Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

Accessible authentication:dyslexia and password strategies

PurposeThe purpose of this paper is to reveal the lived experiences of dyslexics in engaging with all kinds of alphanumeric authentication mechanisms.Design/methodology/approachA significant proportion of the world’s population experiences some degree of dyslexia, which can lead to spelling, processing, sequencing and retention difficulties. Passwords, being essentially sequences of alphanumeric characters, make it likely that dyslexics will struggle with these, even more so than the rest of the population. Here, this study explores the difficulties people with dyslexia face, their general experiences with passwords, the coping strategies they use and the advice they can provide to developers and others who struggle with passwords. This paper collects empirical data through semi-structured interviews with 13 participants. Thematic analysis was used to provide an in-depth view of each participant’s experience.FindingsThe main contribution of this paper is to provide evidence related to the inaccessibility dimensions of passwords as an authentication mechanism, especially for dyslexics and to recommend a solution direction.Research limitations/implicationsThere is a possible volunteer bias, as this study is dealing with self-reported data including historical and reflective elements and this paper is seeking information only from those with self-declared or diagnosed dyslexia. Furthermore, many expressed interest or curiosity in the relationship between dyslexia and password difficulties, for some a motivation for their participation. Finally, given that the participants told us that dyslexics might hide, it is possible that the experiences of those who do hide are different from those who chose to speak to us and thus were not hiding.Originality/valueA few authors have written about the difficulties dyslexics face when it comes to passwords, but no one has asked dyslexics to tell them about their experiences. This paper fills that gap

A New Pseudo Real-time Single-action Game Challenge and Competition for AI

Treball final de Grau en Disseny i Desenvolupament de Videojocs. Codi: VJ1241. Curs acadèmic: 2022/2023This work presents TotalBotWar, a new pseudo real-time single-action challenge for game AI for mobile devices, as well as some initial experiments that benchmark the framework with different agents. The game is based on the real-time battles of the popular TotalWar games series where players manage an army to defeat the opponents one. In the proposed game, a turn consists of an order to control one of your units. One interesting feature of the game is that if a particular unit does not receive an order in a turn, it will continue performing the action specified in a previous turn. The turnwise branching factor becomes overwhelming for traditional algorithms and the partial observability of the game state makes the proposed game an interesting platform to test modern AI algorithms. It should be added that it is not necessary to know about programming to play, also the manual game mechanics have been implemented in which you can control your troops with the mouse. Finally, for reasons that will be explained in the following chapters, the structure of the developed system is not the conventional one, but a Cloud Gaming [26] style structure has been necessary

Algorithmic Reason

Are algorithms ruling the world today? Is artificial intelligence making life-and-death decisions? Are social media companies able to manipulate elections? As we are confronted with public and academic anxieties about unprecedented changes, this book offers a different analytical prism to investigate these transformations as more mundane and fraught. Aradau and Blanke develop conceptual and methodological tools to understand how algorithmic operations shape the government of self and other. While disperse and messy, these operations are held together by an ascendant algorithmic reason. Through a global perspective on algorithmic operations, the book helps us understand how algorithmic reason redraws boundaries and reconfigures differences. The book explores the emergence of algorithmic reason through rationalities, materializations, and interventions. It traces how algorithmic rationalities of decomposition, recomposition, and partitioning are materialized in the construction of dangerous others, the power of platforms, and the production of economic value. The book shows how political interventions to make algorithms governable encounter friction, refusal, and resistance. The theoretical perspective on algorithmic reason is developed through qualitative and digital methods to investigate scenes and controversies that range from mass surveillance and the Cambridge Analytica scandal in the UK to predictive policing in the US, and from the use of facial recognition in China and drone targeting in Pakistan to the regulation of hate speech in Germany. Algorithmic Reason offers an alternative to dystopia and despair through a transdisciplinary approach made possible by the authors’ backgrounds, which span the humanities, social sciences, and computer sciences

Globalization and Maritime Security Conference Report

Portions of this work performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract DE-AC52-07NA27344, LLNL-AR-409177.LLNL-AR-409177DE-AC52-07NA2734

Barriers to Secure ICT in a Maritime Environment

The purpose of the research reported in this thesis was to investigate the barriers to ICT security in a maritime environment so that the findings of the research can be used to develop a secure ICT maritime profile that will be capable of being updated on an on-going basis. This is an important area of research because the maritime sector is increasingly reliant upon ICT yet there is evidence that ICT security and the potential threats and consequences if ICT is not available when needed have not been given the attention they deserve. Indeed, the literature review carried out as part of this research pointed to a big gap in the maritime literature regarding ICT security. Literature from non-maritime specific fields was used to establish a basic understanding of the barriers most likely to be relevant and provide key terminology for use in this research. Empirical data were collected from semi-structured interviews with Royal Naval personnel and informal discussions with Merchant Navy officers. A robust yet flexible approach was used to interpret the results and thus identify the barriers, many of which are caused by complex interactions between social and technical factors, particularly on-board ships. Nine barriers to ICT security were revealed. They are: tensions experienced between security experts and ICT users; operational imperatives override security requirements; security requirements impeding business process; a limited ability to recover from disruption; unable or unwilling to share security incident information; Inadequate security training; disruption to situational awareness; unpredictable behaviour of people in difficult situations; and a lack of ICT security awareness. A new understanding of barriers arose from further interpretation of the findings, the results of which led to recommendations for the design for an updateable maritime ICT security profile that could be used to guide relevant staff (including Ship’s Security Officers) and as a tool to raise security awareness for non-experts

