|
MAIN PAGE
> Back to contents
Litera
Reference:
Bylevskiy P.G.
Culturological approach to the development of a general civil culture of Internet communications security
// Litera.
2023. № 8.
P. 157-167.
DOI: 10.25136/2409-8698.2023.8.43827 EDN: XATBPE URL: https://en.nbpublish.com/library_read_article.php?id=43827
Culturological approach to the development of a general civil culture of Internet communications security
Bylevskiy Pavel Gennadievich
ORCID: 0000-0002-0453-526X
PhD in Philosophy
Associate Professor, Department of Information Culture of Digital Transformation; Department of International Information Security, Moscow State Linguistic University
119034, Russia, Ostozhenka str., 36, office 106
|
pr-911@yandex.ru
|
|
 |
Other publications by this author
|
|
|
DOI: 10.25136/2409-8698.2023.8.43827
EDN: XATBPE
Received:
17-08-2023
Published:
05-09-2023
Abstract:
The problem solved in this article is to determine the possibilities and advantages of a culturological approach to solving the problem of developing a general civil culture of Internet communications security. The subject of the study is the structural and functional features of this culture, and the object is the evolution of the formation of the corresponding complex of beliefs, knowledge, skills and abilities. The topic of expanding from a highly professional to a general civil culture of Internet communications security is considered. The increase in the share and importance of socio-cultural aspects compared with technical factors is analyzed. Particular attention is paid to the substantive aspects of the general civil culture of Internet communications security: the insufficiency of methods for broadcasting rules and relevant examples to a mass audience, as well as the underestimation of the formation of intuitive caution, the ability to recognize threats in a timely manner and respond correctly to incidents. The novelty lies in the postulation of the high representativeness of the security culture of financial Internet services, due to the combination of the mass nature of civilian users and transactions with funds that are highly attractive to intruders. It was here that mass Internet crime was first formed, threats and methods of attacks and, accordingly, security tools evolved. The conclusion is made: the experience of countering "social engineering" in the field of mass financial services is useful as a basis for the formation and development of a general civil culture of Internet communications security, including socio-cultural threats: fake news, disinformation, destructive and prohibited content, and others.
Keywords:
Internet communications, information security, mass civil culture, socio-cultural threats, social engineering, disinformation, destructive content, fake news, hybrid warfare, safety culture
This article is automatically translated.
You can find original text of the article here.
Introduction The universal development and application of Internet communications fills the culture of security with socio-cultural content, turning it into both a national [1] and a general civil need, which is confirmed by the statement of the "Concept of formation and development of the culture of information security of citizens of the Russian Federation" (Decree of the Government of the Russian Federation No. 4088-r of December 22, 2022). The totality of knowledge, skills and skills of safe use of computer and telecommunication network technologies is defined in this document precisely as the culture of information security. In this area, socio-cultural factors ? both threats and means of security - are becoming increasingly important. In addition, Internet communications are becoming an increasingly developed and significant factor not only in state and corporate computer and telecommunications systems, but also in the socio-cultural life of almost all citizens [2]. In the protection of Internet communications, in addition to state and corporate security tools, the culture of information security of citizen users is becoming increasingly important. 1. Culturological approach as a profile for the culture of security of Internet communications Network access of different levels, especially the superstructure of global Internet communications, opens up new opportunities to use foreign, and in the Russian segment - a wide variety of domestic resources and services (government services, trade, transport, communications, press, books, films, videos, social networks, etc.) [3]. The expansion of opportunities to meet socio-cultural needs through Internet communications proceeded with the formation of appropriate services and content, in close relationship with the increase in technological capabilities of computer and network equipment [4]. Internet communications combine the capabilities of personal