SlideShare uma empresa Scribd logo

Trust in Computing_ Analytical Essay_FINAL_15.06.15

L
Louise Collins
1 de 9
Baixar para ler offline
Trust in Computing What is trust, and what is required to establish trust in cyberspace? Describe how trust relates to the attribution problem in online communications, analyse the extent to which trust can -- or cannot -- be built into hardware and software, and, based on your analysis, explain how trust may be created or destroyed by different IT stakeholders (esp. personal users, commercial vendors, and government agencies). Student: Louise Collins Student ID: 198148266 Subject: US-China Relations Subject Code: CISS 6022 Date: 15.05.2015 Word Count: 3027 (3387 including bibliography)
Introduction The purpose of this essay is to investigate and discuss the vital role that trust plays in the relationship stakeholders have with cyberspace. Cyberspace and the implied trust on which it relies, is an enabler for the security of nations, the viability and effectiveness of national economies and the well-being of communities and people. Cyberspace is inherently anarchic and this impacts the way that trust is defined and applied. Cyberspace has no governing body and no formal rules. The resulting assumption is that trust is therefore highly dependent upon individual’s experiences in using the information systems that constitute cyberspace. The analysis in this paper is developed from technical texts and reports, data and material sourced from scholarly articles, reports from industry bodies, a media documentary and press reports. In addressing the essay question the paper firstly defines cyberspace and the concept of trust. This includes an analysis of what erodes trust. The paper then assesses: the application of trust in cyberspace, the capacity for its inclusion in software and hardware, it then evaluates the role that each of the various IT stakeholders performs in the cyber trust relationship. The paper subsequently draws some general conclusions about trust and its role in cyberspace. How is Cyberspace Defined? Richard Clarke and Robert Knake define cyberspace as all the computer networks in the world and everything they connect and control1 . In 2008 the Pentagon assembled a team of experts who defined cyberspace as “the global domain within the information environment consisting of the interdependent network of information technology structures, including the internet, telecommunications networks, computer systems and embedded processors and controllers” 2 . People, governments, military, corporations, financial institutions, hospitals and other businesses collect, transact, process and store information in cyberspace. Its effective operation is based on the premise of trust. What is Trust? At its simplest trust is a facilitator of usage in cyberspace. On a conceptual level, trust helps reduce the level of uncertainty that exists within the realm. It enables stakeholders to overcome any concerns they may have about their interactions with the networks, services, providers, parties, tools and devices that constitute cyberspace. Trust is synonymous with security in cyberspace. It is a very human decision. Phleeger and Phleeger support this approach through their assertion that trust is relative, that it is viewed in context of the user3 . 1 Richard A. Clark and Robert Knake, Cyberware:the next threat to national security and what to do about it, Group U.K, New York, Ecco,Enfield, 2012, p13 2 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p13 3 IBID p245
A key function of trust, given the nature and usages of cyberspace, is that it reflects “the trusting party’s belief that the trusted party will support its plans”4 . An example of this would be the expectation that the purchase of a good or service on-line by Party A, will be processed and provided as required by Party B in a secure and confidential way. The fundamental element here is that trust in cyberspace is reliant on systems behaving and performing as people expect them to5 . With this in mind, trust is a vital factor in performing all activities in cyberspace. It is a reference point that can be used by stakeholders for predicting behaviours as and when they interact with cyberspace. On a practical level, for cyberspace to be regarded as a realm of integrity it must be synonymous with security, performance, privacy. An absence of any one of these elements could result in a reduction of trust by stakeholders. Huang and Nicol, noted these elements whilst assessing the basis of trust for cloud computing - a capability enabled by cyberspace. They went further by stating a spectrum of attributes, or sources, for establishing trust. The sources of trust they listed can be found in Table 1 below6 : Table 1: Sources of Trust The outcomes of implementing the levels of competency highlighted must be that confidence, integrity, and availability - and therefore trust - is established within the system. What is Required to Establish Trust in Cyberspace? What erodes trust in cyberspace? In order to fully understand what is required to establish trust in cyberspace is it also necessary to understand what erodes that trust. 4 Yonghong Wang & Muhindar P.Singh, Evidence Based Trust, ACM Transaction on Autonomous and Adaptive Systems, Vol5m No.3m September 2010, p2 5 Fred B.Schneider, Trust in Cyberspace, Committee on Information Systems Trustworthiness, 1999, p1 6 Jingwei Huang and David M.Nicol, Trust Mechanisms for cloud computing, Journal of Cloud Computing;Advances, Systems and Application 2013,2:9, Springer Open Journal, p6
As mentioned previously, trust depends largely on stakeholder’s experiences of its interactions with cyberspace. It can easily be eroded by perceptions of insecurity. This is supported by the U.S Committee on Information Systems Trustworthiness that likened the application of trust in cyberspace as being:”….highly dependent upon people’s experiences in using a networked information system”7 . Perceptions can easily be influenced by attacks that exploit vulnerabilities in information systems. Botnets can and have been used to access computers allowing monitoring and the capture of personal data. The use and reports of malware such as the worm that attacked Microsoft Windows in the early 2000’s8 , DDOS attacks in Estonia in 2007 and the spread of the cryptic Conficker worm in 20099 , the discovery of Stuxnet in 201010 as well as commentary on attacks on transaction systems11 - all combine to erode the users trust and level of confidence in cyberspace. Even surveillance activities like those revealed by NSA informant Edward Snowden in June 2013 are counterproductive to the concept of trust in cyberspace and deleteriously impact perceptions amongst a broad range of stakeholders. What are the solutions? Given the complex nature of cyberspace, trust must exist on two levels. Singer and Freidman expressed this as follows; ”The user must trust the system and the systems must know how to trust the users.”12 Pfleeger and Pfleeger say that a user will trust system software if it does what is expected and nothing more13 . Specifically, they state that a user will have confidence if an operating system provides the following four services consistently and effectively. They are14 :  Memory protection  File protection  General object access  Authentication For systems to trust users it is very much about establishing integrity. This is achieved in three main ways:  Encryption  Digital Certification  Access Control Policies 7 Fred Schneider, Trust in Cyberspace, Committee on Information Systems Trustworthiness, National Academy Press, Washington D.C, 1999, p16 8 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p44 9 Johannes M.Bauer,Michel J.G Van Eeten, Cybersecurity: Stakeholder, Incentives, externalities and policy options, Telecommunications Policy, 2009, Volume 33, Issue 10/11 , http://www.sciencedirect.com.ezproxy1.library.usyd.edu.au/science/article/pii/S0308596109000986. Last accessed 13 June, 2015 10 BBC Horizon, Defeating the Hackers, http://www.dailymotion.com/video/x1mx144_bbc-horizon-defeating-the-hackers-hd_news, 49:05mins. Last accessed 14 June, 2015. 11 Josh Bavas, Australia Bank fall victim to multi-national hacking attack, ABC News, 17.02.2015. http://www.abc.net.au/news/2015-02- 17/banks-victim-of-multi-national-hacking-attack-security-firm-says/6130370. Last accessed 14 June, 2015 12 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p46 13 Charles W Phleeger and Shari Lawrence Phleeger, Security in Computing, Prentice Hall, New Jersey, 2007, pp26-27 14 Ibid, p 242
