Download pdf - Cybersecurity

Page 1: Cybersecurity


Research Project: Cybersecurity


Security industry has emerged as response to the threats of different kind that follow

humanity from its birth. The need in protection from animals and then from other tribes made

first people think about their security. Through the ages, security issues started to become more

and more sophisticated. Therefore, security measures changed as well. The technology era has

changed everything. However, it did not change the desire of some people to get something

illegally that others have. Thus, the new era of challenge between security and its counterparts

has begun.

Technology has brought many innovations and advances into the world of security. At

first, there were code locks and highly sophisticated mechanical solutions that allowed making

security breaches rather difficult. Then, different wired electronic devices provided security

protectors with opportunities to have distant access to the security control systems and thus be

able to control them better. Despite all these advances, their counterparts have always been close

in this race. The third parties with criminal or other intent that wanted to get unauthorized access

to something that was protected have always been inventive and that allowed them creating

mechanisms and devices for security breaches (Guan and Huck 2012).

Page 2: Cybersecurity


Implications of Cyber Security

The advent of information technologies provided mankind with outstanding opportunities

in different areas. Electronic means of communication, like wired networks, wireless, and mobile

technologies have made the process of information transfer as quick and easy as never before.

Such state of things required new approaches in terms of security measures because criminals

have always been a threat. However, there are reasons to believe that the greatest threats to the

organization’s information security are constituted by employees.

Why it is so? It is rather easy to explain. At first, think about the following: IT specialists,

CIOs, security teams, etc. are all focused on development and implementation of the most

sophisticated and advanced security measures because they do realize the significance of the

consequences that security breaches might have (Garfinkel, 2012). Then, these people within any

organization oppose the other side (criminals) that play by the same rules, meaning the

approaches, ideas, and concepts both side exploit. Therefore, security specialists generally know

how to stop criminals, at least in theory (Benzel 2011; Kemmerer 2003).

Meanwhile, employees, in most cases, have rather poor computer literacy. It means that a

normal IT related individual will not write down the password from highly-secured enterprise

database on the back side of keyboard. It also means that such kind of individual realizes in full

that it is not appropriate to store pricy, secured, important data on mobile phone, laptop, thumb

drive, or any other device, convenient to be stolen or lost.

Therefore, sloppiness, foolishness, careless, and, in some cases, anger of employees are

the greatest threats to the security plans and measures of any company. Such conclusion can be

supported by Garfinkel (2012, p. 29-30): “Cybersecurity can be viewed solely as an insider

problem. What is needed, say advocates, are systems that prevent authorized users from acting

Page 3: Cybersecurity


improperly.” The greatest challenge for an IT security specialist is to try to think like regular

users do and then develop such security measures that would consider all imaginable actions,

theoretically possible to be performed by a typical employee. Otherwise, information security is

in great danger, always.

Page 4: Cybersecurity



Unauthorized access to the protected network, such as Ministry of Interior could have, is

the biggest issue today. Mobile devices are more and more popular these days so it is very

important to implement protection for such devices as well. Thus, encryption and smart cards

access can be useful in this matter.

Isoltation of the protected systems is not the solution of the cyber security provision.

According to Garfinkel (2012, p. 31), ” One of the simplest solutions proposed for the

cybersecurity problem is to run systems in secure enclaves that are disconnected from the

Internet. While the idea may sound attractive, execution is impossible in practice.” The author

claims that isolated systems become limited – they cannot be used in full.

Protection of sensitive information has always been an issue. People have tried to protect

important data for centuries and used rather different methods in order to achieve this goal. The

most useful and efficient method was encryption. A sender (or keeper) altered information using

a specific key. No one else was able to understand such encrypted message without having and

applying the key. Therefore, the main goal to protect the data was achieved in this way.

Further development of data carriers led to the sophistication of encryption methods. It

was the only way to assure protection. With the advent of information technologies as we know

them today, the need in protecting data grew drastically. Computers provided us with substantial

computational capability that allowed developing new, more advanced and powerful encryption

algorithms. Such achievement made encryption a more reliable and widespread method of data

protection (Benzel 2011; Kemmerer 2003).

At first, encryption was used by military in order to not allow enemies understand

intercepted messages. Later, business community realized that encryption could be used for

Page 5: Cybersecurity


protection business secrets and internal information from the third parties. Thus, encryption tools

became commonly used not only for military and business purposes but also in day-to-day life of

regular people.

New encryption algorithms were developed. The old ones were improved. However, the

contemporary era of the Internet, smartphones, laptops, and mobile data storages required new

approaches in data protection. Business required solutions that were able to protect sensitive

information from the unauthorized access. Eventually, different encryption techniques

(algorithms) were developed. AES, DES, algorithms with symmetric and asymmetric keys, SSL,

and many others were developed to assure that data was safe and could not be acquired by the

third parties without permission. Even the full disk encryption technique was created to provide

the business community with extra security measures.

