Cybersecurity: A Technology Landscape Analysis (Applied Innovation and Technology Management) [1st ed. 2023] 3031348427, 9783031348426

Citation preview

Applied Innovation and Technology Management

Tugrul U. Daim Marina Dabić   Editors

Cybersecurity A Technology Landscape Analysis

Applied Innovation and Technology Management Series Editors Tugrul U. Daim , Department of Engineering & Technology Management Portland State University Portland, OR, USA Marina Dabić , Faculty of Economics & Business University of Zagreb Zagreb, Croatia

Technology is not just limited to technology companies. Managing innovation and technology is no longer a luxury and needs to be understood by all sectors around the world and by both technical and non-technical managers. This book series explores existing and emerging technologies that address current challenges within innovation and technology managements. Each title is developed to provide a set of frameworks, tools and methods that can be adopted by researchers, managers and student in engineering, innovation and technology fields. Research, policy and practice-based books in the series cover topics such as roadmapping, portfolio management, technology forecasting, R&D management, health technologies, bio technologies, transportation management, smart cities, and open innovation, among many others.

Tugrul U. Daim  •  Marina Dabić Editors

Cybersecurity A Technology Landscape Analysis

Editors Tugrul U. Daim Mark O. Hatfield Cybersecurity & Cyber Defense Policy Center Portland State University Portland, OR, USA

Marina Dabić Faculty of Economics and Business University of Zagreb Zagreb, Croatia University of Dubrovnik Dubrovnik, Croatia School of Economics and Business University of Ljubljana Ljubljana, Slovenia

ISSN 2662-9402     ISSN 2662-9410 (electronic) Applied Innovation and Technology Management ISBN 978-3-031-34842-6    ISBN 978-3-031-34843-3 (eBook) https://doi.org/10.1007/978-3-031-34843-3 © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Switzerland AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

Contents

Part I Technological Analyses 1 Cybersecurity Technology: A Landscape Analysis ������������������������������    3 Mürsel Doğrul, Haydar Yalçın, and Tugrul U. Daim 2 C  ybersecurity Technology: An Analysis of the Topic from 2011 to 2021������������������������������������������������������������������������������������   23 Yuliia Kyrdoda, Giacomo Marzi, Marina Dabić, and Tugrul U. Daim 3 C  ybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT Using SNA��������������������������������������������������   39 Edwin Garces, Shuying Li, and Tugrul U. Daim 4 Patent Alert System����������������������������������������������������������������������������������   71 Alptekin Durmuşoğlu, Zeynep Didem Unutmaz Durmuşoğlu, and Tugrul U. Daim Part II Strategic Analyses 5 Technology Assessment of Cybersecurity����������������������������������������������   89 Hao Zhang and Tugrul U. Daim 6 Science  and Technology Gap Analysis of Cybersecurity Technology������������������������������������������������������������������������������������������������  147 Xiaoli Wang, Xin Li, and Tugrul U. Daim 7 2030  Roadmap: Cybersecurity in Food E-Commerce��������������������������  167 Cuong Nguyen, Jordan Wearing, Kawther Elolaimi, Pavithra Prasad, Prajakta Thorat, Tony Califano, and Tugrul U. Daim

v

vi

Contents

8 Cybersecurity  Technology Roadmap: Data and Information Security for Smart Grid Industry����������������������������������������������������������  193 Anurag Yaddanapudi, Kaushik Chaudhary, Mohammad Alabdulaziz, Mohammed Albabtain, Nisha Hemantha Raju, Tasiya (Yaya) Sirimongkarakorn, Vijay Joshi, and Tugrul U. Daim Part III Sectoral Analyses 9 Healthcare  Information Systems Security Maturity Assessment��������  221 Bridget Barnes, Tugrul U. Daim, and Courtney Wright 10 Mapping  the Knowledge of Cybersecurity in the Manufacturing Industry����������������������������������������������������������������������������������������������������  239 Gordana Zeba, Marina Dabić, Mirjana Čičak, Goran Vlašić, and Tugrul U. Daim 11 Technology  Domain Analysis: Ecosystem for Proactive Cybersecurity in the Energy Sector ������������������������������������������������������  267 Momtaj Khanam, Edwin Garces, Tugrul U. Daim, and Fayez Alsoubaie

Part I

Technological Analyses

Chapter 1

Cybersecurity Technology: A Landscape Analysis Mürsel Doğrul

, Haydar Yalçın

, and Tugrul U. Daim

Abstract  The focus of this chapter is to explore the impact of cybersecurity on the generation of knowledge and patents by analyzing the emergence of technological entrepreneurship and technological innovation within the state security environment. This topic is especially significant due to its dynamic ability to contribute to the national adoption of digital innovation by states. To produce and assess a fresh viewpoint on digital entrepreneurship driven by cybersecurity principles, pertinent data indicating the evolution of indicators for undertaking cybersecurity research in nations from 1999 to 2023 were analyzed. Examining cyberspace in-depth, this study employs bibliometric analysis as a methodology, as well as patent analysis, funding institutions, author productivity, institutional collaboration, institutional productivity, country collaboration, country productivity, and keyword analysis. Consequently, the rise of cybersecurity publications and patents is split into two categories: research and development (including startups, technological discoveries, and technology preparedness) and patents and trademarks (leveraging digital technology). This research reveals a number of strong correlations between these qualities, which contributes to the cybersecurity literature and has significant implications for corporate management and practitioners. Keywords  Security · Technology · Innovation · Research-funding institution · Patent · Saturation

M. Doğrul Turkish National Defence University, Joint War Institute, Istanbul, Turkey e-mail: [email protected] H. Yalçın Ege University, Division of Management Information Systems, Department of Business Administration, Faculty of Economics and Administrative Sciences, Izmir, Turkey e-mail: [email protected] T. U. Daim (*) Mark O. Hatfield Cybersecurity & Cyber Defense Policy Center, Portland State University, Portland, OR, USA e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 T. U. Daim, M. Dabić (eds.), Cybersecurity, Applied Innovation and Technology Management, https://doi.org/10.1007/978-3-031-34843-3_1

3

4

M. Doğrul et al.

1.1 Introduction The primary focus of cybersecurity research in the past two decades has been on securing secure storage of personal information by states (Goutam, 2015). The rapidly changing and evolving nature of cyberspace has also led to its perception of insecurity (Choucri, 2014; Corn, 2017). With the advancement of technology, battlegrounds are no longer limited to physical borders, but also extend to digital spaces. Cybercrime is a significant threat to individuals, businesses, organizations, and governments (Bajpai, 2022; PwC, 2022). According to publicly available data, commercial email intrusions are expected to cost businesses $43 billion between 2016 and 2021 (FBI, 2022). To address this flaw, the concept of security has been developed, and traditional threat perceptions have been expanded to include the digital environment (Tan, 2021) and titled non-traditional security (NTS) (Mallavarapu, 2009). Security concerns have transitioned from the military to the civilian sphere, introducing new arguments and notions. Cyberattacks on power plants and pipelines have expanded the scope of cybersecurity to include energy security (Hoffmann, 2020; Malhotra et al., 2021)). It is currently more crucial than ever to take safeguards against the threats posed by cyberattacks. In April 2022, cybersecurity authorities from the United States, Australia, Canada, New Zealand, and the United Kingdom launched a joint Cybersecurity Advisory (CSA) proclamation against the backdrop of the ongoing war between Russia and Ukraine (CISA, 2022). States strive to carefully preserve their citizens’ data and prevent digital instability in the face of not just political crises such as war, but also highly advanced technology developments and societal demands (Doğrul & Erğurum, 2021; Jafari-Sadeghi et al., 2021). States are compelled to leverage technology-producing infrastructures and corporations in order to maintain a substantial presence and offer security in the expanding and partially unregulated cosmos of cyberspace. In this respect, by analyzing the concepts and keywords of cybersecurity, it is possible to anticipate the principal concerns of governments and the emergence of new areas of cybersecurity competition. By identifying crucial cybersecurity companies, their internationalization and even participation in international politics could be questioned. It can assess whether research-funding institutions around the world are also concerned with cybersecurity. It is possible to examine the global situation of the number of patents produced in cybersecurity and the internationalization performance of the companies that have them. In the context of cybersecurity, it is feasible to trace the intensity of investment in areas of expanding significance and the saturation levels of the concepts. Thus, the scholarly literature will be updated with the most recent trends, pillars, content, and advancement in cybersecurity technology.

1  Cybersecurity Technology: A Landscape Analysis

5

1.2 Data and Method In order to answer abovementioned questions and understand the basic and current features of the cybersecurity field, we preferred to conduct a bibliometric analysis. For this reason, we conducted an online search of the leading indices of the Web of Science (WoS). As a result of the query, bibliographic data of a total of 17,828 scientific publication documents between the years 1999 and 2023 were accessed. While a total of 34,841 authors contributed to the cybersecurity literature, where the annual growth rate was calculated as 5.36, 2874 of the publications contributed by these authors were single-authored. While there are 3.3 authors per document, 21.1% of the publications are the result of international collaboration. In this study, the bibliometric analysis will reveal the intellectual structure and research concentration of cybersecurity. Bibliometrics is the application of mathematical and statistical techniques to scientific communication (Pritchard, 1969). Bibliometry can also be defined as a tool that has been developed for the quantitative evaluation of scientific literature and offers methods for research on the structure of scientific communication on scientific communication (Borgman & Furner, 1990). The first applications using the bibliometric method can be traced back to the early 1900s (Lawani, 1981; Thanuskodi, 2010). Since the 1970s, the importance of knowledge and knowledge management in every field has made bibliometrics, which is an important tool in the evaluation of scientific knowledge, a more frequently used method. Bibliometrics can be used at different scales for various purposes. In the analyses made by the authors (Chen, 2003; Fleming & Spicer, 2014; Glänzel & de Lange, 2002; Peters & Van Raan, 2005) while evaluating the collaborations in the field and the dissemination of scientific knowledge related to it (Glänzel & Schubert, 2005) and in the analyses made on keywords (Ding & Li, 2010; Liu et al., 2014; Muñoz-Leiva et al., 2012), the intellectual structure of scientific disciplines is revealed; time-dependent change or connection networks between sub-research fields can be seen (He & Yu, 2020). In the context of the application of bibliometric analysis at different scales, there are studies on the evaluation of authors’ publications with citation analysis or co-word analysis in the microdimension, institutional evaluations in medium-sized studies, and the evaluation of the country or research area in the macrodimension (Chen, 2003). Open-source bibliographic databases will be used to obtain the data to be used in the project. Databases such as WoS, Scopus, and Google Scholar are frequently used in the bibliometric literature. The fact that Google Scholar is open to manipulation (Delgado López-­ Cózar et al., 2012; Labbé, 2010) may affect the reliability of the analysis. Although the Scopus database indexes more journals in terms of scope, the WoS bibliographic database will be used because the database is more inconsistent than WoS (Franceschini et al., 2016; Wang & Waltman, 2016). In this sense, the categories created by the WoS database in line with the research focus of the journals will be used to obtain data on sociology and the publications under the cybersecurity technologies analyzed.

6

M. Doğrul et al.

1.2.1 The Social Network Analysis (SNA) The SNA method was used to determine the subject areas and focal points in the field of cybersecurity. According to this, the frequency of each topic heading together was calculated, and then the values obtained were used in the calculation of social network metrics. To give information about the indicators, we use to determine the roles of the nodes in the network in social network analysis: Betweenness centrality is based on the shortest paths in a network. Betweenness is important for flows in a network. If a node with a high degree of betweenness is eliminated, it means that flows in this network will not be efficient, as the average of the shortest paths will increase (Scott, 2012, p. 114). Degree centrality relates to the number of first-order neighbors a node is connected to by a single link. Degree centrality is measured by the number of connections of a node, and this measure measures degree centrality in absolute terms (Bródka et al., 2012). Degree centrality concerns nodes that are first-degree neighbors of a node. However, there are also nodes that are indirectly linked to a node. Closeness centrality focuses on distance and takes into account nodes in indirect connection. Closeness is the average length of the shortest paths between a node and all other nodes in the graph. Proximity can be interpreted as the average access time, provided that access is provided from the shortest paths (Otte & Rousseau, 2002).

1.3 Keyword Analysis Keyword analysis in bibliometrics is the act of discovering and analyzing the most frequently occurring words and phrases in a collection of papers or publications. It is often used to identify trends and patterns in research, to understand the most important topics being studied in a particular field, and to inform the development of research agendas. It can also be used to identify gaps in the research literature and to identify key influencers or leaders in a particular field. When we look at the keyword analysis, we have looked at the nodes with a high ratio between the level of connectivity, the centrality of betweenness, and the level of closeness centrality, as well as the nodes where we can catch weak signals. Here, when we carry out the structural hole analysis application, which is one of the most important sub-analysis methods of social network analysis, we have determined the nodal points that have reached a certain level of saturation in terms of the technology growth phase and the technology sub-domains that are relatively more mobile in the network and open to development and can be defined as virgin areas. When we examine Table  1.1 closely, we see that especially the security model Internet framework status and management keywords are the nodal points with the highest values ​​in terms of both the connection level and the center and proximity centers. On the other hand, when we look closely at the concepts that have reached the level of technological maturity, it is possible to say that the concept of impact, model,

1  Cybersecurity Technology: A Landscape Analysis

7

Table 1.1  Keyword analysis All degree partition Security Model Internet

Betweenness centrality Security Model Internet

All closeness centrality Security Model Internet

Framework Management Systems Impact Challenges Cybersecurity Privacy System Information Attacks Performance Design

Framework Management Systems Impact Information Challenges Cybersecurity Attacks Privacy Performance System Design

Framework Management Systems Impact Challenges Cybersecurity Privacy Information System Cybersecurity Attacks Performance

High aggregate constraints Impact Model Information security Cybersecurity Decision-making Performance Information Management Models Efficiency Power Behavior Technology Dynamics Time

Technology Networks Risk Cybersecurity Things Behavior Cybersecurity

Design Technology Networks Risk Cyber-security Things Behavior

Knowledge Cyber-security Strategies Framework Risk Design Determinants

Future

Technology Cybersecurity Networks Risk Behavior Cybersecurity Information security Network

Attribution Observability Representation Stock market Placement Level Stochastic model Situation awareness C systems Offense Telehealth Support vector machine Watermarking Foundations Extraction Architectures Art Set Supervisory control

Security

Feedback

Network

Trust

Decision

Trust

Things

Information security Intrusion detection Network

Information security investment Children

Strategy

Low aggregate constraints Ontology Things security Fake news

information security, cybersecurity, decision-making, performance, information management, and model has now reached the level of technological saturation and has strengthened its position for the cybersecurity network. When we look at the key concepts that are open to development in terms of cybersecurity technologies and cyber defense technologies, it is possible to say that ontologies, the Internet of things, the concept of security in the Internet of things, the fake news phenomenon, the observability principle, and the re-presentation principles are still among the nodal points that are open to development. When keyword analysis is evaluated within itself, the search for models continues. There are different levels of saturation. The overlooked and untouched topics (potential) are topics such as “children,” the “stock market,” and the “things

8

M. Doğrul et al.

Fig. 1.1  Interaction map of research fields and keywords

security.” Interestingly, “fake news” has not yet emerged as a prioritized topic in the cybersecurity space. This can also be considered an explanation for the lack of measures taken in the face of today’s information pollution. When the interaction map (Fig. 1.1) of the keywords of scientific publications on cybersecurity with other concepts in the studies is examined, it is seen that the concepts of “Internet,” “security,” “model,” “impact,” “framework,” “attack,” “information,” and “challenges” stand out. In addition, “security,” “Internet,” “model,” “information,” “technology,” and “trust” are interacting keywords. At the common interaction point of all studies, the concepts of “management,” “model,” “protection,” and “privacy” can be seen. The keywords “power,” “defense,” “framework,” and “security” interact with “Internet,” “information,” and “cybersecurity” in a side cluster. These keywords also overlap with the contemporary contexts of security studies in international relations (Routledge, 2023).

1.4 Country Productivity According to the results of the country productivity (Table 1.2) analysis we have done, we see that the United States is at the top of the list above China and England, unlike the results we have achieved in other technology domain studies in terms of both the number of documents and the number of citations received when evaluated together with performance indicators, the number of publications, and the number of citations. Considering the h-index, which represents the intersection point, we see that the United States is at the top of the list with a value of 122. While China is at the second place, then the United Kingdom, Australia, Canada, India, Italy, Spain, and Pakistan are at the top of the list, while Türkiye also contributes with 350

1  Cybersecurity Technology: A Landscape Analysis

9

Table 1.2  Country productivity Country USA Peoples R China UK Australia Canada India Italy Spain Pakistan Singapore South Korea Turkey Sweden Japan Saudi Arabia France Germany Netherlands Taiwan Norway Poland Denmark Greece Malaysia Israel

Citation sum within h-core 30,959 12,653 9254 7464 5069 5116 4080 3212 2467 2805 2418 2616 2836 2057 1950 1575 1660 1894 1033 1400 812 1610 950 1092 988

All citations 111,959 32,505 25,065 16,993 10,313 11,492 8790 6938 4228 4166 5695 3890 4099 4116 4826 3609 3951 3304 1829 2688 1941 2183 2557 2229 1777

All documents 10,909 2653 2324 1349 997 1566 997 784 367 314 731 357 310 592 785 656 841 365 256 406 393 137 432 399 252

h-index 122 82 68 61 46 46 41 36 35 34 33 32 31 30 29 26 25 24 24 24 24 22 22 21 21

publications, both in terms of the number of publications and the total number of citations received. It is possible to see that it has taken an important place on the list.

