Out to explore the cybersecurity planet
| DOI | https://doi.org/10.1108/JIC-05-2019-0127 |
| Date | 05 May 2020 |
| Pages | 291-307 |
| Published date | 05 May 2020 |
| Author | Giampaolo Bella |
| Subject Matter | Information & knowledge management,Knowledge management,HR & organizational behaviour,Organizational structure/dynamics,Accounting & Finance,Accounting/accountancy,Behavioural accounting |
Out to explore the
cybersecurity planet
Giampaolo Bella
Dipartimento di Matematica e Informatica, Universit
a of Catania, Catania, Italy
Abstract
Purpose–Security ceremonies still fail despite decades of efforts by researchers and practitioners. Attacks are
often a cunning amalgam of exploits fortechnical systems and of forms of human behaviour. For example, this
is the case with the recent news headline of a large-scale attack against Electrum Bitcoin wallets, which
manages to spread a malicious update of the wallet app. The author therefore sets out to look at things through
a different lens.
Design/methodology/approach –The author makes the (metaphorical) hypothesis that humans arrived on
Earth along with security ceremonies from a very far planet, the Cybersecurity planet. The author’shypothesis
continues, in that studying (by huge telescopes) the surface of Cybersecurity in combination with the logical
projection on that surface of what happens on Earth is beneficial for us earthlings.
Findings –The author has spotted four cities so far on the remote planet. Democratic City features security
ceremonies that allow humans to follow personal paths of practice and, for example, make errors or be driven
by emotions. By contrast, security ceremonies in Dictatorial City compel to comply, hence humans here behave
like programmed automata. Security ceremonies in Beautiful City are so beautiful that humans just love to
follow them precisely. Invisible City has security ceremonies that are not perceivable, hence humans feel like
they never encounter any. Incidentally, the words “democratic”and “dictatorial”are used without any political
connotation.
Originality/value –A key argumentthe author shall develop is that all cities but Democratic City address the
human factor, albeit in different ways. In the light of these findings, the author will also discuss security
ceremonies of our planet, such as WhatsApp Web login and flight boarding, and explore room for improving
them based upon the current understanding of Cybersecurity.
Keywords Computer security, Computer privacy, Socio-technical security
Paper type Research paper
1. Introduction
Cybersecurity has gone through many theoretical breakthroughs, practical developments,
worldwide deployments, subtle flaws and their fixes in a continuous loop —which should
also cover intellectual capital (IC) (Renaud et al., 2019). Cybersecurity is traditionally
understood as a property of a technical system, namely one that scientists design, in the best
case along with its security measures, and then pass on for engineers to build as actual
technology. More precisely, that technology consists of interconnected, heterogeneous pieces,
such as a browser running on a client host and a server running in the cloud.
1.1 The human factor
But security measures continue to fail nowadays. An ever-green example comes from the
authentication failure due to poor password choice, with the weakest of 5m passwords leaked
in 2018 still being “123456”(Hall, 2018). A few more examples are outlined further. It is clear
that the so-called human factor may be crucial for the fate of security measures. Therefore, it
is insufficient to look at a technical system in all sorts of ways to make sure its security
measures work; by contrast, it is necessary to look at the technical system holistically with
humans, namely study the effectiveness of the security measures of the socio-technical system
that intertwines the given technical system with its users. Therefore, although the mentioned
authentication failure is certain to affect the socio-technical system, it may not be entirely due
to the inscribed technical system.
Humans may make errors, such as mistakes, namely failures to do what they genuinely
wanted to do, or slips, namely momentary lapses that lead to taking an unintended action
Exploring the
cybersecurity
planet
291
The current issue and full text archive of this journal is available on Emerald Insight at:
https://www.emerald.com/insight/1469-1930.htm
Received 31 May 2019
Revised 17 October 2019
12 December 2019
19 December 2019
Accepted 19 December 2019
Journal of Intellectual Capital
Vol. 21 No. 2, 2020
pp. 291-307
© Emerald Publishing Limited
1469-1930
DOI 10.1108/JIC-05-2019-0127
(Norman, 1981). Humans may choose to deliberately counter cybersecurity for various
reasons, such as perceiving it as burden. For example, although card-and-PIN authentication
to enter premises or record work times may be in place, cards are often left in a public card
rack outside the entrance near the PIN pad (STEELMASTER, 2016). Humans may also fall
victims of social engineering scams, hence favour someone else’s malicious aims (Mitnick and
Simon, 2001). We must realise that humans are far from being automata perfectly executing
the program that the Technocrats prescribed. Hence, scientists will have to join efforts, with
Technocrats collaborating at least with colleagues from the Humanities, in order to
effectively expand their focus from a technical system onto the corresponding socio-technical
system. As a result, scientists will still pass only a technical system on for engineers to build,
but the resulting technology will be secure when used in practice by humans.
1.2 Security ceremonies
Example technical systems are protocols, such as the HTTP protocol, and notably protocols
that also incorporate security measures, namely security protocols, such as the HTTPS
security protocol. Correspondingly, example socio-technical systems are ceremonies, such as
the HTTP ceremony, and notably ceremonies that also incorporate security measures,
namely security ceremonies (Ellison, 2007), such as the HTTPS security ceremony (Giustolisi
et al., 2018).
With its emphasis on security and the human factor, this article focusses on security
ceremonies. These will be named by their main functional objective, for example, a flight
boarding ceremony, and their security measures will be discussed.
1.3 Hypothesis (methaphorical)
Security ceremonies are not yet fully understood and are extremely hard to get right,
particularly for their inherent human factor. The main hypothesis of this article is that
humans arrived on Earth along with security ceremonies from a very far planet, the
Cybersecurity planet. Contacts with that planet have been lost entirely, hence humans and
security ceremonies have been evolving both on Earth and on Cybersecurity entirely
separately.
The hypothesis also states that studying (by huge telescopes) the surface of Cybersecurity
in combination with the logical projection on that surface of what happens on Earth is
beneficial for us earthlings. Not only will this further our understanding of that planet but, as
is the case with any space exploration, it will favour a broader and more structured
understanding of what we experience on Earth —in this case, in terms of security. The
results discussed further will establish this hypothesis as fact.
1.4 Article contribution
This article elaborates on the little we know about the Cybersecurity planet. I have spotted
four cities so far. Democratic City features security ceremonies that allow humans to follow
personal paths of practice and, for example, make errors or be driven by emotions. By
contrast, security ceremonies in Dictatorial City compel humans to comply, hence humans
here behave like programmed automata. Then, security ceremonies in Beautiful City are so
beautiful that humans just love to follow them precisely. Finally, Invisible City has security
ceremonies that are not perceivable, hence humans feel like they never encounter any.
This is, in short, my best understanding of Cybersecurity. Following the stated
hypothesis, it combines what can be seen of that planet by telescopes with what can be
predicted on the basis of terrestrial experience. A key argument that I shall develop is that all
cities except Democratic City address the human factor, albeit in different ways. In the light of
JIC
21,2
292
To continue reading
Request your trial