Scott Dynes

Visualization of Communication Patterns in Collaborative Innovation Networks - Analysis of Some W3C Working Groups

Collaborative Innovation Networks (COINs) are groups of self-motivated individuals from various parts of an organization or from multiple organizations, empowered by the Internet, who work together on a new idea, driven by a common vision. In this paper we report first results of a project that examines innovation networks by analyzing the e-mail archives of some W3C (WWW consortium) working groups. These groups exhibit ideal characteristics for our purpose, as they form truly global networks working together over the Internet to develop next generation technologies. We first describe the software tools we developed to visualize the temporal communication flow, which represent communication patterns as directed acyclic graphs, We then show initial results, which revealed significant variations between the communication patterns and network structures of the different groups., We were also able to identify distinctive communication patterns among group leaders, both those who were officially appointed and other who were assuming unofficial coordinating roles.

Economic costs of firm‐level information infrastructure failures: Estimates from field studies in manufacturing supply chains

Purpose – This paper presents a method for estimating the macro‐economic cost of a firm‐level information system disruption within a supply chain.Design/methodology/approach – The authors combine field study estimates with a Leontief‐based input‐output model to estimate the macro‐economic costs of a targeted internet outage that disrupts the supply chain.Findings – The authors find that supply chain vulnerability or resiliency to cyber disruptions is not necessarily dependent on the types of technology employed, but rather how the technology is used to enable supply chain processes and the type of attack experienced. The authors find that some supply chains like oil and gas could be significantly impacted by certain cyber disruptions. However, similar to other causes of supply chain disruptions such as labor disputes or natural disasters, the authors find that firms can be very resilient to cyber disruptions.Research limitations/implications – The validity of the approach is limited by the accuracy of par...

Cyber Security: Are Economic Incentives Adequate?

Protecting national critical infrastructure assets from cyber incidents is an important challenge. One facet of this challenge is that the vast majority of the owners and operators of critical infrastructure components are public or private companies. This paper examines the threats faced by for-profit critical infrastructure entities, the incentives and drivers that influence investment in cyber security measures, and how policy initiatives might influence cyber preparedness in critical infrastructure

Protecting Critical Information Infrastructure: Developing Cybersecurity Policy

The rapid adoption in emerging countries of new information and communication technology (ICT) infrastructures such as the internet is creating opportunities for these countries and their citizens to participate in the world’s flow of information, ideas, and commerce (Madon, 2000; Montealegre, 1996). One economic example is the use of the internet to enable the development of a stock exchange in Guayaquil, Ecuador (Montealegre, 2004). Another good example of this is India, which in the past decade has gone from being a bit player to a major player in software development. The internet played a key role in enabling this transformation by collapsing geographic distances, allowing India’s talent to compete on the same footing as programmers in the “old” economies. This “flattening” of the world allows everyone to compete globally for information-based work. ICT Ministers in developing countries have been seeking to stimulate the use of the internet and similar technologies to offer their citizens a broad range of improved services provided by government as well as the private sector (Hammond, 2001). However, new opportunities offered by the use of ICT, such as e-mail and online banking, also generate new risks and vulnerabilities caused by a lack of cybersecurity. For example, reports estimate that a great majority (95%) of e-mail traffic in developing countries is spam. This level of spam discourages people from using e-mail (greatly decreasing the utility of e-mail), and reduces user confidence in any online activity. Multinational corporations that are seeking to do business in such countries, either by outsourcing tens of millions of dollars of work or investing hundreds of millions of dollars to build a plant locally, have to be certain that the ICT-based capabilities they require are going to be available and secure. This means that countries that want investment must have a robust approach to cybersecurity—it is becoming part of the package that corporations must and will consider. In this article, we discuss the elements of a successful information security policy for developing countries, based on field studies of information security practices and policies at U.S. firms as well as on literature research. These elements include shared behaviors, pervasive relationships, and trust; we see these as resulting from increased dialog and necessity, not necessarily from any formal governing structure. We present a network model of the interactions required for effective cybersecurity and provide guidance to ICT Ministers in developing countries about the multidimensional aspects of cybersecurity policy concerns.

Emergent Risks In Critical Infrastructures

Firms cannot function successfully without managing a host of internal and external organizational and process interdependencies. Part of this involves business continuity planning, which directly affects how resilient a firm and its business sector are in the face of disruptions. This paper presents the results of field studies related to information risk management practices in the health care and retail sectors. The studies explore information risk management coordinating signals within and across firms in these sectors as well as the potential effects of cyber disruptions on the firms as stand-alone entities and as part of a critical infrastructure. The health care case study investigates the impact of the Zotob worm on the ability to deliver medical care and treatment. The retail study examines the resilience of certain elements of the food supply chain to cyber disruptions.

INFORMATION RISK MANAGEMENT AND RESILIENCE

Are the levels of information risk management efforts within and between firms correlated with the resilience of the firms to information disruptions? This paper examines the question by considering the results of field studies of information risk management practices at organizations and in supply chains. The organizations investigated differ greatly in the degree of coupling from a general and information risk management standpoint, as well as in the levels of internal awareness and activity regarding information risk management. The comparison of the levels of information risk management in the firms and their actual or inferred resilience indicates that a formal information risk management approach is not necessary for resilience in certain sectors.