Cyber Resilience, Dependability and Security

Authors

  • Gareth Davies University of West of England, UK.
  • Angela Mison University of South Wales (UK)
  • Peter Eden University of South Wales (UK)

DOI:

https://doi.org/10.34190/iccws.19.1.2181

Keywords:

Cyber security, Resilience, Dependability, Digital forensics

Abstract

There is a continuing skills shortage associated with digital security and DevSecOps (World Economic Forum, 2023), but this paper argues that is due to non-recognition that it is time for cyber security and/or digital security to be defined, and a further separation of specialisms in computing to be made apparent. This has become increasingly important when considering Artificial Intelligence. The problem is not new. This paper presents a refinement of the principles suggested by Milner (2007) of using a model to describe behaviour and organise software, grappling with seemingly intractable and complex problems which cross boundaries between different systems: engineering, technological, social, economic, legal, and political, each with a distinct perspective and goal. It emphasises Hoare’s (1996) assertion that system failures are largely due to failed analysis impacting development of resilient systems.  It argues that there are dichotomies between resilience – a system security/safety perspective, dependability – a user/consumer perspective, and security – a technology perspective.  Many proposed systems to date have conflated these perspectives in the secure by design paradigm which requires a depth of knowledge and expertise.  Unicorns are rare.  This paper suggests how to overcome the skills shortage utilising the skill sets that are available in a manner that maximises the contribution to digital security. Recognising that not everyone and everything needs to communicate with the world reduces complexity and can increase trust.  Concentration on the operational purpose of a system, resulting in an Operational Design Domain (ODD) reduces complexity further.  Additional reduction in complexity is achieved by placing resilience in an engineering and programming development context, grounded in acceptable behaviours, while accepting dependability as a user expectation of system behaviour, and cyber security as a separate specialism addressing access to systems and infrastructure. Much of this paper is a reversion to defensive programming through the ODD. There is a need for any solution to the skills shortage be scalable and economic, and this paper suggests how that can be achieved using existing skill sets targeted at their specialisms.

Author Biographies

Gareth Davies, University of West of England, UK.

Gareth Davies is a senior cyber academic at the University of The West of England, UK. Gareth was nominated and shortlisted for the UK ‘Cyber Citizen of The Year Award’ by the UK National Cyber Security Awards in 2021.

Angela Mison, University of South Wales (UK)

Angela Mison is a PhD Researcher, sponsored by Thales, at the University of South Wales, based at the Treforest campus.  She received her MSc Computer Forensics from the University of South Wales, and awarded AESIN Cyber Student of the Year in Automotive by TechWorks in 2019.  Her research area is the cybersecurity of connected and autonomous vehicles.

Peter Eden, University of South Wales (UK)

Peter Eden is a Senior Lecturer in Digital Forensics and Cyber Security at the University of South Wales, based at the Treforest campus. He is Course Leader for BSc/MSc Computer Security courses. He has provided digital forensic consultancy services to UK law enforcement agencies and police forces and has a number of publications within SCADA forensics.

Downloads

Published

2024-03-21