A Cybersecurity Model for Electronic Governance and Open Society

  • Nuno LopesEmail author
  • José Faria
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 947)


This paper starts by presenting the research landscape of the vulnerabilities of cyberspace; afterwards, it classifies the cyber vulnerabilities identified in the literature; finally, it proposes a cybersecurity model to tackle the cyberspace vulnerabilities found. The proposed model is grounded in three main pillars: a cybersecurity governance approach, cybersecurity capabilities, and cybersecurity best practices. The research methodology used to conduct this study is based on a quantitative and qualitative analysis of the literature on the field. The paper concludes that the model can be a useful tool for preventing and mitigating cyberattacks in public and private organizations.


Cyberattacks Cybersecurity Model Governance model Vulnerabilities Best practices 



This paper is a result of the project “SmartEGOV: Harnessing EGOV for Smart Governance (Foundations, methods, Tools)/ NORTE-01-0145-FEDER-000037”, supported by Norte Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, through the European Regional Development Fund (EFDR).


  1. 1.
    Abraham, S., Nair, S.: A novel architecture for predictive cybersecurity using non-homogenous markov models, vol. 1, pp. 774–781 (2015)Google Scholar
  2. 2.
    Abraham, S.M.: Estimating mean time to compromise using non-homogenous continuous-time markov models, vol. 2, pp. 467–472 (2016)Google Scholar
  3. 3.
    Achuthan, K., Sudharavi, S., Kumar, R., Raman, R.: Security vulnerabilities in open source projects: an India perspective, pp. 18–23 (2014)Google Scholar
  4. 4.
    Aissa, A.B., Abercrombie, R.K., Sheldon, F.T., Mili, A.: Defining and computing a value based cyber security measure. Inf. Syst. E-Bus. Manag. 10(4), 433–453 (2011)CrossRefGoogle Scholar
  5. 5.
    Allodi, L., Massacci, F.: Security events and vulnerability data for cybersecurity risk estimation. Risk Anal. 37(8), 1606–1627 (2017)CrossRefGoogle Scholar
  6. 6.
    Anand, P.: Overview of root causes of software vulnerabilities-technical and user-side perspectives. In: 2016 International Conference on Software Security and Assurance (ICSSA), pp. 70–74. IEEE (2016)Google Scholar
  7. 7.
    Anwar, M., He, W., Yuan, X.: Employment status and cybersecurity behaviors (2017)Google Scholar
  8. 8.
    Arabo, A.: Mobile app collusions and its cyber security implications, pp. 178–183 (2016)Google Scholar
  9. 9.
    Armstrong, R.C., Mayo, J.R.: Leveraging complexity in software for cybersecurity (2009)Google Scholar
  10. 10.
    Ashenden, D.: Information security management: a human challenge? Inf. Secur. Tech. Rep. 13(4), 195–201 (2008)CrossRefGoogle Scholar
  11. 11.
    Ashok, A., Sridhar, S., McKinnon, A.D., Wang, P., Govindarasu, M.: Testbed-based performance evaluation of attack resilient control for AGC, pp. 125–129 (2016)Google Scholar
  12. 12.
    Auffret, J.-P., et al.: Cybersecurity leadership: competencies governance, and technologies for industrial control systems. J. Interconnect. Netw. 17(1), 1740001 (2017)CrossRefGoogle Scholar
  13. 13.
    Baldwin, R., Hofecker, T., Carter, G.: Who’s in control? Securing commercial unmanned aerial systems command and control a methodology and way ahead. J. Air Traffic Control 57(4) (2015)Google Scholar
  14. 14.
    Benjamin, V., Li, W., Holt, T., Chen, H.: Exploring threats and vulnerabilities in hacker web: Forums, IRC and carding shops, pp. 85–90, August 2015Google Scholar
  15. 15.
    Biswas, B., Pal, S., Mukhopadhyay, A.: AVICS-Ecoframework: an approach to attack prediction and vulnerability assessment in a cyber ecosystem (2016)Google Scholar
  16. 16.
