Cybersecurity Implications Research Articles

New Paradigms in Securing Software Vulnerabilities An Institutional Analysis of Emerging Bug Bounty Programs and Their Implications for Cybersecurity

This working paper applies institutional economics theory (North, 1990) to examine the recent developments of bug bounty programs. A software vulnerability, commonly referred to as a bug, is a security flaw in computer code. Until the bug is fixed with a software patch, it presents a security loophole and may be exploited in a cyber attack. Major software companies, among them Microsoft, Adobe, and Oracle, received considerable media attention in 2013 and 2014 for severe security issues and breaches. Some of their widely used applications were in danger of being exploited based on previously unknown code vulnerabilities. Given software companies’ incentives to fix vulnerabilities in their software, major software vendors significantly adapted their approaches in recent years by more openly incorporating externally gathered vulnerability information. Google, Microsoft, and Facebook, for instance, created structured programs where bug hunters can submit their digital prey, in exchange for a bounty. Depending on the severity and significance of a security vulnerability, the bounty price may range from a few hundred US dollars up to USD 100,000.

Economical Improvements by Analysing & Enhancing Cyber Security in Small and Medium-Sized Businesses (SMBs)

The objective of this paper is to investigate and enhance the safety aspects of net service delivery to small and medium-sized businesses (SMBs) and also the policy and restrictive implications of cyber security within the ‘fragmented’ structural surroundings in an exceedingly developing economy. The ever present interconnectivity provides the first passage for exploiting vulnerabilities on a widespread basis; Medium Enterprises (SMBs) sector is crucial in terms of economic process in developing economies. The ever present net permeates each aspect of human endeavour, not solely to the technologically developed countries, however additionally more and more current in developing countries. Although some argue that the pace of the expansion of the computer network ought to continue while no governmental restrictions are there, others, from another point of view, argue that these connectivities ought to be actively regulated through domestic and international laws. The latter thinks that non-regulation of the computer network may have grave cyber-security issues which are probably going to inhibit this growth and development gains. This analysis analysed the assorted policies and frameworks in respect of secured interconnectivity, adherence to governance, risk and compliance problems in an exceedingly best-practice fashion. Inferential analysis reveals that there is a unit in some cyber-security implications on SMBs in an exceedingly fragmented policy and restrictive surroundings. The findings of area unit are mentioned and taken to produce highlights of those policies and restrictive challenges.

Cyber Security and User Responsibility: Surprising Normative Differences

High-profile hacking incidents caused critics on social media to blame the celebrities who were hacked rather than the hackers. They claimed that those whose risqué photos were stolen were to blame for failing to secure them. While such attempts to blame-shift can be dismissed as victim-blaming, they elucidate a set of questions about the ethics of personal responsibility as it relates to computer security. Is the normative standard for security in the cyber realm in any way significantly different than the moral norms governing all other aspects of life with respect to questions of individual responsibility, blame, and negligence? For example, if I lock my possessions in my home, I have a reasonable expectation that they are safe from theft. But even if my house is unlocked with my possessions visible, few would argue that I deserve to be robbed due to my failure to secure my valuables. It would be an implausible stretch to assert that my negligence constituted a lack of blameworthiness on behalf of the thieves, or provided any mitigation to the moral wrongness of the act of robbery. Consider another more poignant example for the cyber world. Imagine a man walking through a neighborhood checking doors to see if they are unlocked, but not stealing anything. Few would consider such behavior acceptable within present societal norms. Yet, in the cyber world, such norms have significantly less traction. Such thinking raises two important questions. First, does the average person have the wherewithal to implement adequate or effective computer security? Second, whatever the cyber-equivalent to the norm of traditional security is, is there a prevailing belief that failing to meet it is a matter of negligence in the cyber case where the equivalent failing would not be considered negligent in the non-cyber case? Or, in other words, if a computer user's data is compromised did she, in some sense, “get what she deserved”? These questions have significant ethical and practical implications for cybersecurity and human factors.

Potential Cyberattacks on Automated Vehicles

Vehicle automation has been one of the fundamental applications within the field of intelligent transportation systems (ITS) since the start of ITS research in the mid-1980s. For most of this time, it has been generally viewed as a futuristic concept that is not close to being ready for deployment. However, recent development of “self-driving” cars and the announcement by car manufacturers of their deployment by 2020 show that this is becoming a reality. The ITS industry has already been focusing much of its attention on the concepts of “connected vehicles” (United States) or “cooperative ITS” (Europe). These concepts are based on communication of data among vehicles (V2V) and/or between vehicles and the infrastructure (V2I/I2V) to provide the information needed to implement ITS applications. The separate threads of automated vehicles and cooperative ITS have not yet been thoroughly woven together, but this will be a necessary step in the near future because the cooperative exchange of data will provide vital inputs to improve the performance and safety of the automation systems. Thus, it is important to start thinking about the cybersecurity implications of cooperative automated vehicle systems. In this paper, we investigate the potential cyberattacks specific to automated vehicles, with their special needs and vulnerabilities. We analyze the threats on autonomous automated vehicles and cooperative automated vehicles. This analysis shows the need for considerably more redundancy than many have been expecting. We also raise awareness to generate discussion about these threats at this early stage in the development of vehicle automation systems.

Innovation dynamics and capability in open collaborative cyber communities: implications for cybersecurity

Cybersecurity is a complex challenge that has emerged alongside the evolving global socio-technical environment of social networks that feature connectivity across time and space in ways unimaginable even a decade ago. This paper reports on the preliminary findings of a NATO funded project that investigates the nature of innovation in open collaborative communities and its implications for cyber security. In this paper, the authors describe the framing of relevant issues, the articulation of the research questions, and the derivation of a conceptual framework based on open collaborative innovation that has emerged from preliminary field research in Russia and the UK.