devices, corporate and government computer systems at different levels: local, national, international and global. Network capabilities have expanded many times by covering most populated areas and transport routes in Russia with broadband (including wireless) network access, mass use of mobile devices and the "Internet of Things". The possibilities of universal (everywhere, always and for everyone) use of computer and telecommunication network technologies are the technological basis of "digital transformation" (including "big data", "artificial intelligence" and other "end-to-end technologies") [5]. Taking advantage of Internet communications is gradually becoming burdened with various threats and risks of damage from incidents: technical malfunctions, malicious attacks, discriminatory actions of global digital platforms and unfriendly countries. Threats and risks, like technological solutions, services and user audiences of Internet communications, have their own life cycles. Some risks that have existed for a long time, from the initial stages of technology development, may unexpectedly increase, reach critical levels, and become actualized as critical threats. Threats that have been relevant for a certain period fade into the background, become the property of history. All elements of Internet communications, including types of threats, risks and damages, as well as means and culture of security, are evolving, interacting in a complex way [6]. Just mentioning here the hypothetical dystopia of the "digital concentration camp", we note the real underlying threat: mobile computer devices (smartphones, tablets, gadgets, "smart" household appliances) are technically, structurally and software designed primarily to work in wireless networks, outside of which many important services and functions become unavailable. In the event of an incident of unavailability of access to the wireless network, technical or at the will of the communication provider, the mobile computer device becomes practically inoperable ("the carriage turns into a pumpkin"). In the first case, the incident is of a technical nature, in the second, a wide variety of socio-cultural aspects may be present [7], for example, cyber-sabotage or foreign sanctions. The list of these socio-cultural aspects of the security of Internet communications for users can expand and actually increases from "social engineering" to total tracking and discriminatory censorship by global digital platforms. Culturology as the most specialized science using, in particular, evolutionary and structural-functional approaches helps to effectively manage the development of the culture of Internet communications security as the most important component of user competencies [8]. Cultural analysis, in particular, allows us to consider the structural evolution of threats to Internet communications based on a comprehensive comparison of trends in the development of technologies, services, content, mass user audience, protected socio-cultural and other values [9]. A common understanding of the patterns of these processes ensures the identification of current threats, types of violators (intruders), vulnerabilities, means of protection and features of the security culture both for the existing mass user audience of Internet communications and for its various groups. Initially, the prevention, minimization, and limitation by acceptable limits of the damage associated with Internet communications [10] were related to the professional culture of information security [11]. But in 2014-2022, the development of computer and telecommunications network infrastructure in the context of the transformation of global and international relations led to a change in the ranking of threats, putting on the agenda in Russia the formation and development of a mass civil culture of Internet communications security. 2. Representativeness of the security culture of remote financial services The culturological approach proceeds from the presence of values in Internet communications, including socio-cultural values that may be threatened and need protection, including a special security culture. Let's consider the basic concepts of the security culture of Internet communications. A necessary element is the presence of confidential significant values, the rights to which are limited, belong only to legal users. Unauthorized access to these values is a threat, because then an outsider can benefit to the detriment of a legal user. Values (assets, resources, people, beliefs, information, etc.) belong to the basic concepts of information security: there are no significant values ? there is nothing to protect. In the presence of significant values, Internet communications and services simply cannot exist without ensuring the necessary maturity of security systems [12].
