Search results

The purpose of this paper is to understand the emerging challenges of cybersecurity governance by analyzing the internet’s early history.

Tracing the design and management of early internet and network security technologies in the USA in the 1970s and 1980s.

The US Department of Defense separated the research and management regimes for networks and network security, with the latter restricted to military networks. As such, the absence of cybersecurity technologies on the early internet was not an oversight, but a necessary compromise. This ordering of networks and security had enduring technological, political and even cultural consequences, which are breaking down today.

Political, technological and metaphoric distinctions between networks and security should be challenged; cybersecurity will transform internet governance.

New historical sources and analysis provide a novel perspective on contemporary challenges of cybersecurity governance.

This paper aims to map out multi-agency partnerships in the UK information assurance (UKIA) network in the UK.

The paper surveyed members of the UKIA community and achieved a 52 percent response rate (n=104). The paper used a multi-dimensional scaling (MDS) technique to map the multi-agency cooperation space and factor analysis and ordinary least squares regression to identify predictive factors of cooperation frequency. Qualitative data were also solicited via the survey and interviews with security managers.

Via the quantitative measures, the paper locates gaps in the multi-agency cooperation network and identifies predictors of cooperation. The data indicate an over-crowded cybersecurity space, problems in apprehending perpetrators, and poor business case justifications for SMEs as potential inhibitors to cooperation, while concern over certain cybercrimes and perceptions of organisational effectiveness were identified as motivators.

The data suggest that the neo-liberal rationality that has been evoked in other areas of crime control is also evident in the control of cybercrimes. The paper concludes divisions exist between the High Policing rhetoric of the UK's Cyber Security Strategy and the (relatively) Low Policing cooperation outcomes in “on the ground” cyber-policing. If the cooperation outcomes advocated by the UK Cyber Security Strategy are to be realised, UKIA organisations must begin to acknowledge and remedy gaps and barriers in cooperation.

This paper provides the first mixed-methods evidence on the multi-agency cooperation patterns amongst the UKIA community in the UK and highlights significant gaps in the network.

The maritime industry is increasingly impacted by the Internet of things (IoT) through the automation of ships and port activities. This increased automation creates new security vulnerabilities for the maritime industry in cyberspace. Any obstruction in the global supply chain due to a cyberattack can cause catastrophic problems in the global economy. This paper aims to review automatic identification systems (AISs) aboard ships for cyber issues and weaknesses.

The authors do so by comparing the results of two receiver systems of the AIS in the Port of Houston; the JAMSS system aboard the Space Station and the “Harborlights” system for traffic control in the Port.

The authors find that inconsistent information is presented on the location of same ships at the same time in the Port. Upon further investigation with pilots, the authors find that these inconsistencies may be the result of the strength of power with which an AIS is transmitted. It appears the power may be reduced to the AIS in port but that it varies within port and varies by pilot operators. This practice may open the AIS system for tampering.

Further, this inconsistency may require further policy regulation to properly address cyber information in a port.

The purpose of this study is to investigate whether having accessible cybersecurity programs (CPs) for high-school students affected girls’ long-term engagement with the industry, given that they already had interests in technology. Although much research has been done to evaluate how high-school science, technology, engineering, and mathematics programs retain girls in computing fields, it is necessary to see if this same long-term engagement exists in cybersecurity-specific programs.

In total, 55 members were surveyed from the aspirations in computing community regarding their experience in and accessibility to high-school CPs. A quantitative analysis of such responses was then undertaken using inferential statistical tools and chi-squared tests for independence.

The results showed that the existence of CPs alone are not influential factors in increasing long-term engagement with the field, showcasing that the high-knowledge barrier of CPs affects many students (even those with prior interests in technology). Instead, by having multiple occurrences of these programs and providing more cybersecurity resources to areas that lacked them, girls were more likely to report an increased interest in the field.

Such information can support future program leaders to develop effective, accessible and more targeted cybersecurity initiatives for students of various communities.

By analyzing the unique interactions of tech-aspiring women with cybersecurity, this exploration was able to demonstrate that women of different computing experiences face a shared barrier when entering the cybersecurity field. Likewise, in comparing these perspectives across different age groups, the investigation highlighted the development and subsequent growth of cybersecurity programming over the years and why such initiatives should be supported into the future.