1.5 Country Collaboration Table 1.3 presents the cooperation of various countries in the study. The analysis of the network reveals that the United States is the leading country in all three values, followed by the United Kingdom. Upon examining the countries with the highest level of maturity in cybersecurity research, particularly in terms of high connectivity in the network, it is evident that the United States, United Kingdom, India, China, Gambia, Australia, and Paraguay are among the top performers. On the other hand, the Czech Republic, Slovenia, Denmark, Estonia, and the United Arab Emirates are among the countries with relatively fewer connections in the country cooperation network, as measured by country connectivity levels. Notable also is

10

M. Doğrul et al.

Table 1.3  Country collaboration All degree partition USA UK India Peoples R China Australia Spain Saudi Arabia Germany France Canada Italy Norway Pakistan Netherlands South Korea Malaysia Czech Republic Poland Turkey Sweden Finland Greece Portugal Japan Taiwan

Betweenness centrality USA UK Australia India

All closeness centrality USA UK India Peoples R China

Aggregate constrain HAC Jamaica USA UK India

Aggregate constraint LAC Czech Republic Slovenia Denmark Estonia

Peoples R China Spain Saudi Arabia Germany South Africa Canada Russia France Ukraine Hungary Italy Turkey Malaysia

Australia Canada Saudi Arabia Spain Germany Italy Norway France Malaysia Poland Pakistan Czech Republic South Korea

Peoples R China Gambia Australia Paraguay Bhutan Canada Saudi Arabia Spain Germany Mozambique Italy Norway France

U Arab Emirates Vietnam Saudi Arabia Poland Thailand Ghana Norway Spain Iraq Finland Iran UK Netherlands

Norway Iran Belgium Japan Poland Uganda Pakistan Czech Republic

Netherlands Turkey Sweden Switzerland Finland U Arab Emirates Japan Taiwan

Malaysia South Korea Pakistan Poland Czech Republic Netherlands Turkey Sweden

Pakistan Nigeria Jordan Belgium Slovakia Ireland Switzerland Sweden

the fact that Saudi Arabia has a high ranking in all degree of partition, betweenness centrality, and closeness centrality, allowing it to be included among the G-7 nations in this table.

1.6 Institutional Productivity When we look at institutional productivity and contribution (Table 1.4), it is seen that Carnegie Mellon University; University of California, Berkeley; New  York University (NYU); the University of Texas San Antonio; MIT; and the University of California are at the top of the list. It is possible to say that MIT is at the top of the list in terms of the number of publications, but when we consider it in terms of the intersection of the number of publications and the number of citations, that is, in

1  Cybersecurity Technology: A Landscape Analysis

11

Table 1.4  Productivity of the institutions Institution Carnegie Mellon Univ Univ Calif Berkeley NYU Univ Texas San Antonio MIT Univ Oxford Virginia Tech Arizona State Univ Swinburne Univ Technol Singapore Univ Technol and Design Tsinghua Univ Univ Arizona Iowa State Univ Univ Virginia Washington State Univ Texas A & M Univ Deakin Univ IIT (Illinois Institute of Technology Univ Toledo Purdue Univ Univ Michigan Univ Illinois Georgia Inst Technol King Saud Univ Univ Waterloo

Citation sum within h-core 3008 2120 988 994 1084 922 814 778 1035 1057

All citations 3490 2277 1357 1779 1490 1347 1219 1172 1179 1229

All documents 151 54 117 150 170 131 101 103 49 59

H-index 22 21 21 21 20 20 20 20 19 19

1260 680 2598 869 926 1240 838 925

1521 1024 2811 1151 1214 1448 1187 1051

83 83 83 77 72 89 99 46

18 18 18 18 18 17 17 17

1267 477 732 869 932 908 1413

1410 846 973 1213 1144 1341 1580

80 130 77 116 74 104 52

17 17 17 17 16 16 16

terms of the h-index, it is possible to say that the list is formed in the axis of the order mentioned before. A number of universities in the United States are ranked higher than Tsinghua University, a prestigious university in China when it comes to the productivity of cybersecurity studies.

1.7 Institutional Collaboration In terms of institutional cooperation (Table 1.5), it is possible to see that Carnegie Mellon University and Berlin University are at the top of the list in terms of connectivity, while University Texas San Antonio is at the top of the list in terms of centrality betweenness. When we look at the indicator of being in close relationship with other nodes, that is, in terms of closeness centrality, we see that Carnegie

12

M. Doğrul et al.

Table 1.5  Collaboration of the institutions All degree partition Carnegie Mellon Univ Univ Texas San Antonio MIT

Betweenness centrality Univ Texas San Antonio King Saud Univ

All closeness centrality Carnegie Mellon Univ Univ Texas San Antonio Univ Illinois

Aggregate constraint HAC Carnegie Mellon Univ Univ Texas San Antonio Univ Illinois

MIT

MIT

Aggregate constraint LAC Tsinghua Univ Shanghai Jiao Tong Univ Delft Univ Technol

Univ Illinois

Carnegie Mellon Univ Tsinghua Univ

Univ Oxford

Univ Oxford

Univ Oxford

Univ Oxford

King Saud Univ

MIT

Univ New South Wales Nanyang Technol Univ Penn State Univ

Univ Illinois

Univ New South Wales Nanyang Technol Univ Tsinghua Univ

Nanyang Technol Univ Tsinghua Univ Kings Coll London

Univ Michigan Delft Univ Technol Harvard Univ

Univ New South Wales King Abdulaziz Shanghai Jiao Univ Tong Univ Delft Univ Technol Harvard Univ Norwegian Univ Sci & #38; Technol Nanyang Technol Univ Univ Calif Berkeley Univ Michigan

Univ Michigan

George Mason Univ Univ Calif Berkeley Purdue Univ

George Mason Univ Univ S Florida

Chinese Acad Sci Purdue Univ

Univ Waterloo

Indiana Univ

Univ Tennessee

Deakin Univ

Univ Southern Calif Deakin Univ

Univ Minnesota Univ Waterloo Norwegian Univ Sci & #38; Technol

Delft Univ Technol King Saud Univ Penn State Univ

Norwegian Univ Sci & #38; Technol Imperial Coll Univ Southern London Calif Univ Strathclyde Imperial Coll London Arizona State Univ Univ Calif Berkeley

Nanyang Technol Univ Univ Texas San Antonio Univ Michigan

Univ Michigan Aalborg Univ Delft Univ Technol King Saud Univ Penn State Univ Purdue Univ

Univ Texas Austin

Indiana Univ

Univ Oxford

Univ Southern Calif Imperial Coll London Univ Calif Berkeley Royal Inst Technol King Abdulaziz Univ George Mason Univ Arizona State Univ Univ Calif Los Angeles

Macquarie Univ

Univ New South Wales Univ Calif Los Angeles Univ Alberta

Univ Calif Berkeley North Carolina State Univ Norwegian Univ Sci & #38; Technol Univ Technol Sydney Univ Minnesota Tennessee Technol Univ US Army

(continued)

1  Cybersecurity Technology: A Landscape Analysis

13

Table 1.5 (continued) All degree partition Chinese Acad Sci Tsinghua Univ Macquarie Univ Shanghai Jiao Tong Univ

Betweenness All closeness centrality centrality Kings Coll London Univ Texas Austin Univ Arizona King Abdulaziz Univ Penn State Univ Univ Waterloo Virginia Tech George Mason Univ

Aggregate constraint HAC Univ Toronto

Aggregate constraint LAC Natl Univ Singapore Univ Massachusetts

Kings Coll London Univ S Florida Penn State Univ NYU Florida Int Univ

Mellon University is at the top of the list. In other words, it can be said that the maturity level of Carnegie Mellon University is quite high. When we look at the institutions that are open to development and have a more flexible structure in terms of developing institutional cooperation, it can be said that Tsinghua University, Shanghai Jiao Tong University, and Delft University of Technology institutions are at the top of the list.

1.8 Author Productivity Table 1.6 shows the productivity of the Authors. Chen-Ching Liu from Virginia Polytechnic Institute and State University topped the list with 33 publications and 15  h-index, Soman K P from Amrita Vishwa Vidyapeetham University in India ranked second with 20 publications and 13 h-index, and Manimaran Govindarasu from Iowa State University ranked third with 38 publications and 13  h-index. In addition, according to Table 1.6, it is seen that productive researchers are mostly from US universities.

1.9 Funding Institutions The funding institutions for cybersecurity studies and their publication/citation indication are listed in Table  1.7. China’s National Natural Science Foundation ranks first with 397 articles and an h-index of 42. With 323 publications and a 32 h-index, the National Science Foundation in the United States is the second most productive and successful institution in terms of funding. EPSRC Funding Source (UKRI) ranks third with 99 articles and an h-index of 25. The EU and its project titles, such as Horizon (Press release, 2022), are also on the list, and in recent years, cybersecurity has been given high priority in the project titles. Institutions from Korea, Japan, and other Asian nations are also included in the list. The presence of

14

M. Doğrul et al.

Table 1.6  Productivity of the authors Author Liu, Chen-Ching Soman, K. P Govindarasu, Manimaran Alazab, Mamoun Ishii, Hideaki Xu, Shouhuai Chen, Hsinchun Zhang, Jun Choo, Kim-Kwang Raymond Xiang, Yang Wang, Lingfeng Poornachandran, Prabaharan Qiu, Meikang Wang, Jianhui Joshi, Anupam Sengupta, Shamik Janicke, Helge Zhu, Quanyan Kwiat, Kevin A Hammoudeh, Mohammad Debbabi, Mourad Lu, Rongxing Vinayakumar R Pan, Lei Hahn, Adam

Citation sum within h-core 1239 941 1699 980 647 319 310 633 489 574 693 884 711 931 312 163 749 292 249 221 258 1015 834 223 983

All citations 1315 982 1787 1033 717 380 397 676 545 628 741 912 748 953 405 215 806 346 249 247 283 1016 843 240 1015

All articles 33 20 38 26 28 29 30 24 33 25 47 16 20 15 32 29 31 28 10 15 17 10 11 15 15

h-index 15 13 13 13 12 12 12 12 12 11 11 11 11 11 11 10 10 10 10 9 9 9 9 9 9

nearly all of the world’s most prestigious funding institutions on this list indicates that cyberspace and security will continue to gain relevance in the future.

1.10 Patent Analysis Emerging technology refers to technologies that are currently under development or in the early stages of adoption and distribution. These technologies have the potential to significantly impact and disrupt the way we live and work. Among emerging technologies, a number of new technologies such as artificial intelligence, virtual reality, blockchain, and the Internet of things (IoT) are affecting all areas where they are associated with their innovative and potentially transformative nature. In this respect, a better understanding of cybersecurity technologies, which are associated with a high level of uncertainty and risk, through the inferences to be obtained with patent data can be turned into an advantage in the context of technology management.

1  Cybersecurity Technology: A Landscape Analysis

15

Table 1.7  Institutions providing funding for cybersecurity research and publication/citation indicator Unit National Natural Science Foundation of China National Science Foundation EPSRC Funding Source: UKRI NSF US National Science Foundation Engineering and Physical Sciences Research Council Funding Source: researchfish National Key Research and Development Program of China European Commission Department of Energy National Science Foundation of China National Science Foundation (NSF) European Union Fundamental Research Funds for the Central Universities Office of Naval Research ARO Division Of Computer and Network Systems Funding Source: National Science Foundation US National Science Foundation Army Research Office Direct For Computer & Info Scie & Enginr Funding Source: National Science Foundation US Department of Energy National Key R & D Program of China Natural Sciences and Engineering Research Council of Canada Fundamental Research Funds for the Central Universities Australian Research Council Natural Science Foundation of China European Union’s Horizon 2020 research and innovation programme China Postdoctoral Science Foundation National Research Foundation of Korea Australian Government Research Training Program Scholarship National Science Foundation (NSF), USA National Natural Science Foundation of China (NSFC) Xunta de Galicia

Citation sum within h-core 3377 3493 2033 1841 1705 1323

All citations 5405 5017 2588 2591 1836 1389

All articles 397 323 99 187 53 24

h-index 42 32 25 21 17 16

735

934

84

16

431 595 564 910 428 983

557 713 628 1088 793 1125

58 58 35 73 184 47

15 15 14 13 13 13

333 268 897

419 343 911

45 30 15

13 12 11

294 326 1167

332 391 1187

32 36 15

11 11 10

596 753 385

680 831 389

38 47 12

10 10 9

323

328

14

9

332 1030 202

360 1074 249

15 23 37

9 9 8

296 125 149

309 137 149

21 15 9

8 8 8

87 393

118 420

17 25

7 7

542

558

10

7 (continued)

16

M. Doğrul et al.

Table 1.7 (continued) Unit Agencia Estatal de Investigacion of Spain JSPS Qatar National Research Fund (QNRF) JSPS KAKENHI Paramount Computer Systems EU NSFC

Citation sum within h-core 542 334 210 176 587 171 109

All citations 554 336 220 217 593 213 126

All articles 9 8 10 33 7 32 19

h-index 7 7 7 7 6 6 6

Among the technology classes with the highest level of connectivity (all degree partition) are H04L63 (network architectures or network communication protocols for network security) and H04L67 (network arrangements or protocols for supporting network services or applications). B42D25 (information-bearing cards or sheet-­ like structures characterized by identification or security features) and G01N23 (investigating or analyzing materials by the use of wave or particle radiation) stand out in terms of technology classes that are most open to development (low aggregate constraint). When we detect technology that has reached saturation level with structural hole analysis, we can also classify it as H04B1 (details of transmission systems, not covered by a single one of groups H04B 3/00 - H04B 13/00; details of transmission systems not characterized by the medium used for) and H02J7 (circuit arrangements for charging or depolarizing batteries or for supplying loads from batteries) (Table 1.8). In this context, we aimed to identify the technology areas that have reached saturation through the patent registration efforts of cybersecurity technologies, which are seen to be at the focal point of important investments and research and the sub-­technology areas that are open to development and still remain untouched. For this purpose, a concept network map was developed by determining the interrelationships of technology classes by using social network analysis and structural hole analysis together (Fig. 1.2). Table 1.9 presents the list of companies conducting research, projects, and patent work in the field of cybersecurity, as well as their patent and citation values. FireEye, Inc. (California/USA) ranks first with 132 patents and 45 h-index. It is followed by Palantir Technologies from the United States with 339 patents and 42 h-index. In third place is Cilag Gmbh International from Switzerland with 125 patents and a 40 h-index. The rest of the list includes well-known international large technology and innovation companies such as HP and Boeing. Following universities, research, and funding institutions, the companies on this list have also been seen to be moving into cyberspace and taking action. In fact, their success in this field further contributes to their internationalization. They find it as important to protect their products from malware as it is to produce robotics and high-tech products. Finally, a company’s high number of patents does not always bring with it the impact of the patent. For example, although US-based IBM (International Business Machines

1  Cybersecurity Technology: A Landscape Analysis

17

Table 1.8  Social network analysis on patent data All degree partition H04L63 H04L67 G06F21 G06Q50 H04W4 H04L9 G06Q10 G06F3 G05B2219 G06N20 G06N3 G06F16 H04W12 G06Q30 G05B19 H04L41 H04L12 G06N5 H04W84 G06F11 H04L43 G06F2221 G06F9 Y04S40 G16H40

Weighted all degree H04L63 H04L67 G06F21 G06Q50 H04W4 H04L9 G06Q10 G06F3 G05B2219 G06N20 G06N3 G06F16 H04W12 G06Q30 G05B19 H04L41 H04L12 G06N5 H04W84 G06F11 H04L43 G06F2221 G06F9 Y04S40 G16H40

Betweenness centrality H04L63 H04L67 G06F3 G06F21 G06Q10 H04L9 G06Q50 H04W4 G05B2219 G06N3 G08B13 G06F16 G05B19 G06N20 G16H40 H04L41 H04L12 H04B10 H04W12 G06F9 G06F1 G06Q30 Y04S40 H04W84 G09F3

Low aggregate constraint B42D25 G01N23 G01N2223 H04L63 A61B2017 G06F16 H04L9 G06N3 H04L41 G06F3 G06Q10 G06F11 G06Q20 A61B5 H04N21 G06F9 G01S13 H04B7 H05B47 A61B6 A61M2205 G06F2212 G06F8 H02J13 G08B13

High aggregate constraint H04B1 H02J7 G06V20 G06K7 G01N33 G06F1 G08B21 H04W84 G06Q10 H04Q2209 G08B5 B60W60 G01N21 H04N7 H04W8 H02J9 H04N5 G06K19 Y04S40 G06F3 B60W2556 G01S19 G06Q50 A61B5 G16H10

Corporation) has 600 patents, the impact value of the company’s patents is displayed as 22. Thus, it is understood that Table 1.8 also contains information about cyberspace companies that are lagging behind in the competitive process and in need of innovative research through the number of patents.

1.11 Conclusion The expanding definition of security, particularly in the digital realm, has become more prominent in recent studies. There has been a linear increase in the number of studies addressing cybersecurity in the context of national and international security. However, the critical level reached by technologies in the field of cybersecurity has shown that the area has not yet reached saturation in terms of publications and patents. There is a direct relationship between the success of patent applications and

18

M. Doğrul et al.

Fig. 1.2  Co-word analysis on patent classification codes

the increase in the number of scientific publications and the level of concept saturation. In other words, the level of inclusion of a concept and subject in the scientific literature in the field of cybersecurity affects the process of obtaining a concrete patent on that subject. It is worth noting that concepts that have not yet reached saturation point to potential areas for future patents. Additionally, a country’s technological and human resources determine the time required for the registration and implementation of ideas in the field of cybersecurity. In bibliometric rankings, the United States, European Union members, and China rank near the top. By examining the fields of activity of international companies working in cybersecurity and their patent and investment orientations, it is possible to determine the strategic cooperation of the countries that own these companies in cybersecurity. Leading technology companies in cybersecurity tend to be based in countries with significant international influence. These companies and institutions place a high value on cooperation and internationalization, leading to an increase in academic publications and patent applications in their home countries.

1  Cybersecurity Technology: A Landscape Analysis

19

Table 1.9  The name of the production companies and patent information Owners FireEye, Inc. Palantir Technologies Inc. Cilag GmbH International Ethicon LLC Splunk Inc. Onetrust LLC Hewlett-Packard Development Company L.P. Autoconnect Holdings LLC Flextronics AP, LLC Johnson Controls Technology Company The Boeing Company General Electric Company International Business Machines Corporation Hewlett Packard Enterprise Development LP Strong Force IoT Portfolio 2016 LLC Intralinks, Inc. Proofpoint Inc. ALTR Solutions, Inc. Wombat Security Technologies, Inc. VeriFone, Inc. Hewlett-Packard Company Pure Storage, Inc. Security Scorecard, Inc. Honeywell International Inc. Bromium, Inc.

