Global Risks 2014, Ninth Edition.

The Global Risks 2014 report highlights how global risks are not only interconnected but also have systemic impacts. To manage global risks effectively and build resilience to their impacts, better efforts are needed to understand, measure and foresee the evolution of interdependencies between risks, supplementing traditional risk-management tools with new concepts designed for uncertain environments. If global risks are not effectively addressed, their social, economic and political fallouts could be far-reaching, as exemplified by the continuing impacts of the financial crisis of 2007-2008

Mitigating Botnet Attack Using Encapsulated Detection Mechanism (EDM)

Botnet as it is popularly called became fashionable in recent times owing to it embedded force on network servers. Botnet has an exponential growth of about 170, 000 within network server and client infrastructures per day. The networking environment on monthly basis battle over 5 million bots. Nigeria as a country loses above one hundred and twenty five (N125) billion naira to network fraud annually, end users such as Banks and other financial institutions battle daily the botnet threats.Comment: This paper addresses critical area of networ

Cybersecurity, our digital anchor: A European perspective

The Report ‘Cybersecurity – Our Digital Anchor’ brings together research from different disciplinary fields of the Joint Research Centre (JRC), the European Commission's science and knowledge service. It provides multidimensional insights into the growth of cybersecurity over the last 40 years, identifying weaknesses in the current digital evolution and their impacts on European citizens and industry. The report also sets out the elements that potentially could be used to shape a brighter and more secure future for Europe’s digital society, taking into account the new cybersecurity challenges triggered by the COVID-19 crisis. According to some projections, cybercrime will cost the world EUR 5.5 trillion by the end of 2020, up from EUR 2.7 trillion in 2015, due in part to the exploitation of the COVID-19 pandemic by cyber criminals. This figure represents the largest transfer of economic wealth in history, more profitable than the global trade in all major illegal drugs combined, putting at risk incentives for innovation and investment. Furthermore, cyber threats have moved beyond cybercrime and have become a matter of national security. The report addresses relevant issues, including: - Critical infrastructures: today, digital technologies are at the heart of all our critical infrastructures. Hence, their cybersecurity is already – and will become increasingly – a matter of critical infrastructure protection (see the cases of Estonia and Ukraine). - Magnitude of impact: the number of citizens, organisations and businesses impacted simultaneously by a single attack can be huge. - Complexity and duration of attacks: attacks are becoming more and more complex, demonstrating attackers’ enhanced planning capabilities. Moreover, attacks are often only detected post-mortem . - Computational power: the spread of malware also able to infect mobile and Internet of Things (IoT) devices (as in the case of Mirai botnet), hugely increases the distributed computational power of the attacks (especially in the case of denial of services (DoS)). The same phenomenon makes the eradication of an attack much more difficult. - Societal aspects: cyber threats can have a potentially massive impact on society, up to the point of undermining the trust citizens have in digital services. As such services are intertwined with our daily life, any successful cybersecurity strategy must take into consideration the human and, more generally, societal aspects. This report shows how the evolution of cybersecurity has always been determined by a type of cause-and-effect trend: the rise in new digital technologies followed by the discovery of new vulnerabilities, for which new cybersecurity measures must be identified. However, the magnitude and impacts of today's cyber attacks are now so critical that the digital society must prepare itself before attacks happen. Cybersecurity resilience along with measures to deter attacks and new ways to avoid software vulnerabilities should be enhanced, developed and supported. The ‘leitmotiv’ of this report is the need for a paradigm shift in the way cybersecurity is designed and deployed, to make it more proactive and better linked to societal needs. Given that data flows and information are the lifeblood of today’s digital society, cybersecurity is essential for ensuring that digital services work safely and securely while simultaneously guaranteeing citizens’ privacy and data protection. Thus, cybersecurity is evolving from a technological ‘option’ to a societal must. From big data to hyperconnectivity, from edge computing to the IoT, to artificial intelligence (AI), quantum computing and blockchain technologies, the ‘nitty-gritty’ details of cybersecurity implementation will always remain field-specific due to specific sectoral constraints. This brings with it inherent risks of a digital society with heterogeneous and inconsistent levels of security. To counteract this, we argue for a coherent, cross-sectoral and cross-societal cybersecurity strategy which can be implemented across all layers of European society. This strategy should cover not only the technological aspects but also the societal dimensions of ‘behaving in a cyber-secure way’. Consequently, the report concludes by presenting a series of possible actions instrumental to building a European digital society secure by design.JRC.E.3-Cyber and Digital Citizens' Securit

