Blockchain as an Enabler for Zero-Trust Architectures

From the lessons that can be learned so far in this book, the author justifies why a new strategy is required to refocus our perception and utilization of computerized capabilities in the future. Chapter 8 focuses on the advancement of the cyber security discipline by determining trust-less control-sets – a fourth dimension if you will, comprising blockchain technology. Blockchain has been implemented in fungible forms, such as public bitcoin and Ethereum, and in a non-fungible manner like private keyless signature infrastructure. It is the latter that is of particular interest, where proven implementations have the potential to demonstrably act as a verifiable trust anchor, embellishing cyber security controls in a number of critical areas to ensure (1) preservation of data integrity, (2) digital finger printing of IoT assets to prove the source of data is trustworthy, (3) validation of identity and access management mechanisms, and (4) software provenance in the supply chain for not only traditional code-bases but also AI algorithms.

Paradigm Shift for the Future

Through case studies of incidents around the world where the social media platforms have been used and abused for ulterior purposes, Chapter 6 highlights the lessons that can be learned. For good or for ill, the author elaborates on the way social media has been used as an arbiter to inflict various forms of political influence and how we may have become desensitized due to the popularity of the social media platforms themselves. A searching view is provided that there is now a propensity by foreign states to use social media to influence the user base of sovereign countries during key political events. This type of activity now justifies a paradigm shift in relation to our perception and utilization of computerized devices for the future.

Hacker and Non-Attributed State Actors

Chapter 3 sets the scene by exploring some challenges from both a technical and societal viewpoint and contrasts situations against an undertow of cyber-attacks. This chapter investigates various cases of how vulnerabilities originating from the software supply chain can have catastrophic outcomes when weaknesses slip through the net such as unpatched software or software misconfigurations during an organization's software maintenance regime. Examples are provided of high-profile hacks, security breaches, and cyber-attacks undertaken by hackers suspected of being affiliated to foreign states. These case studies provide various salient contexts as well as examples of threats, vulnerabilities, and their resultant impacts; ultimately, the consequence of flaws that create vulnerabilities occur through misconfigurations or from unpatched software weaknesses.

A Socio-Technical Perspective

Chapter 7 uses a philosophical approach to discuss the frailty of the human psyche with regards to the implementation and use of systems through our engagement with cyberspace. Our constant exposure to newsworthy cyber security events can desensitize people to the warnings that are either apparent or subliminal. A number of key topical subject areas are discussed exploring human psychology: why people are susceptible to psychological vulnerabilities, characteristics of the human psyche that facilitate errors, how these traits can be exhibited through flawed actions causing mistakes and preventative measures to stop deliberate and accidental actions. This analysis is of vital importance and relevance in order to combat the risks, which to the computer end-user may appear distant and intangible.

The Challenge of Adequately Defining Technical Risk

Chapter 2 investigates the risk and compliance conundrum as fundamental principles that better inform the governance of cyber security in organizations. Public cloud computing examples are used to highlight the deficiencies of legacy risk assessment methods but also to provide a stark warning about using compliance mapping approaches instead of considered security control implementations. Ultimately using blanket compliance frameworks does not necessarily influence, but rather conversely, creates a vacuum that does not drill deep enough into the controls needed to safeguard cloud environments; this is particularly relevant since public cloud systems are connected to and accessed via the internet and therefore exposed to external threats. This chapter explores the use of threat modelling to contextualize risks more accurately in order to mitigate them more effectively.

A Geo-Political Analysis

Chapter 5 examines issues currently being encountered in the Middle East that demonstrate a cross-over between electronic warfare and cyber-warfare activities, affecting not only typical targets over the internet but also ships, aircraft, and unmanned aerial vehicles during the second decade of the new millennium. This overview provides examples of how cyber-warfare techniques are now being used in the battle space domain to affect geo-political situations within regions. The evidence shows how the cyber domain can influence real-life situations, taking its capabilities progressively just that one step further to hacker and state-sponsored cyber-attacks already witnessed against ICS cyber-physical assets. The viewpoint here draws upon historical stimuli and escalating political tensions now being encountered by opposing nations that could have a wider reaching impact.

Attributed State Actors

Chapter 4 looks at the technical aspects and effects of some attributed and high-profile state-sponsored cyber-attacks that have been encountered through our interaction with the networked world. Coverage also includes a look at the approach of nation-states against commercial companies as well as government institutions to achieve various objectives. The author uses these scenarios to focus attention on the important pillars of cyber security that all have important interrelationships in safeguarding of data and information. Within the context of their implementation, a weakness or series of weaknesses within one or more pillars can be enough to facilitate a cyber-attack. These pillars are underpinned by important factors, and the impact of improper cyber security considerations can be directly and indirectly problematic to continued e-commerce and our constructive evolution of knowledge sharing across the internet.

An Analysis of Industry 4.0

Chapter 1 sets the scene by providing an overview of the Industry 4.0 concept that is conjoining a number of different technologies, with various levels of maturity, in order to provide an end-to-end capability. This case study is a good exemplar to tease out many pertinent socio-technical topics where the main contexts will be elaborated on throughout the remainder of the book. In short, a case is made that cyber security is first and foremost a human problem, but also highlights the importance of regulation, standards, and bodies to underpin cyber security. Examples of the opposing forces are covered here that together if unmitigated will contrive to undermine the cyber resilience of the 21st century.