Technology review

Objective

The purpose of this technology review is to identify, discuss, and evaluate the cybersecurity implications of an emerging application of technology in the context of a critical infrastructure sector. Your selected technology may be hardware, software, or systems that rely upon both hardware and software. Your research will also include an examination of the cybersecurity implications of using this technology in critical infrastructures. This type of research is also referred to as a survey of the literature. Allowable sources for your literature survey are journal articles, papers published in conference proceedings, and research studies published in dissertations.

Overview

Your audience is a group of senior executives who will be meeting to decide which emerging applications of technologies should be selected for a security-focused, Internal Research & Development projects during the next budget cycle. Each of these executives is responsible for developing products and systems that support next generation systems in the nation’s critical infrastructure sectors.

The high-level visibility for your deliverable means that you need to start from a strong foundation of suitable research-based journal articles, papers published in conference proceedings, and doctoral dissertations. The basic question that must be answered about the selected technology is: what are the cybersecurity implications (good or bad) for the selected critical infrastructure sector?

In addition, the executives have expressed the following information needs, which must be met by the deliverable for this assignment:

• characteristics of the critical infrastructure,
• characteristics of the technology,
• use of the technology to support or improve cybersecurity,
• use of the technology to reduce or manage risk,
• use of the technology to increase resistance to threats/attacks,
• use of the technology to decrease vulnerabilities in an existing technology application,
• use or exploitation of the technology by attackers, criminals, terrorists, etc. to accomplish their goals.

Choose a Critical Infrastructure Sector

“There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof” (Department of Homeland Security, 2016, p.1).

Choose a critical infrastructure sector to focus your technology review. For definitions of critical infrastructures, see https://www.dhs.gov/critical-infrastructure-sectors. You may wish to choose your emerging application of technology first and then select an appropriate critical infrastructure in which your selected technology can be applied or deployed.

Choose an Emerging Application of Technology

Choose an emerging application of technology that can be used in the computers, digital devices, and other electronic / electrical technologies (including networks and network infrastructures) that are deployed in or used to build, operate, support, or maintain a critical infrastructure sector (e.g. utilities, pipelines, transportation, smart cities, etc.).

Suggested technologies include:

• Autonomous Vehicles (ground, sea, or air): Transportation Systems Sector
• Crypto Currencies: Financial Services Sector (DO NOT CHOOSE Bitcoins)
• Deep Space Communication Networks: Communications Sector
• Implantable Medical Devices: Healthcare and Public Health Sector
• Precision Agriculture (integrated systems using satellite imagery, GPS, Sensors, Robots): Food & Agriculture Sector
• Robot inspectors for physical infrastructures (buildings, roads, railways, pipelines, etc.): Multiple Sectors
• Smart Grid (also called Advanced Metering Infrastructure): Energy Sector
• Wearable Sensors for Hazardous Materials Detection (e.g. CBRNE): Emergency Services Sector

You are encouraged to look for and investigate additional appropriate technologies before deciding upon your technology choice for this assignment.

If you decide to research a technology that is not on the suggested technologies list (see above), you must first request and receive your instructor’s permission. Your instructor may require that you do preliminary library searches for research papers and technical papers to prove that you can find a sufficient number of resources to complete the assignment.

Find Appropriate Sources (“Survey the Literature”)

You may find it helpful to begin by reading the tables of contents for recent issues of the Communications of the ACM, IEEE Computer Magazine, IEEE Pervasive Computing, and IEEE Security & Privacy. These professional journals frequently publish highly readable, research-based articles about the cybersecurity implications of new and emerging technologies in the context of critical infrastructure sectors. Here are some examples to get you started:

Bellatti, J., Brunner, A., Lewis, J., & Annadata, P. (2017). Driving habits data: Location privacy implications and solutions. IEEE Security & Privacy, 15(1), 12-20.

Erdelj, M., Natalizio, E., Chowdhury, K. R., ^ Akyildiz, I.F. (2017). Help from the sky: Leveraging UAVs for disaster management. IEEE Pervasive Computing, 16(1), 24-32.

Khatoun, R., & Zeadally, S. (2016). Smart cities: Concepts, architectures, research opportunities. Communications of the ACM, 59(8), 46-57.

Wac, K., Rivas, H., & Fiordelli, M. (2017). Quality-of-life technologies. Computer, 50(3), 14-19.

Next, brainstorm keywords that you can use to find additional articles, papers, and other scholarly publications (“sources’) which discuss and/or evaluate your selected emerging application of technology in the context of your chosen critical infrastructure.