    Carter, W.A., Sofio, D.G.: Cybersecurity legislation and critical infrastructure vulnerabilities (2017)CrossRefGoogle Scholar
  17. 17.
    Chatfield, A.T., Reddick, C.G.: Cybersecurity innovation in government: a case study of U.S. pentagon’s vulnerability reward program, volume Part F128275, pp. 64–73 (2017)Google Scholar
  18. 18.
    Costello, P.J.: Identifying and exploiting vulnerabilities in civilian unmanned aerial vehicle systems and evaluating and countering potential threats against the United States airspace, pp. 761–762 (2017)Google Scholar
  19. 19.
    Dalton, W., Van Vuuren, J.J., Westcott, J.: Building cybersecurity resilience in Africa, pp. 112–120 (2017)Google Scholar
  20. 20.
    Mancoridis, S., Prevelakis, V., Dacosta, D., Dahn, C.: Characterizing the ‘security vulnerability likelihood’ of software functionsGoogle Scholar
  21. 21.
    Flores, F., Paredes, R., Meza, F.: Procedures for mitigating cybersecurity risk in a Chilean government ministry. IEEE Lat. Am. Trans. 14(6), 2947–2950 (2016)CrossRefGoogle Scholar
  22. 22.
    Fox, S.J.: Flying challenges for the future: aviation preparedness – in the face of cyber-terrorism. J. Transp. Secur. 9(3–4), 191–218 (2016)CrossRefGoogle Scholar
  23. 23.
    Gisladottir, V., Ganin, A.A., Keisler, J.M., Kepner, J., Linkov, I.: Resilience of cyber systems with over and under regulation. Risk Anal. 37(9), 1644–1651 (2017)CrossRefGoogle Scholar
  24. 24.
    Goppert, J., Shull, A., Sathyamoorthy, N., Liu, W., Hwang, I., Aldridge, H.: Software/hardware-in the-loop analysis of cyberattacks on unmanned aerial systems. J. Aerosp. Inf. Syst. 11(5), 337–343 (2014)Google Scholar
  25. 25.
    Graham, J., Hieb, J., Naber, J.: Improving cybersecurity for industrial control systems, pp. 618–623, November 2016Google Scholar
  26. 26.
    Herrera, A.V., Ron, M., Rabadao, C.: National cyber-security policies oriented to BYOD (bring your own device): systematic review (2017)Google Scholar
  27. 27.
    Hoffman, L.J., Rosenberg, T., Dodge, R., Ragsdale, D.: Exploring a national cybersecurity exercise for universities. IEEE Secur. Priv. 3(5), 27–33 (2005)CrossRefGoogle Scholar
  28. 28.
    Huang, H.-C., Zhang, Z.-K., Cheng, H.-W., Shieh, S.W.: Web application security: threats, counter measures and pitfalls. Computer 50(6), 81–85 (2017)CrossRefGoogle Scholar
  29. 29.
    Ismail, S., Sitnikova, E., Slay, J.: SCADA systems cyber security for critical infrastructures: case studies in the transport sector, pp. 425–433 (2015)Google Scholar
  30. 30.
    Jang-Jaccard, J., Nepal, S.: A survey of emerging threats in cybersecurity. J. Comput. Syst. Sci. 80(5), 973–993 (2014)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Jillepalli, A.A., Sheldon, F.T., De Leon, D.C., Haney, M., Abercrombie, R.K.: Security management of cyber physical control systems using NIST SP 800-82r2 (2017)Google Scholar
  32. 32.
    Jøsang, A., Miralabé, L., Dallot, L.: It’s not a bug, it’s a feature: 25 years of mobile network insecurity, pp. 129–136, January 2015Google Scholar
  33. 33.
    Kamhoua, C., Martin, A., Tosh, D.K., Kwiat, K.A., Heitzenrater, C., Sengupta, S.: Cyber-threats information sharing in cloud computing: a game theoretic approach (2016)Google Scholar
  34. 34.
    Khatoun, R., Zeadally, S.: Cybersecurity and privacy solutions in smart cities. IEEE Commun. Mag. 55(3), 51–59 (2017)CrossRefGoogle Scholar
  35. 35.