The Impact of Artificial Intelligence on Military Defence and Security

The twenty-first century is now being shaped by a multipolar system characterized by techno-nationalism and a post-Bretton Woods order. In the face of a rapidly evolving digital era, international cooperation will be critical to ensuring peace and security. Information sharing, expert conferences and multilateral dialogue can help the world's nation-states and their militaries develop a better understanding of one another's capabilities and intentions. As a global middle power, Canada could be a major partner in driving this effort. This paper explores the development of military-specific capabilities in the context of artificial intelligence (AI) and machine learning. Building on Canadian defence policy, the paper outlines the military applications of AI and the resources needed to manage next-generation military operations, including multilateral engagement and technology governance

Algorithmic Reason

Are algorithms ruling the world today? Is artificial intelligence making life-and-death decisions? Are social media companies able to manipulate elections? As we are confronted with public and academic anxieties about unprecedented changes, this book offers a different analytical prism to investigate these transformations as more mundane and fraught. Aradau and Blanke develop conceptual and methodological tools to understand how algorithmic operations shape the government of self and other. While disperse and messy, these operations are held together by an ascendant algorithmic reason. Through a global perspective on algorithmic operations, the book helps us understand how algorithmic reason redraws boundaries and reconfigures differences. The book explores the emergence of algorithmic reason through rationalities, materializations, and interventions. It traces how algorithmic rationalities of decomposition, recomposition, and partitioning are materialized in the construction of dangerous others, the power of platforms, and the production of economic value. The book shows how political interventions to make algorithms governable encounter friction, refusal, and resistance. The theoretical perspective on algorithmic reason is developed through qualitative and digital methods to investigate scenes and controversies that range from mass surveillance and the Cambridge Analytica scandal in the UK to predictive policing in the US, and from the use of facial recognition in China and drone targeting in Pakistan to the regulation of hate speech in Germany. Algorithmic Reason offers an alternative to dystopia and despair through a transdisciplinary approach made possible by the authors’ backgrounds, which span the humanities, social sciences, and computer sciences

An Epistemological Inquiry into the Incorporation of Emergency Management Concept in the Homeland Security with a Post-Disaster Security Centric Focus

The historical roots of the Emergency Management concept in the U.S. date back to 19th century. As disasters occurred, policies relating to disaster response have been developed, and many statuary provisions, including several Federal Disaster Relief Acts, conceptually established the framework of Emergency Management. In 1979, with the foundation of the Federal Emergency Management Agency (FEMA), disaster relief efforts were finally institutionalized, and the federal government acknowledged that Emergency Management included mitigation, preparedness, response and recovery activities as abbreviated \u27MPRR.\u27 However, after 2000, the U.S. experienced two milestone events - the September 11 terrorist attacks in 2001 and Hurricane Katrina in 2005. Following the foundation of the Department of Homeland Security (DHS) in 2002, the definitional context of Emergency Management and its phases/components, simply its essence, evolved and was incorporated into many official documents differently, creating contextual inconsistencies. Recent key official documents embody epistemological problems that have the potential to traumatize the coherence of the Homeland Security contextual framework as well as to impose challenges theoretically to the education and training of Homeland Security/Emergency Management stakeholders. Furthermore, the conceptual design of the Emergency Support Functions (ESF) which have been defined within the context of the National Response Framework (NRF) displays similar problematic symptoms, and existing urban area Public Safety and Security planning processes have also not been supported by methodologies that are aligned with the post-disaster security requirements. To that end, the conceptual framework of Emergency Management and its incorporation in the Homeland Security global architecture should be revised and redefined to enhance coherence and reliability. Coherence in the contextual structure directly links to the system\u27s organizational structure and its viability functions. Also, holistic multi-dimensional system representations/abstractions, which would support appreciation of the system\u27s complex context, should be incorporated in policy documents to be utilized to educate the relevant stakeholders (individuals, teams, etc.) during the training/orientation programs. In addition, the NRF and its ESFs should be reviewed through a post-disaster security centric focus, since the post-disaster environment has unique characteristics that should be addressed by different approaches. In that sense, this dissertation develops a Post-Disaster Security Index (PDSI) Model that provides valuable insights for security agents and other Emergency Management and Homeland Security stakeholders