Citation sum within h-core 6138 5447 3972 3799 1949 2152 8523

All citations 6762 6779 4460 4279 2870 2271 8833

All patents 132 339 125 123 113 189 83

h-index 45 43 40 39 30 28 28

2626 2626 3153

2851 2848 3368

48 45 61

26 26 24

1837 1176 1135

2367 1704 2513

169 147 600

23 22 22

7942

8071

56

21

1778 2621 1690 858 1511 7522 7522 435 643 721 741

2370 2710 1787 1049 1544 7522 7522 903 651 1059 861

168 30 66 62 29 17 17 283 21 177 43

21 20 20 19 18 17 17 16 16 16 15

References Bajpai, P. (2022). An overview of the cybersecurity landscape and ways to invest in the space. Nasdaq. https://www.nasdaq.com/articles/an-­overview-­of-­the-­cybersecurity-­landscape-­and-­ways-­ to-­invest-­in-­the-­space Borgman, C., & Furner, J. (1990). Scholarly Communication and Bibliometrics. Sage. Bródka, P., Skibicki, K., Kazienko, P., & Musial, K. (2012). A degree centrality in multi-layered social network. CoRR, abs/1210.5184. http://arxiv.org/abs/1210.5184 Chen, C. (2003). On the shoulders of giants. In Mapping scientific frontiers: The quest for knowledge visualization (pp. 135–166). Springer. https://doi.org/10.1007/978-­1-­4471-­0051-­5_5 Choucri, N. (2014). Institutions for cyber security: International responses and global imperatives. Information Technology for Development, 20(2), 96–121. https://doi.org/10.1080/0268110 2.2013.836699

20

M. Doğrul et al.

CISA. (2022). Russian state-sponsored and criminal cyber threats to critical infrastructure. https://www.cisa.gov/uscert/ncas/alerts/aa22-­110a Corn, G. P. (2017). Sovereignty in the age of cyber. American Journal of International Law, 111, 207–212. https://doi.org/10.1017/AJU.2017.57 Delgado López-Cózar, E., Robinson García, N., & Torres Salinas, D. (2012). Manipular Google Scholar Citations y Google Scholar Metrics: Simple, sencillo y tentador. http://hdl.handle. net/10481/20469. Ding, Y., & Li, G. (2010). Study on the management of intellectual capital. International Journal of Business and Management, 5(2), 213–216. Doğrul, M., & Erğurum, A. (2021). New Search for Cybersecurity in the Light of Blockchain’s Literature Expansion (Blok Zincirinin (Blockchain) Literatür Büyümesi Işığında Yeni Siber Güvenlik Arayışları). Güvenlik Bilimleri Dergisi, 10(3), 3. https://doi.org/10.28956/ gbd.1016087 FBI. (2022). Internet Crime Complaint Center (IC3) Business Email Compromise: The $43 Billion Scam. Alert Number: I-050422-PSA. https://www.ic3.gov/Media/Y2022/PSA220504 Fleming, P., & Spicer, A. (2014). Power in management and organization science. The Academy of Management Annals, 8(1), 237–298. https://doi.org/10.1080/19416520.2014.875671 Franceschini, F., Maisano, D., & Mastrogiacomo, L. (2016). The museum of errors/horrors in Scopus. Journal of Informetrics, 10(1), 174–182. https://doi.org/10.1016/j.joi.2015.11.006 Glänzel, W., & de Lange, C. (2002). A distributional approach to multinationality measures of international scientific collaboration. Scientometrics, 54(1), 75–89. https://doi.org/10.102 3/A:1015684505035 Glänzel, W., & Schubert, A. (2005). Analysing Scientific networks through co-authorship. In H.  F. Moed, W.  Glänzel, & U.  Schmoch (Eds.), Handbook of quantitative science and technology research: The use of publication and patent statistics in studies of S & T systems (pp. 257–276). Springer. https://doi.org/10.1007/1-­4020-­2755-­9_12 Goutam, R.  K. (2015). Importance of cyber security. International Journal of Computer Applications, 111(7), 14–17. https://doi.org/10.5120/19550-­1250 He, X., & Yu, D. (2020). Research trends in life cycle assessment research: A 20-year bibliometric analysis (1999–2018). Environmental Impact Assessment Review, 85, 106461. https://doi. org/10.1016/j.eiar.2020.106461 Hoffmann, R. (2020). Risk based approach in scope of cybersecurity threats and requirements. Procedia Manufacturing, 44, 655–662. https://doi.org/10.1016/J.PROMFG.2020.02.243 Jafari-Sadeghi, V., Garcia-Perez, A., Candelo, E., & Couturier, J. (2021). Exploring the impact of digital transformation on technology entrepreneurship and technological market expansion: The role of technology readiness, exploration and exploitation. Journal of Business Research, 124, 100–111. https://doi.org/10.1016/J.JBUSRES.2020.11.020 Labbé, C. (2010). Ike Antkare one of the great stars in the scientific firmament. International Society for Scientometrics and Informetrics Newsletter, 6(2), 48–52. Lawani, S. M. (1981). Bibliometrics: Its theoretical foundations. Methods Applications. Liu, Y., Gonçalves, J., Ferreira, D., Xiao, B., Hosio, S. J., & Kostakos, V. (2014). CHI 1994–2013: Mapping two decades of intellectual progress through co-word analysis. In Proceedings of the SIGCHI conference on human factors in computing systems. Malhotra, P., Singh, Y., Anand, P., Deep Kumar, B., & Singh. (2021). Internet of things: Evolution. Concerns and Security Challenges. Sensors, 21(5), 5. https://doi.org/10.3390/S21051809 Mallavarapu, S. (2009). International Relations Theory and Non-Traditional Approaches to Security. 84. http://wiscomp.org/Publications/141%20-­%20Perspectives%2027%20-­%20 International%20Relations%20Theory%20and%20Non-­Traditional%20Approaches%20 to%20Security.pdf Muñoz-Leiva, F., Viedma-del-Jesús, M. I., Sánchez-Fernández, J., & López-Herrera, A. G. (2012). An application of co-word analysis and bibliometric maps for detecting the most highlighting themes in the consumer behaviour research from a longitudinal perspective. Quality & Quantity, 46(4), 1077–1095. https://doi.org/10.1007/s11135-­011-­9565-­3

1  Cybersecurity Technology: A Landscape Analysis

21

Otte, E., & Rousseau, R. (2002). Social network analysis: A powerful strategy, also for the information sciences. Journal of Information Science, 28(6), 441–453. https://doi. org/10.1177/016555150202800601 Peters, H. P. F., & Van Raan, A. F. J. (2005). Structuring scientific activities by co-author analysis. Scientometrics, 20, 235–255. Press release. (2022, November 10). Cyber defence: EU boosts action against cyber threats. https:// ec.europa.eu/commission/presscorner/detail/en/IP_22_6642 Pritchard, A. (1969). Statistical bibliography or bibliometrics. Journal of Documentation, 25, 348. PwC. (2022). PwC’s global economic crime and fraud survey 2022; Protecting the perimeter: The rise of external fraud. Routledge. (2023). Contemporary security studies—Book Series—Routledge & CRC Press. https:// www.routledge.com/Contemporary-­Security-­Studies/book-­series/CSS Scott, J. (2012). What is Social Network Analysis? (1st ed.). Bloomsbury Collections. https://doi. org/10.5040/9781849668187 Tan, L. (2021). Secure and resilient artificial intelligence of things: A HoneyNet approach for threat detection and situational awareness. IEEE Consumer Electronics Magazine, 1–1. https:// doi.org/10.1109/MCE.2021.3081874 Thanuskodi, S. (2010). Journal of social sciences: A bibliometric study. Journal of Social Sciences, 24(2), 77–80. https://doi.org/10.1080/09718923.2010.11892847 Wang, Q., & Waltman, L. (2016). Large-scale analysis of the accuracy of the journal classification systems of Web of Science and Scopus. Journal of Informetrics, 10(2), 347–364. https://doi. org/10.1016/j.joi.2016.02.003

Chapter 2

Cybersecurity Technology: An Analysis of the Topic from 2011 to 2021 Yuliia Kyrdoda, Giacomo Marzi, Marina Dabić, and Tugrul U. Daim

Abstract  The main purpose of the study is to present a bibliometric overview of the published research within the cybersecurity framework over the recent decade. The study applies bibliometric analysis in order to analyze the most relevant journals, authors, and countries, as well as the most cited papers between 2011 and 2021. We  identified activity and relationship indicators about the distribution of articles over time, most-cited journals, and most relevant countries, co-author analysis, and keyword analysis. Different classifications have been made, including an analysis of the most influential journal, the most cited papers, the most relevant authors, and countries with over 20 publications in the field over the last decade. Also, the analysis identified four leading topics: cybersecurity management, intrusion detection and prevention, smart grids, cybercrime and cyberattacks. Keywords  Cybersecurity · Bibliometric · Literature review · Keywords · VOS

Y. Kyrdoda Department of Economics, Business, Mathematics, and Statistics “Bruno de Finetti”, University of Trieste, Trieste, Italy e-mail: [email protected] G. Marzi IMT School for Advanced Studies Lucca, Lucca, Italy e-mail: [email protected] M. Dabić Faculty of Economics and Business, University of Zagreb, Zagreb, Croatia University of Dubrovnik, Dubrovnik, Croatia School of Economics and Business, University of Ljubljana, Ljubljana, Slovenia e-mail: [email protected] T. U. Daim (*) Mark O. Hatfield Cybersecurity & Cyber Defense Policy Center, Portland State University, Portland, OR, USA e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 T. U. Daim, M. Dabić (eds.), Cybersecurity, Applied Innovation and Technology Management, https://doi.org/10.1007/978-3-031-34843-3_2

23

24

Y. Kyrdoda et al.

2.1 Introduction Nowadays, cybersecurity is getting more attention as the growing use of technologies demands more efficient information protection because of the high numbers of digital threats (Arora, 2016). Considering rapid changes toward digital solutions either on an individual and national level, developing cybersecurity technologies that can resist cyberattacks is a critical call for both practitioners and scholars. Cybersecurity is a collection of resources, processes, and structures aiming to secure the cyber environment and property rights from potential hazards and mitigate cybersecurity incidents (Craigen et al., 2014). Prior research (Michael et al., 2019; von Solms & van Niekerk, 2013; Wang & Lu, 2013) pointed out the triangle model defining the primary objectives of cybersecurity as availability which relies on open access to the information, integrity encompassing correctness, the trustworthiness of the data, and confidentiality of the information. Thus, the breach of these pillars caused by cyberattacks might lead to dis-balance within the entire system. While many studies have focused on the advancing technologies to solve safety issues within digital space (see as an example Thakur et al. (2015)), the abilities of cyberattacks to alternate the information were progressing as well (Uma & Padmavathi, 2013). Hence, important issues of cybersecurity literature include the comprehensive overview of the current situation within the cybersecurity domain by defining the main existing contributions of the research. To address this call, the present study offers a thoughtful review of published papers over the last decade. In doing so, we applied bibliometric analysis which allows identifying current evidence in the literature along with future directions for the research by mapping and systematizing cybersecurity research for the period 2011–2021. In line with the objectives of the study, the primary research question focuses on what the current state-of-the-art within the cybersecurity field is. We performed a comprehensive bibliometric and literature exploration comprising bibliometric activity indicators, such as distribution of articles over time, most-cited journals, and most relevant countries, and relationship indicators, such as co-author analysis and keyword analysis. The findings reveal four research themes based on the analysis of keywords, namely, cybersecurity management, intrusion detection and prevention, smart grids, and cyberattacks. Also, the results summarize future research directions. The present study is structured as follows. The next paragraph presents the methods. Paragraph 3 presents the bibliometric analysis on the cybersecurity field, while paragraph 4 depicts the major studies included in the four emerging clusters of topics. Finally, paragraph 4 presents the conclusion and the future research avenues.

2  Cybersecurity Technology: An Analysis of the Topic from 2011 to 2021

25

2.2 Methods To explore the topic of cybersecurity, we selected Thomson Reuters Web of Science database; inside it, we choose Web of Science Core Collection as it offers the most valuable and high-impact collection of papers meeting the highest standards regarding impact factor and number of citations (Marzi et  al., 2021; Obradović et  al., 2021). The catalogues covered by the data gathering are Science Citation Index Expanded; Social Sciences Citation Index; Arts & Humanities Citation Index; Conference Proceedings Citation Index, Science; Conference Proceedings Citation Index, Social Science & Humanities; and Emerging Sources Citation Index. These indexes contain journals that rank competitively among the most highly cited core journals in their categories, covering only the most highly cited, highest-impact journals in each category (Marzi et al., 2017; Obradović et al., 2021). The research query to get the preliminary set of data have been done with the following research term limited to “English” as language, “Article” as document types: TS = (cybersecurity) where “TS” means “Topic” in Advanced Research page and it queries for the selected keyword on titles, abstracts, and authors’ keyword. The query has been refined by applying “Engineering” and “Business Economics” as the research areas since our aim is to analyze the studies about cybersecurity within these two fields. We also limited our timespan of the research to the period 2011–2021 as cybersecurity gained academic relevance in the last 10 years. Following the bibliometric analysis about the volume and the impact of articles, authors, countries, and journals in this area of science, we employed the text-mining routine VOSviewer 1.6.16 to chart the research streams using the papers’ keywords (van Eck & Waltman, 2010). We selected the authors’ keywords occurring at least 7 times (van Eck & Waltman, 2010). The text-mining routine’s map is a plot in which the difference between keywords can be viewed as a representation of the terms’ relatedness. The closer the gap between keywords, the more closely the keywords are associated with one another. The relatedness of keywords is determined by their co-occurrences in the authors’ selected keywords (Marzi et  al., 2018; van Eck et  al., 2006; van Eck & Waltman, 2010). When keywords belong to the same cluster, they form a solid group. It shows that a cluster reflects a specific subject based on likenesses of keywords (van Eck & Waltman, 2009; Zupic & Čater, 2015). The size of a point on the graphical representation reflects the keywords’ occurrences, showing its relevance in the field of study.

2.3 Results of the Bibliometric and Keyword Analysis The conducted bibliometric analysis introduces the results of different levels of analysis of the field, namely, articles and journals, scholars, countries, and keywords, with further theoretical foundations of the cybersecurity aspect.

26

Y. Kyrdoda et al.

2021

353

2020

318

2019

182

2018

125

2017

61

2016

46

2015

34

2014

12

2013

7

2012

7

2011

13 0

50

100

150

200

250

300

350

400

Fig. 2.1  Number of published papers from 2011 to 2021

The number of published papers revealed that there has been an increasing interest in cybersecurity topic, especially during the last years (Fig. 2.1). In total, it was published over 1100 papers during the last decade. In particular, it is observed that number of papers showed the tendency to boost significantly almost every third year, from 12 papers in 2014 to 34 in 2015, then 61 articles in 2011 to 125 in 2018, and the last jump is in 2019, while the number of papers grew from 182 to 318. Overall, these numbers prove that the topic of cybersecurity is both dynamic and relevant for further comprehensive research. Before identifying the most relevant papers, the analysis presented the most influential outlets. The criteria to select those are as follows: the number of papers published on the topic of cybersecurity has to be more than ten during the analyzed period. Hence, we defined 16 most relevant journals which are listed in Table 2.1. The top journal is IEEE Access which published 190 articles which is almost in four times more than the second ranked journal: Sensors with 51 articles. Consequently, the number of citations is significantly high compared to others and equal to 1460. Surprisingly, journal IEEE Transactions on Smart Grid which is fourth in the list with 43 articles is ranked the second in terms of citations which reached 1135. Also, in the top relevant journals are Applied Sciences with 50 articles and Electronics 32 articles. However, as it is noted, the higher number of papers does not mean the higher number of citations. Thus, the third most cited journal is Proceedings of the IEEE with the lowest number of published papers, 11, but the third ranked for citations, 888, and then IEEE Internet of Things Journal with 18 papers but 539 citations, followed by IEEE Transactions on Industrial Informatics with 20 papers but 290 citations. Technology Innovation Management Review journal with 233 citations is closing the first 5 journals in terms of number of citations.

