Cybersecurity in Qualitative Trends

 Written by David Piro. Submitted to Colorado Technical University. (2021)

4/23/2021

Section 1. Introduction 

The investigation of my research problem; how to effectively improve cybersecurity measures and practices, in both public and private practices, promises to investigate new emerging technologies and possible solutions within them, while further explore qualitative research. As a result, different ideas, solutions, and more will be illuminated to advance my contribution to the knowledge domain of Cybersecurity. My exploration will elucidate qualitative research within the form of a phenomenological study, grounded theory, and a selected case study. It was to my surprise that the best obvious solution to improving the field of cybersecurity is an obvious one. That is, we need to be inclusive to all people, especially women. We are not just excluding minds, but failing to cater to subgroups of persons, but excluding potential workers.

Section 2. Phenomenological Research Article 1

2.1 Selected Abstract

2.1.1 Citation

Onyemekeihia, P. M. (2019). A phenomenological investigation into the lived

experiences and challenges faced by the department of homeland security information personnel in detecting and obstructing the widely available encryption technologies (Order No. 22588569). Available from ProQuest One Academic. (2292188724). https://perdoceoed.idm.oclc.org/login?url=https://www.proquest.com/dissertations-theses/phenomenological-investigation-into-lived/docview/2292188724/se-2?accountid=144789

2.1.2 Abstract Title and Author

A Phenomenological Investigation into the Lived Experiences and Challenges Faced by the Department of Homeland Security Information Personnel in Detecting and Obstructing the Widely Available Encryption Technologiesm written by Onyemekeihia, Paul.

2.1.3 Abstract

Department of Homeland Security information personnel feared they might not be able to decrypt encrypted electronic communications devices and conduct a successful criminal investigation without lawful access to digital communication devices. This phenomenological study explored the challenges posed by the widely available encryption technologies to the information security personnel at the DHS. It also explored the lived experiences and challenges of DHS information personnel in identifying, detecting, and obstructing widely available encryption technologies. The theory of asymmetric conflict was applied to facilitate the study’s objective and to gain the knowledge of encryption challenges required. Research questions used were organized to focus on the lived experiences and the challenges perceived by the participants. The literature review provided some historical context into the evolution of encryption and the modern-day use of the technology. The qualitative method and a transcendental phenomenological design were used to obtain rich, thick descriptions of the participants’ lived experiences. Participant recruitment was performed through LinkedIn to find potential participants. Purposive sampling was used to identify the 13 participants who participated in the research study. Open-ended questions and a semi-structured interview were used to collect data through in-depth one-on-one Skype and telephone interviews. The verbatim interview was transcribed and analyzed with Moustakas’(1994) phenomenology approach to data analysis, which led to six major themes.

The research findings revealed that the widely available encryption is vital for securing sensitive information but remains inaccessible to DHS and other third-party investigators. The challenges found to influence the DHS inaccessible status include privacy laws, policy, lack of private company’s responsiveness to encryption backdoor, and lack of technological innovation, training, and research. Findings also highlighted the importance of more congressional efforts to find common ground between privacy, security, and public safety. Participants elaborated ways to improve open discussion between technology companies, DHS, and lawmakers. Participants also viewed training and educational research as a valuable tool for enhancing DHS investigation skills and efforts. The data gathered and analyzed contributed to the researcher’s knowledge and understanding of the growing DHS encryption issues. The applied implication of this research is to support DHS, the technology community, lawmakers, and future researcher. The finding of this study contributed to the body of existing encryption technology literature. Finally, further research is required to assist in striking a balance between privacy, security, and public safety.

2.1.4 Annotation

2.1.4.1 Overview

The author, so and so uses the qualitative research method and capturing the lived experiences of the study participants. The aim of the research was in inquire about undisclosed opinions, reason, and motivations around data collections based in; interviews, group discussions, and observations. The nature of the questions is to interview members of the Department of Homeland Security and obtain information related to the author’s research questions:

RQ1: What are the experiences of the team in identifying, detecting, and obstructing the widely available encryption technologies?

RQ2: How does DHS information personnel perceive the challenges posed by the widely available encryption technologies?

2.1.4.2 Participant & Population Information

The research conducted a study with a population of 13 participants that were validated through the LinkedIn platform.

