Cyber Security as a Field
o Automatic tools
o Patching automatically discovered/mined bugs
o Cross-learning from other fields e.g. defence, counter-terrorism
o Layers of security
o Defending system of systems
o Defending against supply-chain attacks
o Cross-device & cross-service security
o Cyber security of obsolete connected technologies
o Forced software updates
o Digital security in a quantum age (cryptography, business implications)
o Cloud defence (clouds that host government sites/data)
o Cloud-based attacks on other clouds
o Inability to predict what will happen to digital technology in the future
o End-user tools (user-centric privacy/security tools, built on the assumption that other people with digital tools are ultimately unpredictable/dangerous – built-in mistrust)
o Lack of adequately trained polymaths who would handle creation of global digital secure technologies
o Integrating what we know about human trust into cyber security
o Scope limit to security as a field
o Help and support for victims of cybercrime
o Dealing with uncertainty in systems and access
Cyber-Physical Systems
o Lethal autonomous weapons
o Securing AI that commands fleets of physical devices e.g. Cars, manufacturing equipment
o Defence of critical infrastructure
o Loss of life and limb through cyber-attacks
o Hijacking autonomous cars
o IoT devices security
o Progressively more physical devices go online
o Wireless networks (inc. 5G) – their privacy, security, trust, identity
o Device telemetry as means of surveillance
Specific Attacks
o Cyber warfare
o Social engineering attacks
o Cyber espionage
o Online fraud (and crypto currency fraud)
o DNA authentication and it being easily compromised
Cyber Security Education
o Industry-specific advice
o Understanding risks behind technology as a business and as a consumer
o Understanding cyber behaviour as an end user (with various backgrounds, ages, education, consuming digital entertainment like games and media)
o The need for cyber security to be a part of education curriculum
o Awareness that digital security is not an IT-people problem, but in everyone’s best interest
o Adoption and acceptance of security tools
o Awareness of what constitutes a “good, secure technology”
o Educating people about the underlying technologies that people use
o Economic and social power imbalance based on access and ability to operate digital technologies
o Effective ways to change human behaviour with regards to cyber security
o Cultural changes in people’s understanding of digital data about them, and what the consequences might be
Artificial Intelligence
o Security against adversarial machine learning attacks
o Dataset poisoning
o Preserving privacy in data sets and in cross-dataset analysis
o AI-supported decision-making
o AI interacting with other AIs
o Algorithmic bias
o Limits to AI-supplied evidence for human interpretation
o Over-reliance on AI to give the “right” answers
o Limits on AI to decide on social outcomes like jobs, at-risk populations, criminal assessment
o Automatically generated news content
Online Identity & Reputation
o Erosion of privacy (the ability to stay anonymous online)
o Revocation/the right to be forgotten
o Publically expressing likes and dislikes
o Jobs/education decisions altered by what a person says and does online
o Blackmail
o Handling perpetually recorded reputation damage
o Cultural and cross-cultural expectations of online identities
o Deepfakes/revenge porn/bullying online
o Self-censorship & media platform censorship
o Fuse of physical and digital as part of human identity
o Forced online social presence
o Consent being meaningless in the face of mass data collection across devices and services
o Others storing data about you and using it against you
o Geospatial data collection (e.g. Drones, satellites)
o Knowing where your data is stored, and who has access to it
o Human-centric data storage (e.g. Solid/PODS by Tim Berners-Lee)
Government & Politics
o Flexible government policies that account for changes in technology
o Timely update of government policies in light of new developments
o Limits of governments to respond to technology-facilitated issues
o Political blackmail
o Evidence-based investments in digital infrastructure by resource-poor governments/agencies
o Governments’ use of algorithms in courts and policing
o Public surveillance (singling out individuals, human right violations)
o Use of public and private data in policing and narrowing lists of suspects
o Political and institutional trust (deepfakes, verifiable info sources, subversion of political systems, AI targeting of specific people/groups)
o Open and transparent tools used to arrive at particular social decisions
o Statistical pinpointing of people who happen to live in high crime areas
o Disinformation on social media about elections
o Who should be in power to decide on digital issues
o Human-centric approach to legislation (not 1000 pages of legalese)
Business Considerations
o Cross-education/action vs. competitive advantage
o Cost (initial + ongoing) and guarantees of cyber security
o Closed standards in software
o Selective provision of digital services by companies and governments
o Responsibility for hosting/publishing digital information
o Blockchain as means to verify identity of the goods and the supplier
o Smart contracts
o Crypto currency – lack of education on the matter and lack of regulations
o Protection of online only jobs from fraud and security issues
o Reasonable protection of data collected about individuals
o Sharing, selling and releasing customer data
Ethics
o Is ethics profitable?
o Corporate and social ethics
o Duty to inform about risks of a given technology
o Ethics built into decision-making systems
o Ethics of anonymization
o Sector- and community-specific digital ethics guidelines
1 Comment
Thank you for putting this together. Very informative!