The IT Law Wiki
in: Definition, Cybersecurity, Technology

Cyber ecosystem

Sign in to edit

Definitions[]

The cyber ecosystem

is global and includes government and private sector information infrastructure, the variety of interacting persons, processes, information and communication technologies, and the conditions that influence their cybersecurity.[1]
[is t]he interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.[2]
comprises a variety of diverse participants — private firms, non-profits, governments, individuals, processes, and cyber devices (computers, software, and communications technologies) — that interact for multiple purposes. . . .[3]

Overview[]

"A healthy cyber ecosystem would interoperate broadly, collaborate effectively in a distributed environment, respond with agility, and recover rapidly. With a rich web of security partnerships, shared strategies, preapproved and prepositioned digital policies, interoperable information exchanges, and "healthy" participants — persons, devices, and processes — a healthy cyber ecosystem could defend against a full spectrum of known and emerging threats, including attacks against the supply chain, remote network‐based attacks, proximate or physical attacks, and insider attacks; improve the reliability and resilience of critical infrastructures; and better assure privacy, business processes, and missions."[4]

Security[]

A healthy cyber ecosystem might employ an automation strategy of fixed local defenses supported by mobile and global defenses at multiple levels. Such a strategy could enable the cyber ecosystem to sustain itself and supported missions while fighting through attacks. Further it could enable the ecosystem to continuously strengthen itself against the cyber equivalent of autoimmune disorders. For example, within an organization, cyber devices that directly provide end user, mission, or business functionality might maintain a high awareness of user behavior, expectations, and service level agreements, be tuned to sense and respond to user situations, signal local or user level status to organizational devices, and correlate discoveries and synchronize responses with organizational devices.[5]

"The ecosystem will be considered strong when the following conditions are met:

  • Information and communication technology risk is well defined, understood and managed by users;
  • Organizations and individuals routinely apply security and privacy standards and best practices;
  • The identities of individuals, organizations, networks, services, and devices are appropriately validated;
  • Interoperable security capabilities are built into information and communication technologies; and
  • Where appropriate, near real-time, machine-to-machine coordination provides indication, warning, and automated incident response."[6]

References[]

  1. Blueprint for a Secure Cyber Future: The Cybersecurity Strategy for the Homeland Security Enterprise, at 10.
  2. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  3. Enabling Distributed Security in Cyberspace: Building a Healthy and Resilient Cyber Ecosystem with Automated Collective Action, at 2.
  4. Id. at 8.
  5. Enabling Distributed Security in Cyberspace, at 9.
  6. Blueprint for a Secure Cyber Future: The Cybersecurity Strategy for the Homeland Security Enterprise, at 12.
Community content is available under CC-BY-SA unless otherwise noted.