2.1.4.3 Sampling Plan Used by Researcher

The sampling plan and selection was based in the ‘purposive sampling’. Where, the researcher was able to use selective judgment upon sampling candidates. This plan of research and sampling on the Department of Homeland Security was never conducted prior on the Department of Homeland security.

2.1.4.4 Description of the Data Collection Procedures

The research sought and received IRB approval for their interview protocol based on the phenomena, allowing 14 questions for 13 participants. Those included in the study worked for the DoH and had key titles listed in their LinkedIn Profile; graduate-degreed police officers, digital forensics officers, electronic crime task force officers, computer crime investigation officers, technology unit officers or law enforcement officers, encryption technology experts, IT, and information security analysts.

2.1.5 Evaluation

Overall, the article will serve as an excellent resource for furthering my own research, while allowing me to focus on private sector cybersecurity from a high- and low-level perspective, due to the advanced nature of interview candidates. Key points that I am to clarify are some weakness in privatized security, personal experiences in actual cybercrimes and perspective from former, or current government officials that can elucidate their challenges with cybersecurity from a personal or investigative standpoint.

Section 3. Grounded Theory Article 2

3.1 Selected Abstract

3.1.1 Citation

Eichensehr, K. E. (2017). Public-private cybersecurity. Texas Law Review, 95(3), 467-538. https://perdoceoed.idm.oclc.org/login?url=https://www.proquest.com/scholarly-journals/public-private-cybersecurity/docview/1890557957/se-2?accountid=144789

3.1.2 Abstract Title and Author

Public-Private Cybersecurity, written by Eichensehr, Kristen E.

3.1.3 Abstract

Calls for public-private partnerships to address U.S. cybersecurity failures have become ubiquitous. But the academic literature and public debate have not fully appreciated the extent to which the United States has already backed into a de facto system of "public-private cybersecurity." This system is characterized by the surprisingly important, quasi-governmental role of the private sector on key cybersecurity issues, and correspondingly by instances in which the federal government acts more like a market participant than a traditional regulator. The public-private cybersecurity system challenges scholarly approaches to privatization, which focus on maintaining public law values when government functions are contracted out to private parties. The informal and complicated structure of public-private relationships in cybersecurity renders concerns about public law values at once more serious and more difficult to remedy. This article first explores the line between public and private functions and provides a descriptive account of the public-private cybersecurity system. It highlights the relative roles of the U.S. government and private sector in four important contexts related to international cybersecurity threats: (!) disrupting networks of infected computers used by transnational-criminal groups ("botnet takedowns"), (2) remediating software vulnerabilities that can be used for crime, espionage, and offensive operations ("zero-day vulnerabilities"), (3) attributing cyber intrusions to state-sponsored attackers, and (4) defending privately-owned systems and networks from sophisticated, nation-state-sponsored attackers. The Article then uses the public-private cybersecurity system to challenge and complicate existing scholarship on privatization. Procedurally, the public-private cybersecurity system differs from traditional privatization because private actors-not the government-decide what functions they should perform, and private actors operate outside of the contractual frameworks that have traditionally restrained private contractors. Substantively, the cybersecurity context implicates public law values addressed in prior work-including accountability, transparency, and due process or fairness-but it also raises additional concerns about security and privacy. Evaluating how the public-private cybersecurity system attains and falls short of public law values yields broader cybersecurity governance lessons and privatization. The public-private cybersecurity system shows that concerns about public law values are not unidirectional-sometimes threats to public values come from the government, not the private sector. On the other hand, while empowered private parties play a crucial role in cybersecurity and in many ways currently support public values, this alignment is a present fortuity, not a structural feature, and so may shift in the future, posing new threats to public law values. These complexities require new kinds of context-dependent solutions to safeguard public law values. The Article concludes by suggesting several such remedies for the public law failings it identifies.

3.1.4 Annotation

3.1.4.1 Overview

The research design is based studies related to the current cybersecurity trends enforced by public-private cybersecurity and government. Then seeks to find contradiction within practices that are found within public law.

3.1.4.2 Participant & Population Information

By diagnosing specific threats such as those that threaten the public, like international threats, transnational criminal groups, foreign governments, or government sponsored actors. In doing so, clarification of the limitations, restrictions, and responsibilities between the public-private sectors are expounded upon.

