Cyber Resilience, Societal Situational Awareness for SME

In our paper, we describe the landscape that has led to the realization from the nineties of the last century that cyber is a social good: "Cyber is a social good, "said Cybersecurity and Infrastructure Security Agency Director Jen Easterly. "It's about societal resilience. And m...

Full description

Saved in:
Bibliographic Details
Published in2023 IEEE International Conference on Cyber Security and Resilience (CSR) pp. 458 - 463
Main Authors van Kranenburg, Rob, Bohara, Rohit, Yahalom, Raphael, Ross, Mirko
Format Conference Proceeding
LanguageEnglish
Published IEEE 31.07.2023
Subjects
Cyber threat intelligence
Ecosystems
Europe
Industries
Real-time systems
Regulation
Supply chains
Online AccessGet full text
DOI10.1109/CSR57506.2023.10225011

Cover

More Information
Summary:In our paper, we describe the landscape that has led to the realization from the nineties of the last century that cyber is a social good: "Cyber is a social good, "said Cybersecurity and Infrastructure Security Agency Director Jen Easterly. "It's about societal resilience. And my last message (at CES 2023) is that we need to fundamentally change the relationship between government and industry." This realization is build upon the belief that trust can be reinvented on three levels: that of data chains in devices, information chains in the supply chain (can I trust my supplier, my client), and trust in the realness, the 'reality' level of the contexts evoked by these chains in an age of deep fakes, Chat GPT and the Metaverse. We argue that there is a crisis of trust on all levels, a crisis which inevitability is part of the digital turn itself. As we move, as Mark Weiser wrote in his seminal text The Computer for the 21st century, to a form of computing that will disappear into "the fabric of everyday life", and will only succeed as a success when it disappears fully from the experience of humans. It is the infrastructure itself that acquires a new layer and becomes 'smart'. It has become an integral part of society that was before governed by rules of the kinetic realities of the world. These rules were built with certain threats in mind. The hybrid reality, layers of analogue/kinetic that interact sometimes, leads to new everyday practices that become social behavior. Leveling new threats then indeed becomes a social good. We argue that this is especially the case for small and medium-sized enterprises (SMEs), who by forming 99% of all business in Europe, not only pose a large fragmented threat vector, but also they are fighting cybercrime in isolation. We purpose a novel solution to exchange cybersecurity risk information with context among SMEs in a peer to peer mesh network. Additionally, a graph based risk analysis and prioritization method which takes into account the context information of assets and their environment.
DOI:10.1109/CSR57506.2023.10225011