Technology Review #2: Emerging Application of Technology in a Critical Infrastructure

Objective

The purpose of this technology review is to identify, discuss, and evaluate the cybersecurity implications of an emerging application of technology in the context of a critical infrastructure sector. Your selected technology may be hardware, software, or systems that rely upon both hardware and software. Your research will also include an examination of the cybersecurity implications of using this technology in critical infrastructures. This type of research is also referred to as a survey of the literature. Allowable sources for your literature survey are journal articles, papers published in conference proceedings, and research studies published in dissertations.

Overview

Your audience is a group of senior executives who will be meeting to decide which emerging applications of technologies should be selected for a security-focused, Internal Research & Development projects during the next budget cycle. Each of these executives is responsible for developing products and systems that support next generation systems in the nation’s critical infrastructure sectors.

The high-level visibility for your deliverable means that you need to start from a strong foundation of suitable research-based journal articles, papers published in conference proceedings, and doctoral dissertations. The basic question that must be answered about the selected technology is: what are the cybersecurity implications (good or bad) for the selected critical infrastructure sector?

In addition, the executives have expressed the following information needs, which must be met by the deliverable for this assignment:

  • characteristics of the critical infrastructure,
  • characteristics of the technology,
  • use of the technology to support or improve cybersecurity,
  • use of the technology to reduce or manage risk,
  • use of the technology to increase resistance to threats/attacks,
  • use of the technology to decrease vulnerabilities in an existing technology application,
  • use or exploitation of the technology by attackers, criminals, terrorists, etc. to accomplish their goals.

Instructions

Format your deliverable as a “descriptive or informative” annotated bibliography. The UMUC library provides information about how to complete this type of assignment. See http://sites.umuc.edu/library/libhow/bibliography_apa.cfm (sub-heading “To get started”). APA style is recommended but, you may use another professional format for your annotated bibliography.

In addition to the list of sources and annotations, you must provide an introductory paragraph.

See the rubric for additional requirements for this assignment.

Note: If you have problems accessing any of the library databases, contact the UMUC librarians via the contact methods listed on the library’s home page https://sites.umuc.edu/library/index.cfm . They will be able to assist you with login issues and/or search engine questions (but will not do your research for you).

Choose a Critical Infrastructure Sector

“There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof” (Department of Homeland Security, 2016, p.1).

Choose a critical infrastructure sector to focus your technology review. For definitions of critical infrastructures, see https://www.dhs.gov/critical-infrastructure-sectors. You may wish to choose your emerging application of technology first and then select an appropriate critical infrastructure in which your selected technology can be applied or deployed.

Choose an Emerging Application of Technology

Choose an emerging application of technology that can be used in the computers, digital devices, and other electronic / electrical technologies (including networks and network infrastructures) that are deployed in or used to build, operate, support, or maintain a critical infrastructure sector (e.g. utilities, pipelines, transportation, smart cities, etc.).

Suggested technologies include:

  • Autonomous Vehicles (ground, sea, or air): Transportation Systems Sector
  • Deep Space Communication Networks: Communications Sector
  • Implantable Medical Devices: Healthcare and Public Health Sector
  • Precision Agriculture (integrated systems using satellite imagery, GPS, Sensors, Robots): Food & Agriculture Sector
  • Robot inspectors for physical infrastructures (buildings, roads, railways, pipelines, etc.): Multiple Sectors
  • Smart Grid (also called Advanced Metering Infrastructure): Energy Sector
  • Wearable Sensors for Hazardous Materials Detection (e.g. CBRNE): Emergency Services Sector

You are encouraged to look for and investigate additional appropriate technologies before deciding upon your technology choice for this assignment.

If you decide to research a technology that is not on the suggested technologies list (see above), you must first request and receive your instructor’s permission.  Your instructor may require that you do preliminary library searches for research papers and technical papers to prove that you can find a sufficient number of resources to complete the assignment.

Find Appropriate Sources (“Survey the Literature”)

You may find it helpful to begin by reading the tables of contents for recent issues of the Communications of the ACM, IEEE Computer Magazine, IEEE Pervasive Computing, and IEEE Security & Privacy. These professional journals frequently publish highly readable, research-based articles about the cybersecurity implications of new and emerging technologies in the context of critical infrastructure sectors.