Peter Singer and Alan Freidman state that “Modern cryptosystems rely on ‘keys’ as the secret way of coding or decoding information on which trust is built15 . More specifically, they state that asymmetric cryptography provides the fundamental means of, not only keeping information confidential, but enabling the system to detect any tampering16 . Related is digital certification. This is the digital signature that ‘ties together the notion of a digital signature with key cryptography’17 . Singer and Friedman note the vital role certificate authorities play as a source of trust in cyberspace18 . These authorities approve the ‘certificates’ that bind a public key with the users’ identity. They are an essential part of the authentication process from a systems perspective. Hence, they are also essential to establishing trust. The access control policy is a matrix of subjects and objects that tells a system who can do what to whom19 . It is a key measure for ensuring that a system and user can trust each other. Trust and its Relationship to Attribution Attribution relies on trust in a numbers of ways. Primarily it’s through20 :  Identification Trust – a level of assurance in the authenticity and integrity of a users claimed identity.  Authentication Trust – verification and confirmation of a users proclaimed identity  Reputation trust – confirmation and evaluation of an entities standing in a community. It is both mutual and bi-directional. Attribution adds a dimension of complexity to cyberspace. This is because it is difficult to secure and confirm the identity of an attacker even if all the trust elements are in place. Primarily, this is because an ‘attacker’ can capture and utilise other computers - using botnets - to obfuscate their attack. It is also difficult to ascertain the identity of the attacker, their nationality or even the organisation or country that they represent. The information gathered about identity is not the same as proof of identity.21 The proving difficulty was demonstrated during the DDOS attack in Estonia in 2007, mentioned earlier in this paper. Here, the originating state claimed ignorance and an inability to stop the assault.22 China too has used the issue of attribution to claim plausible deniability. When Mandiant released its report exposing Advanced Persistent Threats (APTs) supposedly emanating from China 15 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p47 16 IBID, p46 17 IBID, p47 18 Charles W Phleeger and Shari Lawrence Phleeger, Security in Computing, Prentice Hall, New Jersey, 2007, p89 19 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p33 20 Ravi Sankar Veebhotia and Richa Garg, Managing Trust in Cyberspace, CRC press, Boca Raton, Florida, p247 21 IBID, 2014, p33 22 Chris C. Demchak, Peter Dombrowski, Rise of a Cybered Westphalian Age, Strategic Studies Quarterly, Spring 2011, p34
the Chinese Government responded by stating that it was “..unprofessional and groundless to accuse the Chinese military of launching cyber attacks without conclusive evidence”23 . In the current internet architecture there is no way for receivers to attribute the sources of traffic or senders or for receivers to authorise senders. These deficiencies in attribution leave the internet vulnerable to denial of service, spoofing, phishing and other attacks. With this is mind Singer and Friedman describe ‘proving’ attribution as an “excruciatingly difficult task”.24 Accusations, the inability to positively attribute them, and the ability of ‘attackers’ and actors to deny responsibility, seriously impacts trust. It can contribute significantly to worsening cyber relationships between states. What’s the Extent to Which Trust Can, or Cannot, be Built Into Hardware and Software? Trust can be built into software and hardware systems in a number of ways. Predominantly this is around the concept of authenticating identity through proving “something that you know, something that you have and something that you are”25 . Something that you know is the password or secret code, something that you have may include an ATM card, something that you are is typically a biometric, a human characteristic such as facial, finger print or retina recognition. Other examples are the de-facto authenticators that are used on mobile phones for receiving text messages that contain one time codes26 . Pfleeger and Pfleeger state that trust can be built into software systems if the software has been rigorously developed and tested27 . The problem is that none of the mechanisms detailed above are guaranteed. They all carry limitations. Passwords can be forgotten or stolen or even forged. ATM cards and mobile phones can also be stolen. Biometrics can even be compromised through ‘amputated fingers28 ’, though this is a more unlikely scenario. Even rigorous development and testing can be open to interpretation and poor implementation. Exploits such as time of day to time of use, zero day exploits or even ambiguities or misunderstandings about security policy and procedures29 can also be used to exploit vulnerabilities in software and operating systems. Most organisations have approached cyber security by trying to put increasingly sophisticated defences around their perimeter and within their internal networks structures30 . However, access control mechanisms have also been shown to have some weaknesses. A graphic example of this was illustrated by Edward Snowden’s leaks about the NSA’s PRISM program. Snowden was able to access sensitive controlled data that revealed the extent of the NSA’s surveillance activities31 . 23 Mandiant, APT1, Exposing One of China’s Cyber Espionage Units, 2013, p1 , http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf, Last accessed 1 June, 2015 24 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p75 25 IBID p 32 26 IBID p32 27 Charles W Phleeger and Shari Lawrence Phleeger, Security in Computing, Prentice Hall, New Jersey, 2007, p244 28 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p32 29 Charles W Phleeger and Shari Lawrence Phleeger, Security in Computing, Prentice Hall, New Jersey, 2007, p289 30 McKinsey and Company, Meeting the Cybersecurity Challenge, Insights and Publications, June 2011. http://www.mckinsey.com/insights/business_technology/meeting_the_cybersecurity_challenge, Last accessed 14.June, 2015 31 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p50