Cybersecurity training plays a decisive role in overcoming the global shortage of cybersecurity experts and the risks this shortage poses to organizations' assets. Seeking to make the training of those experts as efficacious and efficient as possible, this study investigates the potential of visual programming languages (VPLs) for training in cyber ranges. For this matter, the VPL Blockly was integrated into an existing cyber range training to facilitate learning a code-based cybersecurity task, namely, creating code-based correlation rules for a security information and event management (SIEM) system.

To evaluate the VPL’s effect on the cyber range training, the authors conducted a user study as a randomized controlled trial with 30 participants. In this study, the authors compared skill development of participants creating SIEM rules using Blockly (experimental group) with participants using a textual programming approach (control group) to create the rules.

This study indicates that using a VPL in a cybersecurity training can improve the participants' perceived learning experience compared to the control group while providing equally good learning outcomes.

The originality of this work lies in studying the effect of using a VPL to learn a code-based cybersecurity task. Investigating this effect in comparison with the conventional textual syntax through a randomized controlled trial has not been investigated yet.

What does the future hold for Europe's ICT sector and how will the information society develop? This article provides a snapshot of the state of Europe's ICT sector and progress towards the information society. The article then considers the major trends and drivers of change shaping the information society and, based on published foresight studies, explores two possible scenarios for the future. Finally, the implications for Europe's policies towards ICT and the information society are discussed.

There is growing contestation between states and private actors over cybersecurity responsibilities, and its governance is ever more susceptible to nationalization. The authors believe these developments are based on an incomplete picture of how cybersecurity is actually governed in practice and theory. Given this disconnect, this paper aims to attempt to provide a cohesive understanding of the cybersecurity institutional landscape.

Drawing from institutional economics and using extensive desk research, the authors develop a conceptual model and broadly sketch the activities and contributions of market, networked and hierarchical governance structures and analyze how they interact to produce and govern cybersecurity.

Analysis shows a robust market and networked governance structures and a more limited role for hierarchical structures. Ex ante efforts to produce cybersecurity using purely hierarchical governance structures, even buttressed with support from networked governance structures, struggle without market demand like in the case of secure internet identifiers. To the contrary, ex post efforts like botnet mitigation, route monitoring and other activities involving information sharing seem to work under a variety of combinations of governance structures.

The authors’ conceptual framework and observations offer a useful starting point for unpacking how cybersecurity is produced and governed; ultimately, we need to understand if and how these governance structure arrangements actually impact variation in observed levels of cybersecurity.

Industry 4.0 refers to the interconnection of cyber-physical systems, which connects the physical and digital worlds by collecting digital data from physical objects/processes, and using this data to drive automation and optimisation. Digital technologies used in this revolution gather and handle massive volumes of high-velocity streams while automating field operations and supply chain activities. Cybersecurity is a complicated process that helps sort out various hacking issues of Industry 4.0. This purpose of this paper is to provide an overview on cybersecurity and its major applications for Industry 4.0.

The rise of Industry 4.0 technologies is changing how machines and associated information are obtained to evaluate the data contained within them. This paper undertakes a comprehensive literature-based study. Here, relevant research papers related to cybersecurity for Industry 4.0 are identified and discussed. Cybersecurity results in high-end products, with faster and better goods manufactured at a lesser cost.

Artificial intelligence, cloud computing, internet of things, robots and cybersecurity are being introduced to improve the Industry 4.0 environment. In the starting, this paper provides an overview of cybersecurity and its advantages. Then, this study discusses technologies used to enhance the cybersecurity process. Enablers, progressive features and steps for creating a cybersecurity culture for Industry 4.0 are discussed briefly. Also, the research identified the major cybersecurity applications for Industry 4.0 and discussed them. Cybersecurity is vital for better data protection in many businesses and industrial control systems. Manufacturing is getting more digitised as the sector embraces automation to a more significant level than ever before.

