Modern society requires a reliable and trustworthy Internet infrastructure. To achieve this goal, cybersecurity research has previously drawn from a multitude of disciplines, including engineering, mathematics, and social sciences, as well as the humanities. Cybersecurity is concerned with the study of the protection of information – stored and processed by computer-based systems – that might be vulnerable to unintended exposure and misuse.
We seem to see new reports of hacking every week, ranging from the social media profiles of Taylor Swift and Centcom, to the email accounts of Sony, to at-home security gadgets such as baby monitors. Certain types of hacking, such as using a public hotspot to access information on someone else’s computer, are mere child’s play, as demonstrated by this 7 year-old. Such public hotspots are used in hundreds of thousands of restaurants, hotels, and other locations throughout the UK. So how do we – companies, institutions, and individuals – protect ourselves from cybercrimes?
Computer-based systems that store and process confidential, sensitive, and private information are vulnerable to attacks exploiting weaknesses at the technical, social, and policy level. Attacks may seek to compromise the confidentiality, integrity, or availability of the information, as well as violate the privacy of the information’s owners and stakeholders.
One reason why achieving cybersecurity is so hard in practice is that systems are often designed in isolation, but operate as parts of a broader ecosystem. In such an environment, delivering complex sets of services, the defenders may be less interested in the security of a particular system and more in the overall sustainability and resilience of the ecosystem. Systems across sectors – financial, transport, retail, health, communications, etc – are massively interconnected. Vulnerabilities in systems in one sector – that may be exploited by criminals, terrorists, nation-states – may lead to critical failures in others.
The extent of the threat to the information ecosystems upon which modern societies depend, and the scale of the required response, is increasingly being recognised by major governments, with substantial research and development funds being made available. Moreover, the solutions to cybersecurity problems also span the technical and policy layers.
Understanding how these ecosystems operate requires an interdisciplinary approach: computer scientists to design the software and networks; cryptographers to protect confidentiality of communications; economists to explain how the competing incentives of stakeholders might play out; anthropologists to explain cultural contexts and how they impact solutions; psychologists to explain how decisions are made and the impact on system design; the legal and policy scholars to set out regulatory constraints; criminologists and crime scientists to explain the motivation of perpetrators; and experts in strategy to frame the international context. Consequently, cybersecurity research cannot remain siloed. Instead, rigorous, interdisciplinary scholarship that incorporates multiple perspectives is required.
Future successes in cybersecurity policy and practice will depend on dialogue, knowledge transfer, and collaboration.
Image credit: Security. Public Domain via Pixabay.