However, currently, codes like the RSA algorithm are effective and cannot be cracked. This is because they consist of extremely large prime numbers32 . It is noted though, that that this may all change in the future with the advent of quantum computing33 . In cyberspace there will always be a way to steal someone’s identity or data. This simply reinforces two things: the notion that data is both precious and valuable but that ultimately, trust is a very much an individual human decision. IT Stakeholders Roles in Creating or Destroying Trust. In 2014 the ITU identified that cyberspace, because it lacks direct contact, required particularly high standards of trust and that these standards are required among “individuals, institutions, countries and systems”34 . Some of these are discussed in greater detail below. Personal Users There have been a number of examples of individual users destroying trust in cyber space. Sometimes this is inadvertent such as the USB key that was used to install Stuxnet in an Iranian nuclear power station35 . Singer and Friedman use a similar example of a military officer picking up a USB and inadvertently enabling one of the largest cyber breaches in US military history36 . The most challenging attacks exploit human vulnerabilities rather than technological ones. Increasingly cybercrime is driven from social networking sites to craft phishing attacks or to enable radicalisation37 . Such activities undermine trust in cyberspace. Personal users can help establish trust through simple measures such as password control. More importantly through maintaining awareness of the vulnerabilities inherent in cyberspace they can make adjustments necessary to improve their security. By doing, so their level of trust will also improve. Commercial Vendors Commercial Vendors have a significant role to play in enabling trust. They can do this by making certain that they build and deploy the most secure systems and hardware possible, by implementing thorough development, testing and risk management regimes. Inadequate protocols expose end users to zero day exploits and other malware. Commercial vendors are still able to be manipulated. The Snowden revelations exposed that the U.S Government had targeted weaknesses, in iconic and highly regarded software and hardware products provided by Microsoft, Yahoo, Google and Facebook for espionage purposes38 . These are 32 BBC Horizon, Defeating the Hackers, http://www.dailymotion.com/video/x1mx144_bbc-horizon-defeating-the-hackers-hd_news, 20:35mins. Last accessed 14 June, 2015. 33 IBID, 21.00mins 34 ITU, Building Trust in Cyberspace:Taking Stock, Looking Ahead, WSIS+10 Transcript, Geneva, Switzerland, June 2014, p4. 35 BBC Horizon, Defeating the Hackers, http://www.dailymotion.com/video/x1mx144_bbc-horizon-defeating-the-hackers-hd_news, 57:00mins. Last accessed 14 June, 2015 36 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p32 37 McKinsey and Company, Meeting the Cybersecurity Challenge, Insights and Publications, June 2011. http://www.mckinsey.com/insights/business_technology/meeting_the_cybersecurity_challenge, Last accessed 14.June, 2015 38 PRISM overview slides. IC on the Record. Office of the US Director of National Intelligence – Tumlr Site, https://nsa.gov1.info/dni/prism.html, Last accessed 6 June2015
providers with whom nearly every end user would interact with nearly every day. Revelations such as these do not instil trust in personal users, governments or even other service providers. The disclosures contributed significantly to the deterioration of the cyber relationship between the U.S and China. Governments Governments have a significant role to play in enabling trust – particularly when critical infrastructure such as health care, financial, power and military systems are all dependent upon the trustworthy and effective operation of cyberspace. On a government level the International Telecommunications Union (ITU) identified four points for building trust in cyberspace. They proposed that governments39 :  Ensure sufficient technical safeguards are implemented across networks.  Establish a legal and regulatory framework to enable better network management.  Enable and build digital awareness, particularly amongst end users.  Provide political assurances – explicitly making governments more accountable for violation of personal data privacy and ensuring there are checks and balances in place. Specifically, the ITU has stated that it believes that greater cooperation, amongst governments, is needed to mitigate the risks posed by cyberspace and hence, the level of trust available within it. What Can Be Concluded About Trust in Cyberspace? Ultimately, the full utilisation of cyberspace - by all stakeholders - requires trust with an element of risk, all within the midst of uncertainty. For over 3.14 billion internet users40 (and growing) it is a risk worth taking. Cyberspace is constantly changing. The technologies that apply in the future will alter the way people use cyberspace as well as the rules that guide it. Likewise, user’s expectations of cyberspace are also evolving. Whatever occurs, trust matters! Its reach and importance in the ongoing development and usage of the cyberspace is highly dependent upon it. Trust requires, and will continue to require, vigilance on the part of all users, those who enable the operations of the internet and on Governments who create the policies to enable its operation. 39 ITU, Building Trust in Cyberspace:Taking Stock, Looking Ahead, WSIS+10 Transcript, Geneva, Switzerland, June 2014, p15 40 Internet Users in the World: http://www.internetlivestats.com * Estimate as at June 14 2015
Bibliography  Richard A. Clark and Robert Knake, Cyberware:the next threat to national security and what to do about it, Group U.K, New York, Ecco,Enfield, 2012  P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014  Ravi Sankar Veerubhotla and Richa Garg, Managing trust in Cyberspace, CRC Press, Boco Raton, Florida, 2008  Yonghong Wang & Muhindar P.Singh, Evidence Based Trust, ACM Transaction on Autonomous and Adaptive Systems, Vol5, No.3 September 2010  Fred B.Schneider, Trust in Cyberspace, Committee on Information Systems Trustworthiness, National Academy Press, Washington D.C, 1999  Charles W Phleeger and Shari Lawrence Phleeger, Security in Computing, Prentice Hall, New Jersey, 2007  Chris C. Demchak, Peter Dombrowski, Rise of a Cybered Westphalian Age, Strategic Studies Quarterly, Spring 2011  ITU, Building Trust in Cyberspace:Taking Stock, Looking Ahead, WSIS+10 Transcript, Geneva, Switzerland, June 2014  Jingwei Huang and David M.Nicol, Trust Mechanisms for cloud computing, Journal of Cloud Computing;Advances, Systems and Application 2013,2:9, Springer Open Journal  Hauke Johannes Geirow, Cyber Security in China: New Political Leadership Focuses on Boosting National Security, Merics, China Monitor, Number 20, 9.12.2014  Mandiant, APT1, Exposing One of China’s Cyber Espionage Units, 2013http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf  PRISM overview slides. IC on the Record. Office of the US Director of National Intelligence – Tumlr Site, https://nsa.gov1.info/dni/prism.html,  BBC Horizon, Defeating the Hackers, http://www.dailymotion.com/video/x1mx144_bbc-horizon- defeating-the-hackers-hd_news,  McKinsey and Company, Meeting the Cybersecurity Challenge, Insights and Publications, June 2011. http://www.mckinsey.com/insights/business_technology/meeting_the_cybersecurity_challenge, Last accessed 14.June, 2015  Craig A Shue and Brent Lagesse, Embracing the Cloud for Better Cybersecurity, Washington University Publications, Cyberspace Science and Information Intelligence Research (Reference Text) http://faculty.washington.edu/lagesse/publications/cloudsecurity.pdf

