Introduction
Modern societies have become increasingly dependent on Information and Communication Technologies (ICTs) that offer both opportunities and challenges with respect to improvements in the quality of life of people and the communities in which they live. For although the use of ICTs offer several potential benefits (including improvements in efficiency and reduction in costs, and wide-spread access to information and services), they also expose individuals, organizations and nations to new risks including those that result from Internet-related security breaches and misuse of cyber-power. Inadequate understanding of the security implications of ICT acquisition, implementation, maintenance and retirement decisions can lead to significant negative impacts on individuals, organizations and nations. While the exploration of organizational-related cyber-security issues has attracted the attention of some researchers (Gatzlaff & McCullough, Citation2010; Zafar, Ko, & Osei-Bryson, Citation2012), less attention has been paid to cyber-security and national development, particularly within the context of countries that have yet to create their nation's security policies. Thus there is the need for rigorous research that provides guidance to individuals, organizations, planners and government officials in developing countries, particularly those with limited financial, technical and other resources.
Within the context of developing countries, there may be the need for a deeper understanding of the relationship between cyber-security and development. Consider the following:
Confidentiality (C): A foreign organization that does not consider itself answerable to the National Government of a developing country yet holds a mass of voluntarily provided data on personal details and relationships of citizens of the developing country. Should this be a national security concern, particularly if the foreign organization has shown itself willing and/or is required to share such data with its own government? What if government and private sector officials increasingly become so comfortable with the convenience and benefits of social media and other ICTs such as smart-phones and allow outsiders to listen in and even influence discussions on official matters?
Integrity (I): If Internet sources are routinely considered by citizens and governments of developing countries to be credible, accurate sources of information but some Internet sources (including national governments) are in fact deliberately engaged in disinformation-related activities, and faulty decisions on subject of national importance are made because of the processing of deliberately corrupted information, would this be a national cyber-security breach even though it did not involve the corruption of data? In such a scenario, how is a resource-constrained developing country respond to opportunities and threats associated with the use of the Internet as a resource for decision-making related data?
Availability (A): Is the data/information required to make decisions on development easily available to citizens, and the corporate and political directorates of developing countries, or is its availability influenced by governmental (internal or external) and corporate entities that currently control the Internet? What if the industrial processes or public utilities could be accessed and efficiently managed through the Internet but that associated software processes could also be corrupted through the Internet, leading to unrecoverable damage? What if a similar situation applies to government services including education, and the digitization of such services resulted in the loss or degradation of relevant competencies and/or the non-electronic transactional infrastructure? Would the given country be able to function effectively if there was unavailability of the given cyber systems? The relevance of similar questions to the “developed” economies is sometimes apparent in the case of natural disasters, though the effects are relatively short-lived because of the presence of resources and skills to relatively quickly restore the relevant cyber systems. The resource-constrained context of many “developing countries” often prevents such quick recovery.
Cyber-power: The concept of cyber-power (i.e. the ability to use cyberspace to create advantages and influence events within and outside of cyberspace) is relevant with regards to the confidentiality, integrity and availability (CIA) concerns discussed above and also to several other issues including national defense, sovereignty and democracy. For example, many ICT encryption systems were created in “developed” countries and in many cases legislation in such countries requires the given vendor to offer “back door” entry to its government's intelligence services. In other cases the given government's intelligence services have developed the means to gain entry.
Cyber-power requires not just access to the positive possibilities that ICTs offer, or of the protections that cyber-security aims to offer, but also involves the ability to have influence on the activities and rules of cyberspace. At a minimum this requires adequate knowledge of: the strengths, limitations and vulnerabilities of ICT artifacts; the agendas and motives of significant actors; and of the ever changing critical success factors for operating in cyberspace. In today's world this may also necessitate creative, mature collaboration between “developing” countries at various levels of development, from different geographic regions and even with different political systems.
Contribution of this issue
This issue of IT for Development makes contributions to the practice and theory of cyber-security within the context of development from the following perspectives: (1) several of the papers present models that have immediate application in the context of development including national development; (2) the papers present insights relevant to future conceptual and applied research on cyber-security for development and (3) the papers offer theoretical or design science contributions that relate to the concepts of cyber-security in national development agendas.
We present five papers that involve a range of approaches and address a broad spectrum of cyber-security for development issues. These five papers were selected from 12 papers that were submitted to the special issue, using a rigorous review process that resulted in the exclusion of several promising papers from the special issue.
Madnick, Choucri, and Ferwerda in “Institutions for Cyber Security: International Responses and Global Imperatives” provide an initial base line for representing and tracking institutional responses to a rapidly changing international landscape, real as well as virtual. They argue that the current institutional landscape managing security issues in the cyber domain has developed in major ways, but that it is still “under construction.” They also anticipate institutions for cyber-security to support and reinforce the contributions of information technology to the development process.
Baker's “A Model for the Impact of Cybersecurity Infrastructure on Economic Development in Emerging Economies: Evaluating the Contrasting Cases of India and Pakistan” focuses on the relationships between national information infrastructure, cyber-security capability and socio-economic development in context of emerging or developing economies. It presents a new conceptual model that would enable a developing country to develop an effective cyber-security capability that positively impacts socio-economic development. The model is illustrated using the cases of India and Pakistan.
Andoh-Baidoo, Osatuyi, and Kunene in “Architecture for Managing Knowledge on Cyber Security in Sub-Saharan Africa” present an architecture that focuses on managing knowledge on cyber-security in Sub-Saharan Africa. The architecture could facilitate the creation, storage/retrieval, transfer and application of knowledge on cyber-security especially for home users and provides awareness and enforcement mechanisms to help home users protect themselves against cyber-threats.
Barclay's “Using Frugal Innovations to Support Cybercrime Legislations in Small Developing States: Introducing the Cyber-Legislation Development & Implementation Process Model (CyberLeg-DPM)” focus on the development of effective and feasible cyber-crime legislation within the context of resource-constrained small developing states. A design science approach is used to develop a process model that could be used to guide the development of cyber-crime legislation.
Lowry, Jenkins, Proudfoot, and Grimes in “Improving Password Cybersecurity Through Inexpensive and Minimally Invasive Means: Detecting and Deterring Password Reuse Through Keystroke-Dynamics Monitoring and Just-In-Time Fear Appeals” propose and experimentally test a two-pronged solution to reduce password reuse through detection and mitigation. Based on the theories of routine, cognitive load and motor movement, they propose that password reuse can be detected by monitoring characteristics of users' typing behavior through a technique known as keystroke dynamics. Based on protection motivation theory, they also propose that providing just-in-time warnings when a violation is detected will decrease password reuse.
We wish to express our appreciation to all the authors who submitted papers. We also wish to express our gratitude to all the reviewers who diligently reviewed the papers in order to ensure that that there was appropriate quality and fit.
Related Research Data
References
- Gatzlaff, K. M., & McCullough, K. A. (2010). The effect of data breaches on shareholder wealth. Risk Management and Insurance Review, 13 (1), 61–83. doi: 10.1111/j.1540-6296.2010.01178.x
- Zafar, H., Ko, M., & Osei-Bryson, K. M. (2012). Financial impact of information security breaches on breached firms and their non-breached competitors. Information Resources Management Journal, 25 (1), 21–37. doi: 10.4018/irmj.2012010102