The subjects of security are people (groups, organizations): legal users of Internet communications, ensuring security, and Internet crime (intruders, violators). Computer and telecommunication equipment, software and data, the Internet and other network environment are technical means of socio-cultural communications, operating with values. Technologies and equipment, socio-cultural factors are elements of the functioning and use of a dynamic system of Internet communications, as well as ensuring and violating security. The main elements of the security of Internet communications are people (legal users and violators), values (protected and attacked), technical and socio-cultural means (on the one hand, security, on the other - security violations). Structural and functional analysis makes it possible to determine the turning point and the key area of formation of both mass Internet crime and the first elements of the general civil culture of Internet communications security. The main premise, the "fodder base" for the spread of crime on Internet communications is the presence of users operating with values, unauthorized access to which is highly profitable and low risk. An important factor is the ratio of, on the one hand, the qualifications and tools of violators, on the other hand, the vulnerabilities of protecting Internet communications. Mass remote banking services (ATMs, banking, payments and money transfers via the Internet), formed in the 2000s, became the breeding ground on the basis of which modern Internet crime originated. Earlier, there was a conversion of computer and telecommunications technologies from the state and military spheres for civilian use, first corporate, and then mass personal. Computer crime was going through an embryonic stage of development, and the security culture remained highly professional. The emergence and spread of mass civil Internet communications and services was a necessary prerequisite, but in itself did not lead to the emergence of modern Internet crime. The missing and decisive factor, trigger and driver of criminalization of Internet communications at that time were mass financial remote services, transactions with cash - a universal value of a market society, directly convertible into any product, service. Significant advantages of financial Internet services for businesses and customers also existed for criminals, intruders. The two main risk factors initially were, firstly, the basic anonymity of users, and secondly, technological (server locations and routing) and legal cross-border Internet communications. The attackers could organize the theft of funds in Russia from other countries, remaining almost out of reach for investigation and justice. The 2000s can be considered the first stage of the manifestation of the relevance of the culturological approach to the security of mass Internet communications. The creation and distribution of mass financial Internet services and threats of theft is a turning point: there is a need to protect the mass client - citizens who have the right to dispose of funds. The direct resource is the professional culture of corporate information security. On this basis, an add-on is being created: a professional culture of ensuring the security of client services, Internet communications of users. This stage requires the development of the competencies of information security professionals who protect customers and users without their significant participation. The formation of the banking information security industry in Russia, the establishment of a system of state regulation, organizational, technical and regulatory means made it possible to reduce the risks of client Internet services to acceptable values by the beginning of the 2010s. The security of financial Internet communications on the part of banking and financial organizations has been brought to the required level, the professional culture of information security of mass services has reached its peak. The financial industry turned out to be primary both for the formation of Internet crime and for building a professional security system for Internet communications of remote services. Banking information security professionals have learned to reliably protect citizens-clients from attempts to steal money by intruders through technical means (malicious software, etc.). 3. Increasing the role of socio-cultural factors in the security of Internet communications The 2010s are the second stage of actualization of the need for a culturological approach to the security of Internet communications, characterized by new realities of socio-cultural factors, threats and means of protection. As the profitability of attacks on financial Internet services decreases, Internet crime, attackers are forced to replenish their arsenal with new non-technical means of attacks and look for highly profitable goals among non-financial values in Internet communications. The solution of this problem facilitates a significant expansion of Internet resources, services, socio-cultural content, user audience, its involvement, operating in Internet communications with high-level non-financial values [13], attacks on which can lead to profits and other benefits. The official statistics of the main state regulator of information security of the financial sector, the Bank of Russia, shows a shift in the main vector and tools of attacks by intruders. Since the mid-2010s, the most massive and effective attacks have been carried out not on the technical tools of financial services, but on the consciousness of customers. Technical tools of unauthorized access to the disposal of funds (malicious software, etc.) are increasingly giving way to "social engineering", Internet fraud ("telephone", social networks, e-mail, messengers, etc.) [14]. The new realities were confirmed by official statistics, "Report of the Center for Monitoring and Responding to Computer Attacks in the Credit and Financial Sphere of the Information Security Department of the Bank of Russia 1.09.2018 - 08/31/2019)". The limit of the professional security culture was revealed: financial organizations could no longer protect the client's Internet communications from fraudsters without his own active participation. It was concluded that it is necessary to form and develop, regularly update the mass culture of security of customers of financial Internet services [15]. In protecting against "social engineering", the main role belongs to customers, and banking specialists act as partners and teachers, developers of safety rules and teaching methods.
