%0 Journal Article %J Technology Innovation Management Review %D 2016 %T Editorial: Cybersecurity (February 2016) %A Chris McPhee %A Dan Craigen %K cybersecurity %K intrusion %K licensing %K literature reviews %K machine learning %K malware %K multisided platforms %K new domains %K open source %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 6 %P 3-4 %8 02/2016 %G eng %U http://timreview.ca/article/962 %N 2 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and BScH and MSc degrees in Biology from Queen's University in Kingston, Canada. He has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %2 Communications Security Establishment Dan Craigen is a Science Advisor at the Communications Security Establishment in Canada and a Visiting Scholar in the Technology Innovation Management Program at Carleton University in Ottawa, Canada. Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH and MSc degrees in Mathematics from Carleton University. %R http://doi.org/10.22215/timreview/962 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T A Design Science Approach to Constructing Critical Infrastructure and Communicating Cybersecurity Risks %A Steven Muegge %A Dan Craigen %K advanced persistent threats %K critical infrastructures %K cybersecurity %K design propositions %K design science %K resilience %X Academics are increasingly examining the approaches individuals and organizations use to construct critical infrastructure and communicate cybersecurity risks. Recent studies conclude that owners and operators of critical infrastructures, as well as governments, do not disclose reliable information related to cybersecurity risks and that cybersecurity specialists manipulate cognitive limitations to overdramatize and oversimplify cybersecurity risks to critical infrastructures. This article applies a design science perspective to the challenge of securing critical infrastructure by developing a process anchored around evidence-based design principles. The proposed process is expected to enable learning across critical infrastructures, improve the way risks to critical infrastructure are communicated, and improve the quality of the responses to citizens’ demands for their governments to collect, validate, and disseminate reliable information on cybersecurity risks to critical infrastructures. These results will be of interest to the general public, vulnerable populations, owners and operators of critical infrastructures, and various levels of governments worldwide. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 6-16 %8 06/2015 %G eng %U http://timreview.ca/article/902 %N 6 %1 Carleton University Steven Muegge is an Assistant Professor at the Sprott School of Business at Carleton University in Ottawa, Canada, where he teaches and leads a research program within Carleton’s Technology Innovation Management (TIM) program. His research, teaching, and community service interests include technology entrepreneurship and commercialization, non-traditional settings for innovation and entrepreneurship (business ecosystems, communities, platforms, and interconnected systems that combine these elements), and business models of technology entrepreneurs (especially in non-traditional settings). %2 Communications Security Establishment Dan Craigen is a Science Advisor at the Communications Security Establishment in Canada and a Visiting Scholar at the Technology Innovation Management Program of Carleton University in Ottawa, Canada. Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH and MSc degrees in Mathematics from Carleton University. %R http://doi.org/10.22215/timreview/902 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Editorial: Critical Infrastructures and Cybersecurity (June 2015) %A Chris McPhee %A Dan Craigen %A Steven Muegge %K botnet %K club theory %K critical infrastructure %K cybersecurity %K design principles %K design science %K healthcare %K networked medical devices %K project management maturity model %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 3-5 %8 06/2015 %G eng %U http://timreview.ca/article/901 %N 6 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and BScH and MSc degrees in Biology from Queen's University in Kingston, Canada. He has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %2 Communications Security Establishment Dan Craigen is a Science Advisor at the Communications Security Establishment in Canada and a Visiting Scholar at the Technology Innovation Management Program of Carleton University in Ottawa, Canada. Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH and MSc degrees in Mathematics from Carleton University. %3 Carleton University Steven Muegge is an Assistant Professor at the Sprott School of Business at Carleton University in Ottawa, Canada, where he teaches and leads a research program within Carleton’s Technology Innovation Management (TIM) program. His research, teaching, and community service interests include technology entrepreneurship and commercialization, non-traditional settings for innovation and entrepreneurship (business ecosystems, communities, platforms, and interconnected systems that combine these elements), and business models of technology entrepreneurs (especially in non-traditional settings). %R http://doi.org/10.22215/timreview/901 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T TIM Lecture Series – Three Collaborations Enabling Cybersecurity %A Deborah Frincke %A Dan Craigen %A Ned Nadima %A Arthur Low %A Michael Thomas %K book launch %K collaboration %K cybersecurity %K entrepreneurship %K NSA %K research %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 45-48 %8 06/2015 %G eng %U http://timreview.ca/article/906 %N 6 %1 National Security Agency Deborah Frincke is the Director of Research for the National Security Agency/Central Security Service in the United States. Dr. Frincke's research spans a broad cross section of computer security, both open and classified, with a particular emphasis on infrastructure defense and computer security education. She has been a member of several editorial boards, including: Journal of Computer Security, the Elsevier International Journal of Computer Networks, and the International Journal of Information and Computer Security, and she co-edits a Board column for IEEE Security and Privacy. She is a steering committee member for Recent Advances in Intrusion Detection (RAID) and Systematic Advances in Digital Forensic Engineering (SADFE). Dr. Frincke received her PhD from the University of California, Davis in 1992. %2 Communications Security Establishment Dan Craigen is a Science Advisor at the Communications Security Establishment in Canada and a Visiting Scholar at the Technology Innovation Management Program of Carleton University in Ottawa, Canada. Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH and MSc degrees from Carleton University. %3 Denilson Ned Nadima is the Founder and Chief Executive Officer of Denilson, a company that develops mobile payment solutions for retail enterprises. He is currently a graduate student in the Technology Innovation Management (TIM) program at Carleton University in Ottawa, Canada, and he holds a Bachelor's of Science degree in Commerce and Marketing from the University of Ottawa. %4 Crack Semiconductor Arthur Low is the founder and Chief Executive Officer of Crack Semiconductor, a supplier of high-performance cryptographic silicon IP used in some of the most demanding security applications. Arthur has a number of patents in the field of hardware cryptography. He has worked for a number of IC startups as a Senior IC designer and Architect and gained much of his fundamental IC design experience with Bell-Northern Research in the early 1990s and with IBM Microelectronics in the late 1990s. Arthur has a BSc degree in Electrical Engineering from the University of Alberta in Edmonton, Canada, and is completing his MSc degree in Technology Innovation Management in the Department of Systems and Computer Engineering at Carleton University in Ottawa, Canada. %# Bedarra Research Labs Michael Thomas is the Vice President of Development at Bedarra Research Labs, a private industrial R&D lab whose mission is to seek out promising next-generation computing and communication technologies and apply them to creative solutions for emerging business problems. Prior to joining Bedarra Research Labs, he worked as a Software Developer and Release Engineer at Object Technology International. Michael holds a Master of Business Administration degree from Athabasca University in Canada, in addition to a Bachelor of Arts degree from Brock University in St. Catharines, Canada. %R http://doi.org/10.22215/timreview/906 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T Assessing Scientific Contributions: A Proposed Framework and Its Application to Cybersecurity %A Dan Craigen %K assessing science %K cybersecurity %K science of cybersecurity %K scientific contributions %K scientific progress %K societal contributions %X Through a synthesis of existing work on evaluating scientific theories and contributions, a framework for assessing scientific contributions is presented. By way of example, the framework is then applied to two contributions to the science of cybersecurity. The science of cybersecurity is slowly emerging. As the science and its theories emerge, it is important to extract the key contributions that characterize actual progress in our understanding of cybersecurity. Researchers and funding agencies will be interested in the assessment framework as a means of assessing scientific contributions to cybersecurity. In a nascent research area such as the science of cybersecurity, this article may contribute to a focused research program to accelerate the growth of the science. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 5-13 %8 11/2014 %G eng %U http://timreview.ca/article/844 %N 11 %1 Communications Security Establishment Dan Craigen is a Science Advisor at the Communications Security Establishment in Canada. Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH and MSc degrees in Mathematics from Carleton University in Ottawa, Canada. %R http://doi.org/10.22215/timreview/844 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T Defining Cybersecurity %A Dan Craigen %A Nadia Diakun-Thibault %A Randy Purse %K cybersecurity %K cyberspace %K definition %K interdisciplinary %K security %X Cybersecurity is a broadly used term, whose definitions are highly variable, often subjective, and at times, uninformative. The absence of a concise, broadly acceptable definition that captures the multidimensionality of cybersecurity impedes technological and scientific advances by reinforcing the predominantly technical view of cybersecurity while separating disciplines that should be acting in concert to resolve complex cybersecurity challenges. In conjunction with an in-depth literature review, we led multiple discussions on cybersecurity with a diverse group of practitioners, academics, and graduate students to examine multiple perspectives of what should be included in a definition of cybersecurity. In this article, we propose a resulting new definition: "Cybersecurity is the organization and collection of resources, processes, and structures used to protect cyberspace and cyberspace-enabled systems from occurrences that misalign de jure from de facto property rights." Articulating a concise, inclusive, meaningful, and unifying definition will enable an enhanced and enriched focus on interdisciplinary cybersecurity dialectics and thereby will influence the approaches of academia, industry, and government and non-governmental organizations to cybersecurity challenges. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 13-21 %8 10/2014 %G eng %U http://timreview.ca/article/835 %N 10 %1 Communications Security Establishment Dan Craigen is a Science Advisor at the Communications Security Establishment in Canada. Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH and MSc degrees in Mathematics from Carleton University in Ottawa, Canada. %2 Communications Security Establishment Nadia Diakun-Thibault is Senior Science and Analytics Advisor at the Communications Security Establishment in Canada. She holds a Master's degree in Public Administration from Queen's University in Kingston, Canada, and an ABD (PhD) degree in Slavic Languages and Literatures from the University of Toronto, Canada. She has served as Parliamentary Advisor to Members of Parliament and held an Order-in-Council appointment to the Province of Ontario's Advocacy Commission. Her research interests include neurophilosophy, semiotics, linguistics, and public policy. She is also an adjunct faculty member in the Department of Computer Science and Engineering at North Carolina State University in the United States. %3 Communications Security Establishment Randy Purse is the Senior Learning Advisor at the Information Technology Security Learning Centre at the Communications Security Establishment in Canada. A former officer in the Canadian Forces, he is an experienced security practitioner and learning specialist. His research interests include the human dimensions of security and collective and transformative learning in the workplace. He has a Master’s of Education in Information Technology from Memorial University of Newfoundland in St. John's, Canada, and he is a PhD candidate specializing in Adult and Workplace Learning in the Faculty of Education at the University of Ottawa, Canada. %R http://doi.org/10.22215/timreview/835 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Developing an Innovation Engine to Make Canada a Global Leader in Cybersecurity %A Tony Bailetti %A Dan Craigen %A David Hudson %A Renaud Levesque %A Stuart McKeen %A D’Arcy Walsh %K business ecosystem %K cybersecurity %K innovation engine %K innovation in commercialization %K innovation in research and development %X An engine designed to convert innovation into a country’s global leadership position in a specific product market is examined in this article, using Canada and cybersecurity as an example. Five entities are core to the innovation engine: an ecosystem, a project community, an external community, a platform, and a corporation. The ecosystem is the focus of innovation in firm-specific factors that determine outcomes in global competition; the project community is the focus of innovation in research and development; and the external community is the focus of innovation in resources produced and used by economic actors that operate outside of the focal product market. Strategic intent, governance, resource flows, and organizational agreements bind the five entities together. Operating the innovation engine in Canada is expected to improve the level and quality of prosperity, security, and capacity of Canadians, increase the number of Canadian-based companies that successfully compete globally in cybersecurity product markets, and better protect Canada’s critical infrastructure. Researchers interested in learning how to create, implement, improve, and grow innovation engines will find this article interesting. The article will also be of interest to senior management teams in industry and government, chief information and technology officers, social and policy analysts, academics, and individual citizens who wish to learn how to secure cyberspace. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 5-14 %8 08/2013 %G eng %U http://timreview.ca/article/711 %N 8 %1 Carleton University Tony Bailetti is an Associate Professor in the Sprott School of Business and the Department of Systems and Computer Engineering at Carleton University, Ottawa, Canada. Professor Bailetti is the Director of Carleton University's Technology Innovation Management (TIM) program. His research, teaching, and community contributions support technology entrepreneurship, regional economic development, and international co-innovation. %2 Communications Security Establishment Canada Dan Craigen is a Science Advisor at the Communications Security Establishment Canada (CSEC). Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH in Math and his MSc in Math from Carleton University in Ottawa, Canada. %3 Carleton University David Hudson has recently completed his doctoral studies at Carleton University’s Sprott School of Business in Ottawa, Canada. He is a lecturer in information technology innovation in the MBA program at Sprott, a Director of the Lead to Win entrepreneurship program, and Chair of the Ontario Centres of Excellence advisory board for the Information, Communication, and Digital Media sector. David also consults with Fortune 500 firms on innovation management. Previously, he was the Vice President for advanced research and development at a large technology firm and has had an extensive career in technology development and product line management. David received Bachelor's and Master's degrees in Systems Design Engineering from the University of Waterloo, Canada. %4 Communications Security Establishment Canada Renaud Levesque is the Director General of Core Systems at the Communications Security Establishment Canada (CSEC), where he is responsible for R&D and systems development. He has significant experience in the delivery of capability and organizational change in highly technical environments. His career began at CSEC in 1986 as a Systems Engineer, responsible for the development and deployment of numerous systems, including the CSEC IP corporate network in 1991. In 2000 Renaud went to work in the private sector as Head of Speech Technologies at Locus Dialogue, and later at Infospace Inc., where he became Director of Speech Solutions Engineering. He rejoined CSEC in 2003, where he assumed the lead role in the IT R&D section. Subsequently, as a Director General, he focused efforts towards the emergence of CSEC's Joint Research Office and The Tutte Institute for Mathematics and Computing. Renaud holds a Bachelor of Engineering from l’École Polytechnique, Université de Montréal, Canada. %# Ontario Ministry of Research and Innovation Stuart McKeen works for the Ontario Ministry of Research and Innovation (MRI), where he just finished serving a three-year secondment with the Federal Economic Development Agency for Southern Ontario (FedDev). At FedDev, he was both the Agency’s Manager of Innovation and the Manager of Entrepreneurship, Internship, and Youth Programs. He has worked in six different ministries of the Ontario Government over the past 30 years. In 2008, he was awarded the Amethyst Award, the Province of Ontario’s highest employee recognition award for his pioneering work on prospecting and developing large-scale international research consortiums that have brought jobs and investment to Ontario. Stuart holds a BScH degree in Zoology from the University of Western Ontario, Canada and a BA degree in Economics from the University of Toronto, Canada. %$ Communications Security Establishment Canada D’Arcy Walsh is a Science Advisor at the Communications Security Establishment Canada (CSEC). His research interests include software-engineering methods and techniques that support the development and deployment of dynamic systems, including dynamic languages, dynamic configuration, context-aware systems, and autonomic and autonomous systems. He received his BAH from Queen’s University in Kingston, Canada, and he received his BCS, his MCS, and his PhD in Computer Science from Carleton University in Ottawa, Canada. %R http://doi.org/10.22215/timreview/711 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Managing Cybersecurity Research and Experimental Development: The REVO Approach %A Dan Craigen %A Drew Vandeth %A D’Arcy Walsh %K cybersecurity %K experimental development %K performance indicators %K research %K research program lifecycle %K research-activity descriptions %K research-requirement statements %K strategic research contexts %X We present a systematic approach for managing a research and experimental development cybersecurity program that must be responsive to continuously evolving cybersecurity, and other, operational concerns. The approach will be of interest to research-program managers, academe, corporate leads, government leads, chief information officers, chief technology officers, and social and technology policy analysts. The approach is compatible with international standards and procedures published by the Organisation for Economic Co-operation and Development (OECD) and the Treasury Board of Canada Secretariat (TBS). The key benefits of the approach are the following: i) the breadth of the overall (cybersecurity) space is described; ii) depth statements about specific (cybersecurity) challenges are articulated and mapped to the breadth of the problem; iii) specific (cybersecurity) initiatives that have been resourced through funding or personnel are tracked and linked to specific challenges; and iv) progress is assessed through key performance indicators. Although we present examples from cybersecurity, the method may be transferred to other domains. We have found the approach to be rigorous yet adaptive to change; it challenges an organization to be explicit about the nature of its research and experimental development in a manner that fosters alignment with evolving business priorities, knowledge transfer, and partner engagement. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 34-41 %8 07/2013 %G eng %U http://timreview.ca/article/705 %N 7 %1 Communications Security Establishment Canada Dan Craigen is a Science Advisor at the Communications Security Establishment Canada (CSEC). Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH in Math and his MSc in Math from Carleton University in Ottawa, Canada. %2 IBM Systems Research Drew Vandeth is the Senior Research Strategist for the National Security Community and a Senior Researcher at IBM Systems Research. He is the founder of the Tutte Institute for Mathematics and Computing (TIMC) and was its first Deputy Director. His research interests include theoretical and computational number theory, contextual and cognitive computing, high performance computing architectures, autonomic and autonomous analytical systems, and research management. Dr. Vandeth holds a PhD in Number Theory from Macquarie University in Sydney, Australia, an MMath in Number Theory from the University of Waterloo, Canada, and a BMath (Hons) in Pure Mathematics, also from the University of Waterloo. %3 Communications Security Establishment Canada D’Arcy Walsh is a Science Advisor at the Communications Security Establishment Canada (CSEC). His research interests include software-engineering methods and techniques that support the development and deployment of dynamic systems, including dynamic languages, dynamic configuration, context-aware systems, and autonomic and autonomous systems. He received his BAH from Queen’s University in Kingston, Canada, and he received his BCS, his MCS, and his PhD in Computer Science from Carleton University in Ottawa, Canada. %R http://doi.org/10.22215/timreview/705 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Securing Canada’s Information-Technology Infrastructure: Context, Principles, and Focus Areas of Cybersecurity Research %A Dan Craigen %A D’Arcy Walsh %A David Whyte %K Canada %K cyberdefence %K cyberinfrastructure %K cybersecurity %K entrepreneurship %K experimental development program %K information-technology infrastructure %K management %K research %X This article addresses the challenges of cybersecurity and ultimately the provision of a stable and resilient information-technology infrastructure for Canada and, more broadly, the world. We describe the context of current cybersecurity challenges by synthesizing key source material whose importance was informed by our own real-world experiences. Furthermore, we present a checklist of guiding principles to a unified response, complete with a set of action-oriented research topics that are linked to known operational limitations. The focus areas are used to drive the formulation of a unified and relevant research and experimental development program, thereby moving us towards a stable and resilient cyberinfrastructure. When cybersecurity is viewed as an inherently interdisciplinary problem of societal concern, we expect that fundamentally new research perspectives will emerge in direct response to domain-specific protection requirements for information-technology infrastructure. Purely technical responses to cybersecurity challenges will be inadequate because human factors are an inherent aspect of the problem. This article will interest managers and entrepreneurs. Senior management teams can assess new technical developments and product releases to fortify their current security solutions, while entrepreneurs can harness new opportunities to commercialize novel technology to solve a high-impact cybersecurity problem.. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 12-18 %8 07/2013 %G eng %U http://timreview.ca/article/704 %N 7 %1 Communications Security Establishment Canada Dan Craigen is a Science Advisor at the Communications Security Establishment Canada (CSEC). Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH in Math and his MSc in Math from Carleton University in Ottawa, Canada. %2 Communications Security Establishment Canada D’Arcy Walsh is a Science Advisor at the Communications Security Establishment Canada (CSEC). His research interests include software-engineering methods and techniques that support the development and deployment of dynamic systems, including dynamic languages, dynamic configuration, context-aware systems, and autonomic and autonomous systems. He received his BAH from Queen’s University in Kingston, Canada, and he received his BCS, his MCS, and his PhD in Computer Science from Carleton University in Ottawa, Canada. %3 Communications Security Establishment Canada David Whyte is the Technical Director for the Cyber Defence Branch at the Communications Security Establishment Canada (CSEC). He is CSEC's technical lead responsible for overseeing the implementation of the next-generation cyberthreat-detection services for the Government of Canada. He has held many positions over the last 16 years within CSEC that span both the Signals Intelligence and Information Technology Security mission lines. David holds a PhD in Computer Science from Carleton University in Ottawa, Canada. The main focus of his research is on the development of network-based behavioural analysis techniques for the detection of rapidly propagating malware. %R http://doi.org/10.22215/timreview/704