Presented at the Oslo Polytenisk-forening . "Cybersikkerhet-implikasjoner for samfunnet og demokratiet: Er vår nasjonale sikkerhet trutet. Cyber Security its implications for the Norwegian Society
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Mind the gap : Is Norway Security Enough in Cyber Space
1. Mind the Gap
Stewart Kowalski (stewart.kowalski@ntnu.no)
Department of Information Security and
Communication Technology
«Vær oppmerksom på avstanden
mellom de og den «Norsk» digital
plattforms»
2. 2
Overview
• A socio-technical security perspective of the “cyber”
security situations for individuals, organization,
nations and societies.
• Some of the on going work at NTNU-Gjøvik to frame
the discussion to help create adequate and fit for
purpose cyber security for Norway, the Nordics
countires and beyond.
7. Cyber Security Skill Shortage
“A 2015 report from Cisco puts the global figure at one million
cybersecurity job openings. Demand is expected to rise to 6
million globally by 2019, with a projected shortfall of 1.5 million,
says Michael Brown, CEO at Symantec, the world’s largest
security software vendor.”
https://www.forbes.com/sites/stevemorgan/2016/01/02/one-
million-cybersecurity-job-openings-in-2016/#764a33b27ea2
https://www.cisco.com/c/dam/en/us/products/collateral/security/cybersecurity-talent.pdf
Demand
&
Education
Output
2000
Demand
OutputGap
2019
10. The Problem (Technological Determinism vs Socio-Constructivism)
https://www.youtube.com/watch?v=uOrG6jfBzEU
The School of Athens
11. The Problem: Learning how to think about secure computers and technology
land earning how to work with computers and technology
https://oldplay.dsv.su.se/hypercaster/3762/width=640/height=360/link.js
Teach them to
coding and
encryption
first.
Teach them to
think about
secure systems
first.
12. All the world “including Norway “!)
is made
of faith, trust and pixie dust
by either
well educated or poorly educated
socio-technical systems designers
14. PROBLEM 1
“IKT” research funding development, adoption and
implementation is driven to a large extent by “hype” and
security issue and other constraints are neither thought
about or taught correctly!
16. PROBLEM 1
research and development, adoption and implementation is
driven to a large extent by “hype” and security issue and
other constraints are neither thought about or taught
correctly!
Do you want
to buy a
parachute?
What ???????
We need to
make this
thing a light as
possiblle!
17. PROBLEM 1
ICT research and development, adoption and
implementation is driven to a large extent by “hype” and
security issue and other constraints are neither thought
about or taught correctly correctly!
http://ca.news.yahoo.com/blogs/good-news/airplane-recovery-parachute-saves-three-
lives-connecticut-crash-171749029.html
18. PROBLEM 1
Computer and Media Technology research and
development, adoption and implementation is driven to a
large extent by “hype” and security issue and other
constraints are neither thought about or taught correctly
correctly!
19. Kunnskap for en bedre verden
Information system components:
● Data and information
● Software, applications, services
● Hardware, network, infrastructure
● Humans, users, management
● Organisation, society
Federal Research and Development Strategic Plan
20.
21. !The Problem!
There is always a Security GAP (social-technical and socio-technical with new technology !
22. Why Do We Model
Some like to undestand what they believe in.
Others like to believe in what they understand.
(Stainslaw Jerzy Lec)
Which one are you?
Niave Mental Models
”engineering vs science”
23. “You continually need to learn to mange yourself and
your organization or society efficient and effectively
with incentives and disincentive or you will end up
being managed by your enemies or near friends. “
The Information Security Management Group
researches and teaches critical thinking in,
theoretical, empirical, applied and clinical methods
and techniques to
model, measure, manage
i.e. govern
information security management system’s
strengths (security, privacy) and weaknesses (Risk)
at the
individual,
organization
and
nation
levels.
Information Security Management and Privacy Group (ISMG)
! Manage or be Managed !
24. The Socio Technical Systems Approach
(PAST) • Eric Trist and Ken Bamforth etc
– 1950
– Coal mine
– Three levels
• primary work system
• the whole organization
• macro-social phenomena
Interesting Link but bad sound
https://www.youtube.com/watch?v=O
Uqtmo8vmz0
Interesting Link 25 minutes
https://www.youtube.com/watch?v=O
Uqtmo8vmz0
28. IMIT 4115
IT Rhetoric for Seucurity and
Risk Managment
Stewart Kowalski Ph.D
Professor Information Security
28
stewart.kowalski@ntnu.no
29. 29
SikkertNOK på NTNU Campus
Gjøvik. oktober 2016.