2  Cybersecurity Technology: An Analysis of the Topic from 2011 to 2021

27

Table 2.1  Most relevant journals with more than ten papers published on cybersecurity topic n Journal documents IEEE Access 190 Sensors 51 Applied Sciences 50 IEEE Transactions on Smart Grid 43 Electronics 32 Technology Innovation Management Review 29 IEEE Transactions on Information Forensics 23 and Security IEEE Transactions on Industrial Informatics 20 Human Factors 19 IEEE Internet of Things Journal 18 IEEE Systems Journal 14 IEEE Transactions on Power Systems 13 Computer Networks 12 International Journal of Critical Infrastructure 12 Protection Computer Communications 11 Proceedings of the IEEE 11

n total citations 1460 161 185 1135 109 233 220

n normalized citations 190.1606 35.6152 41.4373 68.4778 21.4707 11.687 22.2442

290 166 539 34 184 113 221

51.1441 11.6998 64.2834 18.87 11.0443 15.6035 10.4764

31 888

11.9743 32.0355

Considering the relevance of a single publication, Table 2.2 introduces the list of such publications on the cybersecurity topic which have more than 100 citations. The higher number of citations, 539, obtained the paper “Cyber-Physical System Security for the Electric Power Grid” published in Proceedings of the IEEE in 2012, while the next one “Potential Cyberattacks on Automated Vehicles,” published in IEEE Transactions on Intelligent Transportation Systems journal in 2015, received almost in two times less citation, 273. The difference in citations among the following articles is minor: more specifically, “IoT Considerations, Requirements, and Architectures for Smart Buildings-Energy Optimization and Next-Generation Building Management Systems” from IEEE Internet of Things Journal has 247 citations, “Distributed Intrusion Detection System in a Multi-Layer Network Architecture of Smart Grids” from IEEE Transactions on Smart Grid has 231, and the last in top five list is “Wild patterns: Ten years after the rise of adversarial machine learning” from Pattern Recognition journal with 228 citations. These five articles with the highest number of citations can be considered as the main theoretical pillars of the field. Next, Table 2.3 presents the most relevant authors in the field of cybersecurity, which have over five papers published. The scholars with the highest number of articles are Wang, Lingfeng (16 papers), followed by a group of authors with 11 articles as Hussain, S. M. Suhail, Ten, Chee-Wooi, Ustun, and Taha Selim and the next group with 8 papers which includes Farooq, Shaik Mullapathi, Karri, Ramesh, and Wang, Jianhui. However, as in the case of relevant journals, the highest number of citations received is Hahn, Adam – 595 – while he got published 6 papers. The

28

Y. Kyrdoda et al.

Table 2.2  Most relevant papers on cybersecurity with more than 100 citations Authors Sridhar, S; Hahn, A; Govindarasu, M Petit, J; Shladover, SE

Title Cyber-Physical System Security for the Electric Power Grid Potential Cyberattacks on Automated Vehicles

Minoli, D; Sohraby, K; IoT Considerations, Occhiogrosso, B Requirements, and Architectures for Smart Buildings-Energy Optimization and Next-­ Generation Building Management Systems Zhang, YC; Wang, LF; Distributed Intrusion Sun, WQ; Green, RC; Detection System in a Multi-Layer Network Alam, M Architecture of Smart Grids Biggio, B; Roli, F Wild patterns: Ten years after the rise of adversarial machine learning Xin, Y; Kong, LS; Liu, Machine Learning and Deep Z; Chen, YL; Li, YM; Learning Methods for Cybersecurity Zhu, HL; Gao, MC; Hou, HX; Wang, CH Ferrag, MA; Derdour, Blockchain Technologies for the Internet of Things: M; Mukherjee, M; Derhab, A; Maglaras, Research Issues and Challenges L; Janicke, H Smart Grid Data Integrity Giani, A; Bitar, E; Garcia, M; McQueen, Attacks M; Khargonekar, P; Poolla, K The Cybersecurity Landscape McLaughlin, S; in Industrial Control Systems Konstantinou, C; Wang, XY; Davi, L; Sadeghi, AR; Maniatakos, M; Karri, R A survey of cybersecurity Knowles, W; Prince, management in industrial D; Hutchison, D; control systems Disso, JFP; Jones, K Ten, CW; Hong, J; Liu, CC

Anomaly Detection for Cybersecurity of the Substations

Journal Proceedings of the IEEE IEEE Transactions on Intelligent Transportation Systems IEEE Internet of Things Journal

n total Year citations 2012 589

2015 273

2017 247

IEEE Transactions on Smart Grid

2011 231

Pattern Recognition

2018 228

IEEE Access

2018 176

IEEE Internet of Things Journal

2019 165

IEEE Transactions on Smart Grid

2013 143

Proceedings of the IEEE

2016 125

International Journal 2015 120 of Critical Infrastructure Protection IEEE Transactions 2011 116 on Smart Grid (continued)

2  Cybersecurity Technology: An Analysis of the Topic from 2011 to 2021

29

Table 2.2 (continued) Authors Liu, Q; Li, P; Zhao, WT; Cai, W; Yu, S; Leung, VCM

Title A Survey on Security Threats and Defensive Techniques of Machine Learning: A Data Driven View Zhang, YC; Wang, LF; Power System Reliability Xiang, YM; Ten, CW Evaluation With SCADA Cybersecurity Considerations Diro, AA; Chilamkurti, Deep Learning: The Frontier N for Distributed Attack Detection in Fog-to-Things Computing

Journal IEEE Access

n total Year citations 2018 116

IEEE Transactions on Smart Grid

2015 110

IEEE Communications Magazine

2018 108

Table 2.3  Most relevant authors with more than five papers published on cybersecurity topic Author Wang, Lingfeng Hussain, S. M. Suhail Ten, Chee-wooi Ustun, Taha Selim Farooq, Shaik Mullapathi Karri, Ramesh Wang, Jianhui Liu, Zhaoxi Proctor, Robert W. Shahidehpour, Mohammad Xiang, Yingmeng Hahn, Adam Liu, Xuan Wei, Wei Xu, Shouhuai Zhang, Yichi Zhou, Chunjie

n documents 16 11 11 11 8 8 8 7 7 7 7 6 6 6 6 6 6

n citations 517 105 344 105 100 190 292 6 67 104 285 595 39 26 83 436 75

n normalized citations 21.7162 12.8866 14.9138 12.8866 10.9288 16.5132 14.5745 3.0054 3.6742 7.9949 13.2949 17.3173 3.0556 3.2943 5.9482 14.8694 9.4103

leader in a number of papers, Wang, Lingfeng, ranked the second with 517 citations. Besides, Zhang, Vichi, which presented a minimum number of papers (n  =  6), ranked the third with 436 citations. The following authors Ten, Chee-Wooi, and Wang, Jianhui are closing the top 5 with 344 and 292 citations consequently. The mentioned scholars might be defined as the most influential in the development of the cybersecurity field during the last decade as they provide directions for the current and future research (Table 2.4). To proceed further, the analysis defined the most relevant countries with more than 20 papers published on the investigated topic. Not surprisingly, the leader in both categories is the USA, with 480 papers and 5973 citations. However, it is worth

30

Y. Kyrdoda et al.

Table 2.4  Most relevant countries with more than 20 papers published on cybersecurity topic Country USA Peoples R. of China England Australia Spain Canada South Korea India Italy Saudi Arabia Japan Poland Brazil Germany

n documents 480 131 85 80 72 61 58 51 51 49 32 26 21 21

n citations 5973 1882 823 1002 378 387 282 203 592 355 223 57 42 183

n normalized citations 510.9811 214.0949 96.8413 122.8735 53.1286 83.1253 33.6219 55.5092 64.9593 53.0958 22.8136 9.7966 5.8078 16.9727

to note that the list of countries includes both developed and developing economies. The second country is China, with 131 papers and 1882 citations. In comparison, England and Australia published 85 and 80 articles consequently, whereas the citations are ranked oppositely: 823 and 1002. The last fifth country is Spain in terms of the number of papers, 72, while concerning citations it is substituted by Italy with 592. The results of keyword analysis are presented in Fig. 2.2. It is clearly depicted four different clusters within cybersecurity research field which might be specified as cybersecurity (red cluster), machine learning (green), smart grid (blue), and information security (yellow). The five most frequently occurred keywords are cybersecurity (526), machine learning (106), Internet of things (75), computer security (54), deep learning (53), blockchain, and intrusion detection (46). Therefore, the list of the most relevant keywords for each cluster is shown in Table  2.5. Summarizing briefly, green cluster obtained the most keywords, 19, with the most frequently occurred as machine learning, deep learning, and intrusion detection. Blue cluster is presented by 15 keywords, for instance, smart grid, cyber-physical systems, and computer crime. The next one – red cluster – has 14 keywords and includes the most frequently occurred keyword: cybersecurity, Internet of things, and blockchain. The last cluster is yellow, which is depicted by ten keywords, specifically, computer security, information security, and cybersecurity.

2  Cybersecurity Technology: An Analysis of the Topic from 2011 to 2021

31

Fig. 2.2  Graphical output of VOS keywords analysis

2.4 Analysis of the Clusters Emerging from the Keyword Analysis The identified clusters from the keyword analysis cover the cybersecurity topics in terms of four discussed themes. Red cluster introduces general cybersecurity management issues along with the evidence from implementing the most common cybersecurity methods, such as blockchain technology. Green cluster deals with intrusion detection together with the solutions to prevent cyberthreats. Next, blue cluster comprises papers related to smart grid issues. Last, yellow cluster is more focused on security challenges as cybercrimes along with computer, information security. More precisely, the chief contributions of each cluster are introduced in Table 2.6.

32

Y. Kyrdoda et al.

Table 2.5  Most relevant keywords for each cluster with more than ten occurrences Red cluster Keyword Cybersecurity

Green cluster n Keyword 536 Machine learning

Blue cluster n Keyword 106 Smart grid

Internet of things 75

Deep learning

Blockchain IoT

46 34

Intrusion detection 46 Anomaly detection 35

Cyber-physical systems Computer crime Resilience

Risk management Artificial intelligence Privacy Cloud computing Authentication

31

Feature extraction

27

Cyberattack

Yellow cluster n Keyword 42 Computer security 32 Information security 28 Cybersecurity 23 Network security 18 Cybercrime

26

Malware

23

Game theory

18 Phishing

14

24 21 20

22 21 20

Sensors Cyberattacks Substations

19

18

Power grids

18 Risk 16 Software 16 Autonomous vehicles 15 Standards

12 12 11

Risk assessment Industry 4.0

18

14

Smart grids

13

Big data Critical infrastructure Data breach

15 15

Protocols Training Internet of things (IoT) Intrusion detection system Computer architecture Analytical models Data mining

13 13

12 11

13

Encryption

13

Data models

12

Power systems Critical infrastructures power system security support vector machines

Monitoring Tools Cryptography Neural networks

12 12 11 11

53

n 54 29 28 17 14

11

11 11

2.4.1 Red Cluster: Cybersecurity Management Red cluster covers the topics related to general cybersecurity management issues within smart computing technologies sectors. Keywords’ focus is on the Internet of things, blockchain, big data, cloud computing, risk management, and assessment. The research of Knowles et al. (2015) provided a general overview of risk management activities and existing metrics within industrial control system security environment over the world, summarizing that security control reveals as the most developed in the USA. Several papers were dealing with “smart cities” concept which core is developing optimal solutions for enhancing quality of citizens’ life along with efficient assets management, including energy, water, mobility, buildings, and government

2  Cybersecurity Technology: An Analysis of the Topic from 2011 to 2021

33

Table 2.6  Summary of the literature review findings Primary Cluster theme(s) Red Cybersecurity management “smart” technologies

Green

Machine learning Deep learning

Blue

Smart grids’ cyber attacks

Yellow Security issues

Exemplary references (Minoli et al., 2017); (Ferrag et al., 2019); (Knowles et al., 2015); (Atat et al., 2018); (Cui et al., 2018); (Gupta et al., 2020)

Future research directions Resilience against combined attacks Dynamic and adaptable security framework Energy-efficient mining Social networks and trust management Blockchain-specific infrastructure (Biggio & Roli, 2018); (Xin et al., The intersection of the field of 2018); (Liu et al., 2018); (Abeshu & adversarial machine learning Chilamkurti, 2018); (Fernández Robust artificial intelligence Maimó et al., 2018) Incremental learning and lifelong learning within network information field (Ashok et al., 2017); (Zhang et al., Cyberattack scenarios in the 2011); (Giani et al., 2013); cyber-physical power system (Wei et al., 2011); (Zhang et al., Extension of smart grid 2015); (Sridhar et al., 2012) infrastructure (Petit & Shladover, 2015); Potential solutions to improve (McLaughlin et al., 2016); (Tian performance while reducing et al., 2018); (Hashem Eiza & Ni, memory usage 2017); (Laaki et al., 2019) The methods to build a distributed computing implementation with terabytes of log data

(Minoli et al., 2017). In particular, the authors introduced seven-layer IoT-A model which highlights the importance of security mechanisms ensuring confidentiality, integrity, and availability capabilities for each layer, namely, things, data acquisition, fog networking, data aggregation, data centralization, data analytics, and application. Similarly, Cui et  al. (2018) extended the possible security methods along with specifying its existing weaknesses as heterogeneity of networks, vulnerability of fog systems, user-centric protection, rational data optimization, and facilitating protection solutions. In a line, focusing on smart farming, Gupta et al. (2020) categorized potential cyberattacks in four groups as data attacks, for example, attempts to change or falsify information, networking and equipment attacks which include malware injections or jamming attacks, supply chain attacks and attacks related with industry specificity as regulations, cyber terrorism, and cloud computing issues. From another perspective, some scholars explored the features of security methods, for instance, Atat et al. (2018) reviewed cybersecurity solutions to protect big data against malicious attacks and unauthorized intrusion, and Ferrag et al. (2019) distinguished five types of attacks relevant to blockchain technologies as identity-­ based, manipulation-based, reputation-based, and service-based threats along with cryptanalytic attacks.

34

Y. Kyrdoda et al.

2.4.2 Green Cluster: Intrusion Detection and Prevention The Green cluster introduced the different techniques of network anomaly detection. Thus, the main keywords include machine learning, deep learning, intrusion and anomaly detection, and malware. Machine learning is viewed as the capability of a machine to discover and acquire human knowledge. Considering adversarial nature of the knowledge, Biggio and Roli (2018) summarized the main stages for the threat model as defining attackers’ goal, his knowledge, capability, strategy, and the security evaluation. Following these steps allows to mitigate the effect of cyberattacks, for example, evasion and poisoning availability, by applying defense techniques: either reacting past attacks or aiming to prevent the future. To more extent, Liu et al. (2018) distinguished the existing threats and potential solutions according to machine learning lifecycle: the training phase is more exposed to poisoning attacks; thus, data sanitization and algorithm robustness enhancement might be seen as defense methods, while for the testing phase with evasion attacks, security assessment and privacy preserving techniques are more efficient. Deep learning differs from machine learning in terms of the way to analyze data, as this concept is based on the computer’s ability to make conclusions similar to human behavior. The traditional solutions to detect attacks aren’t efficient for deep learning technologies because of the number and diversity of smart object. More precisely, Xin et al. (2018) pointed out the differences among these two approaches, mostly, in data and hardware dependencies, feature processing, and problem-­solving methods: while machine learning is a step-by-step approach and includes data subdivision, deep learning is direct end-to-end problem-solving. Also, time to proceed with deep learning algorithm is longer to a variety of parameters. Last, the interpretability issue is more coherent for machine learning as it enables to provide explanations in terms of algorithm selection. Considering dissimilarities, the work of Abeshu and Chilamkurti (2018) proposed a fog-to-things scheme for deep learning which allows to detect cyberattacks more accurate because of the feature to share the parameter updates. The study of Fernández Maimó et  al. (2018) applying two-level deep learning techniques to detect anomaly in 5G mobile networks found out that self-adapt architecture to detect anomaly and optimize the resource consumption depends on volumes of network flows.

2.4.3 Blue Cluster: Smart Grids Blue cluster includes keywords toward smart grids and cyberattack’s theme, in particular, cyber-physical systems, resilience, and power systems. According to Zhang et  al. (2011), smart grids is two-way communication approach to power generations and power consumers, which enables to use the full potential of a power grid in the present moment. From one side, it is an advantage,

2  Cybersecurity Technology: An Analysis of the Topic from 2011 to 2021

35

from another a disadvantage as two-way communication creates more potential threats in cyber-space because of complex metering infrastructure often including unsecured wireless networks. The main cyberattacks in case of power grids can target the measurement or the control signals data integrity attacks (see as example Giani et  al. (2013)), which attend to alter the comprised power meters. To more extent, the work of Ashok et al. (2017) pointed out that denial of service attacks affect network traffic, time-based interruptions might cause processes delay, and replay attacks attempt to change the sequences of the operations. Besides, the most threatening is coordinated attack, as it evokes cascading blackouts within the power system and might be revealed from multiple points simultaneously. Analyzing different paths of attacks and hacker’s profile, Zhang et  al. (2015) figured out the direct link between time intervals and power system reliability as higher skilled attackers needs less time, while less time for attacks is signaling about lower level of power system reliability. In order to protect power grid from hacker’s attack, Wei et al. (2011) developed an integrated framework comprising power, automation and control, and security layers which allows to advance the strategically critical features of a power grid as scalability, extensibility, interoperability, non-intrusiveness, and flexibility on three hierarchical levels, namely, device, network, and operation levels. In another way, according to Sridhar et al. (2012), risk of cyberattacks might be reduced by implementation of more robust supporting infrastructure or power applications, for instance, cryptography, access control, or authentication.

2.4.4 Yellow Cluster: Cybercrime and Cyberattacks The yellow cluster considers security as a central point and is framed by keywords as computer, information, cyber and network security along with cybercrime, and phishing. Referring to industrial control system, the study of McLaughlin et  al. (2016) investigated the issue of computer security by summarizing the prevalent concepts and principles of cybersecurity techniques. In particular, the authors highlighted the way to enhance cybersecurity by mitigating software attacks which are related with hacker’s ability to get access to the information by enforcing control-flow integrity or code randomization. In case of a hacker’s attempt to modify a controller’s logic code, new secure architectures might be applied as a tool for statically checking and monitoring controller code, for instance, trusted safety verifier. Also, it is worth mentioning that attacks vary in terms of their “origin,” more specifically, control channel attacks which derived from the physical process, whereas sensor channel attacks affect sensor reading. Another research stream is related to the security issues for automated vehicles, as vulnerability within networks might cause severe consequences in case of cyberattacks (Hashem Eiza & Ni, 2017). In particular, research conducted by Petit and

36

Y. Kyrdoda et al.

Shladover (2015) extended types of attacks according to attacker’s profile, for example, the affiliation to network enables to distinguish internal and external attacks, the presence of personal interest divides into malicious and rational attacks, and type of behavior allows to define either it is an active or passive attack. Also, the attacks were differentiated in terms of risk level and potential impact on users’ life; thus, the high threats as injection of fake safety massages and map database poisoning are seen as the most dangerous whereas attacks on the security system belong to medium threats. Some researchers highlighted network security issues. For example, Laaki et al. (2019) tested the effect of network outages and attacks within the concept of digital twins. Tian et al. (2018) examined cyber range service for smart campuses. In a vast meta-analysis, Cram et al. (2019) explored the role of employee compliance and noncompliance with information security policies. The authors identified a scarce theoretical development of security policy compliance. In particular, the field of cybersecurity has only a very limited theoretical development on the side of employee behavior, while the body of literature is almost focused on technical solutions. Finally, Benjamin et al. (2019) explored the role of the darknet in cyberattacks proposing an analytical framework for research and practitioners called DICE-E. The authors claimed the frameworks could help to identify, collect, and evaluate the cyberthreats from the darknet. The process also encompasses the ethical issues related to darknet’s cybersecurity control.

