From the Editor-in-Chief
Welcome to the June 2015 issue of the Technology Innovation Management Review. The editorial theme of this issue is Critical Infrastructures and Cybersecurity, and I am pleased to welcome our guest editors, Dan Craigen, Science Advisor at Communications Security Establishment Canada, and Steven Muegge, Assistant Professor in the Sprott School of Business at Carleton University in Ottawa, Canada.
In July, we welcome professors Patrick Cohendet and Laurent Simon from HEC Montréal as guest editors for a special issue on the theme of Creativity in Innovation.
For our August and September issues, we are accepting general submissions of articles on technology entrepreneurship, innovation management, and other topics relevant to launching and growing technology companies and solving practical problems in emerging domains. Please contact us with potential article topics and submissions.
We hope you enjoy this issue of the TIM Review and will share your comments online.
Chris McPhee
Editor-in-Chief
From the Guest Editors
It is our pleasure to be guest editors for the June 2015 issue of the TIM Review on Critical Infrastructures and Cybersecurity. This is the seventh issue of the TIM Review on the theme of cybersecurity, but it is the first to focus specifically on critical infrastructures – the assets essential for the functioning of a modern society. Along with the publication last month of Cybersecurity: Best of TIM Review, the fourth and newest title in the “Best of TIM Review” book series, this issue contributes to the growing body of work on cybersecurity advanced by the TIM Review.
This issue comprises four research articles and a report on a recent TIM lecture. All five articles share a connection with Carleton University in Ottawa, Canada, and Carleton’s Technology Innovation Management (TIM) program. The first three articles arose from a TIM “Advanced Topics” graduate course on critical infrastructures and cybersecurity that included twelve expert guest speakers from six different critical infrastructure sectors speaking about “What challenges keep you up at night?” The fourth article presents research results obtained from a Master of Applied Science thesis at Carleton. The fifth article reports on a Carleton cybersecurity event.
The guest editors, Steven Muegge, an Assistant Professor at the Sprott School of Business at Carleton University, and Dan Craigen, a Science Advisor at the Communications Security Establishment and a Visiting Scholar at the Carleton’s Technology Innovation Management program, contribute a design science perspective on constructing critical infrastructures. The article introduces a five-step “learning machine” design process anchored around evidence-based design principles, proposes an initial set of seven critical infrastructure design principles that are grounded in theory and evidence, and illustrates the application of the process by developing the design principles from lessons learned from theory and practice. The proposed process will enable knowledge sharing between infrastructures, new knowledge production across infrastructures, and the creation and testing of better theories of cybersecurity.
George Tanev, Peyo Tzolov, and Rollins Apiafi, three Master of Applied Science candidates in the Technology Innovation Management program, examine the healthcare infrastructure and the cybersecurity of networked medical devices. The article proposes an ecosystem approach to identify and address cybersecurity risks, and demonstrates the approach on a networked insulin pump and continuous glucose monitor. Product vendors can employ this approach to include cybersecurity as a value proposition to customers and as a point of difference from competitors.
Jay Payette, a graduate student in Carleton’s Master of Design program, with Esther Anegbe and Erika Caceres, graduate students in the Technology Innovation Management program, and Steven Muegge, a professor in the TIM program, examine the problem of securing the information technology (IT) projects deployed within critical infrastructures. The article proposes a set of cybersecurity extensions to the PjM3, a popular project management maturity model. IT project managers and critical infrastructure providers can employ these extensions to securely “design in” cybersecurity to new IT systems.
Olukayode Adegboyega, a recent graduate of the TIM program, examines the growing problem of botnets and the take-down initiatives that can disrupt botnet networks. The article examines five scenarios of botnet-enabled cyber-attacks and five scenarios of botnet takedowns, and employs club theory to develop new representations of these phenomena. Critical infrastructure providers and other organizations could employ these results to more effectively prepare for and respond to botnet attacks.
The issue concludes with a report on the May 2015 TIM Lecture Series event titled “Three Collaborations Enabling Cybersecurity”. Deborah Frincke, the Director of Research for the National Security/Central Security Service in the United States, provided the keynote address. Dan Craigen announced the official release of the new ebook, Cybersecurity: The Best of TIM Review, co-edited with Ibrahim Gedeon, Chief Technology Officer of TELUS. Finally, three speakers from companies belonging to the Lead To Win Cybersecurity Hub – Ned Nadima of Denilson, Arthur Low of Crack Semiconductor, and Michael Thomas of Bedarra Research Labs – provided presentations about their companies’ approaches to confronting challenging cybersecurity problems.
We hope that our readers enjoy this month’s issue on Critical Infrastructures and Cybersecurity, and come away with practical ideas to apply within their own organizations.
Dan Craigen and Steven Muegge
Guest Editors
Keywords: botnet, club theory, critical infrastructure, cybersecurity, design principles, design science, healthcare, networked medical devices, project management maturity model