Recomendados

Cnvalg 0516-ab notitie pensioen
Cnvalg 0516-ab notitie pensioenCnvalg 0516-ab notitie pensioen
Cnvalg 0516-ab notitie pensioen
Hans Hemmes
 
Anexo familias logicas 4 a eo (1)
Anexo familias logicas 4 a eo (1)Anexo familias logicas 4 a eo (1)
Anexo familias logicas 4 a eo (1)
Josue Om
 
Brief aan kamer over langdurige werkloosheid
Brief aan kamer over langdurige werkloosheidBrief aan kamer over langdurige werkloosheid
Brief aan kamer over langdurige werkloosheid
Hans Hemmes
 
новорічне свято в нвк№3
новорічне свято в нвк№3новорічне свято в нвк№3
новорічне свято в нвк№3
Руслан Симивол
 
Thesis presentation JA
Thesis presentation JAThesis presentation JA
Thesis presentation JA
Jamaal Abubakar
 
Presentación2
Presentación2Presentación2
Presentación2
mauricioromero0601
 
новорічні заходи. білицька зош №10
новорічні заходи. білицька зош №10новорічні заходи. білицька зош №10
новорічні заходи. білицька зош №10
Руслан Симивол
 
Major Essay_ US-China Relations_FINAL
Major Essay_ US-China Relations_FINALMajor Essay_ US-China Relations_FINAL
Major Essay_ US-China Relations_FINAL
Louise Collins
 

Recomendados

Cnvalg 0516-ab notitie pensioen
Cnvalg 0516-ab notitie pensioenCnvalg 0516-ab notitie pensioen
Cnvalg 0516-ab notitie pensioen
Hans Hemmes
 
