Complexity theory in Cyber Security

With computer systems becoming ubiquitous and the IT lexicon becoming omnipresent in most organisations, IT security is one of the top priorities for most organisations. As firms start collecting more data about customers, rise of business analytics and Big data capabilities, companies now have more to keep safe. The rising popularity of Cloud computing on the other hand leaves organisations with less control on its assets. The annual economic impact of Cyber crime is estimated to be higher than that of the Drug trade [1] and by some estimates it’s twice as much as the economic impact of the 9/11 attack [2]. While organisations have had focus on IT security for a long time and have spent vast amounts of money, cyber attacks and news of hacked systems are far from being history. About 6.5M new Malware were created across the Internet in the first quarter of 2013 alone [3].

Our traditional approaches have brought limited success so far. This paper argues that Cyber systems are Complex Adaptive systems. Principles from Complexity science – inspired by system thinking and natural science, something that has been extensively used social science, finance & economics, and epidemiology – should be explored for use in Cyber security to complement the more traditional methods. This paper introduces some of the high level approaches, it however does not get into the implementation details.

Read full article...