This paper examines emerging cybersecurity technologies developed in response to the growing sophistication of cyber threats facing organizations and governments. It defines key concepts such as the Bug Bounty Program (BBP) and cloud computing security frameworks, including Warning Databases and Countermeasure Knowledge Bases. The paper presents real-world examples from Microsoft, Mozilla, Google, and Facebook, and surveys U.S. government efforts — spanning legislation, NIST frameworks, and funding initiatives — designed to strengthen national cybersecurity. It concludes by weighing the benefits of these government efforts against persistent shortcomings, noting that cyber adversaries continue to outpace existing defensive measures.
The development of the internet and cyberspace represents one of the most revolutionary technological advancements in human history. Few countries or sectors remain unaffected by the latest advances in internet technologies. Although this technological phenomenon has influenced numerous areas of modern life, it also represents one of the most serious security threats to contemporary society. As organizations and developed nations move their critical infrastructures online, cyber criminal activities attempting to steal sensitive data worth billions of dollars continue to grow. Adversaries in the cyber realm include state-sponsored spies and organized criminals attempting to steal sensitive information such as identities and financial assets. The fundamental asymmetry of cyber threats and the ever-increasing waves of cyber attacks represent a serious and mounting security risk to business organizations, public agencies, and individuals alike.
Defending against waves of cyber attacks requires emerging cybersecurity solutions. Cybersecurity is the process of applying security measures to enhance data integrity, confidentiality, and availability. Typically, a cybersecurity strategy aims to ensure the protection of assets such as desktops, data, servers, buildings, and personnel. The goal of cybersecurity is to protect assets both in transit and at rest. Goodyear, Goerdel, Portillo, et al. (2010) define cybersecurity as an information technology measure to achieve a desired level of protection using the CIA acronym — Confidentiality, Integrity, and Availability — of organizational data.
The case for emerging cybersecurity solutions is compelling because traditional cybersecurity systems are unable to manage the frequency and sophistication of cyber attacks, which have become an imminent challenge in today's IT environment. The benefits that organizations can derive from emerging cybersecurity technologies — including greater data confidentiality, integrity, and availability — are leading a growing number of organizations to consider these solutions for protecting their information assets. However, many of these technologies have only recently been developed, and their efficacy in thwarting sophisticated cyber attacks has not yet been fully proven. Some of these technologies are still in their infancy, with some as recently developed as twelve months prior to publication.
The objective of this paper is to explore emerging cybersecurity technologies. First, the paper identifies and discusses emerging cybersecurity solutions and presents recent research and development efforts aimed at improving them. It also provides definitions and main features of the identified technologies. Additionally, the paper offers real-world examples of the identified emerging cybersecurity solutions, explores government efforts to nurture and support them, and discusses the benefits and drawbacks of those government efforts.
Kuehn and Mueller (2014) identify the Bug Bounty Program (BBP) as one of the new emerging cybersecurity programs used to identify and address software vulnerabilities in computer systems. A software vulnerability is a flaw in computer code — commonly called a security bug — that can compromise computer security. Vulnerabilities can occur due to unintended design choices or mathematical errors. A bug may persist within an organizational computer system for a long time before it is discovered. Such vulnerabilities allow unauthorized individuals to intrude into, manipulate, and steal data from organizational information systems. The software code that enables this type of vulnerability is called an exploit. In essence, a vulnerability allows software exploits to circumvent organizational security systems. Software engineering experts have developed various novel approaches to designing and testing software in order to eliminate these vulnerabilities.
Kuehn and Mueller (2014) further note that many organizations have developed a new generation of cybersecurity programs called Bug Bounty Programs (BBPs). The program represents an emerging cybersecurity practice that has introduced new norms within the cybersecurity paradigm with significant implications for the security and reliability of the internet. The BBP — also known as a Vulnerability Rewards Program (VRP) — is designed to reward penetration testers, independent security researchers, and white-hat hackers for sharing knowledge about discovered vulnerabilities (Bilge & Dumitras, 2012). Enhancing cybersecurity through monetary rewards via the BBP is a relatively new development. Many software security vendors have incorporated BBPs into their business objectives to strengthen security within IT environments. However, the efficacy of the BBP security platform is still under consideration, and many online companies have only recently begun experimenting with BBPs to improve their security systems.
Another emerging area of cybersecurity involves the protection of cloud computing environments. Sharma (2012) identifies cloud computing as one of the emerging technologies that many organizations currently use to achieve their business objectives. An increasing number of organizations are adopting cloud computing because of its cost effectiveness, flexibility, and new collaborative models. Despite the benefits cloud computing delivers, its security requirements differ significantly from those of traditional technologies. Big Data also presents distinct security challenges: it is more than simply bits and bytes and requires new security approaches tailored to its scale and complexity.
Takahashi, Kadobayashi, and Fujiwara (2010) further identify cloud computing as a key emerging information technology, defining it as a model for achieving a shared configuration of computing resources such as servers, networks, storage, and applications. The benefit of cloud computing lies in its massive scalability and its ability to provide a superior and efficient user experience. For example, cloud services such as Google Apps and Amazon Web Services are accessible through web service APIs (application programming interfaces) or standard web browsers. Many organizations prefer cloud computing because of its cost savings. In 2009, organizations spent approximately $17 billion on cloud services; by 2013, that figure had grown to $44 billion, indicating that cloud computing will outpace traditional IT spending in the coming years.
