START - Products - TRENDS - Cybersecurity

The package includes the following topics. Brief information about these is provided here. Once you desire more detailed information, you may acquire the complete package.

The aim of cybersecurity is to protect devices, networks, programs, and data against unauthorized access, tampering, and destruction. This challenge has already existed for a long time but is growing in importance because an increasing number of devices with a growing range of functions are being networked as part of the Internet of Things and intelligent vehicles (Meng et al. 2016).

1.1 Device Security

The protection of end devices is an integral component of cybersecurity. While computers and smartphones are comparatively well-protected, security is often neglected in devices belonging to the Internet of Things. The Internet of Things poses special requirements for digital security systems. Connected devices often possess only limited computing and energy resources, such that computationally intensive security certificates cannot be used. A further challenge is the large number of devices, as it must be easy to scale the security system (Desnitsky and Kotenko 2016; Raza et al. 2016). No solution has established itself to date. 

1.2 Security in Vehicles

Both in vehicles as well as in ships, many functions are controlled digitally and can therefore be targeted by cyberattacks. In autonomous vehicles, communication with other vehicles and the infrastructure constitute additional vulnerable points. Because modern vehicles are networked and possess numerous computer-aided functions, they are increasingly the target of cyberattacks. Vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication, which is explained in section 3.6, create further vulnerabilities. The consequences are fatal, as an attacker can control major functions such as the engine and brakes, and therefore trigger accidents (Schellekens 2016; Zheng et al.). 

1.3  Security of Smart Grids

The use of information systems connected to power grid also carries the risk of cyberattacks. The central importance of the energy grid for society and the economy requires the highest security standards. Due to the complexity of generation, transmission, control, and consumption, this cannot be ensured via established methods. A new security concept has not established itself so far (Rawat and Bajracharya 2015; Xie et al. 2016). The concept of the smart grid involves the collection of data on individual energy consumption. This data must be well-protected, as it is used for billing and could also be used to draw conclusions regarding patterns of private behavior. In addition to the further development of security certificates, the aggregation of data on the consumer side is also being discussed in order to prevent misuse (Li et al. 2015b; Ni et al. 2015). The smart grid reacts to measured sensor data and adapts the resources accordingly. If false data is injected into the system, the resources can no longer be utilized efficiently, or the entire grid may collapse under certain circumstances. With the analysis of data traffic and the physical limits of the network, measured values that have been tampered with can be identified and countermeasures taken (Khalid and Peng 2016; Liu et al. 2015b).


1.4 Malicious Software

During cyberattacks, malicious programs are frequently smuggled onto foreign devices. These programs us the device’s resources without authorization or send confidential data to the attacker. The detection of malware is one of the largest challenges in cybersecurity. Modern malware often possesses the ability to mutate, which leads to numerous variants and poses a problem for static security systems (Wang et al. 2016c). Methods based on machine learning identify certain suspicious characteristics and behavior patterns and automatically adapt to new threats. Furthermore, the path of the malicious program on the network can be tracked dynamically, thereby reacting to its spread (Ahmadi et al. 2016; Miao et al. 2016). Botnets pose a huge threat to internet security, as they offer a distributed platform for various illegal activities. The identification of such botnets is difficult, because their approach can be continuously changed and adapted. The use of data traffic analyses and learning algorithms is a promising approach to quickly react to changes (Haddadi et al. 2015; Kirubavathi and Anitha 2016).

1.5 Security Measures

The digital security measures must be adapted to the respective circumstances. They should continue to evolve dynamically in order to be able to react to the constantly changing attack methods. In the digital environment, attackers and defenders of a system have limited resources and courses of action. Game theory helps to model, understand and predict the conflicting goals of users, attackers, and defenders (Ryutov et al. 2015; Zhang et al. 2015c). Cloud computing providers have the responsibility of ensuring that their services and systems provide a high degree of security. In addition to this internal component, the providers must also ensure external security on the customer side, as the entire system would otherwise be prone to attacks on these vulnerabilities  (Kwiat et al. 2015; Liu et al. 2015c). The conventional analyses for security loopholes are not suitable for the special circumstances of cloud systems. More dynamic methods are necessary which are supported by the joint use of security-relevant data (Torkura and Meinel 2015; Zhang et al. 2015e).

1.6 Information Security

Information security constitutes the counterpart to device security. The data is especially protected by strong encryption algorithms. In particular, companies and governments have a great interest in protecting their data against unauthorized access. Computer criminality is increasingly also affecting African countries, as low security standards often exist in these regions. State organizations and companies form partnerships within Africa and seek support from other parts of the world in their search for measures for additional security (Orji 2015; Solms 2015). For security systems, the focus is generally on further technological development, while the human component is seldom considered. Social engineering utilizes this very aspect by manipulating humans to do things that go against their security interests. This includes the disclosure of passwords or confidential data, opening malicious files, or deactivating security measures. The more information the attacker possesses about his victim, the easier it is for him to build trust and manipulate his target. Social media provides a comprehensive source for this (Cullen and Armitage 2016; Heartfield and Loukas 2016).