Processes similar to the financial sphere took place in Internet communications and services with non-financial values attacked by Internet crime and intruders. While the user audience of social networks and messengers exceeded half of humanity, these Internet communications were infected with a variety of destructive materials that encouraged suicide, drug addiction, extreme behavior and extremist activities, child harassment, school shootings, etc. [16] Government measures of regulatory restrictions, blocking access to illegal content, attracting the responsibility of its creators and distributors turned out to be necessary and effective, but insufficient [17]. As previously in the financial sphere, there was a need for the formation and development of a mass, but already a general civil multidisciplinary culture of Internet communications security. From 2022 to the present time, the third stage of increasing the relevance of the culturological approach to the security of Internet communications continues with the increasing manifestation of a new set of threats to the security of Russian users. Internet communications are increasingly saturated with new threats: fake news and disinformation [18] aimed at destroying traditional values and socio-cultural identity of Russian citizens [19]. The list of violations is no longer limited to attacks by international Internet crime, being supplemented by discriminatory measures (censorship, etc.) of global digital corporations based in the United States, anti-Russian technological sanctions of unfriendly states and other similar actions in the format of "hybrid wars" [20]. To an even greater extent than at the previous stage, in the 2010s, it becomes both a state and a personal necessity to form a mass civil culture of Internet communications security, including socio-cultural aspects, as well as the protection of traditional values [21]. To solve this problem, the experience gained in the financial sphere in the formation of such security of Internet service customers is a valuable material. On the other hand, the experience gained by citizens can serve as an initial "universal education" for the culture of information security for adults no less important [22] than for schoolchildren the corresponding sections of subjects of general life security and computer science. Results The results of the study show that a specialized, culturological approach to the culture of Internet communications security is becoming in demand, while previous research and development was conducted within the framework of other scientific disciplines, first technical, then law, pedagogy, psychology, etc. The use of cultural studies tools, in particular, evolutionary and structural-functional approaches, allows to build a dynamic system model ? a cultural paradigm of information security. Such a theoretical construction reflects the patterns of formation, specifics and interrelationships of various elements of professional, specialized and general civil culture of information security. Positioning in the general system allows us to determine the features and structural and functional characteristics of the general civil culture of Internet communications security. Culturological methodology can be effectively used to develop methods and other means of developing and improving this area of culture. In particular, the culturological analysis made it possible to conclude that the experience of ensuring information security of remote banking services is basic and highly representative for the formation and development of the corresponding mass civil culture. The evolution of technologies, services, threats and users of Internet communications requires a specific analysis of the structural and functional elements of security, taking into account the features, combinations and interaction of technical and socio-cultural factors in the development of means of improving the profile culture.
References
1. Guitton, M., & Fréchette J. (2023). Facing cyberthreats in a crisis and post-crisis era: Rethinking security services response strategy. Computers in Human Behavior Reports. 2023. Vol.10. doi:10.1016/j.chbr.2023.100282
2. Vasil’yeva, Ya.V., & Kalinyuk, E.V. (2023). Problems of development of the information security system of the Russian Federation. Modern science: actual problems of theory and practice. Series "Economics and law", 3, 94-99. doi:10.37882/2223-2974.2023.03.06