3.1.4.3 Sampling Plan Used By Researcher

Sampling plans are based on population sizes that are subjected to governing bodies of authorities, Nation-States. Therefore, different sampling sizes are considered, but the primary sample is comprised of the United States population, based on the focus of legal laws being discussed by the author.

3.1.4.4 Description of the Data Collection Procedures

The data collection procedures are built around an archive of cybersecurity topics related to international security. This collection is based upon high-level political leader commentary such as presidential level notes. In addition, major incidents involving public companies like Sony and National security are the focus, with articles citing key attacks, attackers, and instances where government was useful, not useful, and has potential to provide more solutions with collaboration from publicly-traded companies.

3.1.5 Evaluation

Based on the qualitative research conducted by the author and their argument constructed, they posit a series of critical claims of contradictions, solutions, and problems posited within cybersecurity. For instance, the 3rd party retainment of personal information, but lacking an international security plan to prevent foreign agents of any caliber from infiltrating is a serious problem. Therefore, the article offers insight that offers opportunity of funding, researching, and development of cybersecurity protocols acted upon at the governmental level. However, the article is not limited to agents of the State or Corporations for solely retaining the rights and responsibilities for data. The author also illustrates solutions and makes suggestions that users, and the public are inclined to also must take reactive measures to the ongoing difficulties within cybersecurity.

Section 4. Case Study Article 3

4.1 Selected Abstract

4.1.1 Citation

Poster, W. R. (2018). Cybersecurity needs women. Nature, 555(7698), 577-580.

https://dx.doi.org/10.1038/d41586-018-03327-w

4.1.2 Abstract Title and Author

Cybersecurity needs women, authored by Winifred Poster.

4.1.3 Abstract

[...]computer' originally referred not to the machine but to the women who programmed it. From 2009 to 2012, Regina Dugan was the first female director of the Defense Advanced Research Projects Agency (DARPA), the research wing of the military that helped to develop the Internet and the Global Positioning System. Professionals must understand network security, risk mitigation and information protection, and be prepared for future activities in artificial intelligence, machine learning and virtual-reality mapping. In the United States, organizations might include the National Network to End Domestic Violence, the National Association for the Advancement of Colored People, UnidosUS (a non-profit Latino advocacy organization), the Federal Trade Commission and the Consumer Financial Protection Agency.

4.1.4 Annotation

4.1.4.1 Overview

This article presents a series of arguments and qualitative research based in cases studies that suggests women are needed and absent from current cybersecurity trends as compared to men. Further, the article presents 4 case studies that demonstrates the effectiveness of their argument. Largely, through displays of historical significance as it relates to the feminine mystique and the lack of participating female bodies.

4.1.4.2 Participant & Population Information

The participants in this study are based on several different cases. For one, a historical approach that accounts for the need and call for women in information-technology. Second, current leadership that has witness advancements in fields and organizations like DARPA have had significant leadership that can illustrate and motivate potential learners. Further population is based on the lack, or inclusion of a specific demographic, namely, gender of women. These population samples and demographics are based on governmental organization sampling and business entities.

4.1.4.3 Sampling Plan Used By Researcher

The sampling plan was based on the economic workforce and demographics presented by research conducted from different sources. These sources situate a historical context and situation particular to women that is demonstrated based on these case studies.

4.1.4.4 Description of the Data Collection Procedures

Data collection procedures are based on the research and findings conducted by business entities and government agencies. This research is mostly conducted as public knowledge and obligatory in the interest of these entities/agencies. Therefore, the knowledge, statistics, and accessibility of this information are made public and can be used for research or data collection purposes. The author has built articles that recently demonstrate discrimination based on gender at high level organizations and focuses of the imbalance of gender, race, and wages to illustrate an ongoing inclusion that has stunted the development of cybersecurity.

4.1.5 Evaluation

The presentation of the case arguments is based in a series of historical displays that illustrate key moments that women have advanced and even protected the field of information technology. This is important as promoting equality and equal access to the knowledge field should further the development of cybersecurity. Looking closer, the author shows four main approaches to focus on the further participation and inclusion of female computer scientists.