Perspectives: Cyber-security

Recommended solution 4 (Innovation in the cyber-security industry; securing IoT Act)

1. Cooperation is crucial for businesses and the government, supporting the federal cyber-security business, introducing innovation in the industry, and tougher privacy laws 2. Prioritize a proactive, offensive approach against cyber-crime rather than a reactive, defensive response 3. The government introduced a bipartisan bill in Congress: The IoT cyber-security improvement act of 2017. 4. It sets new purchase requirements for the federal agencies and raises security standards for vendors that sell internet-connected devices to the government 5. Congress is also looking into the Securing IoT act. This affects federal-level purchases, but the bill may raise expectations for cyber-security standards

Recommended solution 1a (cyber-security campaign creation; detect and protect)

1. Create a cyber-security campaign across the entity 2. Analyze network traffic to detect potential security threats (i.e. high-risk IoT applications, malware infections, intrusion attempts, and sensitive data) 3. Detect/protect endpoint security platforms by focusing on mobile device security, enterprise app, prompt patch, user rights, and secured enterprise file sharing

Recommended solution 5 (AI and ML to combat cyber-security)

1. Incorporate AI and ML to combat cyber-security solutions as a viable defensive approach as cybercriminals elevate the level of cyberattacks 2. Invest in systems that can detect various methods of cyberattacks since cybercriminals now attack through a wide range of techniques 3. AI and ML can spot patterns of threats, attacks, and malicious activity. AI and ML based cyber-security solutions complements IoT vulnerabilities and kinetic threat solutions 4. AI offers response speed surpassing human analysts. But human judgement can produce insights in replicating a hacker's thoughts via solutions and creativity that AI systems can't replicate

Recommended solution 3 (Follow IoT security guidelines)

1. It is advised to follow IoT security guidelines for IoT service ecosystem, for IoT endpoint ecosystem, and for network operators by GSM Association in October 2017 2. NIST (it's top frame work), it's guidelines for network operators providing services to IoT service providers to ensure system security and data privacy 3. The guidelines showed recommendations based on critical, high-priority, medium-priority, and low-priority status

Recommended solution 1b (Expanding DevOps to DevSecOps)

1. Onboard a digital risk officer to oversee and manage the entity's future for any IT risk and potential vulnerabilities for cyber-security attacks 2. Security should be programmed in the beginning stage, not the last stage to avoid DDoS 3. Taking into account the creation of agility, reliability, and security, expanding DevOps to DevSecOps is critical and essential

Recommended solution 2 (Cyber-security response; harden configuration; compliances)

1. Secure and connect cybersecurity responses while conducting cyber-security exercises (including emergency, incident, and crisis management processes) 2. Fix misconfiguration issues 3. Implement a disaster recovery process if other security precautions fail 4. Secure, rigorous, and harden configuration for network devices 5. Safeguard connected devices and networks via certifications, compliance, and internal audits to identify vulnerable devices 6. Restricted compliances, certified IoT devices and internal audits should be identified, tested, and implemented.

kinetic threats

A class of cyber attacks that can cause direct or indirect physical damage, injury or death solely through the exploitation of vulnerable information systems and processes.

What is cyber-security designed to do?

Cyber-security is designed to protect entities by building resilience (which reduces severity of damage)!

What is cyber-security's purpose?

Cyber-security's purpose is to describe the current status of attacks such as kinetic threats, and IoT cyber-security; to discuss various kinetic threats and cyber-physical systems issues; and to present counterattack measures.

Cyber-physical systems

Systems composed of physical entities such as mechanisms controlled or monitored by computer-based algorithms.

Cyber Security

The body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.