3. Kuzior, A., Vasylieva, T., Kuzmenko, O., Koibichuk, V., & Brożek, P. (2022). Global Digital Convergence: Impact of Cybersecurity, Business Transparency, Economic Transformation, and AML. Efficiency Journal of Open Innovation: Technology, Market, and Complexity. 8. Iss.4. doi:10.3390/joitmc8040195
4. Chizhikov, V.V. (2023). Information technologies as translators of culture and art in virtual reality. The Bulletin of Moscow State University of culture and arts, 1(111), 89-97. doi:10.24412/1997-0803-2023-1111-89-97
5. Bylevskiy, P.G. (2023). User and personal data − risk analysis of knowledge extraction. Information security questions, 1(140), 35-40. doi:10.52190/20732600_2023_1_35
6. Bogoudinova, R.Z., Borodina, S.D., & Mansurova, A.R. (2022). Information security in the modern world: methodological aspect. Bulletin of the Kazan State University of culture and arts, 4, 16-20. EDN: IHZDFC
7. Taherdoost H. (2022). Cybersecurity vs. Information Security. Procedia Computer Science, 215, 483-487. doi:10.1016/j.procs.2022.12.050
8. AlDaajeh, S., Saleous, H., Alrabaee, S., Barka, E., Breitinger, F., & Choo, K.-K. The role of national cybersecurity strategies on the improvement of cybersecurity education. Computers & Security, 119. doi:10.1016/j.cose.2022.102754
9. Uzlova, N.V. (2023). Spiritual and cultural values in the national security paradigm. Society: Philosophy, History, Culture, 4(108), 89-92. doi:10.24158/fik.2023.4.12
10. Prokhorov, Yu.N. (2023). Prevention of consumer damage from the use of digitalization tools: methodological foundations for the formation of ethics for the use of artificial intelligence systems. Financial Markets And Banks, 2, 35-41. EDN: RVDWWN
11. Timofeyev, Yu., & Dremova, O. (2022). Insurers’ responses to cyber crime: Evidence from Russia. International Journal of Law, Crime and Justice, 68. doi:10.1016/j.ijlcj.2021.100520
12. Miloslavskaya, N., & Tolstaya, S. (2022). Information Security Management Maturity Models. Procedia Computer Science, 213, 49-57. doi:10.1016/j.procs.2022.11.037
13. Nagovitsyn, R.S., & Krivonogov, A.D. (2023). Civic and patriotic education of students of the University of Culture using artificial intelligence-based websites. Bulletin of the Kazan State University of culture and arts, 1, 21-26. EDN: BKIXDN
14. AlGhanboosi B., Ali S., & Tarhini A. (2023). Examining the effect of regulatory factors on avoiding online blackmail threats on social media: A structural equation modeling approach. Computers in Human Behavior, 144. doi:10.1016/j.chb.2023.107702
15. Rodivilin, I.P. (2021). Modern specifics of the determination of crimes in the sphere of circulation of legally protected information. Bulletin of the Udmurt University. Economics and Law series, 31(2), 305-311. doi:10.35634/2412-9593-2021-31-2-305-311
16. Daniyelyan, Z.V. (2021). Teacher's information culture as a factor of prevention of adolescent cyberbullying. Kazan pedagogical journal, 1(144), 64-70. EDN: FIVVJU
17. Malysheva, I.V. (2023). Social networks as a legal phenomenon. Siberian Law Herald, 2(101), 10-16. doi:10.26516/2071-8136.2023.2.10
18. Francisco, M. (2023). Artificial intelligence for environmental security: national, international, human and ecological perspectives. Current Opinion in Environmental Sustainability, 61. doi: 10.1016/j.cosust.2022.101250
19. Fedorov, A.V. (2022). Disinformation as a tool and an integral part of the information confrontation of the West. South Russian Journal of Social Sciences, 23(2), 18-36. doi:10.31429/26190567-23-2-18-36
20. Lapshinova, K.V., & Podol’skaya, A.A. (2022). The phenomenon of information war in the assessments of the youth of the Moscow region. Social and Humanitarian Technologies, 3(23), 11-16. EDN: XITITL
21. Dement’yev, S.A. (2023). Human security on the Internet: problems and prospects. Bulletin of the South-Russian state technical University (NPI) Series Socio-economic Sciences, 16(2), 229-235. doi:10.17213/2075-2067-2023-2-229-235
22. Berestok, T.B. (2021). Theoretical approaches to the study of information and psychological security in prosocial behavior of people 60+. Review of Pedagogical Researc, 3(8), 227-237. EDN: CJMQE
Peer Review
Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.
