TY - JOUR T1 - Editorial: Cybersecurity (April 2017) JF - Technology Innovation Management Review Y1 - 2017 A1 - Chris McPhee A1 - Michael Weiss KW - anomaly detection KW - automation KW - big data KW - cybersecurity KW - exploration KW - Hypponen’s law KW - Internet of Things KW - IOT KW - legislation KW - medical devices KW - privacy KW - real time KW - risk assessment KW - security engineering KW - smart devices KW - value proposition KW - vulnerabilities PB - Talent First Network CY - Ottawa VL - 7 UR - http://timreview.ca/article/1065 IS - 4 U1 - Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and BScH and MSc degrees in Biology from Queen's University in Kingston, Canada. He has nearly 20 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. U2 - Carleton University Michael Weiss holds a faculty appointment in the Department of Systems and Computer Engineering at Carleton University in Ottawa, Canada, and is a member of the Technology Innovation Management program. His research interests include open source, ecosystems, mashups, patterns, and social network analysis. Michael has published on the evolution of open source business, mashups, platforms, and technology entrepreneurship. ER - TY - JOUR T1 - Q&A. Should the Internet Be Considered Critical Infrastructure? JF - Technology Innovation Management Review Y1 - 2015 A1 - Walter Miron KW - communication networks KW - critical infrastructure KW - cyber-attacks KW - cybersecurity KW - information technology KW - Internet KW - vulnerabilities PB - Talent First Network CY - Ottawa VL - 5 UR - http://timreview.ca/article/865 IS - 1 U1 - TELUS Communications Walter Miron is a Director of Technology Strategy at TELUS Communications, where he is responsible for the evolution of their packet and optical networks. He has over 20 years of experience in enterprise and service provider networking conducting technology selection and service development projects. Walter is a member of the research program committee of the SAVI project, the Heavy Reading Global Ethernet Executive Council, and the ATOPs SDN/nFV Working Group. He is also the Chair of the Venus Cybersecurity Corporation and is a graduate student in the Technology Innovation Management (TIM) program at Carleton University in Ottawa, Canada. ER - TY - JOUR T1 - Securing the Car: How Intrusive Manufacturer-Supplier Approaches Can Reduce Cybersecurity Vulnerabilities JF - Technology Innovation Management Review Y1 - 2015 A1 - Mohamed Amin A1 - Zaid Tariq KW - automobile manufacturing KW - car design KW - control KW - cybersecurity KW - glue code KW - governance KW - intrusiveness KW - outsourcing KW - supplier KW - supplier-manufacturer relationships KW - vulnerabilities AB - Today's vehicles depend on numerous complex software systems, some of which have been developed by suppliers and must be integrated using "glue code" so that they may function together. However, this method of integration often introduces cybersecurity vulnerabilities at the interfaces between electronic systems. In this article we address the “glue code problem” by drawing insights from research on supplier-manufacturer outsourcing relationships in the automotive industry. The glue code problem can be framed as a knowledge coordination problem between manufactures and suppliers. Car manufacturers often employ different levels of intrusiveness in the design of car subsystems by their suppliers: the more control over the supplier the manufacturer exerts in the design of the subsystem, the more intrusive the manufacturer is. We argue that high intrusiveness by car manufacturers in defining module interfaces and subcomponents for suppliers would lead to more secure cars. PB - Talent First Network CY - Ottawa VL - 5 UR - http://timreview.ca/article/863 IS - 1 U1 - Carleton University Mohamed Amin is an MASc student in the Technology Innovation Management program at Carleton University in Ottawa, Canada. His research interests include cybersecurity, API strategy, and industry architecture. He works as a Solution Architect for Alcatel-Lucent Canada, where he designs and delivers network solutions for various internet service providers around the world. U2 - Carleton University Zaid Tariq is completing his MEng in Technology Innovation Management at Carleton University in Ottawa, Canada. He also holds a BEng degree in Computer Engineering from McGill University in Montreal, Canada. He is a Senior Network Engineer at Cisco Systems and has 9 years experience working in the network design, architecture, and test domains. ER - TY - JOUR T1 - Quantitative Metrics and Risk Assessment: The Three Tenets Model of Cybersecurity JF - Technology Innovation Management Review Y1 - 2013 A1 - Jeff Hughes A1 - George Cybenko KW - availability KW - confidentiality KW - integrity KW - quantitative cybersecurity KW - risk assessment KW - vulnerabilities AB - Progress in operational cybersecurity has been difficult to demonstrate. In spite of the considerable research and development investments made for more than 30 years, many government, industrial, financial, and consumer information systems continue to be successfully attacked and exploited on a routine basis. One of the main reasons that progress has been so meagre is that most technical cybersecurity solutions that have been proposed to-date have been point solutions that fail to address operational tradeoffs, implementation costs, and consequent adversary adaptations across the full spectrum of vulnerabilities. Furthermore, sound prescriptive security principles previously established, such as the Orange Book, have been difficult to apply given current system complexity and acquisition approaches. To address these issues, the authors have developed threat-based descriptive methodologies to more completely identify system vulnerabilities, to quantify the effectiveness of possible protections against those vulnerabilities, and to evaluate operational consequences and tradeoffs of possible protections. This article begins with a discussion of the tradeoffs among seemingly different system security properties such as confidentiality, integrity, and availability. We develop a quantitative framework for understanding these tradeoffs and the issues that arise when those security properties are all in play within an organization. Once security goals and candidate protections are identified, risk/benefit assessments can be performed using a novel multidisciplinary approach, called “QuERIES.” The article ends with a threat-driven quantitative methodology, called “The Three Tenets”, for identifying vulnerabilities and countermeasures in networked cyber-physical systems. The goal of this article is to offer operational guidance, based on the techniques presented here, for informed decision making about cyber-physical system security. PB - Talent First Network CY - Ottawa VL - 3 UR - http://timreview.ca/article/712 IS - 8 U1 - Tenet 3 Jeff A. Hughes is President of Tenet 3, LLC. Tenet 3 is a cybertechnology company with a focus on autonomous cyber-physical systems, analyzing their trustworthiness, and evaluating economical ways to demonstrably mitigate security risks. Previously, Jeff held various positions in the US Air Force Research Laboratory (AFRL), where he led research into advanced techniques for developing and screening trustworthy microelectronic components and performing complex system vulnerability and risk analysis for cyber-physical systems. Jeff has an MS in Electrical Engineering from the Ohio State University and has completed graduate work towards a PhD at the Air Force Institute of Technology in Ohio, United States. U2 - Dartmouth College George Cybenko is the Dorothy and Walter Gramm Professor of Engineering at Dartmouth College in New Hampshire, United States. Professor Cybenko has made multiple research contributions in signal processing, neural computing, information security, and computational behavioural analysis. He was the Founding Editor-in-Chief of both IEEE/AIP Computing in Science and Engineering and IEEE Security & Privacy. He has served on the Defense Science Board (2008-2009), on the US Air Force Scientific Advisory Board (2012-2015), and on review and advisory panels for DARPA, IDA, and Lawrence Livermore National Laboratory. Professor Cybenko is a Fellow of the IEEE and received his BS (Toronto) and PhD (Princeton) degrees in Mathematics. ER -