    Khera, M.: Think like a hacker: insights on the latest attack vectors (and security controls) for medical device applications. J. Diabetes Sci. Technol. 11(2), 207–212 (2017)CrossRefGoogle Scholar
  36. 36.
    Kim, C.: Cyber-resilient industrial control system with diversified architecture and bus monitoring, pp. 11–16 (2017)Google Scholar
  37. 37.
    Kothari, S., Tamrawi, A., Mathews, J.: Rethinking verification: accuracy, efficiency and scalability through human-machine collaboration, pp. 885–886 (2016)Google Scholar
  38. 38.
    Lam, A., Fernandez J., Frank, R.: Cyberterrorists bringing down airplanes: will it happen soon? pp. 210–219 (2017)Google Scholar
  39. 39.
    Last, D.: Using historical software vulnerability data to forecast future vulnerabilities, pp. 120–126 (2015)Google Scholar
  40. 40.
    Liu, Z., Gupta, B.: A multifaceted assay on cybersecurity: the concerted effort to thwart threats, pp. 123–129 (2016)Google Scholar
  41. 41.
    Dekker, M.A.C.: Critical cloud computing-a CIIP perspective on cloud computing services—ENISA (2012)Google Scholar
  42. 42.
    McGraw, G.: Silver bullet talks with Katie Moussouris. IEEE Secur. Priv. 13(4), 7–9 (2015)CrossRefGoogle Scholar
  43. 43.
    Mejia-Miranda, J., Melchor-Velasquez, R.E., Munoz-Mata, M.A.: Vulnerability detection in smartphones: a systematic literature review [detección de vulnerabilidades en smartphones: Una revisión sistemática de la literatura] (2017)Google Scholar
  44. 44.
    Meszaros, J., Buchalcevova, A.: Introducing OSSF: a framework for online service cybersecurity risk management. Comput. Secur. 65, 300–313 (2017)CrossRefGoogle Scholar
  45. 45.
    Mtsweni, J.: Analyzing the security posture of South African websites, September 2015Google Scholar
  46. 46.
    Mtsweni, J., Shozi, N.A., Matenche, K., Mutemwa, M., Mkhonto, N., Van Vuuren, J.J.: Development of a semantic-enabled cybersecurity threat intelligence sharing model, pp. 244–252 (2016)Google Scholar
  47. 47.
    Murray, A., Begna, G., Nwafor, E., Blackstone, J., Patterson, W.: Cloud service security & application vulnerability, June 2015Google Scholar
  48. 48.
    Muñoz, F.R., Vega, E.A.A., Villalba, L.J.G.: Analyzing the traffic of penetration testing tools with anids. J. Supercomput. 1–16 (2016)Google Scholar
  49. 49.
    Nagurney, A., Shukla, S.: Multifirm models of cybersecurity investment competition vs. cooperation and network vulnerability. Eur. J. Oper. Res. 260(2), 588–600 (2017)MathSciNetCrossRefGoogle Scholar
  50. 50.
    Neuhaus, S., Plattner, B.: Software security economics: theory, in practice (2013)CrossRefGoogle Scholar
  51. 51.
    Norris, D., Joshi, A., Finin, T.: Cybersecurity challenges to American state and local governments, pp. 196–202, January 2015Google Scholar
  52. 52.
    Ortiz, E.C., Reinerman-Jones, L.: Theoretical foundations for developing cybersecurity training. In: Shumaker, R., Lackey, S. (eds.) VAMR 2015. LNCS, vol. 9179, pp. 480–487. Springer, Cham (2015). Scholar
  53. 53.
    Pereira, T., Santos, H., Mendes, I.: Challenges and reflections in designing cyber security curriculum, pp. 47–51 (2017)Google Scholar
  54. 54.
    Rahman, S.S.M., May, Y.V.: Wireless security vulnerabilities and countermeasures for an airport, pp. 431–436 (2015)Google Scholar
  55. 55.
