Cyber Resilience, Dependability and Security

Angela Mison, Gareth Davies*, Peter Eden

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Downloads (Pure)

Abstract

There is a continuing skills shortage associated with digital security and DevSecOps (World Economic Forum, 2023), but this paper argues that is due to non-recognition that it is time for cyber security and/or digital security to be defined, and a further separation of specialisms in computing to be made apparent. This has become increasingly important when considering Artificial Intelligence. The problem is not new. This paper presents a refinement of the principles suggested by Milner (2007) of using a model to describe behaviour and organise software, grappling with seemingly intractable and complex problems which cross boundaries between different systems: engineering, technological, social, economic, legal, and political, each with a distinct perspective and goal. It emphasises Hoare’s (1996) assertion that system failures are largely due to failed analysis impacting development of resilient systems. It argues that there are dichotomies between resilience – a system security/safety perspective, dependability – a user/consumer perspective, and security – a technology perspective. Many proposed systems to date have conflated these perspectives in the secure by design paradigm which requires a depth of knowledge and expertise. Unicorns are rare. This paper suggests how to overcome the skills shortage utilising the skill sets that are available in a manner that maximises the contribution to digital security. Recognising that not everyone and everything needs to communicate with the world reduces complexity and can increase trust. Concentration on the operational purpose of a system, resulting in an Operational Design Domain (ODD) reduces complexity further. Additional reduction in complexity is achieved by placing resilience in an engineering and programming development context, grounded in acceptable behaviours, while accepting dependability as a user expectation of system behaviour, and cyber security as a separate specialism addressing access to systems and infrastructure. Much of this paper is a reversion to defensive programming through the ODD. There is a need for any solution to the skills shortage be scalable and economic, and this paper suggests how that can be achieved using existing skill sets targeted at their specialisms.
Original languageEnglish
Title of host publicationProceedings of the 19th International Conference on Cyber Warfare and Security, ICCWS 2024
Subtitle of host publicationUniversity of Johannesburg South Africa 26-27 March 2024
EditorsJaco du Toit, Brett van Niekerk
Place of PublicationJohannesburg, SA
PublisherUniversity of Johannesburg
Pages177-184
Number of pages8
Volume19 (1)
ISBN (Electronic)978-1-914587-97-9
ISBN (Print)978-1-914587-96-2
DOIs
Publication statusPublished - 21 Mar 2024
Event19th International Conference on Cyber Warfare and Security (ICCWS 2024) - University of Johannesburg, Johannesburg, South Africa
Duration: 26 Mar 202427 Mar 2024
Conference number: 19th
https://www.academic-conferences.org/conferences/iccws/

Publication series

NameInternational Conference on Cyber Warfare and Security
ISSN (Print)2048-9870
ISSN (Electronic)2048-9889

Conference

Conference19th International Conference on Cyber Warfare and Security (ICCWS 2024)
Abbreviated titleICCWS 2024
Country/TerritorySouth Africa
CityJohannesburg
Period26/03/2427/03/24
Internet address

Keywords

  • Cyber security
  • resilience
  • dependability
  • digital forensics

Fingerprint

Dive into the research topics of 'Cyber Resilience, Dependability and Security'. Together they form a unique fingerprint.

Cite this