cybersecurity

Respond to each of these with 150 or more words

For this post, I have chosen to address question eight: Can you develop an index of digital maturity vis-a-vis other nation states?<o:p></o:p>

<o:p> </o:p>

Do you agree with the response? Why? Why not? <o:p></o:p>

<o:p> </o:p>

I agree that there needs to be an account of nation states digital maturity as compared to other countries, but what seemed to be missing from the answer presented are emerging technologies and the definition of digital maturity. <o:p></o:p>

<o:p> </o:p>

To define digital maturity, I refer MIT Sloan:<o:p></o:p>

<o:p> </o:p>

“Digital maturity combines two separate but related things. One is digital intensity, the level of investment in technology-enabled initiatives meant to change how the company operates.” (MIT 2012)<o:p></o:p>

<o:p> </o:p>

Digital Maturity seems like more of a marketing model or tool such “Adobe Marketing Score” The comments made by Ms. Hathaway doesn’t define the reason for this index. However, from a security perspective, it would be important to know what levels of Digital Maturity certain nation states are at.<o:p></o:p>

<o:p> </o:p>

What are the gaps or weaknesses in the response?<o:p></o:p>

<o:p> </o:p>

Where I disagree is the investigators seem limited, the team should include IT professionals and aggerates such as Root Metrics. Also, I believe this is a digital collection of information and not boots in the country.<o:p></o:p>

<o:p> </o:p>

In its present state, this presentation is outdated and does not include recent advances in technologies. For example, Project Loon and Mobile money. <o:p></o:p>

<o:p> </o:p>

Project Loon is a Google X company that is solar powered; balloon operated mobile cellular tower. This project when finally launch will fill in the gaps of rural areas of coverage and their expanding the digital maturity. <o:p></o:p>

<o:p> </o:p>

Here is a video of Loon:

https://www.youtube.com/watch?v=gwkmOE8dkvw&app=desktop<o:p></o:p>

<o:p> </o:p>

Mobile Money, this is a concept in poorer countries with limited banking and telecom services. Instead of being paid by cash or check, people and merchant exchange currently in the form of pay called M-Pesa. Think of it has bitcoin for text messaging or payment without the internet. Currently, this being used by nomadic peoples in Africa, there has been a discussion by US and Europeans to adopted a similar service. <o:p></o:p>

<o:p> </o:p>

Digital maturity index would be beneficial to corporations and government agencies; it does seem like a moving target as telecom and mobile access expands. What concerns me is the digital maturity at the nation state level, for I think there is a security issue separate from the marketing benefit. It’s as if the index should include a more detail level, such as digital military maturity of the nation state.<o:p></o:p>

Respond here

2

The question I chose for this week’s forum was question number 3: How do we reach a shared vision for a future (Trusted, resilient, survivable) architecture?

The authors responded to this question well. They lays out that there is not a perfect solution but that improvements can be made. They then lays out key requirements for those improvements. There is no major gas I see in their response to the question. The authors wrote that industry and academia must come together to create new technology. I think this is crucial and as most things with cyber, joint efforts will yield the best results.

They then talk about policies also need to be changed to help created a more secure architecture. The US has been trying to get a grip on cyber since Bush era. There has been many failed attempts at regulations. I believe one possible solution is eliminating the top down approach to regulations. Max Manley discuss this in his work titled Cyberspace’s Dynamic Duo: Forging a Cybersecurity Public-Private Partnership. He says “ If the PPP(public-private partnership) has a bottom-up approach, then those parties at the lower levels will have more autonomy to react quicker to cyberattacks, thus being more resilient over time”(Manley 2015). This style of regulation would create better working relationships and successful efforts.

The authors then discuss creating metric for measuring level of security. The response reads “These metrics estimation methods would be facilitated by the gathering, aggregation and release of data on attacks (in a sanitized manner), so as to allow the market to assess the correct level of investment in trustworthiness” (Responses to questions posed by Ms. Melissa Hathaway during her presentation at the National Science Foundation on March 18, 2009). This is to say that creating metrics and methods for information sharing can lead to great benefits. This brings us back to a government/industry partnership. If the government acted as a repository for breech information, they could share with other companies and reduce the effectiveness of an attack method. The NIST special publication 800-150 on information sharing reads “By exchanging cyber threat information within a sharing community, organizations can leverage the collective knowledge, experience, and capabilities of that sharing community to gain a more complete understanding of the threats the organization may face” (Johnson, Dadber & Waltermire 2015).

     An area I found interesting was calling out “careful distinction between what is intrinsic to an architecture and what is merely widely deployed” (Responses to questions posed by Ms. Melissa Hathaway during her presentation at the National Science Foundation on March 18, 2009). This is saying that we shouldn’t be afraid to make improvements because it’s not the standard. That the US can make changes in technology and not be too concerned about international compatibility. This was an interesting thought to me and something I never really thought about before.  

Respond here