Anexo familias logicas 4 a eo (1)
Anexo familias logicas 4 a eo (1)Anexo familias logicas 4 a eo (1)
Anexo familias logicas 4 a eo (1)
Josue Om
 
Brief aan kamer over langdurige werkloosheid
Brief aan kamer over langdurige werkloosheidBrief aan kamer over langdurige werkloosheid
Brief aan kamer over langdurige werkloosheid
Hans Hemmes
 
новорічне свято в нвк№3
новорічне свято в нвк№3новорічне свято в нвк№3
новорічне свято в нвк№3
Руслан Симивол
 
Thesis presentation JA
Thesis presentation JAThesis presentation JA
Thesis presentation JA
Jamaal Abubakar
 
Presentación2
Presentación2Presentación2
Presentación2
mauricioromero0601
 
новорічні заходи. білицька зош №10
новорічні заходи. білицька зош №10новорічні заходи. білицька зош №10
новорічні заходи. білицька зош №10
Руслан Симивол
 
Major Essay_ US-China Relations_FINAL
Major Essay_ US-China Relations_FINALMajor Essay_ US-China Relations_FINAL
Major Essay_ US-China Relations_FINAL
Louise Collins
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
Christy Abraham Joy
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
Vit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
MindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
RachelPearson36
 

Mais conteúdo relacionado

Destaque

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 

Destaque (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Trust in Computing_ Analytical Essay_FINAL_15.06.15

