Paper Example Undergraduate 3,562 words

Emerging and New Cybersecurity Technology

Last reviewed: February 19, 2015 ~18 min read

¶ … Cyber Security Technology

Emerging Technology for Cyber Security

Real-World Examples of the use of Emerging Cyber Security Technologies

Government Efforts to enhance Cyber security Technologies

Benefits and Drawbacks of Government Efforts for new Cyber-security Technologies Conclusion

The development of internet and cyberspace represents of the most revolutionary technological advancement of humanity. Fewer countries and sectors are unaffected by the latest advancement of internet technologies. Although, recent technological phenomenon has influenced several areas, however, it represents one of the most serious security threats to modern society. As organizations and developed world are moving their critical infrastructures online, there are also ever growing cyber criminal activities attempting to steal sensitive data worth billions of dollars. Adversaries of cyber realms include spies from some countries and organized criminals attempting to steal sensitive information that include identities, and money. Complicated issues about the cyber threats consist of fundamental asymmetrical risks and ever-increasing waves of cyber attacks represent one of the serious and mounting security risks to business organizations, public agencies as well as individuals.

Defending against the waves of cyber attacks requires emerging cyber securities. Cyber security is the process of applying and providing security measures to enhance data integrity, confidentiality and availability. Typically, a cyber-security aims to assure protection of assets such as desktops, data, servers, buildings and humans. The goal of cyber-security is to protect asset in transit and at rest. Goodyear, Goerdel, Portillo, et al. (2010) define cyber-security as an information technology measure to achieve a desired level of protection using the CIA acronym to enhance Confidentiality, Integrity, and Availability of organizational data.

The option for emerging cyber-security is very essential because the traditional cyber-security systems are unable to control frequency and sophistication of cyber attacks, which have become imminent in the current IT world. The benefits that organizations could derive from an emerging cyber-security for the data confidentiality, integrity, and availability make increasing number of organizations to consider the emerging technologies to enhance security of their information assets. However, the emerging technologies are just recently being developed, and the efficacies of emerging cyber-security to thwart sophisticated cyber attacks have not yet been proven. Some of these technologies are in their youthful stage. Some as young as 12-month-old.

Objective of this paper is to explore the emerging cyber security technologies. The rest of the paper is organized as follows:

First, the paper identifies and discusses the emerging cyber securities and reveals recent research and development to improve cyber securities. Moreover, the paper provides different definitions of identified emerging security technologies and their main features.

Additionally, the study provides real world examples of the identified emerging cyber securities. The study also explores government efforts in nurturing and support cyber securities. Finally, the paper discusses several benefits and drawbacks of the government efforts for the improvement of emerging cyber securities.

Emerging Technology for Cyber Security

Kuehn, & Mueller, (2014) identify the BBP (Bug Bounty Program) as one of the new emerging cyber-security program used to identify and address the bug vulnerability in the computer systems. Software vulnerability is a computer code flaw, which is known as a security bug that can compromise the computer security. Typically, vulnerabilities can occur due to an unintended design of mathematical errors. A bug can persist for a long time within an organizational computer system before it is discovered. Typically, the bug vulnerability allows unauthorized individual to intrude into, manipulate, and steal data from organizational information systems. A software code that allows this type of vulnerability is called exploit. In essence, vulnerability allows the software exploit in order to circumvent organizational security systems. Software engineering expert has presented various novel approaches to design and test software in order to enhance software drug free.

Kuehn, & Mueller, (2014) further point out that many organizations have developed a new generation cyber security program called BBP (Bug Bounty Program). The program is an emerging cyber-security realm that has translated to the emerging practice and norms in the cyber-security paradigm. The new security paradigms have implication in the security and reliability of the internet. The BBP is a bug challenges reward or VRP (vulnerability rewards programs) aimed to reward penetrators, testers, independent security researchers as well as white hat hackers in order to share knowledge about operation of the BBP. (Bilge, & Dumitras, 2012). However, enhance cyber-security through monetary rewards from the BBP program is a new security development. Many software security vendors have incorporated the BBP program into their business objectives to enhance security platform within an IT environment. However, the efficacy of the BBP security platform is still under consideration. In the recent years, many online companies have experimented with BBPs to enhance their security systems.

Another emerging cyber-security is the security system to protect cloud computing. Sharma (2012) identifies the cloud computing, as one of the emerging technologies that many organizations are currently using to achieve their business objectives and increasing number of organizations are using the cloud computing because of its cost effectiveness. In other words, organizations are moving into the cloud to enjoy a significant cost saving, flexibility, and new collaborative models. Despite the benefits delivered by the cloud computing, the security systems for the cloud computing are different from other technologies. The Big Data also presents different security challenges to organizations. Big Data is more than bits and bytes, which are the features of ordinary data. Typically, Big Data is a new technology that requires a new security system.

