Distribution of Terms Across Genres in the Annotated Lithuanian Cybersecurity Corpus

The paper provides results of the frequential distribution analysis of cybersecurity terms used in the Lithuanian cybersecurity corpus composed of texts of different genres. The research focuses on the following aspects: overall distribution of cybersecurity terms (their density and diversity) across genres, distribution of English and English-Lithuanian terms and their usage patterns in Lithuanian sentences, and, finally, the most frequent cybersecurity terms and their thematic groups in each genre. The research was performed in several stages: compilation of a cybersecurity corpus and its subdivision into genre-specific subcorpora, manual annotation of cybersecurity terms, automatic lemmatisation of annotated terms and, finally, quantitative analysis of the distribution of the terms across the subcorpora. The results reveal the similarities and differences of the use of cybersecurity terminology across genres which are important to consider to get a complete picture of terminology usage trends in this domain

Cybersecurity: mapping the ethical terrain

This edited collection examines the ethical trade-offs involved in cybersecurity: between security and privacy; individual rights and the good of a society; and between the types of burdens placed on particular groups in order to protect others. Foreword Governments and society are increasingly reliant on cyber systems. Yet the more reliant we are upon cyber systems, the more vulnerable we are to serious harm should these systems be attacked or used in an attack. This problem of reliance and vulnerability is driving a concern with securing cyberspace. For example, a ‘cybersecurity’ team now forms part of the US Secret Service. Its job is to respond to cyber-attacks in specific environments such as elevators in a building that hosts politically vulnerable individuals, for example, state representatives. Cybersecurity aims to protect cyberinfrastructure from cyber-attacks; the concerning aspect of the threat from cyber-attack is the potential for serious harm that damage to cyber-infrastructure presents to resources and people. These types of threats to cybersecurity might simply target information and communication systems: a distributed denial of service (DDoS) attack on a government website does not harm a website in any direct way, but prevents its normal use by stifling the ability of users to connect to the site. Alternatively, cyber-attacks might disrupt physical devices or resources, such as the Stuxnet virus, which caused the malfunction and destruction of Iranian nuclear centrifuges. Cyber-attacks might also enhance activities that are enabled through cyberspace, such as the use of online media by extremists to recruit members and promote radicalisation. Cyber-attacks are diverse: as a result, cybersecurity requires a comparable diversity of approaches. Cyber-attacks can have powerful impacts on people’s lives, and so—in liberal democratic societies at least—governments have a duty to ensure cybersecurity in order to protect the inhabitants within their own jurisdiction and, arguably, the people of other nations. But, as recent events following the revelations of Edward Snowden have demonstrated, there is a risk that the governmental pursuit of cybersecurity might overstep the mark and subvert fundamental privacy rights. Popular comment on these episodes advocates transparency of government processes, yet given that cybersecurity risks represent major challenges to national security, it is unlikely that simple transparency will suffice. Managing the risks of cybersecurity involves trade-offs: between security and privacy; individual rights and the good of a society; and types of burdens placed on particular groups in order to protect others. These trade-offs are often ethical trade-offs, involving questions of how we act, what values we should aim to promote, and what means of anticipating and responding to the risks are reasonably—and publicly—justifiable. This Occasional Paper (prepared for the National Security College) provides a brief conceptual analysis of cybersecurity, demonstrates the relevance of ethics to cybersecurity and outlines various ways in which to approach ethical decision-making when responding to cyber-attacks

Understanding How to Diversify the Cybersecurity Workforce: A Qualitative Analysis

A robust cybersecurity workforce is critical for protection against a range of malicious attacks. However, it has been noted that there are many vacancies and a shortage of individuals entering the cybersecurity workforce. This workforce shortage has partly been attributed to the lack of diversity in the cybersecurity field, with women, African Americans, and Hispanics remaining underrepresented in educational and professional settings. Using a qualitative approach, this work sought to investigate what led underrepresented minorities currently involved in cybersecurity to the industry, with the goal of determining methods to attract and diversify the workforce. A thematic analysis was conducted using data collected during interviews with 23 participants including underrepresented minority students, underrepresented minority professionals, college instructors, and a high school administrator. The interview questions aimed to address (a) what attracted minorities to the field, (b) how they overcame educational and professional roadblocks, (c) how they built non-technical knowledge, skills, and attitudes, and (d) how they maintained engagement. Findings revealed 17 themes that were related to characteristics of (a) the learner, (b) the instruction, and (c) the environment. Based on these findings, recommendations are presented to illustrate how these themes can be implemented by instructors with the goal of increasing the participation and involvement of underrepresented minorities and fostering diversity in the cybersecurity field

CEPS Task Force on Artificial Intelligence and Cybersecurity Technology, Governance and Policy Challenges Task Force Evaluation of the HLEG Trustworthy AI Assessment List (Pilot Version). CEPS Task Force Report 22 January 2020