  • 1. Trust in Computing What is trust, and what is required to establish trust in cyberspace? Describe how trust relates to the attribution problem in online communications, analyse the extent to which trust can -- or cannot -- be built into hardware and software, and, based on your analysis, explain how trust may be created or destroyed by different IT stakeholders (esp. personal users, commercial vendors, and government agencies). Student: Louise Collins Student ID: 198148266 Subject: US-China Relations Subject Code: CISS 6022 Date: 15.05.2015 Word Count: 3027 (3387 including bibliography)
  • 2. Introduction The purpose of this essay is to investigate and discuss the vital role that trust plays in the relationship stakeholders have with cyberspace. Cyberspace and the implied trust on which it relies, is an enabler for the security of nations, the viability and effectiveness of national economies and the well-being of communities and people. Cyberspace is inherently anarchic and this impacts the way that trust is defined and applied. Cyberspace has no governing body and no formal rules. The resulting assumption is that trust is therefore highly dependent upon individual’s experiences in using the information systems that constitute cyberspace. The analysis in this paper is developed from technical texts and reports, data and material sourced from scholarly articles, reports from industry bodies, a media documentary and press reports. In addressing the essay question the paper firstly defines cyberspace and the concept of trust. This includes an analysis of what erodes trust. The paper then assesses: the application of trust in cyberspace, the capacity for its inclusion in software and hardware, it then evaluates the role that each of the various IT stakeholders performs in the cyber trust relationship. The paper subsequently draws some general conclusions about trust and its role in cyberspace. How is Cyberspace Defined? Richard Clarke and Robert Knake define cyberspace as all the computer networks in the world and everything they connect and control1 . In 2008 the Pentagon assembled a team of experts who defined cyberspace as “the global domain within the information environment consisting of the interdependent network of information technology structures, including the internet, telecommunications networks, computer systems and embedded processors and controllers” 2 . People, governments, military, corporations, financial institutions, hospitals and other businesses collect, transact, process and store information in cyberspace. Its effective operation is based on the premise of trust. What is Trust? At its simplest trust is a facilitator of usage in cyberspace. On a conceptual level, trust helps reduce the level of uncertainty that exists within the realm. It enables stakeholders to overcome any concerns they may have about their interactions with the networks, services, providers, parties, tools and devices that constitute cyberspace. Trust is synonymous with security in cyberspace. It is a very human decision. Phleeger and Phleeger support this approach through their assertion that trust is relative, that it is viewed in context of the user3 . 1 Richard A. Clark and Robert Knake, Cyberware:the next threat to national security and what to do about it, Group U.K, New York, Ecco,Enfield, 2012, p13 2 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p13 3 IBID p245
  • 3. A key function of trust, given the nature and usages of cyberspace, is that it reflects “the trusting party’s belief that the trusted party will support its plans”4 . An example of this would be the expectation that the purchase of a good or service on-line by Party A, will be processed and provided as required by Party B in a secure and confidential way. The fundamental element here is that trust in cyberspace is reliant on systems behaving and performing as people expect them to5 . With this in mind, trust is a vital factor in performing all activities in cyberspace. It is a reference point that can be used by stakeholders for predicting behaviours as and when they interact with cyberspace. On a practical level, for cyberspace to be regarded as a realm of integrity it must be synonymous with security, performance, privacy. An absence of any one of these elements could result in a reduction of trust by stakeholders. Huang and Nicol, noted these elements whilst assessing the basis of trust for cloud computing - a capability enabled by cyberspace. They went further by stating a spectrum of attributes, or sources, for establishing trust. The sources of trust they listed can be found in Table 1 below6 : Table 1: Sources of Trust The outcomes of implementing the levels of competency highlighted must be that confidence, integrity, and availability - and therefore trust - is established within the system. What is Required to Establish Trust in Cyberspace? What erodes trust in cyberspace? In order to fully understand what is required to establish trust in cyberspace is it also necessary to understand what erodes that trust. 4 Yonghong Wang & Muhindar P.Singh, Evidence Based Trust, ACM Transaction on Autonomous and Adaptive Systems, Vol5m No.3m September 2010, p2 5 Fred B.Schneider, Trust in Cyberspace, Committee on Information Systems Trustworthiness, 1999, p1 6 Jingwei Huang and David M.Nicol, Trust Mechanisms for cloud computing, Journal of Cloud Computing;Advances, Systems and Application 2013,2:9, Springer Open Journal, p6
  • 4. As mentioned previously, trust depends largely on stakeholder’s experiences of its interactions with cyberspace. It can easily be eroded by perceptions of insecurity. This is supported by the U.S Committee on Information Systems Trustworthiness that likened the application of trust in cyberspace as being:”….highly dependent upon people’s experiences in using a networked information system”7 . Perceptions can easily be influenced by attacks that exploit vulnerabilities in information systems. Botnets can and have been used to access computers allowing monitoring and the capture of personal data. The use and reports of malware such as the worm that attacked Microsoft Windows in the early 2000’s8 , DDOS attacks in Estonia in 2007 and the spread of the cryptic Conficker worm in 20099 , the discovery of Stuxnet in 201010 as well as commentary on attacks on transaction systems11 - all combine to erode the users trust and level of confidence in cyberspace. Even surveillance activities like those revealed by NSA informant Edward Snowden in June 2013 are counterproductive to the concept of trust in cyberspace and deleteriously impact perceptions amongst a broad range of stakeholders. What are the solutions? Given the complex nature of cyberspace, trust must exist on two levels. Singer and Freidman expressed this as follows; ”The user must trust the system and the systems must know how to trust the users.”12 Pfleeger and Pfleeger say that a user will trust system software if it does what is expected and nothing more13 . Specifically, they state that a user will have confidence if an operating system provides the following four services consistently and effectively. They are14 :  Memory protection  File protection  General object access  Authentication For systems to trust users it is very much about establishing integrity. This is achieved in three main ways:  Encryption  Digital Certification  Access Control Policies 7 Fred Schneider, Trust in Cyberspace, Committee on Information Systems Trustworthiness, National Academy Press, Washington D.C, 1999, p16 8 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p44 9 Johannes M.Bauer,Michel J.G Van Eeten, Cybersecurity: Stakeholder, Incentives, externalities and policy options, Telecommunications Policy, 2009, Volume 33, Issue 10/11 , http://www.sciencedirect.com.ezproxy1.library.usyd.edu.au/science/article/pii/S0308596109000986. Last accessed 13 June, 2015 10 BBC Horizon, Defeating the Hackers, http://www.dailymotion.com/video/x1mx144_bbc-horizon-defeating-the-hackers-hd_news, 49:05mins. Last accessed 14 June, 2015. 11 Josh Bavas, Australia Bank fall victim to multi-national hacking attack, ABC News, 17.02.2015. http://www.abc.net.au/news/2015-02- 17/banks-victim-of-multi-national-hacking-attack-security-firm-says/6130370. Last accessed 14 June, 2015 12 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p46 13 Charles W Phleeger and Shari Lawrence Phleeger, Security in Computing, Prentice Hall, New Jersey, 2007, pp26-27 14 Ibid, p 242