Preserving security for cloud computing requires emerging cybersecurity technologies, since cloud computing departs significantly from traditional computing models. Several emerging cybersecurity solutions have been developed specifically for cloud environments. A Warning Database is one such solution — a database containing information on cybersecurity warnings that organizations can use to implement countermeasures against cybersecurity risks. In cloud computing, a warning database is used to alert users to specific security risks within their cloud environment.
A Countermeasure Knowledge Base (CKB) is another emerging security system for cloud computing. The CKB accumulates information related to assessment rules, checklists, and scoring methodologies used to evaluate the security level of a cloud environment. It provides guidance on best practices for cloud computing and includes a Protection and Detection Knowledge Base that accumulates knowledge for protecting and detecting security threats within cloud environments. For example, the Countermeasure Knowledge Database provides rules and criteria for implementing Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) signatures. Despite the effectiveness of the Countermeasure Knowledge Base as a security measure, it remains at an initial stage of development, and its applicability within cloud environments is still limited.
Rabai, Jouini, Aissa, et al. (2013) note that cloud computing is an emerging computing paradigm valued for its flexibility, economy of scale, and convenience. Despite these benefits, cloud computing is inherently exposed to security risks including virtual machine modification, flooding attacks, Denial of Service (DoS) attacks, data leakage or loss, traffic and account hijacking, and monitoring of one virtual machine from another. Rabai et al. (2013) identify OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) as a risk-based planning technique for cloud security. The OCTAVE approach is based on identifying major security threats and developing security strategies to mitigate those risks.
In the United States and elsewhere, organizations have begun experimenting with emerging cybersecurity technologies to enhance their security posture. In the area of Bug Bounty Programs, Microsoft has been a notable pioneer. In 2013, Microsoft launched a Bounty Program offering rewards for novel exploitation techniques, viewing BBPs as a decisive shift in cybersecurity development. The program targets the black market for security vulnerabilities. In 2013, Microsoft launched the Internet Explorer BBP with rewards of up to $10,000 for identifying critical software flaws. Microsoft also introduced a Mitigation Bypass Bounty of up to $100,000 to advance protective technology, and a BlueHat Bonus offering rewards for novel exploitation techniques used for defensive purposes.
Mozilla has similarly introduced a Security Bug Bounty Program to encourage a safer internet, paying up to $3,000 for identifying high-severity and critical bugs in Thunderbird and Firefox. As Mozilla (2015, p. 1) states: "Security bug is present in the most recent main development or released versions of Firefox, Thunderbird, Firefox for Android, or in Mozilla services which could compromise users of those products, as released by Mozilla Corporation." Google pays up to $20,000 to discover vulnerabilities in YouTube.com and Google.com. Additionally, several other companies offer between $500 and $10,000 as monetary rewards to manage various BBP internet services and software applications.
Facebook has also launched a bug bounty program through its White Hat initiative, drawing both external and internal security experts. In 2013, Facebook extended the bug security infrastructure to its corporate network. As Kuehn and Mueller (2014, p. 10) note: "The program is subject to continuous growth in terms of participating security researchers, scope, and numbers of submissions. This leads to continuous refinement of the program: Facebook reported that the number of high-severity issues was falling, increasing the efforts needed to discover 'good bugs.' It announced increases in the bounty amounts in areas of particular security interest."
"U.S. laws, NIST frameworks, and funding initiatives"
"Policy gains versus persistent cyber adversary threats"
Goodyear, G., Goerdel, H. T., Portillo, S., et al. (2010). Cybersecurity management in the states: The emerging role of Chief Information Security Officers. IBM Centers for the Business of Government.
Klaper, D., & Hovy, E. (2014). A taxonomy and a knowledge portal for cybersecurity. Proceedings of the 15th Annual International Conference on Digital Government Research, 79–85.
Kuehn, A., & Mueller, M. (2014). Shifts in the cybersecurity paradigm: Zero-day exploits, discourse, and emerging institutions. ACM Proceedings of the 2014 Workshop on New Security Paradigms Workshop, 63–68.
Kuehn, A., & Mueller, M. (2014). Shifts in the cybersecurity paradigm: Zero-day exploits, discourse, and emerging institutions. Pre-Proceedings NSPW, 15–18.
Mozilla. (2015). Bug Bounty Program. Mozilla Organization.
PwC. (2014). Why you should adopt the NIST Cybersecurity Framework. PricewaterhouseCoopers, USA.
PwC. (2014). U.S. cybercrime: Rising risks, reduced readiness — Key findings from the 2014 U.S. State of Cybercrime Survey. PricewaterhouseCoopers, USA.
Rabai, L. B. A., Jouini, M., Aissa, A. B., et al. (2013). A cybersecurity model in cloud computing environments. Journal of King Saud University — Computer and Information Sciences, 25(1), 63–75.
Sharma, R. (2012). Study of latest emerging trends on cyber security and its challenges to society. International Journal of Scientific & Engineering Research, 3(6).
Takahashi, T., Kadobayashi, Y., & Fujiwara, H. (2010). Ontological approach toward cybersecurity in cloud computing. ACM. 978-1-4503-0234-0/10/09.
U.S. Government Accountability Office. (2013). Information security: Emerging cybersecurity issues threaten federal information systems. USA.
You’re 57% through this paper. Sign up to read the remaining 2 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.