The Centre for European Policy Studies launched a Task Force on Artificial Intelligence (AI) and Cybersecurity in September 2019. The goal of this Task Force is to bring attention to the market, technical, ethical and governance challenges posed by the intersection of AI and cybersecurity, focusing both on AI for cybersecurity but also cybersecurity for AI. The Task Force is multi-stakeholder by design and composed of academics, industry players from various sectors, policymakers and civil society. The Task Force is currently discussing issues such as the state and evolution of the application of AI in cybersecurity and cybersecurity for AI; the debate on the role that AI could play in the dynamics between cyber attackers and defenders; the increasing need for sharing information on threats and how to deal with the vulnerabilities of AI-enabled systems; options for policy experimentation; and possible EU policy measures to ease the adoption of AI in cybersecurity in Europe. As part of such activities, this report aims at assessing the High-Level Expert Group (HLEG) on AI Ethics Guidelines for Trustworthy AI, presented on April 8, 2019. In particular, this report analyses and makes suggestions on the Trustworthy AI Assessment List (Pilot version), a non-exhaustive list aimed at helping the public and the private sector in operationalising Trustworthy AI. The list is composed of 131 items that are supposed to guide AI designers and developers throughout the process of design, development, and deployment of AI, although not intended as guidance to ensure compliance with the applicable laws. The list is in its piloting phase and is currently undergoing a revision that will be finalised in early 2020. This report would like to contribute to this revision by addressing in particular the interplay between AI and cybersecurity. This evaluation has been made according to specific criteria: whether and how the items of the Assessment List refer to existing legislation (e.g. GDPR, EU Charter of Fundamental Rights); whether they refer to moral principles (but not laws); whether they consider that AI attacks are fundamentally different from traditional cyberattacks; whether they are compatible with different risk levels; whether they are flexible enough in terms of clear/easy measurement, implementation by AI developers and SMEs; and overall, whether they are likely to create obstacles for the industry. The HLEG is a diverse group, with more than 50 members representing different stakeholders, such as think tanks, academia, EU Agencies, civil society, and industry, who were given the difficult task of producing a simple checklist for a complex issue. The public engagement exercise looks successful overall in that more than 450 stakeholders have signed in and are contributing to the process. The next sections of this report present the items listed by the HLEG followed by the analysis and suggestions raised by the Task Force (see list of the members of the Task Force in Annex 1)

Multinational perspectives on information technology from academia and industry

As the term \u27information technology\u27 has many meanings for various stakeholders and continues to evolve, this work presents a comprehensive approach for developing curriculum guidelines for rigorous, high quality, bachelor\u27s degree programs in information technology (IT) to prepare successful graduates for a future global technological society. The aim is to address three research questions in the context of IT concerning (1) the educational frameworks relevant for academics and students of IT, (2) the pathways into IT programs, and (3) graduates\u27 preparation for meeting future technologies. The analysis of current trends comes from survey data of IT faculty members and professional IT industry leaders. With these analyses, the IT Model Curricula of CC2005, IT2008, IT2017, extensive literature review, and the multinational insights of the authors into the status of IT, this paper presents a comprehensive overview and discussion of future directions of global IT education toward 2025

Exploring Strategies for Recruiting and Retaining Diverse Cybersecurity Professionals

The cyber threat landscape has led some cybersecurity leaders to focus on a holistic approach encompassing people, processes, and technology to make their government agencies and organizations more responsive to a more diverse and inclusive cyber workforce to protect critical infrastructure from hackers or cybercriminals intent on causing harm. This qualitative multiple case study used Schein’s organizational culture theory to explore strategies used by cybersecurity leaders to attract, recruit, and retain diverse cybersecurity professionals to effectively and efficiently protect sensitive systems from rising cyber threats. The study\u27s population consisted of cybersecurity leaders from 3 government agencies and 9 organizations in small, medium, and large enterprises in the Atlanta, Georgia, metropolitan area in the United States. The data collection process included semistructured interviews of cybersecurity leaders (N = 12) and the analysis of publicly available documents and presentations (n = 20). Data triangulation and member checking produced major and minor themes to increase the study findings’ validity. Thematic analysis was used to identify 5 prominent themes: maintain a diverse and inclusive approach to recruitment; continuous training and development; maintain a culture of openness and teamwork; top leadership support; and overcoming challenges to cyber talent attraction, recruitment, and retention. The study findings showed that valuing all diversity may enable cyber teams to execute cybersecurity functions and missions promptly with a variation of thought and lenses. The study findings may contribute to positive social change by improving diversity, inclusion, work-life balance, morale, stress-levels, and opportunities for women and minorities in the cyber workforce