Takahashi, Kadobayashi, & Fujiwara, (2010) also identify the cloud computing technology as a new emerging IT ( Information Technology). The authors define cloud computing as a model used to achieve a shared configuration of computing resources such as servers, network, storage and application. Typically, the benefit of a cloud computing is its massive scalability because it provides a superior and efficient user experience. For example, cloud computing such as Google Apps and Amazon Web Services are accessible through a web service or web browser API (application programming interface). Many organizations prefer using the cloud computing services because of its cost savings. Recently, the market size of cloud computing is growing rapidly. In 2009, organizations spent approximately $17 billion on Google cloud. However, the market increases to $44 billion in 2013 showing that the cloud computing will outpace the traditional IT spending in the next few years.

However, preserving security for a cloud computing requires an emerging cyber-security technologies since the application of cloud computing departs from the traditional computing system. Different emerging cyber securities have been developed to enhance security system of a cloud computing. A Warning Database is an emerging security for a cloud computing, which consists of a database that contain information on cyber-security warnings. Organizations can use the warning information in the database to implement countermeasures against cybersecuriuty risks.

In a cloud computing technology, a warning database is used to alert user about some security risks in the cloud computing. A CKB (Countermeasure Knowledge Base) is another emerging security system for cloud computing that accumulates information related to the assessment rules, checklist, scoring methodologies in order to evaluate security level of the cloud computing. For example, the CKB provides the information about the rules for the best practice of cloud computing. The CKB also provides the Protection and Detection Knowledge-Based used to accumulate knowledge for protecting and detecting security threats within the cloud-computing environment. For example, the Countermeasure Knowledge Database provides the rules and criteria for the implementation of IDS (intrusion detection system) and IPS (intrusion prevention system) signatures. Typically, the rules that should be followed for the implementation of signature are accumulated in the database. Despite the effectiveness of Countermeasure Knowledge-Based for the security measure of the cloud computing, the security platform is still at an initial stage of development. Its applicability is still limited within the cloud-computing environment.

Rabai, Jouini, Aissa, et al. (2013) also point that a cloud computing is an emerging computing paradigm and many organizations use the cloud computing because of its flexibility, economy of scale and convenience. Despite the benefits associated to the cloud computing, the new technology is inherent with security risks. For example, the cloud computing technology is exposed to threats such as virtual machine modification, Flooding attacks, Denial of service (DoS) attack, Data leakage or loss, traffic, account, and service hijacking, monitoring of user's virtual machine from other virtual machine.

Rabai, et al. (2013) identify "OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)" (p 65) as risk-based planning technique for the cloud security system. The OCTAVE plan is based on the identification of the major security threats and development security strategies to thwart those risks.

Real-World Examples of the use of Emerging Cyber Security Technologies

In the United States and other part of the world, some organizations have started experimenting emerging cyber security technologies to enhance organizational security systems. In the case of the BBP (Bug Bounty Program), Microsoft has launched one of the emerging cyber security projects. The Microsoft launched a Bounty Program in 2013 offering a reward for the novel exploitation technique because the Microsoft considers the development of the BBPs as decisive shift in the cyber-security technological development. The essence of the Microsoft BBPs program is to target the black market dealing with the security vulnerabilities. In 2013, the Microsoft launched the Internet Explorer II BBP reward reaching up to $10,000 to identify critical software flaws. Microsoft also launches a Mitigation Bypass Bounty of up to $100,000 to enhance advanced protection of technology. The BlueHat Bonus was also launched to provide novel exploitation techniques for defensive approach against vulnerabilities.

The Mozilla has also introduced the Security Bug Bounty Program in order encourage safe internet program. Typically, Mozilla pays up to $3,000 for identifying high severity and critical bugs in Thunderbird and Firefox.

"Security bug is present in the most recent main development or released versions of Firefox, Thunderbird, Firefox for Android, or in Mozilla services which could compromise users of those products, as released by Mozilla Corporation." (Mozilla, 2015 p 1).

The Google also pays up to $20,000 in order to discover vulnerability in the Youtube.com and Google.com. Moreover, several companies have introduced between $500 and $10,000 as monetary rewards to manage various BBPs internet services and software applications.

The Facebook also launches a bug bounty program using the White Hat initiatives to draw both external and internal security experts for the programs. In 2013, the Facebook extended the bug security infrastructure in its corporate network.