This paper states about Industry 4.0 and the safety of multiple business process systems through cybersecurity. A significant issue for Industry 4.0 devices, platforms and frameworks is undertaken by cybersecurity. Digital transformation in the Industry 4.0 era will increase industrial competitiveness and improve their capacity to make optimum decisions. Thus, this study would give an overview of the role of cybersecurity in the effective implementation of Industry 4.0.

The purpose of the study is to conduct a scientometric analysis of cybersecurity literature indexed in the core collection of the Web of Science for a period of ten years (2011–2020).

Cybersecurity is a focused topic of research across the globe. To identify the global research productivity in the field, the terms “cybersecurity, cyber-security, web security, information security, computer security, etc.” were used for retrieving the publications in the advanced search mode of the database “Web of Science”, limiting the time frame for 2011– 2020. The results retrieved were downloaded in the Excel file for further analysis and interpretation. The harvested data was analysed by using scientometric techniques to measure the progress such as growth rate, doubling time and author collaborations. Besides, the Biblioshiny and VOSviewer software were used for mapping networks.

The research output in the field of cybersecurity has shown an increasing trend during 2011–2020, and the maximum number of scholarly publications was published in 2020 (1,581), i.e. more than 715% of 2011 (221). A good number of countries (93) have contributed globally in cybersecurity research, and the highest share in research publications was reported by the USA (23.55%), followed by China (23.24%), South Korea (5.31%), UK (5.28%) and India (4.25%). The authorship patterns in cybersecurity publications show a collaborative trend, as most articles have been published by multiple authors. Total 5,532 (90.14%) articles have been published in co-authorship, whereas only 605 (9.86%) articles have been published by single authors. Keyword analysis shows that the most common keyword research by the authors is cybersecurity and its variants such as “cyber security” and “cyber-security” (1,698) followed by security (782), computer security (680) and information security (329).

The database studied for the work does not represent the total literary output available on the theme. There are plenty of other databases, such as Scopus, Compendex, INSPEC, IEEE Xplore, arXiv, contributing to the same theme as well.

The findings of the study may help researchers, information technologists, library professionals and information specialists to identify the research progress, authorship patterns, collaborative networks and hot topics of research in the field of cybersecurity. Besides, it will assess the global response to the cybersecurity issue.

The study is the scientometric analysis of the cybersecurity based on current literature and will highlight the progress and development of global research in the said field.

The aim of this study is o examine the advantages and disadvantages of different existing scoring systems in the cybersecurity domain and their applicability to the AEC industry and to systematically apply a scoring system to determine scores for some of the most significant construction participants.

This study proposes a methodology that uses the Common Vulnerability Scoring System (CVSS) to calculate scores and the likelihood of occurrence based on communication frequencies to ultimately determine risk categories for different paths in a construction network. As a proof of concept, the proposed methodology is implemented in a construction network from a real project found in the literature.

Results show that the proposed methodology could provide valuable information to assist project participants to assess the overall cybersecurity vulnerability of construction and assist during the vulnerability-management processes. For example, a project owner can use this information to get a better understanding of what to do to limit its vulnerability, which will lead to the overall improvement of the security of the construction network.

It has to be noted that the scoring systems, the scores and categories adopted in the study need not necessarily be an exact representation of all the construction participants or networks. Therefore, caution should be exercised to avoid generalizing the results of this study.

The proposed methodology can provide valuable information and assist project participants to assess the overall cyber-vulnerability of construction projects and support the vulnerability-management processes. For example, a project owner can use this approach to get a better understanding of what to do to limit its cyber-vulnerability exposure, which will ultimately lead to the overall improvement of the construction network's security. This study will also help raise more awareness about the cybersecurity implications of the digitalization and automation of the AEC industry among practitioners and construction researchers.

Given the amount of digitized services and tools used in the AEC industry, cybersecurity is increasingly becoming critical for society in general. In some cases, (e.g. critical infrastructure) incidents could have significant economic and societal or public safety implications. Therefore, proper consideration and action from the AEC research community and industry are needed.

To the authors' knowledge, this is the first attempt to measure and assess the cybersecurity of individual participants and the construction network as a whole by using the Common Vulnerability Scoring System.