Next, brainstorm keywords that you can use to find additional articles, papers, and other scholarly publications (“sources’) which discuss and/or evaluate your selected emerging application of technology in the context of your chosen critical infrastructure.

Allowable source types are: (a) professional journals, (b) conference proceedings, (c) dissertations or theses, and (d) technical magazines (published by either the ACM or IEEE). Each of your selected sources must have a reference list containing at least 3 references for authoritative papers. (See http://sites.umuc.edu/library/libhow/scholarlyjournals.cfm)

Your selected sources must come from publications indexed in one or more of the following library databases:

Since the point of this search is to find information about emerging applications of technology for a critical infrastructure, your sources must have a publication date of 2015 or later (2015, 2016, 2017, 2018, 2019, 2020). For papers indexed in Science Direct, you may also use papers that are marked “In Press.”

To complete this part of the assignment, you may need to review 15 – 20 sources (search results) in order to find 10 papers or articles that are usable for this assignment. The sources you choose must provide technical information about your selected technology (see selection requirements for each paper).

Create Your Bibliography (List of Sources)

Choose the 10 best sources from your searches for articles, papers, and dissertations. Focus on the ones that give details about your technology and how it can be used in an emerging application of technology. Next, write the reference list entry (APA, MLA, or another appropriate professional citation style) for each source. Alphabetize your list of reference list entries. After you have the correctly ordered list, number your entries from 1 to 10. Note: different reference entry formats are used for different types of sources. Review the UMUC Library’s “Get Help > Citing and Writing for samples and explanations of the formatting rules. If you are using APA format, your list should look something like the following.

  1. (date). Article title. Publication name, vol(issue), #-#.
  2. (date). Paper title. Published in the Proceedings of conference-name, pp. #-#.
  3. Author …

Write Your Annotations

In an annotated bibliography, the annotation is a paragraph or two placed under the reference list entry for each source. For this assignment, the annotation should be a combination of factual information from the source and your evaluation (opinion) of that information. To accomplish this, you should read the abstract, introduction section, and closing sections for each article or paper. For dissertations, look over the Introduction and the Literature Review (usually Chapters 1 & 2). From this information, develop a one to three paragraph informative or descriptive summary of the source that includes: (a) a description of technology and its characteristics, (b) planned uses of the technology in the critical infrastructure, and (c) your thoughts and opinions as to how you could use this paper to justify selecting the technology for an Internal Research & Development study.

In each annotation, you should provide at least one specific example of a characteristic and/or application of the technology, e.g. an emerging technology, which impacts cybersecurity.

For example, for an annotation for an article about robots used to inspect dams and bridges, you could focus upon the need to secure the WiFi communications used to operate the device (“command and control” links). Improving the security of the WiFi transmissions would reduce the risk that attackers could take control of the robot or otherwise interfere with its operations.  This in turn will decrease the probability of loss of availability caused by a successful attack. Decreasing the probability of a negative event will decrease the risk associated with that event

Note: Remember that the security posture of a system or product is framed in terms of risk, threats, vulnerabilities, etc. Improvements to the security posture (positive security implications) will result in reduced risk, increased resistance to threats or attacks, and decreased vulnerability.  Negative impacts on the security posture will result in increased risk, decreased resistance to threats / attacks, and increased vulnerability (weakness).

As you write the annotations for each article / paper / dissertation, make sure that you include YOUR thoughts and ideas about the security implications of this technology. Use standard terminology per the resources in this course and in your previous coursework.

As you brainstorm the security implications of this technology (if these are not specifically discussed by your source), you should consider use of the technology to improve cybersecurity. Then consider applications or uses which will negatively impact the security posture of the identified critical infrastructure. It is very important that you consider BOTH SIDES OF THIS ISSUE.

Putting It All Together

  1. Consult the grading rubric for specific content and formatting requirements for this assignment.
  2. Your 5-8 page annotated bibliography should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper.
  3. Your paper should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts Review for recommended resources.
  4. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Basic_Paper_Template(APA_6ed,DEC2018).docx.
  5. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.
  6. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
  7. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).