    Sabillon, R., Cavaller, V., Cano, J., Serra-Ruiz, J.: Cybercriminals, cyberattacks and cybercrime (2016)Google Scholar
  56. 56.
    Smeets, M.: A matter of time: on the transitory nature of cyber weapons. J. Strat. Stud. 41, 1–28 (2017)Google Scholar
  57. 57.
    Song, J., Alves-Foss, J.: The Darpa cyber grand challenge: a competitor’s perspective, part 2. IEEE Secur. Priv. 14(1), 76–81 (2016)CrossRefGoogle Scholar
  58. 58.
    Takahashi, T., Miyamoto, D., Nakao, K.: Toward automated vulnerability monitoring using open information and standardized tools (2016)Google Scholar
  59. 59.
    Tevis, J.-E.J., Hamilton, J.A.: Methods for the prevention, detection and removal of software security vulnerabilities. In: Proceedings of the 42nd Annual Southeast Regional Conference, ACM-SE 42, pp. 197–202. ACM, New York (2004)Google Scholar
  60. 60.
    Tweneboah-Koduah, S., Skouby, K.E., Tadayoni, R.: Cyber security threats to IoT applications and service domains. Wirel. Pers. Commun. 95(1), 169–185 (2017)CrossRefGoogle Scholar
  61. 61.
    Van Devender, M.S., Campbell, M., Glisson, W.B., Finan, M.A.: Identifying opportunities to compromise medical environments (2016)Google Scholar
  62. 62.
    Vassilev, A., Celi, C.: Avoiding cyberspace catastrophes through smarter testing. Computer 47(10), 102–106 (2014)CrossRefGoogle Scholar
  63. 63.
    Wang, Y., Yang, J.P.: Ethical hacking and network defense: choose your best network vulnerability scanning tool, pp. 110–113 (2017)Google Scholar
  64. 64.
    Watkins, L., Hurley, J.: Enhancing cybersecurity by defeating the attack lifecycle, pp. 320–327 (2016)Google Scholar
  65. 65.
    Williams, P.A.H., Woodward, A.J.: Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Med. Dev. Evid. Res. 8, 305–316 (2015)CrossRefGoogle Scholar
  66. 66.
    Wolff, J.: Perverse effects in defense of computer systems: when more is less. J. Manag. Inf. Syst. 33(2), 597–620 (2016)CrossRefGoogle Scholar
  67. 67.
    Wolff, J.: Perverse effects in defense of computer systems: when more is less, pp. 4823–4831, March 2016Google Scholar
  68. 68.
    Wu, W., Kang, R., Li, Z.: Risk assessment method for cybersecurity of cyber-physical systems based on inter-dependency of vulnerabilities, pp. 1618–1622, January 2016Google Scholar
  69. 69.
    Yang, J., Wang, Y., Reddington, T.: Integrate hacking technique into information assurance education, pp. 381–387 (2016)Google Scholar
  70. 70.
    Yang, Y., Xu, H.-Q., Gao, L., Yuan, Y.-B., McLaughlin, K., Sezer, S.: Multidimensional intrusion detection system for IEC 61850-based SCADA networks. IEEE Trans. Power Deliv. 32(2), 1068–1078 (2017)CrossRefGoogle Scholar
  71. 71.
    Yoo, H., Shon, T.: Challenges and research directions for heterogeneous cyber-physical system based on IEC61850: vulnerabilities, security requirements, and security architecture. Future Gener. Comput. Syst. 61, 128–136 (2016)CrossRefGoogle Scholar
  72. 72.
    Yoo, H., Shon, T.: Challenges and research directions for heterogeneous cyber–physical system based on IEC 61850: vulnerabilities, security requirements, and security architecture. Future Gener. Comput. Syst. 61(Supplement C), 128–136 (2016)CrossRefGoogle Scholar
  73. 73.
    Zetter, K.: Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. Crown Publishing Group, New York (2014)Google Scholar
  74. 74.
    Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.United Nations University, Operating Unit on Policy-Driven Electronic Governance (UNU-EGOV)GuimarãesPortugal

Personalised recommendations