Modern business industry can be called customer-driven. It is rather easy to agree with

this statement if we just look at the current situation on nearly any market. However, this

tendency is easier to follow using the market of financial services as an example. This market

grew substantially after the advent of information technologies (IT) and their rapid development.

The reasons for such drastic increase were more than obvious. Banks and other financial

institutions got the opportunity to provide their customers with usual services via the

achievements of informational era, such as global network (the Internet), mobile terminals

(smartphones and other mobile devices), smart chips in credit cards, etc. (Benzel 2011;

Kemmerer 2003; El-Khatib et al. 2010; Seltsikas 2010).

Along with the rapid development of financial products’ and services lines, oriented on

the online distribution, the need in securing such kind of transactions grew as well. It was clear

that people would not entrust such sensitive information as financial to the channels they were

Page 6: Cybersecurity


not sure about (Garfinkel, 2012). Therefore, at the beginning of information era the number of

financial services was small but they were rather secure. Credit cards, checks, other financial

instruments were protected comparatively well because the customers’ personal financial data

(personal identification numbers, for example) was not transferred via unsecured networks,

including wireless ones.

With the advent of such technologies, as wireless networks, instant access to the Internet

from mobile devices, contactless access to smart cards based on radio frequency identification

(RFID), and many others, the number of opportunities to provide financial services grew

substantially. However, there is an opinion that it has been done at the expense of customer

security. The aim of this paper is to discuss this issue in order to understand whether it is true or


At first, it is necessary to understand what these financial services are and what features

they have. Thus, it would be easier to obtain broader view on the main issue. Online financial

services are usually provided via online banking. It is also sometimes called Internet banking.

Online (Internet) banking gives an opportunity to conduct various financial transactions using

secured website of a bank (Garfinkel, 2012).

Most of the common operations performed via online services can be addressed to

transactional and non-transactional categories, and also financial institution administration,

management of numerous users that have different levels of authority, approval process of

transactions. In addition, online banking could include such unique services as personal financial

management support and account aggregation that would allow customers monitoring numerous

personal accounts via the Internet (El-Khatib et al. 2010; Seltsikas 2010).

Page 7: Cybersecurity


Now, it is important to clarify the major concern of every transaction or simply action

related to financial activities – security. Security in such kind of transactions is issue number one

beyond any doubts. Usual banking services are provided with rigid security measures, such as

combination of different authentication methods, secured cards, heavily guarded safes, etc.

However, in case of online banking, there are no opportunities to provide these security measures

(Garfinkel, 2012).

Page 8: Cybersecurity



Online services provided regular people with tools that make their life easier and

comfortable. Security specialists of different sectors developed various systems that should

secure online transactions and make them as secure as it would be in the real bank, for example.

However, considering the level of technology, it is not wise for anyone to feel entirely safe

entering PIN from personal account into mobile banking application (for example). This data

goes though different nodes and wireless networks so it can be intercepted, decrypted, and then

used (El-Khatib et al. 2010; Seltsikas 2010).

Online banking indeed provided customers with numerous services that were unreachable

before. However, it lowered the overall secureness of financial transactions conducted over the

Internet. Garfinkel (2012, p. 30) states the following: “There is no obvious solution to the

problem of cybersecurity. While we depend on our computers, we seem incapable of making or

operating them in a trustworthy manner.” It is true that customers either accept such state of

thing or not. Some of them use online banking intensively, other prefer going to the nearest bank

because it is more secure. In any case, it is the choice of each person whether to use online

services provided by the financial institutions or not.

Therefore, the implementation of online services was a very significant step. People begin

entrusting their financial and other information to the Internet medium and it has its advantages

and deficits. The number of services that banks can offer via online is much bigger but such

freedom of choice is connected with increased risks. It could be said that such variety of services

caused the overall simplification of customer security in order to provide these service to as

many customers as possible. However, it cannot be said that these services were imposed. The

Page 9: Cybersecurity


development of the internet technologies inevitable led to the changes in many industries and the

banking industry simply could not ignore it (El-Khatib et al. 2010; Seltsikas 2010).

Page 10: Cybersecurity



In order to realize how dependent we are from the technologies, I chose morning to go

without using information systems and technologies. Morning is the busiest time of the day in

this matter – checking the emails, news, twitts, Facebook messages, etc. so it was decided to do

so to see how long my mind will be disturbed by the absence of this data. I normally use tablet

and smartphone to browse the Internet and socialize, use emails and various IMs to

communicate. Considering the situation, it was nearly impossible to even think that I was not

able to visit Facebook – there are my friends and lots of information I need to see and share from

the very beginning of the day!

Living this one morning without information technologies, I realized one thing – it is

possible to live without it, without any visible issues. However, the integration of IT into our life

has created new society. We need IT to develop and live as we like. It is clear that we can travel,

communicate, socialize, work, and do infinite quantity of other things without information

technologies. We can drive using paper maps, we can use old wired phones, we can calculate

using abacus, we can we can we can. However, is it really necessary?