2.5 Conclusion and Future Research Avenues As every day information threats are emerging, the need for advancing cybersecurity technologies is growing in parallel. Considering the rapid changes within this field, this study attempts to provide a comprehensive overview of the most discussed themes covering cybersecurity issues over the last decade. To answer the research question concerning the current state-of-the-art within the cybersecurity research stream from 2011 to 2021, the bibliometric analysis was conducted. The findings show the increasing number of the published papers during the last years. Also, the analysis identified the most relevant journals and scholars, along with countries with over 20 publications on cybersecurity topic. Further, applying the method of visualization of similarities through VOSviewer software, the keyword analysis was performed. The defined four clusters represent the central discussed themes, namely, cybersecurity management (red cluster), intrusion detection and prevention (green cluster), smart grids (blue cluster), and cybercrimes and attacks (yellow cluster). As the paper introduced a general overview of the most common streams within cybersecurity technologies framework, thus, the future research directions are quite broad. The general application of power security and infrastructure security might be extended in terms of different methods of defense against cyberthreats. Also, the promising area is to model more defensive mechanisms along with behavior of

2  Cybersecurity Technology: An Analysis of the Topic from 2011 to 2021

37

either power system operators or hackers. The advancement of assessment tools for cybersecurity and vulnerability is in demand as well. More specifically to the identified themes, the cybersecurity management stream calls for more investigations in terms of resilience against different types of attacks, intrusion detection cluster emphasizes the further development of machine and deep learning models using real data, smart grids require extended classification of techniques which enhance the accuracy for threat detection, and cybercrime topic aims to explore potential way to improve overall performance.

References Abeshu, A., & Chilamkurti, N. (2018). Deep learning: The frontier for distributed attack detection in fog-to-things computing. IEEE Communications Magazine, 56(2), 169–175. Arora, B. (2016). Exploring and analyzing Internet crimes and their behaviours. Perspectives in Science, 8, 540–542. Ashok, A., Govindarasu, M., & Wang, J. (2017). Cyber-physical attack-resilient wide-area monitoring, protection, and control for the power grid. Proceedings of the IEEE, 105(7), 1389–1407. Atat, R., Liu, L., Wu, J., Li, G., Ye, C., & Yang, Y. (2018). Big data meet cyber-physical systems: A panoramic survey. IEEE Access, 6, 73603–73636. Benjamin, V., Valacich, J. S., & Chen, H. (2019). DICE-E: A framework for conducting darknet identification, collection, evaluation with ethics. MIS Quarterly, 43(1). Biggio, B., & Roli, F. (2018). Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition, 84, 317–331. Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining cybersecurity. Technology Innovation Management Review, 4(10), 13–21. Cram, W. A., D'arcy, J., & Proudfoot, J. G. (2019). Seeing the forest and the trees: a meta-analysis of the antecedents to information security policy compliance. MIS Quarterly, 43(2), 525–554. Cui, L., Xie, G., Qu, Y., Gao, L., & Yang, Y. (2018). Security and privacy in smart cities: Challenges and opportunities. IEEE Access. Fernández Maimó, L., Perales Gómez, Á. L., García Clemente, F. J., Gil Pérez, M., & Martínez Pérez, G. (2018). A self-adaptive deep learning-based system for anomaly detection in 5G networks. IEEE Access, 6, 7700–7712. Ferrag, M.  A., Derdour, M., Mukherjee, M., Derhab, A., Maglaras, L., & Janicke, H. (2019). Blockchain technologies for the internet of things: Research issues and challenges. IEEE Internet of Things Journal, 6(2), 2188–2204. Giani, A., Bitar, E., Garcia, M., McQueen, M., Khargonekar, P., & Poolla, K. (2013). Smart grid data integrity attacks. IEEE Transactions on Smart Grid, 4(3), 1244–1253. Gupta, M., Abdelsalam, M., Khorsandroo, S., & Mittal, S. (2020). Security and privacy in smart farming: Challenges and opportunities. IEEE Access, 8, 34564–34584. Hashem Eiza, M., & Ni, Q. (2017). Driving with sharks: Rethinking connected vehicles with vehicle cybersecurity. IEEE Vehicular Technology Magazine, 12(2), 45–51. Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P., & Jones, K. (2015). A survey of cyber security management in industrial control systems. International Journal of Critical Infrastructure Protection, 9, 52–80. Laaki, H., Miche, Y., & Tammi, K. (2019). Prototyping a digital twin for real time remote control over mobile networks: Application of remote surgery. IEEE Access, 7, 20325–20336. Liu, Q., Li, P., Zhao, W., Cai, W., Yu, S., & Leung, V. C. M. (2018). A survey on security threats and defensive techniques of machine learning: A data driven view. IEEE Access, 6, 12103–12117. Marzi, G., Dabić, M., Daim, T., & Garces, E. (2017). Product and process innovation in manufacturing firms: A 30-year bibliometric analysis. Scientometrics, 113(2), 673–704.

38

Y. Kyrdoda et al.

Marzi, G., Rialti, R., Dabić, M., & Caputo, A. (2018). A mixed methods bibliometric investigation of the world review of entrepreneurship, management and sustainable development: From qualitative to quantitative data. World Review of Entrepreneurship, Management and Sustainable Development, 14(6), 764–786. Marzi, G., Ciampi, F., Dalli, D., & Dabic, M. (2021). New product development during the last ten years: The ongoing debate and future avenues. IEEE Transactions on Engineering Management, 68(1), 330–344. McLaughlin, S., Konstantinou, C., Wang, X., Davi, L., Sadeghi, A.-R., Maniatakos, M., & Karri, R. (2016). The cybersecurity landscape in industrial control systems. Proceedings of the IEEE, 104(5), 1039–1057. Michael, K., Kobran, S., Abbas, R., & Hamdoun, S. (2019). Privacy, data rights and cybersecurity: Technology for good in the achievement of sustainable development goals. IEEE International Symposium on Technology and Society (ISTAS), 2019, 1–13. Minoli, D., Sohraby, K., & Occhiogrosso, B. (2017). IoT considerations, requirements, and architectures for smart buildings—energy optimization and next-generation building management systems. IEEE Internet of Things Journal, 4(1), 269–283. Obradović, T., Vlačić, B., & Dabić, M. (2021). Open innovation in the manufacturing industry: A review and research agenda. Technovation, 102(xxxx). Petit, J., & Shladover, S.  E. (2015). Potential cyberattacks on automated vehicles. IEEE Transactions on Intelligent Transportation Systems, 16(2), 546–556. Sridhar, S., Hahn, A., & Govindarasu, M. (2012). Cyber–physical system security for the electric power grid. Proceedings of the IEEE, 100(1), 210–224. Thakur, K., Qiu, M., Gai, K., & Ali, M. L. (2015). An investigation on cyber security threats and security models. In 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing (pp. 307–311). Tian, Z., Cui, Y., An, L., Su, S., Yin, X., Yin, L., & Cui, X. (2018). A real-time correlation of host-­ level events in cyber range service for smart campus. IEEE Access, 6, 35355–35364. Uma, M., & Padmavathi, G. (2013). A survey on various cyber attacks and their classification. 7. van Eck, N. J., & Waltman, L. (2009). A computer program for bibliometric mapping. Science, 84(2), 523–538. van Eck, N. J., & Waltman, L. (2010). Software survey: VOSviewer, a computer program for bibliometric mapping. Scientometrics, 84(2), 523–538. van Eck, N. J., Waltman, L., van Den Berg, J., & Kaymak, U. (2006). Visualizing the computational intelligence field. IEEE Computational Intelligence Magazine, 1(4), 6–10. von Solms, R., & van Niekerk, J. (2013). From information security to cyber security. Computers & Security, 38, 97–102. Wang, W., & Lu, Z. (2013). Cyber security in the smart grid: Survey and challenges. Computer Networks, 57(5), 1344–1371. Wei, D., Lu, Y., Jafari, M., Skare, P. M., & Rohde, K. (2011). Protecting smart grid automation systems against cyberattacks. IEEE Transactions on Smart Grid, 2(4), 782–795. Xin, Y., Kong, L., Liu, Z., Chen, Y., Li, Y., Zhu, H., Gao, M., Hou, H., & Wang, C. (2018). Machine learning and deep learning methods for cybersecurity. IEEE Access, 6, 35365–35381. Zhang, Y., Wang, L., Sun, W., Green, R. C., II, & Alam, M. (2011). Distributed intrusion detection system in a multi-layer network architecture of smart grids. IEEE Transactions on Smart Grid, 2(4), 796–808. Zhang, Y., Wang, L., Xiang, Y., & Ten, C.-W. (2015). Power system reliability evaluation with SCADA cybersecurity considerations. IEEE Transactions on Smart Grid, 6(4), 1707–1721. Zupic, I., & Čater, T. (2015). Bibliometric methods in management and organization. Organizational Research Methods, 18(3), 429–472.

Chapter 3

Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT Using SNA Edwin Garces, Shuying Li, and Tugrul U. Daim

Abstract  Blockchain, IoT, and AI are key technologies driving the next wave of digital transformation and are recognized as technological innovation opportunities disrupting the entire industry of cybersecurity. This chapter describes the potential convergence possibilities of AI, blockchain, and IoT in cybersecurity at the technology level and investigates the convergence trends, application scenarios, convergence processes, and convergence intensities generated by the three technologies over time using patent co-classification networks and social network analysis indicators to reveal the opportunities under the technology convergence. The study concludes that, firstly, the convergence of the three technologies is still at an early stage. Second, the US national economic security strategy considers blockchain, IoT, and AI as key technology convergence development and deployment directions. The three development trends show the exponential growth of patent technology innovation in recent years. Third, there has been a trend of convergence of the three technologies in innovation and industrial application. The linked applications between technologies from the perspective of technology development gradually increase and expand in scale, showing technology-intensive characteristics. Over time, the converged technology networks have fluctuated, converged, iterated, and become increasingly dense, and the flow of information has speeded up. Therefore, this chapter believes that the multidimensional correlation and convergence innovation of AI, blockchain, and IoT have important technical and market value for releasing the potential of emerging technologies in cybersecurity and will help promote cybersecurity technologies to develop new business models and achieve digital transformation.

E. Garces · S. Li Portland State University, Portland, OR, USA e-mail: [email protected]; [email protected] T. U. Daim (*) Mark O. Hatfield Cybersecurity & Cyber Defense Policy Center, Portland State University, Portland, OR, USA e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 T. U. Daim, M. Dabić (eds.), Cybersecurity, Applied Innovation and Technology Management, https://doi.org/10.1007/978-3-031-34843-3_3

39

40

E. Garces et al.

3.1 Introduction 3.1.1 The Importance of Cybersecurity and Technology Convergence Protecting the data and information from cyberattacks is highly important. The information and data stolen from cyberattacks can be financial, sensitive personal information, contact information, client’s information and data, intellectual property, IT infrastructure access, government sensitive information, etc. (Cyber security for business: Reasons behind cyber attacks, n.d.). New technologies have been developed to protect data and information of isolated elements or systems. These technologies focus mainly on minimizing the risk of attacks from malware, viruses, ransomware, and phishing methods. However, as wireless communication increases and even new protecting technologies appear, new attacking technologies are created, circumventing security system protections. Eliminating these threats is difficult since these devices are connected between them, especially new devices or technologies. Analysis of technology convergence can provide the patterns of how these technologies can perform and how technologies can be used to create new technologies. This chapter focuses on the aspects of technology convergence of three main technologies focusing on blockchain, IoT, and AI in cybersecurity. Technology convergence, which is the convergence of knowledge, results in very common characteristics of the creation of new technologies (Lee et  al., 2015). Understanding the process of technology convergence and the creation of new technologies is important for continuing to lead the technological market, plan new technologies, and identify opportunities (Zhou et al., 2019). Therefore, analyzing the technologies and their process of converging is very important for technological improvement and innovation (Lee et al., 2015). Knowing the relationship between technologies and the flow of knowledge allows focusing on the most representative technologies (Jung et al., 2021). In this context, (Jung et al., 2021) considers that technology convergence is an indicator of how knowledge spillovers allow the industry to create new technologies based on the mutual relationship among them. Moreover, this analysis is important at a micro-level (technological), furthermore at the macro-level for developed and developing countries (Zhou et al., 2019).

3.1.2 Problem of Cybersecurity and the Relationship with Technology Development There are many types of technologies to protect systems, data, and communications. Some of these technologies are used more intensively and are considered mature technologies. At the same time, other technologies appear for different applications, and due to their potential, they are used for cybersecurity purposes. The following main technologies can be mentioned: hardware authentication, artificial intelligence

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

41

(AI) and machine learning (ML), automated and adaptive networks, blockchain, zero-trust model, quantum computing, embedded systems, etc. In this chapter we analyzed three relatively new technologies, considering the time and increase of massive use of wireless communication and the Internet. These technologies are blockchain, artificial intelligence, and the Internet of Things (IoT). The analysis of the chapter focuses on blockchain, a technology that appeared in the early 1990s as distributed computing concept and was introduced as the concept of decentralized lodger by Satoshi Nakamoto in 2009 (Musleh et  al., 2019). In contrast, artificial intelligence is a concept that appeared in the 1950s (Anyoha, 2017) but has gained popularity after 1990 and is used extensively in this century with the use of the Internet and advances in cyber technologies. Finally, the Internet of Things (IoT) is a concept that was invented in the late 1990s by Kevin Ashton (1999) and developed later to the idea of what things can be done when they are connected to the network (Ibarra-Esquer et al., 2017). The effect of connecting the devices through the network is the increase in different software, applications, and services, but, at the same time, increases the risk of cyberattacks. Blockchain technologies can solve the problem by decentralizing the IoT architecture (Daim et  al., 2020), but as mentioned above, the convergence of technologies, such as artificial intelligence, can contribute to creating new technologies and applications in the area of cybersecurity. The integration of blockchain and artificial intelligence can contribute technologically to cybersecurity issues in the area of using IoT. Therefore, understanding technology convergence is important to know what are the new technologies (Zhou et al., 2019).

3.1.3 The Importance of Analyzing Technology Convergence and the Contribution to Cybersecurity Blockchain, IoT, and AI are the key technologies driving the next wave of digital transformation. (Huh et al., 2017; Dorri, 2017) point out the value of combining blockchain technology with other innovations, such as the Internet of Things and artificial intelligence. One possible link between these technologies is that IoT collects and provides data, blockchain provides the infrastructure and sets the rules of engagement, and AI optimizes processes and rules (Salah et al., 2019). Blockchain, IoT, and AI are often discussed and used separately, but the interconnection between the three technologies has not been explored deeply enough in the field of cybersecurity, and the integration of AI and blockchain into IoT systems is not an easy task, which implies a large number of opportunities for technological innovation and application prospects (Kumar & Sharma, 2021). Different technologies have different integration processes (Jung et al., 2021), and it is necessary to analyze the trend of convergence of multiple technologies in cybersecurity to make the process of technology convergence development clearer and contribute to decision-making. As mentioned by (Zhou et al., 2019), even the importance of technology convergence,

42

E. Garces et al.

it has been a lack of studies understanding the process, along with the studies that were developed about measuring the levels of converging by using patent information (Song et  al., 2017). In this context, the chapter is focused on analyzing the convergence of blockchain, artificial intelligence, and Internet of Things technologies in the area of cybersecurity. Although the convergence of technologies is complex and diverse, there are still some signs, such as the evolutionary trajectory between technology fields, the overlap, the blurring of technology boundaries, the mutual penetration, and the dynamic change in time over the years. Related scholars have conducted a lot of research on technology convergence based on patent data, and the analysis methods include citation network (Song et al., 2017; Daim & Suntharasaj, 2009; Lee et al., 2016; Karvonen & Kässi, 2011), co-classification network (Kevin Boyackk, 2008), bibliometrics, technology life cycle, and other indicators. Currently, the convergence of AI, blockchain, and IoT is less discussed at both technical and application levels (Daim & Suntharasaj, 2009). In the field of cybersecurity, there is a lack of analytical studies on these three technologies.

3.1.4 Research Questions and Objectives As can be seen in the identified gaps, the methodology aspect plays an important role that needs to be explored and clarified in order to analyze the real potential of new technologies or application areas. The objectives of this chapter point to analyzing how these technologies converge throughout time, considering that these technologies have the common objective of creating new cybersecurity technologies. In addition, the chapter provides a detailed explanation of the performance of these three technologies together, which is a methodological contribution. As the methodological process is used in (Zhou et  al., 2019), identifying the technologies, clustering them, and the evolution of patents (technologies) through time show the changes of the technologies, considered as technological transitions. These aspects are modeled in the technological network as patents’ network transitions represented by the links (edges) showing the interactions of the technologies (patents) through time. In this chapter, the following research questions are answered: • How is the technology development of AI, blockchain, and IoT convergence in the area of cybersecurity? • What are the scenarios of AI, blockchain, and IoT convergence in the area of cybersecurity? • How to identify or measure technology convergence? A quantitative analysis is developed in this chapter to identify the technology convergence of AI, blockchain, and IoT by social network analysis (SNA) in the area of cybersecurity and try to identify and describe the changes in the convergence of AI, blockchain, and IoT in the cybersecurity field through the time. The study

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

43

proposes a framework for identifying emerging convergence technologies to clearly understand and predict the trends and directions of AI, blockchain, and IoT convergence, to reveal technological opportunities under the convergence perspective.

3.2 Literature Review In this chapter, the definitions of IA, blockchain, and IoT are provided based on the cybersecurity area applications and technology convergence. Additionally, the process of technology convergence is described by taking three main parameters: how technology convergence is used in patent analysis, the possible scenarios of technology convergence through time, and the general aspects of bibliometric analysis.

3.2.1 Cybersecurity Technology, Blockchain, AI, and IoT According to (C. and I. S. A. (CISA), 2009), cybersecurity is related to the actions or practices to protect the most common elements such as networks, devices, and data from access of unauthorized individuals with the purpose of criminal use. This implies protecting the confidentiality, integrity, and availability of information. Nowadays, communications are majorly based on the use of computers and the Internet in all areas, including entertainment, transportation, education, military, medicine or health, etc., which increases the risk of criminal attacks. According to (Bay, 2016), based on National Initiative for Cybersecurity Careers and Studies (N. I. for C. C. A. S. (NICCS), n.d.), the definition of cybersecurity can be seen from general and specific perspectives. From a broad view, cybersecurity is the process and capabilities to protect the data integrity of the information and communications systems, including data damage, data modification, or misuse of the data. In a specific context, cybersecurity is understood as risk reduction to ensure the operability of systems. These practices include the policies, standards, and strategies for management of three important actions: to reduce the treats and vulnerabilities, incident response, and resilience practices. In this regard, (Forge, n.d.) describes this as a hierarchical structure corresponding to based policies and subsequent controls, standards, guidelines, and procedures. There are interactions among these actions or rules to protect the data and information by integrating the three main elements, tactical, operational, and strategical (Forge, n.d.). The role of technology is more evident on the tactical side in seeking how to protect the systems. Technology is presented in all the aspects and levels of cybersecurity technology management, including the five levels of procedures and guidelines in the “Framework for Improving Critical Infrastructure Cybersecurity” (Cybersecurity Framework) (Forge, n.d.): identity, protect, detect, respond, and recover.

