This book examines today’s and tomorrow’s cybersecurity challenge and approaches to solutions. Many putative solutions to cybersecurity have been purely technical in nature and, at times, have been cast as "silver bullets" or all-encompassing solutions. Virus checkers, firewalls, monitoring systems, and so on, all play roles in mitigating cyber-attack risks, but, unfortunately, the bottom line is that cyber-attacks continue to be successful and losses are mounting. Many cyber-attacks start with social engineering techniques (e.g., phishing), thereby introducing psychological and sociological considerations for handling cyber-attacks. It has become quite apparent to that we can only truly solve the cybersecurity problem by drawing researchers and practitioners from across disciplines; in isolation, disciplines miss important insights into cybersecurity challenges.
Moreover, it is also apparent that there is insufficient science underlying our approaches to cybersecurity. For example, we do not have good metrics for measuring the security postures of systems and, hence, are unable to provide rigorous measures to inform security investment decisions. The absence of a science has been recognized, especially in the United States, where there are concerted efforts in developing a science of security. However, the formulation of such a science will take decades to fulfill, and progress will be sporadic.
Finally, we conclude that the multi-faceted challenges of cybersecurity necessitate collaborative approaches to seeking solutions – no one organization has the capacity to solve the challenges alone. In our view, this need argues for ecosystem-based approaches to cybersecurity, through which organizations work in concert to address the substantial number of challenges. For this book, we have chosen 15 articles from the Technology Management Review that we feel provide particularly relevant insights into cybersecurity and, in general, contribute to a theory or science of cybersecurity.
Contents of the book:
Part I: Understanding
1. Defining Cybersecurity
2. Cyber-Attack Attributes
3. Crimeware Marketplaces and Their Facilitating Technologies
4. Cybersecurity Skills Training: An Attacker-Centric Gamified Approach
5. Botnet Takedown Initiatives: A Taxonomy and Performance Model
6. Securing the Car: How Intrusive Manufacturer-Supplier Approaches Can Reduce Cybersecurity Vulnerabilities
Part II: Technical Approaches
7. Peer-to-Peer Enclaves for Improving Network Defence
8. Security Challenges in Smart-Grid Metering and Control Systems
9. Quantitative Metrics and Risk Assessment: The Three Tenets Model of Cybersecurity
10. On the Road to Holistic Decision Making in Adaptive Security
11. Cybersecurity Capability Maturity Models for Providers of Critical Infrastructure
Part III: Future
12. Developing an Innovation Engine to Make Canada a Global Leader in Cybersecurity
13. Cybersecurity Futures: How Can We Regulate Emergent Risks?
14. A Research Agenda for Security Engineering
15. The Online World of the Future: Safe, Productive, and Creative