Network entity characterization and attack prediction

The devastating effects of cyber-attacks, highlight the need for novel attack detection and prevention techniques. Over the last years, considerable work has been done in the areas of attack detection as well as in collaborative defense. However, an analysis of the state of the art suggests that many challenges exist in prioritizing alert data and in studying the relation between a recently discovered attack and the probability of it occurring again. In this article, we propose a system that is intended for characterizing network entities and the likelihood that they will behave maliciously in the future. Our system, namely Network Entity Reputation Database System (NERDS), takes into account all the available information regarding a network entity (e. g. IP address) to calculate the probability that it will act maliciously. The latter part is achieved via the utilization of machine learning. Our experimental results show that it is indeed possible to precisely estimate the probability of future attacks from each entity using information about its previous malicious behavior and other characteristics. Ranking the entities by this probability has practical applications in alert prioritization, assembly of highly effective blacklists of a limited length and other use cases.Comment: 30 pages, 8 figure

Cyber Threats and NATO 2030: Horizon Scanning and Analysis

The book includes 13 chapters that look ahead to how NATO can best address the cyber threats, as well as opportunities and challenges from emerging and disruptive technologies in the cyber domain over the next decade. The present volume addresses these conceptual and practical requirements and contributes constructively to the NATO 2030 discussions. The book is arranged in five short parts...All the chapters in this book have undergone double-blind peer review by at least two external experts.https://scholarworks.wm.edu/asbook/1038/thumbnail.jp

The Global Risks Report 2016, 11th Edition

Now in its 11th edition, The Global Risks Report 2016 draws attention to ways that global risks could evolve and interact in the next decade. The year 2016 marks a forceful departure from past findings, as the risks about which the Report has been warning over the past decade are starting to manifest themselves in new, sometimes unexpected ways and harm people, institutions and economies. Warming climate is likely to raise this year's temperature to 1° Celsius above the pre-industrial era, 60 million people, equivalent to the world's 24th largest country and largest number in recent history, are forcibly displaced, and crimes in cyberspace cost the global economy an estimated US$445 billion, higher than many economies' national incomes. In this context, the Reportcalls for action to build resilience – the "resilience imperative" – and identifies practical examples of how it could be done.The Report also steps back and explores how emerging global risks and major trends, such as climate change, the rise of cyber dependence and income and wealth disparity are impacting already-strained societies by highlighting three clusters of risks as Risks in Focus. As resilience building is helped by the ability to analyse global risks from the perspective of specific stakeholders, the Report also analyses the significance of global risks to the business community at a regional and country-level

Behind the scenes of emerging technologies Opportunities, challenges, and solution approaches along a socio-technical continuum