  • 5. Peter Singer and Alan Freidman state that “Modern cryptosystems rely on ‘keys’ as the secret way of coding or decoding information on which trust is built15 . More specifically, they state that asymmetric cryptography provides the fundamental means of, not only keeping information confidential, but enabling the system to detect any tampering16 . Related is digital certification. This is the digital signature that ‘ties together the notion of a digital signature with key cryptography’17 . Singer and Friedman note the vital role certificate authorities play as a source of trust in cyberspace18 . These authorities approve the ‘certificates’ that bind a public key with the users’ identity. They are an essential part of the authentication process from a systems perspective. Hence, they are also essential to establishing trust. The access control policy is a matrix of subjects and objects that tells a system who can do what to whom19 . It is a key measure for ensuring that a system and user can trust each other. Trust and its Relationship to Attribution Attribution relies on trust in a numbers of ways. Primarily it’s through20 :  Identification Trust – a level of assurance in the authenticity and integrity of a users claimed identity.  Authentication Trust – verification and confirmation of a users proclaimed identity  Reputation trust – confirmation and evaluation of an entities standing in a community. It is both mutual and bi-directional. Attribution adds a dimension of complexity to cyberspace. This is because it is difficult to secure and confirm the identity of an attacker even if all the trust elements are in place. Primarily, this is because an ‘attacker’ can capture and utilise other computers - using botnets - to obfuscate their attack. It is also difficult to ascertain the identity of the attacker, their nationality or even the organisation or country that they represent. The information gathered about identity is not the same as proof of identity.21 The proving difficulty was demonstrated during the DDOS attack in Estonia in 2007, mentioned earlier in this paper. Here, the originating state claimed ignorance and an inability to stop the assault.22 China too has used the issue of attribution to claim plausible deniability. When Mandiant released its report exposing Advanced Persistent Threats (APTs) supposedly emanating from China 15 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p47 16 IBID, p46 17 IBID, p47 18 Charles W Phleeger and Shari Lawrence Phleeger, Security in Computing, Prentice Hall, New Jersey, 2007, p89 19 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p33 20 Ravi Sankar Veebhotia and Richa Garg, Managing Trust in Cyberspace, CRC press, Boca Raton, Florida, p247 21 IBID, 2014, p33 22 Chris C. Demchak, Peter Dombrowski, Rise of a Cybered Westphalian Age, Strategic Studies Quarterly, Spring 2011, p34
  • 6. the Chinese Government responded by stating that it was “..unprofessional and groundless to accuse the Chinese military of launching cyber attacks without conclusive evidence”23 . In the current internet architecture there is no way for receivers to attribute the sources of traffic or senders or for receivers to authorise senders. These deficiencies in attribution leave the internet vulnerable to denial of service, spoofing, phishing and other attacks. With this is mind Singer and Friedman describe ‘proving’ attribution as an “excruciatingly difficult task”.24 Accusations, the inability to positively attribute them, and the ability of ‘attackers’ and actors to deny responsibility, seriously impacts trust. It can contribute significantly to worsening cyber relationships between states. What’s the Extent to Which Trust Can, or Cannot, be Built Into Hardware and Software? Trust can be built into software and hardware systems in a number of ways. Predominantly this is around the concept of authenticating identity through proving “something that you know, something that you have and something that you are”25 . Something that you know is the password or secret code, something that you have may include an ATM card, something that you are is typically a biometric, a human characteristic such as facial, finger print or retina recognition. Other examples are the de-facto authenticators that are used on mobile phones for receiving text messages that contain one time codes26 . Pfleeger and Pfleeger state that trust can be built into software systems if the software has been rigorously developed and tested27 . The problem is that none of the mechanisms detailed above are guaranteed. They all carry limitations. Passwords can be forgotten or stolen or even forged. ATM cards and mobile phones can also be stolen. Biometrics can even be compromised through ‘amputated fingers28 ’, though this is a more unlikely scenario. Even rigorous development and testing can be open to interpretation and poor implementation. Exploits such as time of day to time of use, zero day exploits or even ambiguities or misunderstandings about security policy and procedures29 can also be used to exploit vulnerabilities in software and operating systems. Most organisations have approached cyber security by trying to put increasingly sophisticated defences around their perimeter and within their internal networks structures30 . However, access control mechanisms have also been shown to have some weaknesses. A graphic example of this was illustrated by Edward Snowden’s leaks about the NSA’s PRISM program. Snowden was able to access sensitive controlled data that revealed the extent of the NSA’s surveillance activities31 . 23 Mandiant, APT1, Exposing One of China’s Cyber Espionage Units, 2013, p1 , http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf, Last accessed 1 June, 2015 24 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p75 25 IBID p 32 26 IBID p32 27 Charles W Phleeger and Shari Lawrence Phleeger, Security in Computing, Prentice Hall, New Jersey, 2007, p244 28 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p32 29 Charles W Phleeger and Shari Lawrence Phleeger, Security in Computing, Prentice Hall, New Jersey, 2007, p289 30 McKinsey and Company, Meeting the Cybersecurity Challenge, Insights and Publications, June 2011. http://www.mckinsey.com/insights/business_technology/meeting_the_cybersecurity_challenge, Last accessed 14.June, 2015 31 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p50