44

E. Garces et al.

Blockchain According to (IBM, n.d.) and (Rodeck & Curry, n.d.), blockchain is a distributed digital ledger for recording transactions (storing data), tracking assets, and building trust. Blockchain differs from conventional data storage by decentralizing the location where data is stored. In this context, copies of the databases are stored in multiple places across the network known as “nodes.” The most known uses of blockchain are in cryptocurrency, NFT, and DeFi (Rodeck & Curry, n.d.). Artificial Intelligence Artificial intelligence (AI) combines computer science and robust data, which is built in multiple settings to solve problems. AI has different subsets such as machine learning and deep learning, which are algorithms focused on making predictions or forecast scenarios (IBM, 2020). Internet of Things The Internet of Things (IoT) is conceptualized as the connections of devices by using the network systems or between them. The use of IoT is extended since it allows sharing of information and data between devices (things) and people. Nowadays, the use of IoT is almost in every technology that is connected to the networks such as cellphones, cars, TVs, smart houses, etc. (IBM Business Operation Blog, 2016). Blockchain, IoT, and AI are recognized as technological innovations with the potential to improve current business processes, create new business models, and disrupt entire industries, with the potential and value of technology convergence(Huh et al., 2017). First, the convergence of the three technologies is conducive to improving the security and privacy of data management. Blockchain can achieve standardized storage of IoT data through multi-party access to optimize data management (Karafiloski & Mishev, 2017). The combination of blockchain and AI can improve data management scalability, security, and threat identification. Second, blockchain authenticates participants and devices in the IoT to increase trust and facilitate fast and efficient transactions, and digital identities are hard to forge (Roeck et  al., 2020). Third, smart contracts, as connectors for blockchain, AI, and IoT technology architectures, help automate business processes and give rise to new business models, such as automated devices such as cars or sensors that use AI to make decisions and take advantage of blockchain transactions and deliver on IoT devices (Sandner et al., 2020).

3.2.2 Social Network Analysis and Patent Analysis Social network analysis is a research method that maps and measures the relationship between different elements or actors, such as people, organizations, computers, patents, and journal papers. The relationship or connections are measured by using metrics, which are based on network and graph theory. SNA measures relationships among actors by using metrics based on network and graph theories (Garces et al.,

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

45

2017; Vaughan, 2004). In this context, by using SNA, the main actors are unveiled, who play an important role in the network. To mention, some centrality metrics are degree centrality, betweenness, closeness, eigenvector, and density (Garces et al., 2017). The information or source of data for SNA can be scientific publications, magazines, and journal articles, among others. Some databases are Web of Science, Compendex, Scopus, and Google Scholar and in the patent field Google Patents, Espacenet (European Patent Office – worldwide patents), Patentscope, LENS.org, USPTO Web Patent Databases, and Derwent Innovations Index (DII). In this chapter, the source of data for patents is the Derwent Innovations Index (DII). Patents are used since they are synonymous with knowledge or technology. In this context, the use of these types of sources is framed in bibliometric analysis. (Côté et al., 2018) briefly defines that bibliometric is a “statistical analysis” of all the mentioned publications. Therefore, bibliometric analysis is used together with social network analysis considering the metrics mentioned above. Bibliometric and SNA for patent analysis are used in this chapter as part of the methodology. Patent analysis is an important method used in technology innovation, strategy decisions, and market value. Patents provide information about technology, relationships between technologies, and future technological development. Accordingly, patent analysis is an analytical tool to analyze the current state or future scenarios of the technologies (Li et al., 2019). Patent network analysis (SNA) allows the description of the elements and characteristics of the networks (Lee et al., 2016).

3.2.3 Technology Convergence The analysis of new technologies that derive from the converging of existing technologies has gained importance since the converging of knowledge is a source of new technologies (Lee et  al., 2015; Zhou et  al., 2019). Technology convergence started to be known in the 1980s and gained importance during the decade of the 1990s with topics such as robotics, computing, and information, and telecommunication started to be used together (Caviggioli, 2016). Technology convergence (technology fusion) is the description of the connection of technologies or knowledge (Caviggioli, 2016) to understand the unification of functions (Song et  al., 2017) or properties of technologies (Song et  al., 2017). Technology convergence plays an important role in technology innovation since it provides elements to understand and interpret the process. The technology convergence provides information on how the specific knowledge or technology characteristics can be used for developing new technologies, industrial use, or industrial cooperation (Song et al., 2017), facilitating the combination of technologies (Jung et al., 2021). The topic can be understood from two points of view, one from an industrial level as a result of the use of knowledge from one dominant design to another different in the industrial sector. A second perspective is that technology

46

E. Garces et al.

convergence considers the use of technologies from one domine to a different one (Gauch & Blind, 2015). These two approaches are commented on by (Caviggioli, 2016) considering distinguishing them from theoretical and empirical cases. In this chapter we consider the analysis of the process of technology converge as a technological process indicating how patents join through time to form new technologies. Therefore, convergence, as is used in this chapter, is related to the concept of eliminating the barriers between disconnected areas of science or technology (Song et al., 2017).

3.3 Theoretical Framework 3.3.1 Patent Network: Converge Process The process of technology convergence starts with the knowledge exchange and flow between patents giving origin to new knowledge in new fields. The flow of knowledge increases progressively until a new convergence field has been formed (Zhou et al., 2019). Based on the explanation of (Zhou et al., 2019), Fig. 3.1 below explains the process of knowledge fusion. As it is seen, convergence is a process that flows through time (characterized by time 1 and time 2  in the figure). Additionally, the knowledge is represented by different patent networks which belong at the beginning (time 1) to different fields (AI network and blockchain network). Accordingly, the knowledge starts to flow between fields (networks), which are represented by the citation and co-occurrence of patents to finally form a new network. This new technological network is represented by the relationship among patents related to AI, blockchain, and IoT unified in the same concept of cybersecurity.

Fig. 3.1  Converging Process of AI, blockchain, and IoT. (Source: Adapted from (Zhou et al., 2019))

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

47

3.3.2 Converging Technologies Cases through the Time As mentioned, technology convergence is a process of fusion of different technologies through time. In this context, the period when the fusion process starts is an important question. This part can be described in Fig. 3.2. If we consider 4-time points to describe the process and the scenario of converging to a common objective (objective 3), then it is possible to divide the process into the following events: the time of converging starts in time 2 given two scenarios, one that both technologies (patent networks) joint with characteristics of achieving the same objective (Cybersecurity and IoT) in time 3, and the second scenario is that both technologies do not join together in the short run, but in a longer period directly. A similar case is that technologies can converge in time 4; however, converging has the same objective or different objectives. All the cases that are possible to bring together the technology networks through time reaching the same objective are considered as converged. The technologies can focus on different objectives. The changes can occur at different times; however, the most relevant time to be analyzed in our case is “Time 3 & 4” because it is when technologies merge with the same objective. A similar argument has been used by (Zhou et  al., 2019) in one of the cases of knowledge converging.

Fig. 3.2  Converging technological network through the time

48

E. Garces et al.

Fig. 3.3  Scenarios of converging by cases. (Source: Modified and based on (Song et al., 2017))

3.3.3 Scenarios of Converging: Level of Coverage Another important aspect to consider in technology convergence is the scenarios and levels of convergence. It is explained the technology convergence cases (Song et al., 2017), which are used in this chapter incorporating more cases by using set theory. Technologies or patent networks are represented by sets or segments (Fig. 3.3). As (Song et al., 2017) explains, technology fusion exists when the sets intersect. The first group of cases represents the case of convergence at different levels. The first level is when two networks overlap or are interconnected in some percentage, while the second and third scenario is when the entire networks share the functions totally or partially. A third case can occur when two networks converge but share the functions of a third technology. The second group of cases occurs when both networks do not overlap at all.

3.4 Methodology The studies about technology convergence can analyze the “convergence of science and technology” and “technology convergence related to applications and industry” (Jung et al., 2021). Consequently, the present study is focused on the first group, “convergence of science and technology,” which measures the convergence of technology using patent classification (Jung et al., 2021).

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

49

Fig. 3.4  The steps of the research framework

Technology convergence analysis needs to be done from a long-run perspective (Jung et al., 2021). Therefore, this study is a dynamic analysis that compares the evolution of the network over different periods. Considering the time and the patent network analysis and evolution, a quantitative analysis is performed between technology networks. The technological (knowledge) network is formed by using patent data, which is represented by “nodes” as a technological field that is presented as IPC code in four digits, and edges as co-occurrence between nodes. The analysis is based on social network analysis and uses different centrality metrics (Jung et al., 2021), and different indexes are calculated to describe the network convergence. Both centrality metrics and the indexes measure the level of convergence of technologies. The centrality measures used in the chapter are the following: average degree, density, Avg distance, clustering coefficient, and E-I Index. The patent data for the analysis is based on USPTO. The source of patent data corresponds to Derwent Innovations Index between 2000 and 2021. There are four main groups for the analysis (Fig. 3.4). First, a preliminary analysis is done to identify the technologies that are considered potential candidates to converge. In our case, AI and blockchain are finally selected, together with the IoT technology in the area of cybersecurity. The second group of steps corresponds to data collection, cleaning, and filtering.

3.4.1 Identification of Periods of Analysis and Phases of Convergence The identification of the periods or network segments is based on three main categories. The first is the period that contains the technological networks that belong to different fields and have not converged. Second is the period when technologies or networks start to integrate each other by co-occurrence. The third segment happens

50

E. Garces et al.

Fig. 3.5  Three periods of converging technological networks

when technology convergence occurs. Figure 3.5 shows the evolution of technological convergence and the time locations. For two technologies that merge with the same objective and characteristics (these two technologies may appear at different times), the merging process starts with the alignment to the objectives, follows with the patent citation, and finalizes in an integrated or common network. The evolution of how technologies merge through time is described by constructing clusters in each period.

3.4.2 Measuring Technology Convergence: Indicators The co-classification of IPCs is used as an indicator of technological convergence since the categories of patents can be differentiated (Song et al., 2017). These clusters provide information about the creation of a new technology, which is an indicator of technology convergence (Zhou et al., 2019). In this context, cluster convergence can be analyzed by the change of the clusters over time. As (Zhou et al., 2019) described, the merging networks (intercepts) are described by the following function: • Ct: network’s nodes for technology 1 or 2. • Ct1: number of nodes in the intercept of networks in the time 2. • Pi: Patents. Figure 3.6 is an example of how the patent networks are identified. Each set represents a patent network for each technology, and the pi are the patents in those networks. The intersect area, the gray area, is what should be analyzed and measured. The following steps are used to calculate the straightness of convergence among the networks: Step 1: Identify the IPCs of each technology which are IPC codes of AI, blockchain, and IOT. Step 2: Identify the patents for each technology using the families in step 1: • AI patents: p1, p2,p3 p4, p5, p6, p12. • Blockchain patents: p2, p4, p6, p7, p8, p9. • IoT patents: p5, p6, p9, p10, p11, p12.

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

51

Fig. 3.6  The convergence instance of AI, blockchain, IoT

Step 3: Measure the level of converging to see if there is any convergence in each period using the following indicators. 3.4.2.1 Convergence Strength and Technology Attractiveness Technology convergence refers to the degree of co-occurrence of each technology in a technology field with other technologies, i.e., the ratio of the number of IPC co-occurrence pairs to the number of all the IPCs. Convergence strength 



Number of patent application withIPCco – occurrence

t i



Total number of patent application



t i

In Fig. 3.2, the total number of patents is 12, and the convergence area number of patents is 2, which is p6 and p12. Therefore, the convergence strength is 0.167. Technology attractiveness refers to the ability of a technology field to absorb or incorporate new technologies, which is presented as the number of new IPCs in the i period as a percentage of the total number of new IPCs. Technology attractiveness 





IPCnew in j time

t i

Total number of newIPCcodes

t i



Source: (Zhou et al., 2019; Jung et al., 2021). 3.4.2.2 Convergence Network The convergence network refers to the extraction of technology clusters based on the patent IPC co-occurrence network in each time window and the calculation of the basic network metrics for each period. From the network perspective, it measures the ability to sustain the development of convergence phenomena, such as the continuous maturation, expansion, succession, convergence, and divergence of technology networks, as a signal of the occurrence of technology convergence. The SNA centrality metrics considered important in our case are described below (Table 3.1).

52

E. Garces et al.

Table 3.1  Whole network indicators for measuring technology convergence Indicators Average degree

Definition The average degree is simply the average number of edges per node in the graph. Average Degree 

Density



N i 1

Ki

N

 2L  N

If ni is the degree of an ith node, thus for a network of N nodes, total degree will be equal to ∑ni where i={1…N}. As for an undirected link between nodes u and v, the degree is counted twice, so the total degree equals links. Hence average degree = 2 L/N for an undirected network Graph density represents the ratio between the edges present in a graph and the maximum number of edges that the graph can contain.

Meaning The average degree is used to analyze the sparsity of the network. A higher average degree suggests that the network is approximately close and creates a higher possibility of technological convergence

Conceptually, it provides an idea of how dense a graph is in terms of edge connectivity

E

DENU 

V   V  1 2



2E

V   V  1

The edges present in a graph G(V, E) are divided by the maximum number of edges that the graph can contain Avg distance The average distance in a graph is defined as the average length of the shortest path between two vertices, taken over all pairs of vertices Overall The clustering coefficient is a measure of graph the degree to which nodes in a graph tend to clustering cluster together. The global clustering coefficient coefficient is the number of closed triplets (or 3 × triangles) over the total number of triplets (both open and closed)

A shorter average path means a faster flow of information between nodes The global clustering coefficient (transitivity) is designed to give an overall indication of the clustering in the network, whereas the local indicates the embeddedness of single nodes

3.5 Results and Discussions 3.5.1 Keyword Identification and Search Strategy The identification of keywords and the respective keyword arrangement (Boolean) are critical parts of the analysis. As a major component for collecting the data, keyword identification needs to be accurate so that all the keywords and variants are identified for each technology. At the same time, these keywords are arranged at a hierarchical level to perform the search in the database sources. Below presents the keywords and the structures of them that were used in our case. The keywords are

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

53

Fig. 3.7  Keywords and structures of AI, blockchain, IoT

organized hierarchically as it is shown in Fig. 3.7. The search strategy (Table 3.2) is framed in cybersecurity (top-level) and complemented by the other sub-topics representing each technology (AI, blockchain, and IoT). At the same time, the respective IPC family codes for each technology are used to filter the information. The Derwent Innovation (DI) was searched for 8111 US patents on May 11, 2022. This dataset is used as the analysis object.

3.5.2 Technology Convergence in Cybersecurity: Topic Analysis (Blockchain, AI, IoT) In this section, a landscape of the topics associated with cybersecurity and the three analyzed technologies are shown in Figs. 3.8 and 3.9. The mining of the keywords is done by using the original database used for technology convergence. There are six main topic clusters in ThemeScape by DI which include computer science, machine learning (artificial intelligence), digital key (encryption and access), blockchain, computing device, and communication (conceptually, IoT and devices together are associated with communication). Focusing on the three analyzed technologies, the technology development in cybersecurity addresses the areas of computer systems and public access to the computer’s systems and data, especially in the use of encryption and access to it. AI is mainly represented by machine learning focusing on anomaly detections. In the case of blockchain, the technologies topics are targeted on the blockchain concept itself where “transactions” represent the blocks in the “network,” which is formed by “nodes” or participants that need to validate and “relay” transactions. IoT, as mentioned before, focuses on the communication between devices. The IoT technologies mainly address components of mobiles and wireless and computing devices. By applying SNA, the keyword network shows similar topics and clusters to the figure above. The figure below shows four clusters: (1) data, security system; (2)

54

E. Garces et al.

Table 3.2  Search strategy in Derwent Innovation (DI) Field 1 Cybersecurity

Results 45,803

2

256,943

3

4

5

Search strategy (CTB=(Cybersecurity or cyberattack or “network security” or malware or (denial near of near service near attack) or “dos attack” or (cyber near (security or risk or treat or safety or attack))) or (aic=(H04W12 or G06F21 or H04L9) and TAB=(cyber or network))) and cc=(us) AI CTB=(“Artifici* Intelligen*” OR “computation* intelligen*” or “swarm intelligen” or “AI” or neuralnetwork or bayesiannetwork or deeplearning or xgboost or adaboost or rankboost or “Data Mining” OR Backpropagation OR “Convolutional Recurrent Network” OR “Evolutionary Robotic” OR “Evolvable Hardware” or “Latent Representation” or “Text Analytics” or “Bayesian Method” or “Natural Language Processing” or “natural language generation” OR Perceptron* OR “Predictive Analysis” OR “Predictive Modeling” OR “Sequential Pattern Mining” OR Simulation* OR “Support Vector machine” or “expert system” or “random forest” or “decision tree” or “gradient tree boosting” or “decision model” or “latent dirichlet allocation” Or ((Nearest Neighbors or C4.5 or Genetic OR SVM OR ID3 K-Nearest or genetic or stochastic) near2 Algorithm) or ((Neural or Analysis or net or bayes) near network) Or ((learning or training) near (deep or Instance-Based OR Memory Based OR Semi Supervised or semisupervised OR Machine or Unsupervised or K-Nn or lazy or reinforcement or transfer or model or algorithm or self or active)) Or ((text or speech or hand writing or handwriting or facial or face or semantic or predictive) near (recognition or analytic or analysis))) and cc=(us) Blockchain ctb=(Blockchain* OR Cryptocurrenc* OR Cryptograph* OR “Alliance chain” OR “Asymmetric encryption” OR “Consensus mechanism” OR “Consortium chain” OR “Cross-chain” OR Cryptograph* OR “Digital signature” OR “Distributed ledger” OR “Distributed processing” OR Ethereum OR “Hyperledger fabric” OR “Intelligent contract” OR “License chain” OR Parachain* OR “Peer-to-peer computing” OR “Permission chain” OR “Private chain” OR “Proof of stake” OR “Proof of work” OR “Public chain” OR “Public key cryptography” OR “Ripple protocol consensus algorithm” OR “Smart contract”) and cc=(us) IOT (CTB=(“Internet of things” OR “IOT” OR “Building automation system” OR “Building Management System” or “smart home” or “home automation” or “home control” or “Factory Automation” OR “Home Automation” OR “Home Computing” OR “Industrial Control”) OR CTB=((“Computer Network” or “Ip Network” or “Wireless Lan” OR “Mobile Communication” OR “Control Engineering Computing” OR “Embedded System” OR “Manufacturing System” or “Medical Computing” OR “Military Computing” OR “Open System” OR “Peer-To-Peer Computing” OR “Smart Phone” OR “Smart device” OR “Telecommunication Computing” OR Telemetr* OR “Traffic Engineering Computing” OR “Vehicular Ad Hoc Network”) and (Sensor or “Radio frequency identification” OR RFID or bluetooth)) or aic=(G16Y) ) and cc=(us) AI, blockchain, 1 and (2 or 3 or 4) and IoT in cybersecurity

