1

Research Project: Cybersecurity

Introduction

Security industry has emerged as response to the threats of different kind that follow

humanity from its birth. The need in protection from animals and then from other tribes made

first people think about their security. Through the ages, security issues started to become more

and more sophisticated. Therefore, security measures changed as well. The technology era has

changed everything. However, it did not change the desire of some people to get something

illegally that others have. Thus, the new era of challenge between security and its counterparts

has begun.

Technology has brought many innovations and advances into the world of security. At

first, there were code locks and highly sophisticated mechanical solutions that allowed making

security breaches rather difficult. Then, different wired electronic devices provided security

protectors with opportunities to have distant access to the security control systems and thus be

able to control them better. Despite all these advances, their counterparts have always been close

in this race. The third parties with criminal or other intent that wanted to get unauthorized access

to something that was protected have always been inventive and that allowed them creating

mechanisms and devices for security breaches (Guan and Huck 2012).
 2

Implications of Cyber Security

The advent of information technologies provided mankind with outstanding opportunities

in different areas. Electronic means of communication, like wired networks, wireless, and mobile

technologies have made the process of information transfer as quick and easy as never before.

Such state of things required new approaches in terms of security measures because criminals

have always been a threat. However, there are reasons to believe that the greatest threats to the

organization’s information security are constituted by employees.

Why it is so? It is rather easy to explain. At first, think about the following: IT specialists,

CIOs, security teams, etc. are all focused on development and implementation of the most

sophisticated and advanced security measures because they do realize the significance of the

consequences that security breaches might have. Then, these people within any organization

oppose the other side (criminals) that play by the same rules, meaning the approaches, ideas, and

concepts both side exploit. Therefore, security specialists generally know how to stop criminals,

at least in theory (Benzel 2011; Kemmerer 2003).

Meanwhile, employees, in most cases, have rather poor computer literacy. It means that a

normal IT related individual will not write down the password from highly-secured enterprise

database on the back side of keyboard. It also means that such kind of individual realizes in full

that it is not appropriate to store pricy, secured, important data on mobile phone, laptop, thumb

drive, or any other device, convenient to be stolen or lost.

Therefore, sloppiness, foolishness, careless, and, in some cases, anger of employees are

the greatest threats to the security plans and measures of any company. The greatest challenge

for an IT security specialist is to try to think like regular users do and then develop such security
 3

measures that would consider all imaginable actions, theoretically possible to be performed by a

typical employee. Otherwise, information security is in great danger, always.

 4

Limitations

Unauthorized access to the protected network, such as Ministry of Interior could have, is

the biggest issue today. Mobile devices are more and more popular these days so it is very

important to implement protection for such devices as well. Thus, encryption and smart cards

access can be useful in this matter.

Protection of sensitive information has always been an issue. People have tried to protect

important data for centuries and used rather different methods in order to achieve this goal. The

most useful and efficient method was encryption. A sender (or keeper) altered information using

a specific key. No one else was able to understand such encrypted message without having and

applying the key. Therefore, the main goal to protect the data was achieved in this way.

Further development of data carriers led to the sophistication of encryption methods. It

was the only way to assure protection. With the advent of information technologies as we know

them today, the need in protecting data grew drastically. Computers provided us with substantial

computational capability that allowed developing new, more advanced and powerful encryption

algorithms. Such achievement made encryption a more reliable and widespread method of data

protection (Benzel 2011; Kemmerer 2003).

At first, encryption was used by military in order to not allow enemies understand

intercepted messages. Later, business community realized that encryption could be used for

protection business secrets and internal information from the third parties. Thus, encryption tools

became commonly used not only for military and business purposes but also in day-to-day life of

regular people.

New encryption algorithms were developed. The old ones were improved. However, the

contemporary era of the Internet, smartphones, laptops, and mobile data storages required new
 5

approaches in data protection. Business required solutions that were able to protect sensitive

information from the unauthorized access. Eventually, different encryption techniques

(algorithms) were developed. AES, DES, algorithms with symmetric and asymmetric keys, SSL,

and many others were developed to assure that data was safe and could not be acquired by the

third parties without permission. Even the full disk encryption technique was created to provide

the business community with extra security measures.

Modern business industry can be called customer-driven. It is rather easy to agree with

this statement if we just look at the current situation on nearly any market. However, this

tendency is easier to follow using the market of financial services as an example. This market

grew substantially after the advent of information technologies (IT) and their rapid development.

The reasons for such drastic increase were more than obvious. Banks and other financial

institutions got the opportunity to provide their customers with usual services via the

achievements of informational era, such as global network (the Internet), mobile terminals

(smartphones and other mobile devices), smart chips in credit cards, etc. (Benzel 2011;

Kemmerer 2003; El-Khatib et al. 2010; Seltsikas 2010).

Along with the rapid development of financial products’ and services lines, oriented on

the online distribution, the need in securing such kind of transactions grew as well. It was clear

that people would not entrust such sensitive information as financial to the channels they were

not sure about. Therefore, at the beginning of information era the number of financial services

was small but they were rather secure. Credit cards, checks, other financial instruments were

protected comparatively well because the customers’ personal financial data (personal

identification numbers, for example) was not transferred via unsecured networks, including

wireless ones.
 6

With the advent of such technologies, as wireless networks, instant access to the Internet

from mobile devices, contactless access to smart cards based on radio frequency identification

(RFID), and many others, the number of opportunities to provide financial services grew

substantially. However, there is an opinion that it has been done at the expense of customer

security. The aim of this paper is to discuss this issue in order to understand whether it is true or

not.

At first, it is necessary to understand what these financial services are and what features

they have. Thus, it would be easier to obtain broader view on the main issue. Online financial

services are usually provided via online banking. It is also sometimes called Internet banking.

