ABSTRACT
A new way of thinking about cybersecurity is much needed to deal with the complex and dynamic cyber-ecosystem. In this paper, we introduce a systems thinking based approach for solving problems related to cybersecurity. We adapt the powerful safety-hazard analysis method, Systems Theoretic Process Analysis (STPA) based on systems theory to analyze the cybersecurity related features of India’s massive digital identity program, Aadhaar. Our findings produce important insights. On one hand, it helps identify the security gaps of the Aadhaar system, and on the other hand, it provides controls using systems thinking to overcome these gaps. We contribute to understanding the world of cybersecurity practices and develop risk mitigation strategies that can benefit the Aadhaar.
Notes
1 The pension department under the state government of Kerala in India.
2 Direct Benefit Transfer is the mechanism launched by the Government of India on January 1, 2013 to transfer government subsidies directly to the beneficiaries through their bank accounts in order to avoid leakages, delays, etc.
3 The Andhra Pradesh State Housing Corporation is a public sector corporation under the state government of Andhra Pradesh in India with the broad objective of facilitating affordable housing for the citizens of Andhra Pradesh.
4 Public Distribution System is the scheme by the Government of India that was launched in 1944 to give subsidized food and non-food items such as wheat, rice, sugar, and kerosene to the poor citizens of the country through a network of fair price shops (also known as ration shops).
5 A register of the residents of the country.
6 The Andhra Pradesh State Housing Corporation is a public sector corporation under the state government of Andhra Pradesh in India with the broad objective of facilitating affordable housing for the citizens of Andhra Pradesh.
Additional information
Notes on contributors
Pratik Tarafdar
Pratik Tarafdar is a doctoral candidate at the Indian Institute of Management Calcutta in the area of Management Information Systems. He holds an M.Sc. degree in Applied Mathematics from the University of Calcutta. His research interests include cybersecurity, immersive technology, business analytics, and large-scale machine learning. His research articles have appeared in conference proceedings of ACM SIGMIS. He has also written case studies for the IIM Calcutta Case Research Center.
Indranil Bose
Indranil Bose is Professor of Management Information Systems at the Indian Institute of Management, Calcutta. He acts as Coordinator of IIMC Case Research Center. He holds a B. Tech. from the Indian Institute of Technology, MS from the University of Iowa, MS and Ph.D. from Purdue University. His research interests are in business analytics, telecommunications, information security, and supply chain management. His publications have appeared in MIS Quarterly, Communications of the ACM, Communications of AIS, Computers and Operations Research, Decision Support Systems, Ergonomics, European Journal of Operational Research, Information & Management, International Journal of Production Economics, Journal of Organizational Computing and Electronic Commerce, Journal of the American Society for Information Science and Technology, Operations Research Letters, Technological Forecasting and Social Change etc. He serves as Senior Editor of Decision Support Systems and Pacific Asia Journal of the AIS, and as Associate Editor of Information & Management, Communications of AIS, Information Technology & Management, and member of Editorial Board for Journal of the AIS.