Cybersecurity dynamics in software development environment. What system traps do exist?

Zeijlemaker, Sander; von Kutzschenbach, Michael

Cybersecurity dynamics in software development environment. What system traps do exist?

Authors

Zeijlemaker, Sander

von Kutzschenbach, Michael

Author (Corporation)

Publication date

2020

Typ of student thesis

Course of study

Collections

Institut für Unternehmensführung

Full item page

Type

04B - Conference paper

Editors

Editor (Corporation)

Supervisor

Parent work

Proceedings of the 38th International Conference of the System Dynamics Society

Special issue

DOI of the original publication

URI

https://irf.fhnw.ch/handle/11654/43073

Link

Series

Series number

Volume

Issue / Number

Pages / Duration

Patent number

Publisher / Publishing institution

System Dynamics Society

Place of publication / Event location

Online

Edition

Version

Programming language

Assignee

Practice partner / Client

Abstract

Increasing dependency on information technology and an increasing number of cyber-attacks give rise to concerns about secure software development methods. Building system dynamics models we research and compare the structure underlying the behaviour relevant to security software developments for both agile and traditional software delivery methods. The difference between these models is related to the key characteristics of these methods, but not to the security aspects itself. Both dynamic models show similar structures to developing software and cybersecurity dynamics. Our study shows that network externalities may evoke the acceptance trap. The acceptance trap begins when insecure software is brought into production and is actively used, because if software is available, it can generate income, while further security development will cost more money. Insecure software means the software still contains vulnerabilities that can be exploited by cybercriminals in near future. In order to exploit these vulnerabilities cybercriminals will launch cyber attackers. In such situation there may be a contamination effect caused by successful attacks may evoke more cybercriminal activities. These ongoing cyber-attacks will have such an impact that more and more security improvements and incident responses are needed, which result in increasingly higher costs. As a result, less capacity will be available for future software development. The model structures suggest that more time and money spent on security testing and resolving vulnerabilities helps to avoid the acceptance trap. Similar conclusions have been formulated in the field of Internet of Things adaptation research. Further model quantification, validation, and policy evaluation should provide further insights and recommendations to resolve the acceptance trap.

Keywords

Subject (DDC)

330 - Wirtschaft

Project

Event

38th International Conference of the System Dynamics Society

Exhibition start date

Exhibition end date

Conference start date

19.07.2020

Conference end date

24.07.2020

Date of the last check

ISBN

978-1-7138-2021-5

ISSN

Language

English

Created during FHNW affiliation

Yes

Strategic action fields FHNW

Publication status

Published

Review

Peer review of the complete publication

Open access category

Closed

License

Citation

Zeijlemaker, S., & von Kutzschenbach, M. (2020). Cybersecurity dynamics in software development environment. What system traps do exist? Proceedings of the 38th International Conference of the System Dynamics Society. 38th International Conference of the System Dynamics Society. https://irf.fhnw.ch/handle/11654/43073

Full item page