report a hack, preferring to quietly pay a ransom demand than to let their clients and potential clients know that they were the victim of a security breach. To address the growing cost and risk of cybercrime, many countries have developed national cybersecurity policies, publicly available on their government websites. The International Telecommunication Union (ITU) is the specialized agency of the United Nations focused on information and communication technology; as such, they play a leading role in setting international standards, facilitating international cooperation, and developing assessments to help measure the status of global and national cybersecurity. 借助现代科技的神奇力量,我们的世界越来越紧密地联系在一起。虽然这种网络连接提高了全球生产力,使世界变得更小,但也增加了我们个人和集体在网络犯罪方面的脆弱性。由于种种原因,网络犯罪很难打击。许多网络安全事件跨越国界,使调查和起诉这些罪行的管辖权问题变得更加复杂。此外,许多机构(如投资公司)不愿意报告黑客攻击,宁愿悄悄地支付赎金,也不愿让客户和潜在客户知道他们是安全漏洞的受害者。为了应对日益增长的网络犯罪成本和风险,许多国家制定了国家网络安全政策,并在政府网站上公开发布。国际电信联盟(ITU)是联合国专注于信息和通信技术的专门机构;因此,他们在制定国际标准、促进国际合作以及开展评估以帮助衡量全球和国家网络安全状况方面发挥着主导作用。
Requirements: 要求:
In this problem, you are asked to help identify patterns that could inform the data-driven development and refinement of national cybersecurity policies and laws based on those that have demonstrated effectiveness. Develop a theory for what makes a strong national cybersecurity policy and present a data-driven analysis to support your theory. In developing and validating your theory, things you may wish to consider include: 在这个问题中,要求您帮助确定一些模式,以便在已证明有效的国家网络安全政策和法律的基础上,以数据为导向制定和完善这些政策和法律。请就如何制定强有力的国家网络安全政策提出一个理论,并提交一份数据驱动的分析报告以支持您的理论。在制定和验证您的理论时,您可能需要考虑的事项包括
How is cybercrime distributed across the globe? Which countries are disproportionately high targets of cybercrimes, where are cybercrimes successful, where are cybercrimes thwarted, where are cybercrimes reported, where are cybercrimes prosecuted? Do you notice any patterns? 网络犯罪在全球的分布情况如何?哪些国家是网络犯罪的高发地,哪些地方的网络犯罪得逞,哪些地方的网络犯罪受挫,哪些地方的网络犯罪被举报,哪些地方的网络犯罪被起诉?您是否注意到任何模式?
As you explore the published national security policies of various countries and compare these with the distribution of cybercrimes, what patterns emerge that would help you identify parts of a policy or law that are particularly effective (or particularly ineffective) in addressing cybercrime (through prevention, prosecution, or other mitigation efforts)? Depending on your analytical approach, it may be relevant to consider when each policy was adopted. 在探索各国已公布的国家安全政策并将其与网络犯罪的分布情况进行比较时,会发现哪些模式可帮助您确定政策或法律中在应对网络犯罪(通过预防、起诉或其他缓解措施)方面特别有效(或特别无效)的部分?根据您的分析方法,可能需要考虑每项政策的通过时间。
What national demographics (e.g., access to internet, wealth, education levels, etc.) correlate with your cybercrime distribution analysis? And how might these support (or conflate with) your theory? 哪些国家的人口统计数据(如互联网接入、财富、教育水平等)与您的网络犯罪分布分析相关?这些因素如何支持(或与)您的理论?