Digitalization is a socio-technical phenomenon that shapes our lives as individuals, economies, and societies. The perceived complexity of technologies continues to increase, and technology convergence makes a clear separation between technologies impossible. A good example of this is the Internet of Things (IoT) with its embedded Artificial Intelligence (AI). Furthermore, a separation of the social and the technical component has become near enough impossible, for which there is increasing awareness in the Information Systems (IS) community. Overall, emerging technologies such as AI or IoT are becoming less understandable and transparent, which is evident for instance when AI is described in terms of a black box. This opacity undermines humans trust in emerging technologies, which, however, is crucial for both its usage and spread, especially as emerging technologies start to perform tasks that bear high risks for humans, such as autonomous driving. Critical perspectives on emerging technologies are often discussed in terms of ethics, including such aspects as the responsibility for decisions made by algorithms, the limited data privacy, and the moral values that are encoded in technology. In sum, the varied opportunities that come with digitalization are accompanied by significant challenges. Research on the negative ramifications of AI is crucial if we are to foster a human-centered technological development that is not simply driven by opportunities but by utility for humanity. As the IS community is positioned at the intersection of the technological and the social context, it plays a central role in finding answers to the question as to how the advantages outweigh the challenges that come with emerging technologies. Challenges are examined under the label of dark side of IS, a research area which receives considerably less attention in existing literature than the positive aspects (Gimpel & Schmied, 2019). With its focus on challenges, this dissertation aims to counterbalance this. Since the remit of IS research is the entire information system, rather than merely the technology, humanistic and instrumental goals ought to be considered in equal measure. This dissertation follows calls for research for a healthy distribution along the so-called socio-technical continuum (Sarker et al., 2019), that broadens its focus to include the social as well as the technical, rather than looking at one or the other. With that in mind, this dissertation aims to advance knowledge on IS with regard to opportunities, and in particular with a focus on challenges of two emerging technologies, IoT and AI, along the socio-technical continuum. This dissertation provides novel insights for individuals to better understand opportunities, but in particular possible negative side effects. It guides organizations on how to address these challenges and suggests not only the necessity of further research along the socio-technical continuum but also several ideas on where to take this future research. Chapter 2 contributes to research on opportunities and challenges of IoT. Section 2.1 identifies and structures opportunities that IoT devices provide for retail commerce customers. By conducting a structured literature review, affordances are identified, and by examining a sample of 337 IoT devices, completeness and parsimony are validated. Section 2.2 takes a close look at the ethical challenges posed by IoT, also known as IoT ethics. Based on a structured literature review, it first identifies and structures IoT ethics, then provides detailed guidance for further research in this important and yet under-appreciated field of study. Together, these two research articles underline that IoT has the potential to radically transform our lives, but they also illustrate the urgent need for further research on possible ethical issues that are associated with IoTs specific features. Chapter 3 contributes to research on AI along the socio-technical continuum. Section 3.1 examines algorithms underlying AI. Through a structured literature review and semi-structured interviews analyzed with a qualitative content analysis, this section identifies, structures and communicates concerns about algorithmic decision-making and is supposed to improve offers and services. Section 3.2 takes a deep dive into the concept of moral agency in AI to discuss whether responsibility in human-computer interaction can be grasped better with the concept of agency. In section 3.3, data from an online experiment with a self-developed AI system is used to examine the role of a users domain-specific expertise in trusting and following suggestions from AI decision support systems. Finally, section 3.4 draws on design science research to present a framework for ethical software development that considers ethical issues from the beginning of the design and development process. By looking at the multiple facets of this topic, these four research articles ought to guide practitioners in deciding which challenges to consider during product development. With a view to subsequent steps, they also offer first ideas on how these challenges could be addressed. Furthermore, the articles offer a basis for further, solution-oriented research on AIs challenges and encourage users to form their own, informed, opinions.Die Digitalisierung ist ein sozio-technisches Phänomen, das unser persönliches Leben, aber auch die Wirtschaft und die gesamte Gesellschaft prägt. Die wahrgenommene Komplexität von Technologie nimmt stetig zu. Die Technologiekonvergenz macht eine klare Trennung zwischen Technologien praktisch unmöglich, wofür das Internet der Dinge (IoT) mit seiner eingebetteten Künstlichen Intelligenz (KI) ein gutes Beispiel ist. Darüber hinaus wird eine Trennung der sozialen und der technischen Komponente nahezu unmöglich, wofür es ein steigendes Bewusstsein in der Information Systems (IS) Community gibt. Insgesamt werden aufstrebende Technologien wie KI oder IoT weniger verständlich und transparent, was sich beispielsweise darin zeigt, dass KI der Begriff der Black Box zugeschrieben wird. Die Undurchsichtigkeit untergräbt das Vertrauen der Menschen in aufstrebende Technologien, das jedoch für die Nutzung und Verbreitung dieser entscheidend ist, insbesondere wenn Technologien Aufgaben übernehmen oder unterstützen, die hohe Risiken für den Menschen bergen, wie z. B. autonomes Fahren. Kritische Perspektiven auf neue Technologien werden oft unter dem Begriff der Ethik diskutiert, darunter Aspekte wie die Verantwortung für Entscheidungen, die von Algorithmen getroffen werden, moralische Werte, die in die Technologie eingebettet sind, und Datenschutz. Zusammenfassend lässt sich sagen, dass die vielfältigen Chancen der Digitalisierung mit Herausforderungen einhergehen. Die Forschung zu Risiken und Nebenwirkungen ist entscheidend, um eine menschenzentrierte technologische Entwicklung zu fördern, die nicht nur von den Möglichkeiten, sondern insbesondere vom Nutzenstiften für die Menschheit getrieben ist. An der Schnittstelle zwischen Technologie und sozialem Kontext angesiedelt, spielt die IS-Community eine wichtige Rolle bei der Suche nach Antworten auf die Frage, wie die Vorteile die Risiken neuer Technologien überwiegen können. Herausforderungen werden im Forschungsbereich dark side of IS untersucht, welcher in der bestehenden Literatur deutlich weniger Aufmerksamkeit erhält als die positiven Aspekte (Gimpel & Schmied, 2019). Dem möchte diese Dissertation ein Stück weit entgegenwirken, indem ein Fokus auf die Herausforderungen gelegt wird. Da in der IS-Forschung das gesamte Informationssystem und nicht nur die Technologie im Mittelpunkt der Betrachtung steht, sollen humanistische und instrumentelle Ziele gleichermaßen berücksichtigt werden. Darüber hinaus folgt diese Dissertation dem Aufruf nach einer angemessenen Verteilung der Forschung entlang des sogenannten sozio-technischen Kontinuums (Sarker et al., 2019) und löst sich somit von Forschung, die am sozialen oder technischen Endpunkt des Kontinuums angesiedelt ist. Zusammenfassend zielt diese Dissertation darauf ab, das Wissen über IS im Hinblick auf die Chancen und insbesondere die Herausforderungen entlang des sozio-technischen Kontinuums der aufkommenden Technologien IoT und KI voranzutreiben. Damit liefert die Dissertation neue Einblicke für Individuen, um die Möglichkeiten, aber insbesondere die potenziellen negativen Nebenwirkungen der Digitalisierung besser zu verstehen, bietet Orientierung für Organisationen, um diese Herausforderungen zu adressieren, und veranschaulicht die Notwendigkeit und Ideen für weitere Forschung entlang des sozio-technischen Kontinuums. Kapitel 2 leistet einen Beitrag zur Forschung über Chancen und Herausforderungen des IoT. Kapitel 2.1 identifiziert und strukturiert Chancen von IoT-Geräten für Kunden im Einzelhandel. Mit einer strukturierten Literaturrecherche werden Affordanzen von IoT-Geräten für Kunden identifiziert und mit einer Stichprobe von 337 IoT-Geräten wird eine Validierung hinsichtlich Vollständigkeit und Sparsamkeit durchgeführt. Kapitel 2.2 beschäftigt sich mit ethischen Herausforderungen des IoT, genannt IoT-Ethik. Basierend auf einer strukturierten Literaturrecherche identifiziert und strukturiert es die IoT-Ethik und gibt detaillierte Hinweise für die weitere Erforschung dieses wichtigen, aber noch zu wenig erforschten Feldes. Mit diesen beiden Forschungsartikeln unterstreicht diese Dissertation das Potenzial des IoT, unser Leben radikal zu verändern, verdeutlicht aber auch den Bedarf an weiterer Forschung zu potenziellen ethischen Fragen, die mit den spezifischen Eigenschaften des IoT verbunden sind. Kapitel 3 trägt zur Forschung über KI entlang des sozio-technischen Kontinuums bei. Kapitel 3.1 untersucht die Algorithmen, die KI zugrunde liegen. Eine strukturierte Literaturrecherche und semi-strukturierte Interviews, die mit einer qualitativen Inhaltsanalyse analysiert werden, zielen darauf ab, Bedenken gegenüber algorithmischer Entscheidungsfindung zu identifizieren, zu strukturieren und zu kommunizieren, um darauf basierend Angebote und Dienstleistungen zu verbessern. Kapitel 3.2 bietet eine ethische Vertiefung in das Konzept der moralischen Handlungsfähigkeit und untersucht, ob Verantwortung in der Mensch-Computer-Interaktion mit dem Konzept der Agency besser erfasst werden kann. In Kapitel 3.3 wird anhand von Daten aus einem Online-Experiment mit einem selbst entwickelten KI-System untersucht, welche Rolle das domänenspezifische Fachwissen der Nutzer für das Vertrauen in und das Befolgen von Vorschlägen von KI-Entscheidungsunterstützungssystemen spielt. Schließlich wird in Kapitel 3.4 auf der Grundlage designwissenschaftlicher Forschung ein Rahmenwerk für ethische Softwareentwicklung vorgestellt, das ethische Aspekte bereits zu Beginn des Design- und Entwicklungsprozesses berücksichtigt. Diese vier Forschungsartikel können Praktikern als Orientierung dienen, welche Herausforderungen bei der Produktentwicklung zu berücksichtigen sind und bieten erste Ideen, wie sie diese angehen können. Darüber hinaus bieten die Forschungsergebnisse eine Grundlage für weitere, lösungsorientierte Forschung zu den Herausforderungen von KI und ermutigen Nutzer, sich eine eigene, fundierte Meinung zu bilden

