Are the Current System Engineering Practices Sufficient to Meet Cyber Crime?
During the last decades, we have witnessed an explosive growth of computer-technology and the Internet. Due to the growing role of computers and Internet in important business and state-related activities, investments to computer security and the security industry have also been growing fast. In spite of that, we also see the growing trend of cyber crime and losses due to security incidents. We predict that these three growing trends will continue in the future the main reasons being that: (1) as more and more assets will be connected to the Internet, the number of potential targets and stimuli for attackers grow; (2) fundamental (and hard to change) design decisions made in early development stages of todays Internet- and computer technology guarantee persistent technical vulnerabilities in Internet-based systems due to which attackers will always be one step ahead of defenders; (3) growing role of Chief Security Officers (CSOs) in organisations, who do not necessarily have to understand the detailed purpose and functionality of the system but whose duty is still to make the ITC system of the organisation secure. These reasons guarantee the continuous growth of the security industry but also the continuous growth of losses through cyber crime.
KeywordsComputer security Cyber crime System engineering
- 1.Baran, P.: Reliable Digital Communications Systems Using Unreliable Network Repeater Nodes. RAND Corporation P-1995 (1960). https://www.rand.org/content/dam/rand/pubs/papers/2008/P1995.pdf
- 2.Baran, P.: On Distributed Communications. RAND Corporation P-2626 (1962). https://www.rand.org/content/dam/rand/pubs/papers/2005/P2626.pdf
- 3.Cherdantseva, Y., Hilton, J.: Information security and information assurance. The discussion about the meaning, scope and goals. In: Almeida, F., Portela, I. (eds.) Organizational, Legal and Technological Dimensions of Information System Administrator, pp. 167–198. IGI Global Publishing, Hershey (2013). http://www.igi-global.com/chapter/information-security-and-information-assurance/80717 Google Scholar
- 4.Cherdantseva, Y., Hilton, J.: A reference model of information assurance and security. In: Proceedings of ARES 2013, pp. 546–555 (2013). doi:10.1109/ARES.2013.72
- 5.War in the fifth domain. Are the mouse and keyboard the new weapons of conflict? Econ., 1 July 2010. http://www.economist.com/node/16478792
- 8.Herley, C.: The unfalsifiability of security claims. In: Proceedings National Academy of Sciences, May (2016). https://www.microsoft.com/en-us/research/wp-content/uploads/2015/09/unfalsifiabilityOfSecurityClaims.pdf
- 9.Nakashima, E.: Stuxnet was work of U.S. and Israeli experts, officials say. The Washington Post, 2 June 2012Google Scholar
- 10.Caldwell, L.A., Winter, T.: FBI Releases Notes From Interview With Hillary Clinton Over Emails. NBCNews, 3 September 2016. http://www.nbcnews.com/politics/2016-election/fbi-releases-documents-hillary-clinton-s-interview-n642126
- 11.OECD’s Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security. OECD (2002). http://www.oecd.org/internet/ieconomy/15582260.pdf
- 12.Parker, D.B.: Fighting Computer Crime. Wiley, New York (1998). ISBN 0-471-16378-3Google Scholar
- 14.Stoneburner, G., Hayden, C., Feringa, A.: Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A. NIST Special Publication 800–27 Rev A (2004). http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf
- 15.Traynor, I.: Russia accused of unleashing cyberwar to disable Estonia. Guardian (2007). https://www.theguardian.com/world/2007/may/17/topstories3.russia
- 16.Internet out hits tourism sector. Myanmar Times, 2 November 2010. http://www.burmanet.org/news/2010/11/02/myanmar-times-internet-out-hits-tourism-sector/