However, "the program is subject to continuous growth in terms of participating security researchers, scope, and numbers of submissions. This leads to continuous refinement of the program: Facebook reported that the number of high-severity issues was falling, increasing the efforts needed to discover 'good bugs'. It announced increases in the bounty amounts in areas of particular security interest ." (Kuehn & Mueller, 2014 p 10).

Government Efforts on Cyber security

Klaper & Hovy, (2014) argue that cyber security is very critical for both government and private organizations. If government's sensitive data is exposed, the issue can shatter people support for the open government initiatives. One of the government efforts to enhance security for the infrastructures of the government and private organizations is by creating the cyber security laws and policies to protect organizations and citizens against cyber crimes. In essence, policies and laws are the political strategies of the governments to enhance cyber-security. However, law and policies to enhance cyber security is still underdeveloped because the advent of the internet has made national boundaries to disappear. It is now possible for cyber criminals to penetrate organizational network systems remotely from another country making application of these laws and policies to become more complicated. The United States is one of the few countries that have a comprehensive cyber laws and policies. For example, Obama administration has implemented a presidential policy directive that provides a detailed strategy to secure critical infrastructures. Moreover, the United States has promulgated American cyber-security laws to enhance security of the cyber infrastructures.

The education and awareness are the other strategies that the government employs to enhance cyber security. For example, the U.S. government has launched a CNCI (Comprehensive National Cyber security Initiative) aimed to improve the cyber security at all levels. Typically, the Department of Homeland Security has launched the "National Cyber security Communications Integration" focusing on educating users about the safety of a website.

U.S. Government Accountability Office (2013) also presents a research paper showing that sophistication and advancement of cyber attacks have become a major concern to the government and business communities. The attackers have taken the advantages of flaws within the software code to commit a cyber crime. Some attackers also use the social engineering tools to trick unsuspected users in divulging sensitive information. Some attacks are becoming more automated using the botnets to compromise computers remotely. "Bots (short for robots) have become a key automation tool to speed the infection of vulnerable systems." (U.S. Government Accountability Office, 2013 p14).

The U.S. government has implemented several laws to improve the country's cybersecurity. For example, the government has promulgated the "Federal Information Security Management Act of 2002 (FISMA) present a framework for agencies to use in improving their capabilities to protect federal systems and information against cyberattack." (U.S. Government Accountability Office, 2013 p14). The OMB (Office of Management & Budget) is also empowered to oversee and develop the principles, policies, guidelines and standards for the implementation of information security. In other words, the OMB is responsible for issuing guidance to federal government agencies on the appropriate way to manage information security threats.

Moreover, the Homeland Security Act provides the appropriate tools to intercept information security threats and incidents. NIST (National Institute of Standards and Technology) has also issued several publications that can assist agencies and business organizations to protect their infrastructures against emerging cyber-security threats. The government also has many pending legislations to address the threats such as phishing, spam, and spyware. The NIST has also issued various guidance that federal agencies can use to enhance electronic mail security and security of public web server. The electronic mail security guidance reveals various practices that organizations should employ to enhance the security of their network infrastructures. The NIST also discusses different methods that organizations can employ to secure Web server. The methods include testing, hardening servers, backing up, patching systems, developing and maintaining a secure network. The NIST also issued a publication on the methods organizations can use to implement cryptographic and authentication applications.

The U.S. government has also introduced the Internet-Spyware (I-SPY) Prevention Act, which makes unauthorized access to a private or public network infrastructures becoming a criminal act. The offenses include intentional unauthorized access leading to copy of a computer file. It is also a criminal offense to intentionally transmit personal information that can cause damage to other people computer or defraud another person.

The U.S. government also introduces the Anti-phishing Act that imposes penalties on individual perpetuating pharming and phishing. The Act intends to prohibit e-mail message and fake Websites that pretend to be legitimate and attempt to make individual divulging personal information that will lead to a fraud and identity theft. Anti-phishing, Act also covers identity theft and internet related frauds such as creating a website with the aim of fraudulently represent itself as a legitimate online business. The Act also includes the penalties of up to five years imprisonment for an individual committing this fraud.

The NIST has also introduced five effective cyber-security frameworks that offer potential protection for network infrastructures across organizations. These frameworks are voluntary, however, it will serves as potential advances in technological protection across industry. (PWC, 2014). The five core frameworks are: Identify, Protect, Detect, Respond and Recover.

Table 1: NIST Five Core Cyber -security Frameworks

Functions

Definition