43,711

33,253

8011

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

55

Fig. 3.8  ThemeScape-based Derwent Innovation (DI)

device, network; (3) communication; and (4) key, encryption (differentiated by colors). The first implication of this network is that all the topics are interrelated and connected. There are strong connections between the main topics of each cluster. The three technologies in this study (AI, blockchain, IoT) are strongly connected, showing that “communication” and “device” clusters’ topics are connected by common characteristics. The IoT topics are related to wireless communication, transferring data, and control devices among others. The communication of devices is associated with networks and information. In this context, the other clusters, areas such as “security,” data, or computer systems, are connected with AI topics. In addition, the blockchain cluster is in the “encryption key” cluster, clearly connected to computer systems and devices. Based on Fig. 3.10, the most common topics are sorted by their use or frequency. In network communication which is part of the IoT technologies, the topics of patents address more cybersecurity technologies with the topic of “server-client communication” and separated to the topics around “node communication” (device

56

Fig. 3.9  Patent network with clusters associated with keywords-topics

Fig. 3.10  ThemeScape map-based Derwent Innovation

E. Garces et al.

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

57

Fig. 3.11  Patent keywords co-occurrence centralization node connection

communication). On the other hand, cybersecurity using blockchain and AI are more associated with digital and cryptography access. Besides the relevant topics based on the frequency and closeness of topics around the patents, it is possible to distinguish clearly that topics are grouped as: • IoT (node communication, server communication). • AI (machine learning, neural network, vector neural network, cryptography, security key, accessing). • Blockchain (transaction server, communication, accessing). As can be seen, all of these three technologies point to communication aspects as a critical point for technologies against malware attacks (Fig. 3.11).

3.5.3 Identification of Technological Clusters 3.5.3.1 IPCs per Technologies To identify the patents in groups for each technology, the IPC codes have been used since they offer high flexibility to categorize by class and subclasses and their dynamicity since the IPC codes are updated permanently. This aspect is important since new technologies or technical areas are incorporated constantly. Table 3.3 is a summary of these IPC codes by each technology. The number of IPC subclass codes in DWPI by patent application year has been increasing significantly since 2009 (Fig. 3.12). The year 2009 coincides with the introduction of the concept of the decentralized lodge in blockchain by Satoshi Nakamoto.

58

E. Garces et al.

Table 3.3  IPC and CPC codes in cybersecurity, AI, blockchain, IoT Technological field Cybersecurity

Artificial intelligence Blockchain

Internet of Things

IPC H04W12/00 G06F21/00 H04L9/00 G06N H04L G06Q G06F G16Y

CPC H04W12/00 G06F21/00 H04L9/00 G06N H04L G06Q G06F –

Fig. 3.12  Number of IPC subclass in DWPI by patent application year

3.5.3.2 Identification: Definition of Periods of Analysis Based on the number of patent applications per year, the period of analysis has been divided into five periods. As described before, the objective here is to capture the movements of networks based on three stages: isolated technology networks, starting and progressive integration of technology and functions networks, and the final stage of the integrated network (converged network). In this context, the 22-year period has been split into five periods as shown in Fig. 3.13. The number of application patents per year follows an S-shaped growth curve which shows an “emerging phase” (lag phase) during two periods corresponding from 2000 to 2009, the growth stage (exponential phase) in two periods of the analysis from 2009 to 2020. In the last 2 years, the figure shows a significant decline; however, this does not mean that the technologies (based on technology convergence of the three analyzed technologies) are in the maturity or saturation stage (stationary phase) of the technology cycle. Instead, the last 2-year period is explained by the lag effects of processing the patent application which usually is around 2 years. Therefore, it is expected that the

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

59

Fig. 3.13  The period of patents of AI, BC, and IoT in cybersecurity

s-curve will continue growing exponentially during the next years. An indication of the increasing number of patent applications reveals that the percentage of the number of patents represents 36.9% of the total number of patents in the whole period (2000–2022) – see Table 3.4. Artificial Intelligence President Donald J. Trump signed Executive Order 13859 in February 2019, launching the US Artificial Intelligence Initiative, a national strategy to promote US leadership in artificial intelligence. The USA updated its AI R&D strategic plan in 2019, developed the first progress report describing the impact of federal R&D investments, and released the first government-wide report on non-defense AI R&D spending. So the significant increase in patent applications around 2019 is driven by national strategy, and the rapid and dramatic increase in the number of patent applications reflects the continued and rapid development of AI technology convergence in cybersecurity as AI in cybersecurity is attracting more investment from both the private and public sectors. According to a recent Deloitte Global Study of early adopters of AI(Ramachandran, 2019), more than four in ten executives have “significant” or “extreme” concerns about various types of AI risks, with “cybersecurity breaches” topping the list. The USA is primarily concerned about hackers using AI to steal sensitive or proprietary data. AI can enhance an organization’s predictive cyber intelligence capabilities in many areas, such as risk awareness, threat

60

E. Garces et al.

Table 3.4  Percentage of patents per period Period 2000–2004

2005–2009

2010–2014

2015–2018

2019–2022

Field AI Blockchain IoT Total AI Blockchain IoT Total AI Blockchain IoT Total AI Blockchain IoT Total AI Blockchain IoT Total

Number of patent applications 77 428 44 533 145 562 67 757 307 750 158 1192 1055 1238 683 2794 1359 1530 602 3085

Percentage (%) 0.92 5.12 0.53 6.37 1.73 6.72 0.80 9.05 3.67 8.97 1.89 14.26 12.62 14.81 8.17 33.42 16.25 18.30 7.20 36.90

monitoring and detection, and automation of risk processes. According to the US Opportunities and Challenges for AI and Cybersecurity, released in March 2020, the integration of AI into computing and cyber-physical systems, the application of AI systems on critical infrastructure, and cyber monitoring and reasoning will be key convergence technology development and deployment directions (N. & I.  TECHNOLOGY, R.  A. D.  SUBCOMMITTEE, and the M.  A. I.  L. G. & ARTIFICIAL, I. SUBCOMMITTEE, O. The, and N. A. S. & T. C. CIL, 2020). Blockchain Blockchain has a larger share of the cybersecurity space compared to AI and IoT. The concept of blockchain has been widely used since the first successful cryptocurrency, Bitcoin, which was introduced in 2009. The data shows that the number of patent applications grew very slowly before 2015, which is an indicator that R&D is in the budding and exploratory stage. 2015 began a period of rapid development of blockchain, and the rapid growth of patent applications continues, mainly because Bitcoin is gradually accepted by the public and the prices are rising, and the advantages of blockchain such as decentralization and tamper-evident are recognized. Starting in 2017, when there was a boom in cryptocurrencies, related research identified a large number of government-led cyber defense projects that encompassed blockchain, converging with supply chain management, IoT, communications, identification and authentication, and data integrity. US government agencies are paying close attention to the convergence of IoT and blockchain. For example,

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

61

the Department of Homeland Security (DHS) has developed a blockchain solution for IoT sensors in critical infrastructure. With the increasing rise of a national economic security strategy, the potential for the convergence of blockchain technology is enormous (Lee & Kim, 2022). IoT In 1999, Professor Ashton of the MIT Auto-ID Center first proposed the Internet of Things at the International Conference on Mobile Computing and Networking in the USA. In 2005, the International Telecommunication Union(ITU) released “ITU Internet 2005: The Internet of Things,” proposing the arrival of the Internet of Things era. 2009, former US President Barack Obama explicitly proposed the “Internet of Things Economic Promotion Theory.” In 2009, former US President Barack Obama put forward the “Internet of Things Economic Promotion Theory,” signifying that the technology has risen to the level of national strategy and entered a rapid development stage. As IoT applications grow, the continued insecurity of many devices has drawn the attention of US regulators, including making connected devices more resilient to cyber threats and attacks (IoT cybersecurity) and protecting the privacy of personal information (IoT privacy). The IoT Cybersecurity Improvement Act of 2020 was signed by President Trump on December 4, 2020, which set minimum security standards for connected devices the federal government uses (Thales Group, 2021). Analysis of patent application trends suggests that the trend of technology convergence between IoT and cybersecurity began to emerge from 2015 to 2018. There’s no national IoT cybersecurity regulatory framework nor a comprehensive set of standards as of June 2021 in the USA, which signals that the convergence in this area is still in its early stages.

3.5.4 Time Evolution of Technology Networks: Technology Convergence The evolutions of three technologies are described by the number of patents and the density of the co-occurrence networks. The number of patents has been growing exponentially since 2009 and the network density has increased, and this characteristic will be identified in the next sections of measuring the level of convergence. During the first phases of 2000–2004, the number of patents sharing technological characteristics (represented by the number of patents and connections) was small and isolated. This condition started to change in the period 2009–2014, the number of patent applications increased as well as their connections among them, and technologies with common functions started to play a centralized role. This trend remains largely consistent with the subsequent periods, which shows an increase of central patents with IPC or specific technical areas (Fig. 3.14). Based on the patent IPC networks of each period, the technical areas (IPC subclasses) were extracted by utilizing the SNA and the corresponding description of IPC codes from WIPO (WIPO IP Portal, n.d.). The figure below shows how the

62

E. Garces et al.

Fig. 3.14  Number of patent applications in AI, blockchain, and IoT

technology functions evolved during the 20 years. The figure shows the IPC classes, where the families are grouped and the links are differentiated by the strength of the lines. The new IPCs appearing in each period are colored green or blue. Mainly, the technologies were focused on two main aspects, communication and digital data-computing systems to ensure security. Regarding the communication functions, technology development has been directed to consistent functions based on the first decade of 2000 to 2010 on the transmission of digital data and keeping the integrity of the communications. On the other side, technical areas have focused on protecting the data by using different methods, which have been changing mainly based on models for control, monitoring, and testing. The integration of communication (characteristic of IoT and the problem of cyberattacks-cybersecurity) and the use of programming models is a characteristic of the two analyzed technologies (AI and blockchain). Therefore, the figure below shows that recently, the computational models are more common characteristics of the technologies, implying integration of AI technologies. Moreover, the use of blockchain technologies started to converge in 2009 by using technologies, such as cryptography and methods for data processing. Using the network for the last period 2019–2022, other technologies have been integrated recently and are still positioned in the peripheral of the network. In this case, we can observe that “Information and Communication Technology Specially Adapted for the Internet of Things” (G16Y) is starting to have an important role in cybersecurity integrated with AI and blockchain technologies. At the same time, other technical areas are getting common, more for use of IoT or applications such as multiplex communication, transportation control systems, games, health devices implanted into the human body, arms, and so on (G16Y, G01S, G08G, A63F, H04J, B64C, A61M, F41A) (Tables 3.5, 3.6, and 3.7, Fig. 3.15).

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

63

Table 3.5  Technical areas related to IPCs for subclasses H04 (communication technique) H04K Secret communication Jamming of communication

H04L Transmission of digital information

H04M Telephonic communication

H04N Pictorial communication

H04W Wireless communication networks

3.5.5 Measuring the Technology Convergence 3.5.5.1 Convergence Strength and Incorporating New Technologies Table 3.8 calculates the technological convergence and technological attractiveness of AI, IoT, and blockchain in cybersecurity for different time windows. First, the three technologies are increasingly co-occurring with other technology areas, with the number of IPC co-occurrence in the earliest time window (2000–2004) accounting for only 4.76% of all, yet this proportion reached 28.66% in the most recent 3-year period (2019–2022). Second, the overall ability of the three technologies to absorb new technologies is increasing, with the earliest period (2000–2004) being less attractive for the three technologies, but fluctuating, reaching a peak in 2015–2018, followed by a decline in the last 3 years. This intermittent development shows a tendency to be unstable and is common as technologies become increasingly mature and expand. The “convergence strength” index has increased during the last two periods from 8.71% to 28.66%. A similar pattern is shown by the “technology attractiveness” index, with 23.16% during the last period 2019–2022. These values are an indication that the technologies are in continuous integration; however, the convergence state is still in the early stage. 3.5.5.2 Convergence Network As described in Table 3.9, the indicators are based on the entire network indicators, which are calculated by periods and are shown below. The density is related to the number of connections and elements in a network. The network density measures the prevalence of dyadic connections (direct connections between elements in a network). By analyzing these dyadic connections, it is possible to analyze the interactions between elements or patents (Hu & Frey, 2018). Accordingly, the level of density shows the number of connected patents in the network formed by the three technologies (IoT, AI, blockchain), corresponding to higher numbers of patents in a period with a higher density. The density measured in each period has been around 13% (13.5% for 2019–2022) as it is showed in the table and figure below. For the overall network, the number of nodes and edges is increasing; density, average distance, and E-I of the patent co-occurrence network maintain a trend toward technology convergence: the size of the nodes and co-occurrence relationships of the network is bigger, the network is getting denser, and the information is

G04F Time-interval measuring

G05B Control Regulating systems Functional elements Monitoring Testing systems or elements

G06F Electric digital data processing Computer systems Computational models

G06K Graphical data reading Presentation of data Record carriers Handling record carriers

G06N Computing arrangements Computational models

G06Q Data processing systems or methods Administrative Managerial Supervisory Forecasting

Table 3.6  Technical areas related to IPCs section G and subclasses (digital data, computer systems, cryptographic) G09C Ciphering Deciphering Cryptographic Secrecy

64 E. Garces et al.

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

65

Table 3.7  Top IPC patents per year sorted by degree and betweenness centrality IPC 2000–2004 1 H04L 2 G06F 3 G06Q 4 H04W 5 H04N 2005–2009 1 H04L 2 G06F 3 H04W 4 G06Q 5 H04M 2010–2014 1 H04L 2 G06F 3 H04W 4 G06Q 5 H04M 6 H04N 2015–2019 1 H04L 2 G06F 3 H04W 4 G06N 5 G06Q 2020–2022 1 H04L 2 G06F 3 G06N 4 H04W 5 G06Q

Degree 14.911 14.778 5.667 3.111 2.956

Beta Cent

ARD

Closeness

Eigenvector

Betweenness

0.938 0.900 0.692 0.592 0.662

0.689 0.683 0.154 0.091 0.070

0.340 0.239 0.081 0.003 0.022

31.703 31.398 7.081 4.180 3.243

0.967 0.944 0.778 0.656 0.744

507 494 173 158 116

186477.313 200129.906 36792.738 25804.930 14870.067

49.833 55.500 35.333 45.333 41.333

88 76 117 97 105

0.931 1.000 0.183 0.128 0.074

245.519 864.353 2.985 161.753 121.495

952 836 467 196 123 107

357115.750 324997.531 115165.883 33364.438 16302.393 16624.592

50.000 53.000 42.500 43.000 39.833 41.500

68 62 83 82 89 85

1.000 0.910 0.322 0.093 0.045 0.046

338.840 545.821 73.764 105.893 64.924 51.104

3495 2903 1788 1167 858

1208111.750 927345.875 470910.344 302639.375 180183.203

83.500 86.500 78.000 67.333 73.000

121 115 132 154 142

1.000 0.767 0.389 0.250 0.149

932.838 1443.769 668.181 161.893 432.475

2925 2902 1547 1222 1023

1053813.125 971760.938 415972.063 292740.563 236664.016

74.500 76.000 61.000 68.500 64.000

106 103 133 118 127

1.000 0.922 0.394 0.277 0.224

745.020 925.153 246.128 532.497 233.965

Fig. 3.15  Dynamic of technical areas map based on central technologies

66

E. Garces et al.

Table 3.8  The convergence strength and technology attractiveness of AI, IoT, and blockchain Indicators Convergence strength Technology attractiveness

2000–2004 4.76% 12.32%

2005–2009 4.43% 16.72%

2010–2014 8.71% 15.25%

2015–2018 28.35% 26.69%

2019–2022 28.66% 23.46%

Table 3.9  Entire network indicators in convergence network Indicators Number of patent applications Number of nodes Number of edges Average degree Density Avg distance Overall graph clustering coefficient E-I index

2000– 2004 533 46 256 11.130 0.247 1.780 0.842

2005– 2009 757 62 334 10.774 0.177 1.910 0.871

2010– 2014 1192 59 301 10.561 0.189 1.880 0.836

2015– 2018 2794 97 566 11.670 0.122 1.997 0.840

2019– 2022 3085 86 486 11.442 0.135 2.005 0.825

−0.852

−0.814

−0.834

−0.919

−0.943

flowing. The E-I index is initially used to measure the degree of distribution of the cohesive subgroups of the analyzed network in a larger network. The E-I takes values in the range (−1, +1), and if the value is closer to +1, it means that the indicated technology are closer to each other, such as approximately closer to −1, which means that the technology is more distant and independent from each other. Thus, the E-I values in the range of (−0.852, −0.943) for each period are different between the technological fields. Second, the average degree and the overall graph-clustering coefficient show fluctuations in different periods. It is indicated that the degree of network sparsity is fluctuating and the degree of aggregation of nodes in the graph is also changing, and the overall is integration, but the process is alternating between division and convergence, which is also a process that can be repeated continuously during the development of technology (Fig. 3.16).