Online (Internet) banking gives an opportunity to conduct various financial transactions using

secured website of a bank.

Most of the common operations performed via online services can be addressed to

transactional and non-transactional categories, and also financial institution administration,

management of numerous users that have different levels of authority, approval process of

transactions. In addition, online banking could include such unique services as personal financial

management support and account aggregation that would allow customers monitoring numerous

personal accounts via the Internet (El-Khatib et al. 2010; Seltsikas 2010).

Now, it is important to clarify the major concern of every transaction or simply action

related to financial activities – security. Security in such kind of transactions is issue number one

beyond any doubts. Usual banking services are provided with rigid security measures, such as

combination of different authentication methods, secured cards, heavily guarded safes, etc.

However, in case of online banking, there are no opportunities to provide these security

measures.
 7

Solutions

Online services provided regular people with tools that make their life easier and

comfortable. Security specialists of different sectors developed various systems that should

secure online transactions and make them as secure as it would be in the real bank, for example.

However, considering the level of technology, it is not wise for anyone to feel entirely safe

entering PIN from personal account into mobile banking application (for example). This data

goes though different nodes and wireless networks so it can be intercepted, decrypted, and then

used (El-Khatib et al. 2010; Seltsikas 2010).

Online banking indeed provided customers with numerous services that were unreachable

before. However, it lowered the overall secureness of financial transactions conducted over the

Internet. It is true that customers either accept such state of thing or not. Some of them use online

banking intensively, other prefer going to the nearest bank because it is more secure. In any case,

it is the choice of each person whether to use online services provided by the financial

institutions or not.

Therefore, the implementation of online services was a very significant step. People begin

entrusting their financial and other information to the Internet medium and it has its advantages

and deficits. The number of services that banks can offer via online is much bigger but such

freedom of choice is connected with increased risks. It could be said that such variety of services

caused the overall simplification of customer security in order to provide these service to as

many customers as possible. However, it cannot be said that these services were imposed. The

development of the internet technologies inevitable led to the changes in many industries and the

banking industry simply could not ignore it (El-Khatib et al. 2010; Seltsikas 2010).
 8

Reflection

In order to realize how dependent we are from the technologies, I chose morning to go

without using information systems and technologies. Morning is the busiest time of the day in

this matter – checking the emails, news, twitts, Facebook messages, etc. so it was decided to do

so to see how long my mind will be disturbed by the absence of this data. I normally use tablet

and smartphone to browse the Internet and socialize, use emails and various IMs to

communicate. Considering the situation, it was nearly impossible to even think that I was not

able to visit Facebook – there are my friends and lots of information I need to see and share from

the very beginning of the day!

It was obvious that communication in the old-school regime (like over the wired phone,

for example or a simple meeting in a café) could not been applied in this case. Simple process of

information transfer became utterly difficult – people were not nearby the phone and of course

had no time for meetings. Communication – this is the most difficult task to complete without IT.

Based on this one-time-short experience, it is sad to conclude that we cannot live without

technologies. Well, we can survive, but our life will change completely. Social connections will

be either destroyed or substantially narrowed. Society will die as we know it today.

 9

Conclusion

Analyzing the current paradox when the number of tools to assure cyber security grows

but we are less secured in this area, it becomes clear that something should be changed on the

deeper levels and in the broader scope. People should learn to accept the need in technologies in

every area of day-to-day activities and that the technologies should be treated accordingly.

Therefore, since we know that we must look on the road when we cross it, we must realize the

problems cyber security issues can cause.

It is necessary to teach young people how to assure cyber security on the most primitive

level from the school desk. Organizations must accept the truth that it is important to teach

employees to be “cyber conscious” and qualified in this area to assure the secureness of the data

at every desk and workplace. Societies need to change the attitude towards cyber security, alter

laws and increase the responsibility for the cyber-related crimes, pay more attention to the

educational process in this area, etc.

 10

References

Benzel, T. 2011. “The Science of Cyber Security Experimentation: The DETER Project.”

ACSAC’ 11, ACM. Orlando, Florida, USA.

El-Khatib, K., Hung, P., Thorpe, J., and Rjaibi, W. 2010. “Cybersecurity issues for businesses.”

CASCON’ 10, Proceedings of the 2010 Conference of the Center for Advanced Studies on

Collaborative Research, 364-365. IBM Corp. Riverton, NJ, USA.

Guan, J. and Huck, J. 2012. “Children in the digital age: exploring issues of Cybersecurity.”

iConference’ 12, Proceedings of the 2012 iConference, ACM, 506-507. New York, NY, USA.

Hoffmann, L. “Risky business.” Magazine Communications of the ACM, 54(11), 20-22. New

York, NY, USA.

Kemmerer, R. A. 2003. “Cybersecurity.” ICSE’ 03, Proceedings of the 25th International

Conference on Software Engineering, IEEE, 705 – 715. Washington, DC, USA.

Oehmen, C., Peterson, E., and Dowson, S. 2010. “An Organic Model for Detecting Cyber-

Events.” CSIIRW’10, ACM. Oak Ridge, TN, USA.

Seltsikas, P., Marsh, G., Frazier-McElveen, M., and Smedinghoff, T. J. 2011. “Secure

government in cyberspace?” DG.O’ 11, Proceedings of the 12th Annual International Digital

Government Research Conference: Digital Government Innovation in Challenging Times, ACM,

359-361. New York, NY, USA.

Ten, C.-W., Liu, C.-C., and Govindarasu, M. 2008. “Cyber-Vulnerability of Power Grid

Monitoring and Control Systems.” CSIIRW '08, Proceedings of the 4th annual workshop on

Cyber security and information intelligence research: developing strategies to meet the cyber

security and information intelligence challenges ahead, 43, ACM. New York, NY, USA.