  • 7. However, currently, codes like the RSA algorithm are effective and cannot be cracked. This is because they consist of extremely large prime numbers32 . It is noted though, that that this may all change in the future with the advent of quantum computing33 . In cyberspace there will always be a way to steal someone’s identity or data. This simply reinforces two things: the notion that data is both precious and valuable but that ultimately, trust is a very much an individual human decision. IT Stakeholders Roles in Creating or Destroying Trust. In 2014 the ITU identified that cyberspace, because it lacks direct contact, required particularly high standards of trust and that these standards are required among “individuals, institutions, countries and systems”34 . Some of these are discussed in greater detail below. Personal Users There have been a number of examples of individual users destroying trust in cyber space. Sometimes this is inadvertent such as the USB key that was used to install Stuxnet in an Iranian nuclear power station35 . Singer and Friedman use a similar example of a military officer picking up a USB and inadvertently enabling one of the largest cyber breaches in US military history36 . The most challenging attacks exploit human vulnerabilities rather than technological ones. Increasingly cybercrime is driven from social networking sites to craft phishing attacks or to enable radicalisation37 . Such activities undermine trust in cyberspace. Personal users can help establish trust through simple measures such as password control. More importantly through maintaining awareness of the vulnerabilities inherent in cyberspace they can make adjustments necessary to improve their security. By doing, so their level of trust will also improve. Commercial Vendors Commercial Vendors have a significant role to play in enabling trust. They can do this by making certain that they build and deploy the most secure systems and hardware possible, by implementing thorough development, testing and risk management regimes. Inadequate protocols expose end users to zero day exploits and other malware. Commercial vendors are still able to be manipulated. The Snowden revelations exposed that the U.S Government had targeted weaknesses, in iconic and highly regarded software and hardware products provided by Microsoft, Yahoo, Google and Facebook for espionage purposes38 . These are 32 BBC Horizon, Defeating the Hackers, http://www.dailymotion.com/video/x1mx144_bbc-horizon-defeating-the-hackers-hd_news, 20:35mins. Last accessed 14 June, 2015. 33 IBID, 21.00mins 34 ITU, Building Trust in Cyberspace:Taking Stock, Looking Ahead, WSIS+10 Transcript, Geneva, Switzerland, June 2014, p4. 35 BBC Horizon, Defeating the Hackers, http://www.dailymotion.com/video/x1mx144_bbc-horizon-defeating-the-hackers-hd_news, 57:00mins. Last accessed 14 June, 2015 36 P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014, p32 37 McKinsey and Company, Meeting the Cybersecurity Challenge, Insights and Publications, June 2011. http://www.mckinsey.com/insights/business_technology/meeting_the_cybersecurity_challenge, Last accessed 14.June, 2015 38 PRISM overview slides. IC on the Record. Office of the US Director of National Intelligence – Tumlr Site, https://nsa.gov1.info/dni/prism.html, Last accessed 6 June2015
  • 8. providers with whom nearly every end user would interact with nearly every day. Revelations such as these do not instil trust in personal users, governments or even other service providers. The disclosures contributed significantly to the deterioration of the cyber relationship between the U.S and China. Governments Governments have a significant role to play in enabling trust – particularly when critical infrastructure such as health care, financial, power and military systems are all dependent upon the trustworthy and effective operation of cyberspace. On a government level the International Telecommunications Union (ITU) identified four points for building trust in cyberspace. They proposed that governments39 :  Ensure sufficient technical safeguards are implemented across networks.  Establish a legal and regulatory framework to enable better network management.  Enable and build digital awareness, particularly amongst end users.  Provide political assurances – explicitly making governments more accountable for violation of personal data privacy and ensuring there are checks and balances in place. Specifically, the ITU has stated that it believes that greater cooperation, amongst governments, is needed to mitigate the risks posed by cyberspace and hence, the level of trust available within it. What Can Be Concluded About Trust in Cyberspace? Ultimately, the full utilisation of cyberspace - by all stakeholders - requires trust with an element of risk, all within the midst of uncertainty. For over 3.14 billion internet users40 (and growing) it is a risk worth taking. Cyberspace is constantly changing. The technologies that apply in the future will alter the way people use cyberspace as well as the rules that guide it. Likewise, user’s expectations of cyberspace are also evolving. Whatever occurs, trust matters! Its reach and importance in the ongoing development and usage of the cyberspace is highly dependent upon it. Trust requires, and will continue to require, vigilance on the part of all users, those who enable the operations of the internet and on Governments who create the policies to enable its operation. 39 ITU, Building Trust in Cyberspace:Taking Stock, Looking Ahead, WSIS+10 Transcript, Geneva, Switzerland, June 2014, p15 40 Internet Users in the World: http://www.internetlivestats.com * Estimate as at June 14 2015
  • 9. Bibliography  Richard A. Clark and Robert Knake, Cyberware:the next threat to national security and what to do about it, Group U.K, New York, Ecco,Enfield, 2012  P.W Singer and Allan Friedman, Cybersecurity and Cyberwar, What Everyone Needs to Know, Oxford University Press, 2014  Ravi Sankar Veerubhotla and Richa Garg, Managing trust in Cyberspace, CRC Press, Boco Raton, Florida, 2008  Yonghong Wang & Muhindar P.Singh, Evidence Based Trust, ACM Transaction on Autonomous and Adaptive Systems, Vol5, No.3 September 2010  Fred B.Schneider, Trust in Cyberspace, Committee on Information Systems Trustworthiness, National Academy Press, Washington D.C, 1999  Charles W Phleeger and Shari Lawrence Phleeger, Security in Computing, Prentice Hall, New Jersey, 2007  Chris C. Demchak, Peter Dombrowski, Rise of a Cybered Westphalian Age, Strategic Studies Quarterly, Spring 2011  ITU, Building Trust in Cyberspace:Taking Stock, Looking Ahead, WSIS+10 Transcript, Geneva, Switzerland, June 2014  Jingwei Huang and David M.Nicol, Trust Mechanisms for cloud computing, Journal of Cloud Computing;Advances, Systems and Application 2013,2:9, Springer Open Journal  Hauke Johannes Geirow, Cyber Security in China: New Political Leadership Focuses on Boosting National Security, Merics, China Monitor, Number 20, 9.12.2014  Mandiant, APT1, Exposing One of China’s Cyber Espionage Units, 2013http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf  PRISM overview slides. IC on the Record. Office of the US Director of National Intelligence – Tumlr Site, https://nsa.gov1.info/dni/prism.html,  BBC Horizon, Defeating the Hackers, http://www.dailymotion.com/video/x1mx144_bbc-horizon- defeating-the-hackers-hd_news,  McKinsey and Company, Meeting the Cybersecurity Challenge, Insights and Publications, June 2011. http://www.mckinsey.com/insights/business_technology/meeting_the_cybersecurity_challenge, Last accessed 14.June, 2015  Craig A Shue and Brent Lagesse, Embracing the Cloud for Better Cybersecurity, Washington University Publications, Cyberspace Science and Information Intelligence Research (Reference Text) http://faculty.washington.edu/lagesse/publications/cloudsecurity.pdf