Mankind lived thousands of years without IT and would live another two easily. On the

other hand, the breakthrough in this area has changed mankind substantially. From lamps to

microchips in 50 years or less, from natural immunity to neurosurgical operations, from horses to

supersonic jets – the list of the examples can be continued indefinitely. Information technologies

gave mankind the chance to make gigantic leap into the future.

It was obvious that communication in the old-school regime (like over the wired phone,

for example or a simple meeting in a café) could not been applied in this case. Simple process of

information transfer became utterly difficult – people were not nearby the phone and of course

Page 11: Cybersecurity


had no time for meetings. Communication – this is the most difficult task to complete without IT.

Based on this one-time-short experience, it is sad to conclude that we cannot live without

technologies. Well, we can survive, but our life will change completely. Social connections will

be either destroyed or substantially narrowed. Society will die as we know it today.

Another issue to outline (using my experience) is time. Time is one of the assets of every

person and mine, as well. IT allows me save time doing hundreds of things, from sending emails

to finding necessary information. To conclude my experience, I can say the following: IT

facilitates, saves, and connects. These aspects of IT can be applied in my day-to-day activities. I

can live without IT but it would decrease the quality of my current life substantially. I can refuse

using smartphone, laptop, tablet, computer, and all the related technologies without any physical

consequences for me but I will lose in social meaning. Information field we live in will be lost

for me or substantially limited therefore, my social integration and development will be either

slow or stop at all.

Page 12: Cybersecurity



Analyzing the current paradox when the number of tools to assure cyber security grows

but we are less secured in this area, it becomes clear that something should be changed on the

deeper levels and in the broader scope. People should learn to accept the need in technologies in

every area of day-to-day activities and that the technologies should be treated accordingly.

Therefore, since we know that we must look on the road when we cross it, we must realize the

problems cyber security issues can cause.

It is necessary to teach young people how to assure cyber security on the most primitive

level from the school desk. It will allow people getting used to the idea that cyber security is not

just one-time thing – it has to be maintained continuously. Therefore, organizations will not need

to spend too many efforts in order to educate employees in this area. Organizations must accept

the truth that it is important to teach employees to be “cyber conscious” and qualified in this area

to assure the secureness of the data at every desk and workplace.

Organizations are the most vulnerable targets of cyber criminals so CIOs must be ready to

implement more flexible, intellectual approaches to assuring cyber security: spend less money

but develop and implement simple rules on every workplace; use simpler but robust software to

assure security; etc. Modern security systems become more and more sophisticated but can be

compromised by one simple human error. It means that this factor must be eliminated within


Societies need to change the attitude towards cyber security, alter laws and increase the

responsibility for the cyber-related crimes, pay more attention to the educational process in this

area, etc. In other words, society must motivate people be aware of the issues that can occur in

case of cyber security neglecting. It is the task of each developed society in this area as of today.

Page 13: Cybersecurity



Benzel, T. 2011. “The Science of Cyber Security Experimentation: The DETER Project.”

ACSAC’ 11, ACM. Orlando, Florida, USA.

El-Khatib, K., Hung, P., Thorpe, J., and Rjaibi, W. 2010. “Cybersecurity issues for businesses.”

CASCON’ 10, Proceedings of the 2010 Conference of the Center for Advanced Studies on

Collaborative Research, 364-365. IBM Corp. Riverton, NJ, USA.

Garfinkel, S. L. 2010. “Inside Risks: The Cybersecurity Risk.” Communications of the ACM,

55(6), 29-32.

Guan, J. and Huck, J. 2012. “Children in the digital age: exploring issues of Cybersecurity.”

iConference’ 12, Proceedings of the 2012 iConference, ACM, 506-507. New York, NY, USA.

Hoffmann, L. “Risky business.” Magazine Communications of the ACM, 54(11), 20-22. New

York, NY, USA.

Kemmerer, R. A. 2003. “Cybersecurity.” ICSE’ 03, Proceedings of the 25th International

Conference on Software Engineering, IEEE, 705 – 715. Washington, DC, USA.

Oehmen, C., Peterson, E., and Dowson, S. 2010. “An Organic Model for Detecting Cyber-

Events.” CSIIRW’10, ACM. Oak Ridge, TN, USA.

Seltsikas, P., Marsh, G., Frazier-McElveen, M., and Smedinghoff, T. J. 2011. “Secure

government in cyberspace?” DG.O’ 11, Proceedings of the 12th Annual International Digital

Government Research Conference: Digital Government Innovation in Challenging Times, ACM,

359-361. New York, NY, USA.

Ten, C.-W., Liu, C.-C., and Govindarasu, M. 2008. “Cyber-Vulnerability of Power Grid

Monitoring and Control Systems.” CSIIRW '08, Proceedings of the 4th annual workshop on

Page 14: Cybersecurity


Cyber security and information intelligence research: developing strategies to meet the cyber

security and information intelligence challenges ahead, 43, ACM. New York, NY, USA.
