Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

6/24/2019
06:45 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

A Socio-Technical Approach to Cybersecurity's Problems

Researchers explore how modern security problems can be solved with an examination of society, technology, and security.

Cybersecurity challenges cannot be solved with computers alone. They demand a closer look at how social and technical systems overlap, and how this growing overlap influences security.

As it stands, many of these issues are being addressed separately. The general public and defense leaders understand the risk of online propaganda, but they know little about the techniques involved. The field of computational social science studies how digital media affects society, but it rarely tackles security. And the security community understands the protocols and services of tech platforms, but they know less about how these networks collectively influence society and politics.

Pablo Breuer, innovation officer at US Special Operations Command Donovan Group, and David Perlman, researcher at A Social Network, have developed an integrated view of socio-technical systems (STS) to which security principles can be applied. An STS consists of a social network, the population using it, and an output system (political system or economic market, for example) that feels the resulting effects.

Their idea is to create a framework that combines social and technical systems and can inform security operations. As disinformation campaigns and online propaganda continue to spread, STS can help defend and fight different types of cyberattacks with their roots in digital media.

"As I went through my schooling, I realized none of the really interesting problems about computer security can be answered with computers," Breuer says. A mutual friend introduced him to Perlman, and the duo began exploring mass influence and weaponized information. They wanted to educate people and government on why everybody should be involved.

"We realized that anybody who's in the field recognizes that this is a huge problem and that this is a train wreck, but nobody's actually doing anything," he explains. "Everybody's just admiring the problem." The issue isn't limited to any single part of computer science, policy, or law, Breuer continues. "It's not a silver bullet problem – it's a thousand-bullet problem," he says.

Placing security in the context of a social network offers a different perspective, Perlman adds, because at the center are interactions among many people's minds. Researchers see how people interact with technology and one another. "You can't ignore any of those parts of the equation," he says. Before, the way people interacted with systems wasn't considered.

The Information Revolution Continues
The rise of the Internet – specifically, social networks like Facebook, Twitter, and Instagram – have enabled anyone to speak to mass audiences. Breuer and Perlman use the term "radical leveling technologies" to describe how the Internet has shifted the power of balance online. Before social media, few people could speak to a large populous. Now just about anyone can.

"It's just a fundamental shift in the landscape," Breuer says. The transmission of messages has changed, but receptors are still human. "That's where the socio-technical comes in," he adds.

Digital media has accelerated the reach and speed of propaganda online: People can automate the process of creating new messages, then see how effective they are and the kind of responses they generate. "The whole thing has to be considered as a security question," Perlman says.

The idea of large groups of people communicating with one another seems benign, Perlman continues, and it is – if everyone acts in good faith. Problems occur when bad guys figure out how to game the system before the good guys know they do. Now they have, he adds, and the result is a new adversarial aspect to digital communications that is now possible. Cybersecurity issues, propaganda, and the Internet are intertwined in a web of interconnected problems.

"It's the combination with modern technology and the Internet, that whole is greater than the sum of solving each of the parts," says Breuer, and the security industry isn't tackling it as a larger problem. Conferences may focus on policy or computer science, but not both.

"Very rarely do you get legal and policy and tech all in the same room," he notes. "And this is one of those problems where you have to have that or you won't make any inroads to making it better."

Offense and Defense in STS Security
In their upcoming Black Hat USA briefing, "Hacking Ten Million Useful Idiots: Online Propaganda as a Socio-Technical Security Project," Breuer and Perlman will discuss their framework, how security principles apply to STS, how red team and blue team processes could look in the context of STS security, and examples of red team analyses of influence operations.

Breuer explains an example of blue team operations, or how a company could defend themselves from a digital media-based attack. Most companies have some idea of what will happen if they suffer a data breach; however, they aren't prepared for social media attacks.

He cites an incident the Associated Press handled this past December, when the publication was covering yellow jacket protests in France. One of its stories included an up-close image of a fire. A separate blog obtained pictures the AP had posted in a previous story; those photos also included a fire, but they were panned back so it seemed smaller. The blog's narrative said the AP had misrepresented the fire's size with an up-close photograph and not to believe it.

What happened "almost instantly," Breuer says, is the AP replied with a series of tweets saying both were AP photos but were taken at different times during different events. The publication highlighted aspects of each photo to demonstrate they were from separate occasions.

"That kind of forethought allows for very rapid response," he continues. It shows how the AP had considered the possibility someone might take its stories out of context and planned its reaction. Any company on social media should consider the chance they'll have to do the same.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1817
PUBLISHED: 2019-11-20
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
CVE-2013-2091
PUBLISHED: 2019-11-20
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
CVE-2012-1257
PUBLISHED: 2019-11-20
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
CVE-2013-1816
PUBLISHED: 2019-11-20
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
CVE-2011-4455
PUBLISHED: 2019-11-20
Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php.