Allowable source types are: (a) professional journals, (b) conference proceedings, (c) dissertations or theses, and (d) technical magazines (published by either the ACM or IEEE). Each of your selected sources must have a reference list containing at least 3 references for authoritative papers. (See http://sites.umuc.edu/library/libhow/scholarlyjournals.cfm)

Your selected sources must come from publications indexed in one or more of the following library databases:

• ACM Digital Library http://ezproxy.umuc.edu/login?url=http://www.acm.org/dl
• Dissertations & Theses (Pro Quest) http://ezproxy.umuc.edu/login?url=http://search.proquest.com/pqdtft/advanced?accountid=14580
• IEEE Computer Society Digital Library http://ezproxy.umuc.edu/login?url=http://www.computer.org/portal/web/csdl/home
• Science Direct http://ezproxy.umuc.edu/login?url=http://www.sciencedirect.com/science/search

Since the point of this search is to find information about emerging applications of technology for a critical infrastructure, your sources must have a publication date of 2013 or later (2013, 2014, 2015, 2016, 2017). For papers indexed in Science Direct, you may also use papers that are marked “In Press.”

To complete this part of the assignment, you may need to review 15 – 20 sources (search results) in order to find 10 papers or articles that are usable for this assignment. The sources you choose must provide technical information about your selected technology (see selection requirements for each paper).

Create Your Bibliography (List of Sources)

Choose the 10 best sources from your searches for articles, papers, and dissertations. Focus on the ones that give details about your technology and how it can be used in a critical infrastructure. Next, write the APA format reference list entry for each source. Alphabetize your list of reference list entries. After you have the correctly ordered list, number your entries from 1 to 10. Note: different reference entry formats are used for different types of sources. Review the UMUC Library’s “Get Help > Citing and Writing > APA Examples” for samples and explanations of the formatting rules. (http://sites.umuc.edu/library/libhow/apa_examples.cfm ) Your list should look something like the following.

1. (date). Article title. Publication name, vol(issue), #-#.
2. (date). Paper title. Published in the Proceedings of conference-name, pp. #-#.
3. Author …

Write Your Annotations

In an annotated bibliography, the annotation is a paragraph or two placed under the reference list entry for each source. For this assignment, the annotation should be a combination of factual information from the source and your evaluation (opinion) of that information. To accomplish this, you should read the abstract, introduction section, and closing sections for each article or paper. For dissertations, look over the Introduction and the Literature Review (usually Chapters 1 & 2). From this information, develop a one to three paragraph informative or descriptive summary of the source that includes: (a) a description of technology and its characteristics, (b) planned uses of the technology in the critical infrastructure, and (c) your thoughts and opinions as to how you could use this paper to justify selecting the technology for an Internal Research & Development study.

In each annotation, you should provide at least one specific example of a characteristic and/or application of the technology, e.g. an emerging technology, which impacts cybersecurity.

For example, for an annotation for an article about robots used to inspect dams and bridges, you could focus upon the need to secure the WiFi communications used to operate the device (“command and control” links). Improving the security of the WiFi transmissions would reduce the risk that attackers could take control of the robot or otherwise interfere with its operations. This in turn will decrease the probability of loss of availability caused by a successful attack. Decreasing the probability of a negative event will decrease the risk associated with that event

Note: Remember that the security posture of a system or product is framed in terms of risk, threats, vulnerabilities, etc. Improvements to the security posture (positive security implications) will result in reduced risk, increased resistance to threats or attacks, and decreased vulnerability. Negative impacts on the security posture will result in increased risk, decreased resistance to threats / attacks, and increased vulnerability (weakness).

As you write the annotations for each article / paper / dissertation, make sure that you include YOUR thoughts and ideas about the security implications of this technology. Use standard terminology from the Five Pillars of Information Assurance and/or the Five Pillars of Information Security. You do not need to include all ten “pillars” but you should address a minimum of three. If you are targeting an “A” on your paper, address at least five of the pillars. (Sources for definitions of the Five Pillars of IA and Five Pillars of IS are listed under Content > Course Resources.)

• Five Pillars of Information Assurance (IA): confidentiality, integrity, availability, authentication, and non-repudiation.
• Five Pillars of Information Security (IS): protection, detection, reaction, documentation, prevention.

As you brainstorm the security implications of this technology (if these are not specifically discussed by your source), you should consider use of the technology to improve cybersecurity. Then consider applications or uses which will negatively impact the security posture of the identified critical infrastructure. It is very important that you consider BOTH SIDES OF THIS ISSUE.

Putting It All Together

Your annotated bibliography for your selected technology should be at least three pages in length and no more than ten pages (excluding the title page and references page).

Your annotated bibliography must comply with the formatting guidance provided under Content > Course Resources > APA Resources (see the sample papers and the template file). Your annotated bibliography must comply with APA 6^th Edition Style for references and citations.

You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.