Pizza and Panic: 16:00-18:30
The Annual
Information Security Management
and Privacy Group
Cyber Security Ghost Story
and
Question Competition
.
30. Challenge: To Be or Not to be a Security Enough
in Cyber Space
Viking name of the city of York (Jórvík)
http://languagehat.com/atlas-of-true-names/http://study.com/academy/lesson/alas-poor-yorick-quotes-meaning-lesson-quiz.html
Fake news Alert not verified but fun!
31. 31
The Challenge
Your task is to tell your fellow cyber-citizens', a story about a information or cyber security
incident that will get them to
stop,
be scared,
think
socio-technical system security
and
change your fellow cyber citizen to
Act,
feel,
and know
how
to be good citizen in cyber space!
Ref 2
Ref2
32. 32
5th Place
Jórvík beats Oxford and West Point
https://www.youtube.com/watch?v=O-Q-dRw7ngU&feature=youtu.be
Bridge the Gap
33. 33
SikkertNOK på NTNU Campus
Gjøvik. XX oktober 2018.
Pizza and Panic: 16:00-18:30
The Annual
Information Security Management
and Privacy Group
Delta 2 Debate
and
Question Competition
.
34. ο από μηχανής
Θεός ή διάβολος
A Rhetoric's Game:
Cyber security by Debate
A Delta2 Debate on “
“Digital Drivers Licenses” for Norway”
Moderator: Mariusz Nowostawski (NTNU)
SikkertNOK 2017
.
ὁ δὲ ἀνεξέταστος βίος οὐ
βιωτὸς ἀνθρώπῳ
35. Why are we here ?
Add value to your education
An Apology ?
ὁ δὲ ἀνεξέταστος βίος οὐ βιωτὸς ἀνθρώπῳ
“The unexamined life is not worth living”
and it might not be worth securing in cyber space.
36. • In the Cyberworld, cyber security like ”fake
news” is a consumable good.
• Definition of: consumable good1
A material that is used up and needs continuous
replenishment, such as paper and toner. "The
low-tech end of the high-tech field!“
1 http://www.pcmag.com/encyclopedia_term/0,2542,t=consumable&i=40253,00.asp
https://Apple or Banna Debate
37. Goals of a Delat 2 Debate
• Cyber Security like any other consumable
good has to be marketed, maintained and
managed.
• The goal of these debate is explore how we
can collectively market, maintain, and manage
the socio-technical systems we call cyber
space to be secure “enough”.
• Move from using FUD Fear Uncertainty and
Doubt
• To RUD =Reason Uncertaintiy and Doubt
38. Delta 2 Debate Format
• Flip a coin to decide who will be For/Against the motion (Simon/Stewart)
• Audience votes (For, Against Undecided, No at Relevant motion”
• For 3 minutes
• Against 3 minutes
• 2.33 Minutes Reflection
– https://Music of the inner spheres
• For cross examination 5 minutes
• Against cross examination 5 minutes Against 1 Minutes Summary
• 2.00 Minutes Reflection
– https://Music of the inner spheres
• Against 1 minutes Closing
• For 1 minute Closing
• Audience votes (For, Against Undersided, No at Relevant motion”
3
8
39. Motion
Norway should enact a cyber space regulation that requires
citizens to pass a digital driver licences test which both indicates
that their have the necessary security competence to operate in the
Norwegian .no domain and their digital identity .
42. !Do we have a cyber – academic – Industrial complex in Norway !
In the councils of government, we must guard against the acquisition of
unwarranted influence, whether sought or unsought, by the military
industrial complex. The potential for the disastrous rise of misplaced power
exists and will persist.
1:37 https://www.youtube.com/watch?v=8y06NSBBRtY
43. 43
Overview
• A socio-technical security perspective of the “cyber”
security situations for individuals, organization,
nations and societies.
• Some of the on going work at NTNU-Gjøvik to frame
the discussion to help create adequate and fit for
purpose cyber security for Norway, the Nordics and
beyond.