Based on the quantity, quality, and reliability of the data you collected and used for your analysis, share any limitations and/or concerns that national policy makers should consider when relying on your work to develop and/or refine their national cybersecurity policies. 根据您收集和用于分析的数据的数量、质量和可靠性,分享国家政策制定者在依靠您的工作制定和/或完善国家网络安全政策时应考虑的任何限制和/或问题。
Your work should not seek to create a new measure of cybersecurity, as there are existing measures such as ITU’s Global Cybersecurity Index (GCI), ^([1]){ }^{[1]} which assigns a score to each country based on their level of cybersecurity as assessed through five pillars: legal, technical, organizational, capacity building, and cooperation. Instead, you have been asked to seek meaningful patterns in the effectiveness of national cybersecurity policies and/or laws with respect to the national contexts in which those policies were enacted. The GCI or similar existing research may be useful in validating your work. Additional resources that could be useful include websites that collect cybercrime data, particularly those leveraging the VERIS framework, which attempts to standardize how cybercrime data is collected and reported, ^([2]){ }^{[2]} including the VERIS Community Database (VCDB). ^([3]){ }^{[3]} You are encouraged to find other data sources but be mindful of the veracity and completeness of those sources. 你们的工作不应寻求创建一个新的网络安全衡量标准,因为现有的衡量标准有国际电联的全球网络安全指数 (GCI), ^([1]){ }^{[1]} 该指数根据每个国家的网络安全水平,通过法律、技术、组织、能力建设和合作五大支柱进行评估,为每个国家打分。而不是要求你们根据颁布这些政策的国家背景,寻找国家网络安全政策和/或法律的有效性方面有意义的模式。GCI 或类似的现有研究可能有助于验证您的工作。其他有用的资源包括收集网络犯罪数据的网站,特别是那些利用 VERIS 框架(该框架试图将网络犯罪数据的收集和报告方式标准化)的网站, ^([2]){ }^{[2]} 包括 VERIS 社区数据库 (VCDB)。 ^([3]){ }^{[3]} 我们鼓励您寻找其他数据来源,但要注意这些来源的真实性和完整性。
Share Your Insights: 分享您的见解:
Use your work to create a 1-page memo to country leaders (nontechnical policy experts) attending an upcoming ITU Summit on Cybersecurity. This memo should provide a nontechnical overview of your work, including a summary of the objective and context, your theory, and the most pressing findings that would be relevant to this audience of national policy-makers. 用您的工作成果为出席即将召开的国际电信联盟网络安全峰会的国家领导人(非技术政策专家)撰写一份 1 页的备忘录。该备忘录应对您的工作进行非技术性概述,包括目标和背景概述、您的理论以及与国家政策制定者听众相关的最紧迫的发现。
Your PDF solution of no more than 25 pages total should include: 您的 PDF 解决方案总页数不超过 25 页,其中应包括
One-page summary sheet. 一页摘要表。
Table of Contents. 目录
Your complete solution. 您的完整解决方案
One-page memo. 一页备忘录。
Reference List. 参考书目。
AI Use Report (If used does not count toward the 25-page limit.) 人工智能使用报告(如已使用,则不计入 25 页限制。)
Note: There is no specific required minimum page length for a complete ICM submission. You may use up to 25 total pages for all your solution work and any additional information you want to include (for example: drawings, diagrams, calculations, tables). Partial solutions are accepted. We permit the careful use of AI such as ChatGPT, although it is not necessary to create a solution to this problem. If you choose to utilize a generative AI, you must follow the COMAP AI use policy. This will result in an additional AI use report that you must add to the end of your PDF solution file and does not count toward the 25 total page limit for your solution. 注意:对于提交的完整 ICM 文档,没有具体的最低页数要求。你可以用最多 25 页的篇幅来撰写你的所有解决方案以及你想包含的任何其他信息(例如:图纸、图表、计算、表格)。我们接受部分解决方案。我们允许谨慎使用人工智能,如 ChatGPT,但没有必要为这一问题创建解决方案。如果您选择使用生成式人工智能,则必须遵守 COMAP 人工智能使用政策。这将导致一份额外的人工智能使用报告,您必须将该报告添加到 PDF 解决方案文件的末尾,并且不计入解决方案的 25 页总页数限制中。
NEW MCM/ICM: Online Submission Process 新材料管理办法/国际化学品管理大会:在线提交程序
The purpose of this article is to assist and guide students and advisors participating in MCM/ICM. In the article, COMAP, provides information about the new online submission process using the new online submission page https://forms.comap.org/241335097294056. You will need your team’s control number, advisor id number and your problem choice to complete your submission. 本文旨在为参加 MCM/ICM 的学生和指导教师提供帮助和指导。在文章中,COMAP 提供了有关使用新的在线提交页面 https://forms.comap.org/241335097294056 的新在线提交流程的信息。您将需要您所在团队的控制编号、指导教师 ID 编号和您的问题选择来完成提交。
(The following definitions are derived from definitions provided by multiple International Organizations, including ISO, ITU, and INTERPOL.) (以下定义源自多个国际组织提供的定义,包括国际标准化组织、国际电联和国际刑警组织)。
Cybercrime: Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. 网络犯罪网络犯罪包括利用数字设备和/或网络进行的各种犯罪活动。
Cybersecurity Incident: A single (or a series of) unwanted or unexpected computer security events that have a significant probability of compromising business operations and threatening cybersecurity. 网络安全事件:单个(或一系列)不希望发生或意想不到的计算机安全事件,这些事件极有可能危及业务运营并威胁网络安全。
Cybersecurity: Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment as well as organizational and individual assets. 网络安全:网络安全是工具、政策、安全概念、安全保障措施、准则、风险管理方法、行动、培训、最佳实践、保证和技术的集合,可用于保护网络环境以及组织和个人资产。