The subject of the research in the article submitted for review ("Cultural approach to the development of a general civil culture of Internet communications security") is the problem of developing an information security culture. At the same time, the culture of information security, as defined by the decree of the Government of Russia, is understood by the author as a set of knowledge, skills and abilities of safe use of computer and telecommunication network technologies by people. An essential point, according to the reviewer, is the author's reliance on a state regulatory document and clarification of the basic subject of information security — a citizen of Russia. Accordingly, in addition to the structural, functional and evolutionary cultural approaches outlined by the author, the presented research also includes reliance on a value-normative approach relevant in the field of methodological support for the state cultural policy of Russia, which implies that the legal norms adopted by the state are conditioned by the need to preserve and exploit a certain set of values that develop in the process of society's life in a historically developing a system that programs the forms of individual and collective activity. In this context, the development of information security culture, as an element of the historical process, acts as an object of study, in which the author focused on the evolution of the very problem (subject) of ensuring information security, which from a narrow technical field at the initial stage of the development of computer and telecommunications network technologies has moved to the field of general civil and state security at the moment. Thus, the article is devoted to the cultural problematization of ensuring the safe use of computer and telecommunication network technologies by people, where, in turn, the problem is understood as an abstract category, which, by analogy with the cultural form, acquires a specific content depending on the historical dynamics of people's use of computer and telecommunication network technologies. The author clearly outlined the structural classification scheme of the elements of the functioning of a dynamic Internet communication system based on the principle of compliance/non-compliance with security standards: people divided into legal users and violators, values (protected and attacked), technical and socio-cultural means (on the one hand, ensuring, on the other — security violations). Quite reasonably noting that the evolution of the problem of ensuring information security of citizens is due to the expansion of the value characteristics of Internet communication (values attacked and protected within the framework of Internet communication), the author identifies three stages of the evolution of the problem in the Russian segment. The first stage (2000s) was characterized by him as financial and technical: related to overcoming the risks of financial transactions carried out using Internet communication mainly by corporations and financial institutions, which formed technical means and special information security services, which led to the formation of a professional culture of information security of mass services. The second stage (2010s) is characterized by the preservation of the financial side of the interests of intruders, but due to the increase in the professional culture of information security, the object of attacks is shifting from the technical means of mass services to their users. Accordingly, the problem of elementary mass culture of financial and information security of citizens is being actualized, which was solved through the propaedeutics of information literacy by banking specialists and teachers, "developers of safety rules and teaching methods". However, starting in 2022, the object of attacks is not so much the area of finance, but the area of individual and public mental health, in which, according to the author, attackers are increasingly using "social engineering" technologies aimed at destroying the social behavior of users of computer and telecommunication means of communication. In addition, strategic objects of economic, social, and military infrastructure become the target of attacks. Accordingly, the target of attacks by intruders is not so much an individual citizen, but society as a whole — its complex socio-cultural sphere, which characterizes the attacking subject in a certain way: not only the professionalization of intruders takes place, but also their organization into criminal and paramilitary special forces to inflict maximum damage to the intended enemy. As a result, the expansion of the field of information security issues to the state level today requires not only regulatory regulation and state protection by specialized state security units, but also the attention of theorists, their close cooperation in an interdisciplinary field that could methodically ensure the safety of the socio-cultural sphere of society in conditions of intensive informatization. Thus, the subject of the study was considered by the author at a fairly high theoretical level, the final conclusions are justified and trustworthy. The research methodology, as noted above, in addition to the tools of evolutionary and structural-functional cultural approaches, is based on the analytical complex of the value-normative theory of culture, which is relevant for Russian cultural studies. Despite the fact that the author does not formalize the research program separately, it is clearly visible in the logic of revealing the evolution of the problem of information security culture in Russian society. The relevance of the topic raised by the author is extremely high. The reviewer emphasizes that, like many technological achievements, information technologies can be used not only for good, but also for criminal and military-political purposes to the detriment of man and society, therefore, the need for a cultural approach emphasized by the author, which has the heuristic advantage of deep interdisciplinary connections, seems quite appropriate and timely. The scientific novelty reflected in the author's thematic selection of scientific literature, the typology and classification of risks and threats in the field of information security culture, the structure of the functioning of the dynamic Internet communication system and the periodization of the development of the problems of information security culture in Russian society is beyond doubt, the final conclusion is well-founded and trustworthy. The style is generally scientific, although in the fragment: "The limit of the possibilities of a professional security culture appeared: financial organizations could no longer protect the client's Internet communications from fraudsters without his own active participation," the author's thought is not clear and requires clarification. The structure of the article reflects the logic of presenting the results of scientific research. The bibliography reflects the problem field of the study well, it is designed taking into account the requirements of the editorial board and GOST. Appealing to opponents is correct and appropriate. The article is certainly of interest to the readership of the Litera magazine, since it reveals a significant problem area of media communication, and after a little revision it can be recommended for publication.
Link to this article
You can simply select and copy link from below text field.
|
|