Security and privacy of resource constrained devices

The thesis aims to present a comprehensive and holistic overview on cybersecurity and privacy & data protection aspects related to IoT resource-constrained devices. Chapter 1 introduces the current technical landscape by providing a working definition and architecture taxonomy of ‘Internet of Things’ and ‘resource-constrained devices’, coupled with a threat landscape where each specific attack is linked to a layer of the taxonomy. Chapter 2 lays down the theoretical foundations for an interdisciplinary approach and a unified, holistic vision of cybersecurity, safety and privacy justified by the ‘IoT revolution’ through the so-called infraethical perspective. Chapter 3 investigates whether and to what extent the fast-evolving European cybersecurity regulatory framework addresses the security challenges brought about by the IoT by allocating legal responsibilities to the right parties. Chapters 4 and 5 focus, on the other hand, on ‘privacy’ understood by proxy as to include EU data protection. In particular, Chapter 4 addresses three legal challenges brought about by the ubiquitous IoT data and metadata processing to EU privacy and data protection legal frameworks i.e., the ePrivacy Directive and the GDPR. Chapter 5 casts light on the risk management tool enshrined in EU data protection law, that is, Data Protection Impact Assessment (DPIA) and proposes an original DPIA methodology for connected devices, building on the CNIL (French data protection authority) model