3.6 Conclusion From the technological perspective, this chapter focuses on how cybersecurity technologies have been used and converged into new technologies and innovations over time. The importance of technology convergence underlies the creation of new technologies based on existing technologies. Patent analysis and social network analysis were used to identify the technology networks since the topology of patent networks provides information on how the technologies are associated with each other, the levels of convergence, and the central technologies. In this chapter, we analyzed three relatively new technologies associated with cybersecurity: the Internet of Things, artificial intelligence, and blockchain. The

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

67

Fig. 3.16  Indicators of technology convergence network

convergence of these three technologies is given since 2009, the year that blockchain technologies appeared. The importance of analyzing these technologies (AI, blockchain, IoT) for cybersecurity is given by the digital transformation and the performance of these technologies. For the technology convergence analysis, patent data was used and modeled with SNA. As explained in Fig. 3.1, the process implies the dynamic interaction of different patent networks (time) that starts with the co-concurrency or citation between patents to achieve the same objective, in this case, the creation of new technologies for cybersecurity. At the same time, the identification of the periods to analyze the technology networks were done by the identification of three scenarios, which depend on how the evolution and convergence to the objective of creating new cybersecurity technologies (if the technology converges directly to the objective or addressing the objective with the other technologies previously) (see Figs.  3.2 and 3.3). The analysis was divided into five periods between 2000 and 2022. It can be seen that the number of patents has an S-curve technology growth shape, with exponential growth in the future. The social network analysis of the patents’ IPCs shows that there exists an evolution of the converged technologies, which are focusing nowadays on information and communication related to IoT, along with specific applications, such as multiplex communication, transportation control systems, games, implantable medical devices, and arms. One of the important questions is how the technologies converge and what are the levels of convergence as it is shown in Fig. 3.3. The scenarios of convergence are described as the level of convergence and the predominance of any of the technologies. The methodology of analyzing these three technologies’ convergence in the area of cybersecurity follows six steps. This implies that three cybersecurity technologies were identified and analyzed in this chapter. After obtaining the patent data and following the process of cleaning and citation analysis, the convergence of

68

E. Garces et al.

knowledge and technologies was calculated. Specifically, two different indexes were used to measure the level of convergence: convergence strength and technology attractiveness. In addition, four SNA centrality metrics were used to evaluate the following networks: average degree, density, avg. distance, and overall graph clustering coefficient. The results of the topics show six main areas or clusters: computer science, machine learning, digital key, blockchain, computer device, and communication. There exist strong connections between clusters between communication and device technologies (elements of IoT and the communication between devices associated with internet and the risk of cyberattacks). According to the results of measuring the technology convergence levels, the convergence strength and technology attractiveness showed levels of 28.66% and 23.46% of convergence, which implies that there is a clear integration by 2022 and a positive technological integration in the following years. In this context, the integration of these technologies belongs to a partial integration scenario “case 1,” as well as possible scenarios in the future for scenarios 2 or 3 (see Fig. 3.3). Based on Table 3.9, it can be seen that the patent network has increased consistently or the values showed stable levels of density and interaction between technologies.

References R.  Anyoha (2017, August). The history of artificial intelligence  – Science in the news. SITN Science in the News  – Harvard University [Online]. Available: https://sitn.hms.harvard.edu/ flash/2017/history-­artificial-­intelligence/ Bay, M. (2016). 11 – WHAT IS CYBERSECURITY? In search of an encompassing definition for the post-Snowden era. French Journal of Media Research, 6. C. and I. S. A. (CISA). (2009, May). 12- What is cybersecurity? | CISA [Online]. Available: https:// www.cisa.gov/uscert/ncas/tips/ST04-­001 Caviggioli, F. (2016). 4-technology fusion: Identification and analysis of the drivers of technology convergence using patent data. Technovation, 55–56, 22–32. Côté, G., Roberge, G., Deschamps, P., & Robitaille, N. (2018). Bibliometrics and patent indicators for the science and engineering indicators 2018: Technical documentation. Science-Metrix. Cyber security for business: Reasons behind cyber attacks. (n.d.). NiBusiness Info.co.UK [Online]. Available: https://www.nibusinessinfo.co.uk/content/reasons-­behind-­cyber-­attacks. Daim, T., & Suntharasaj, P. (2009). Technology diffusion: Forecasting with bibliometric analysis and bass model. Foresight, 11(3), 45–55. Daim, T., Lai, K. K., Yalcin, H., Alsoubie, F., & Kumar, V. (2020, April). 6-Forecasting technological positioning through technology knowledge redundancy: Patent citation analysis of IoT, cybersecurity, and Blockchain. Technological Forecasting and Social Change, 161, 120329. Dorri, A. (2017). Towards an optimized BlockChain for IoT, pp. 173–178. Forge, C. (n.d.). Policies vs Standards vs Controls vs Procedures [Online]. Available: https://www. complianceforge.com/faq/word-­crimes/policy-­vs-­standard-­vs-­control-­vs-­procedure Garces, E., van Blommestein, K., Anthony, J., Hillegas-Elting, J., Daim, T., & Yoon, B. S. (2017, August). Technology domain analysis: A case of energy-efficient advanced commercial refrigeration technologies. Sustainable Production and Consumption, 12, 221–233. Gauch, S., & Blind, K. (2015). 5-technological convergence and the absorptive capacity of standardisation. Technological Forecasting and Social Change, 91, 236–249.

3  Cybersecurity and Technology Convergence: Analysis of AI, Blockchain, and IoT…

69

Hu, B., & Frey, B. (2018). The sage encyclopedia of educational research, measurement, and evaluation. In B. B. Frey (Ed.), The sage encyclopedia of educational research, measurement, and evaluation (pp. 1–2000). Sage. Huh, S., Cho, S., & Kim, S. (2017). Managing IoT devices using Blockchain platform, pp. 464–467. Ibarra-Esquer, J. E., González-Navarro, F. F., Flores-Rios, B. L., Burtseva, L., & Astorga-Vargas, M. A. (2017, June). Tracking the evolution of the internet of things concept across different application domains. Sensors (Basel), 17(6). IBM. (2020, June). What is Artificial Intelligence (AI)? | IBM. IBM Cloud Education [Online]. Available: https://www.ibm.com/cloud/learn/what-­is-­artificial-­intelligence IBM. (n.d.). What is Blockchain Technology? – IBM Blockchain | IBM [Online]. Available: https:// www.ibm.com/topics/what-­is-­blockchain. IBM Business Operation Blog. (2016, November). What is the Internet of Things, and how does it work? Business Operation Blog. Jung, S., Kim, K., & Lee, C. (2021, July). 8-The nature of ICT in technology convergence: A knowledge-based network analysis. PLoS One, 16(7), 1–20. Karafiloski, A., & Mishev, E. (2017). Blockchain solutions for big data challenges: A literature review. In Proceedings of the IEEE EUROCON 2017 -17th International Conference on Smart Technologies (pp. 763–768). Karvonen, M., & Kässi, T. (2011). Patent citation analysis as a tool for analysing industry convergence. Kevin Boyackk, R.  K. (2008). Measuring science-technology interaction using rare inventor– author names. Journal of Informetrics, 2(3), 173–182. Kumar, R., & Sharma, R. (2021). Leveraging blockchain for ensuring trust in IoT: A survey. Journal of King Saud University Computer and Information Sciences. Lee, S., & Kim, S. (2022). Blockchain as a cyber defense: Opportunities, applications, and challenges. IEEE Access, 10, 2602–2618. Lee, W. S., Han, E. J., & Sohn, S. Y. (2015). 1-Predicting the pattern of technology convergence using big-data technology on large-scale triadic patents. Technological Forecasting and Social Change, 100, 317–329. Lee, W. J., Lee, W. K., & Sohn, S. Y. (2016). 7-Patent network analysis and quadratic assignment procedures to identify the convergence of robot technologies. PLoS One, 11(10), 1–16. Li, S., Garces, E., & Daim, T. (2019, September). Technology forecasting by analogy-based on social network analysis: The case of autonomous vehicles. Technological Forecasting and Social Change, 148, 119731. Musleh, A.  S., Yao, G., & Muyeen, S.  M. (2019, June). Blockchain applications in smart grid-­ review and frameworks. IEEE Access, 7, 86746–86757. N. & I. TECHNOLOGY, R. A. D. SUBCOMMITTEE, and the M. A. I. L. G. & ARTIFICIAL, I. SUBCOMMITTEE, O. The, and N. A. S. & T. C. CIL (2020). Artificial intelligence and cybersecurity: Opportunities and challenges. N. I. for C. C. A. S. (NICCS). (n.d.). National Initiative for Cybersecurity Careers and Studies – Glossary | NICCS [Online]. Available: https://niccs.cisa.gov/cybersecurity-­career-­resources/ glossary Ramachandran, K. (2019). Cybersecurity issues in the AI world [Online]. Available: https:// www2.deloitte.com/us/en/pages/technology-­media-­and-­telecommunications/articles/ai-­and-­ cybersecurity-­concerns.html Rodeck, D., & Curry, B. (n.d.). What is Blockchain? – Forbes advisor. Forbes [Online]. Available: https://www.forbes.com/advisor/investing/cryptocurrency/what-­is-­blockchain/ Roeck, E., Schöneseiffen, D., Greger, F., & Hofmann, M. (2020). Analyzing the potential of DLT-­ based applications in smart factories. In H. Treiblmaier & T. Clohessy (Eds.), Blockchain and distributed ledger technology use cases  – Applications and lessons learned (pp.  245–266). Springer. Salah, K., Member, S., & Rehman, M.  H. U.  R. (2019). Blockchain for AI: Review and open research challenges. IEEE Access, 7, 10127–10149.

70

E. Garces et al.

Sandner, P., Gross, J., & Richter, R. (2020, September). Convergence of Blockchain, IoT, and AI. Song, C.  H., Elvers, D., & Leker, J. (2017). 2-Anticipation of converging technology areas  – A refined approach for the identification of attractive fields of innovation. Technological Forecasting and Social Change, 116, 98–115. Thales Group. (2021). IoT cybersecurity: Regulating the Internet of Things [Online]. Available: https://www.thalesgroup.com/en/markets/digital-­i dentity-­a nd-­s ecurity/iot/inspired/ iot-­regulations Vaughan, L. (2004, January). Web hyperlink analysis. In Encyclopedia of social measurement (pp. 949–954). WIPO IP Portal. (n.d.). IPC Publication. WIPO IP Portal. Zhou, Y., Dong, F., Kong, D., & Liu, Y. (2019, March). 3-Unfolding the convergence process of scientific knowledge for the early identification of emerging technologies. Technological Forecasting and Social Change, 144, 205–220.

Chapter 4

Patent Alert System Alptekin Durmuşoğlu, Zeynep Didem Unutmaz Durmuşoğlu, and Tugrul U. Daim

Abstract  While there are many different ways to monitor technological progress, tracking free and readily available patent documents is a good option. As well as the textual content of patents, the number of patents for a specific technology domain can also be taken into account. The Patent Alert System (PAS) was developed in 2009, which monitors the changes in the number of patented inventions in the background and reports important changes. The PAS first extracts the linear model formed by the number of patents in a certain technological field; then the method, which calculates the total deviation by summing the deviations from this model, generates warnings when more deviations occur from a certain threshold value. In 2010, the same authors presented the Fuzzy PAS method, which will enable the same method to work with fuzzy numbers. In 2012, Daim et al. analyzed two different technologies based on wind energy using two different variations of the PAS. The most important problem in the application of the relevant method is the need for expert knowledge in determining the threshold value. In this study, in order to eliminate the stated difficulty, the warnings are not created according to the observations deviating from the linear model, but by considering the moving range of the number of patents over the years and the 3-sigma deviations in this value. In other words, the proposed method includes the use of moving range charts, which is used for statistical process control, for patent numbers, which is a social field. This updated method is now used to detect warnings created by patents in the field of cybersecurity. In accordance with the main objective of the PAS, the alerts created have been used in the last 20  years to detect an unusual activity of invention in the field of cybersecurity.

A. Durmuşoğlu · Z. D. U. Durmuşoğlu Gaziantep University, Gaziantep, Türkiye T. U. Daim (*) Mark O. Hatfield Cybersecurity & Cyber Defense Policy Center, Portland State University, Portland, OR, USA e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 T. U. Daim, M. Dabić (eds.), Cybersecurity, Applied Innovation and Technology Management, https://doi.org/10.1007/978-3-031-34843-3_4

71

72

A. Durmuşoğlu et al.

4.1 Introduction Maintaining a technological competitive advantage requires tough leadership, regardless of industry. Any analysis to support this leadership process is strategically valuable. Close monitoring of the development of a specific technology is essential to understanding the situation and strategy of competitors. Since patenting is a costly process, it is often an action that companies follow for inventions with commercial value that they want to protect their monopoly right. In exchange for this monopoly right, companies accept that the application document containing the outlines of their inventions becomes public information. Patent databases make information about these inventions a data source that we can systematically query and access. However, in today’s technology world, tens of thousands of patent applications are made every day, even in just one technology field, and some of these applications are registered as patents. It is often impossible to closely monitor the content of all this big data. It is possible to experience increases or decreases in the number of patents over the years. These decreases and increases may be indicative of evolutionary technological progress, but an increase or increase in excess of what is expected may be a precursor to a paradigm shift. The Patent Alarm System (PAS) (Dereli & Durmusoglu, 2009), which forms the basis of this study, aims to send an alert to the relevant person by catching the movements that can be predicted to be “abnormal.” During the use of PAS, an alarm is set for a certain technological area. The system, which regularly pulls patent numbers from free patent databases, tests whether the data it obtains is part of a predetermined linear trend or a completely new trend. If there is a new trend, it notifies the user by e-mail. It is possible to use various methods for the alert generation system of PAS. In the first emergence paper of PAS, the difference between the estimated number of patents estimated by the linear trend and the actual number of patents was used to calculate the total deviation. If this difference is more than the predetermined threshold value, a brand new linear trend is calculated, and the user is informed of this change. However, depending on the size of this threshold value, too many or too few warnings may occur. In this case, some of the warnings have the potential to be “false alarms.” Therefore, setting the threshold value requires a high degree of experience and expertise. Daim et al. (2012) used PAS in their study to monitor patenting activities in energy technologies, encountered a large number of warnings, but preferred to compare the number of warnings in different technological fields.

4  Patent Alert System

73

4.2 Literature Review 4.2.1 Evolution of Cybersecurity Cybersecurity can be seen as the activity of securing vital systems and valuable data from digital threats. The concept encompasses standards, regulations, and collections of safeguards, technologies, tools, and training designed to offer the greatest possible protection for the condition of the cyber environment and its users (Schatz et al., 2017). Cybersecurity measures are meant to prevent vulnerabilities to networked applications and systems, whether they come from within or outside of a company. Because of the pervasiveness and rapid evolution of technology, cybersecurity events are likely to affect more individuals than ever before (Jones et  al., 2019). Furthermore, as Internet-connected devices grow more and more embedded into everyday life, cyberattacks have become a common thing for many individuals. Although the search for solutions continues in the face of these problems, the problem is getting more and more difficult day by day. The reason for this is that the attacker has become smarter, and technology is now available to everyone (Bertolin Furstenau et  al., 2020). Even though many cyberattacks have very little impact, some turn into heavy and costly cyber catastrophes, causing long-term losses to the companies. In this context, the need for security solutions in hardware and software offered by cybersecurity companies is increasing. However, due to the evolving nature of cybersecurity problems, focusing on yesterday’s problems does not mean a real solution for today. For this reason, cybersecurity stands out as an area that has to constantly evolve and develop. In which direction is this evolution moving in cybersecurity, which is a very wide subject area? Madnick et al. (2021) in their study examining a total of 216 cases defined 233 individual cyber norms and discussed the longitudinal course of cyber norm activities in 25 subject categories. “The norm of Human Rights: respect for human rights and fundamental freedoms; applying them to cyberspace” was found to be the most important norm for success. Despite the fact that this standard is ambiguous, it is critical as various instances and participants cited it as critical to the fundamental principles of cybersecurity. Ruohonen et  al. (2016) discusses the evolutionary development of newly established cybersecurity institutions in the European Union. The European Union’s entry into the cybersecurity space resulted in a noticeable institutional change in the operational and regulatory status of European networks, but this change was neither sudden nor revolutionary. Instead, subsequent adjustments were implemented with minor gradual changes in the status of the deployed institutional center, while a new coordination center was established in existing European networks. Recent developments indicate that the new roles of emergency teams, as well as new targets for security analytics, big data mining, traffic analysis, forensics, and related aspects, are important issues in the evolutionary progression, similarly in other geographies of the world.

74

A. Durmuşoğlu et al.

Bertolin Furstenau et al. (2020) also created a science map of the cybersecurity workspace in order to uncover current concerns in the area, authors in the field, and develop a map of the workspace in order to identify productive themes and indicate difficulties with significant scientific effect. This mapping was done with SciMAT (Science Mapping Analysis Software Tool). The most typical topics in the scientific evolution of cybersecurity were “challenges,” “framework,” and “intrusion detection.” “Privacy,” “smart grid,” “Internet of things,” “systems,” “smart cities,” and “cloud computing” were the topics that the researchers attempted to tackle and encountered the biggest obstacles. With the emergence of the Internet of things (IoT), it has also dramatically changed the cyber threat landscape (Ruohonen et al., 2016). discussed the security threats and vulnerabilities brought by IoT, industrial challenges, the root causes of cyberattacks, the need for cybersecurity, and some cybersecurity measures/methods in the context of IoT from a global perspective covering both the public and private sectors. The results of the study indicate that with the development of new platforms and operating systems for connected devices, the threat landscape and emerging trends need to be handled more carefully and that if it continues in this way, security budgets for all organizations will increase exponentially. Loginov (2020), on the other hand, states in his study that the primary purpose of industrial research in the field of cybersecurity is to develop promising solutions to cybersecurity problems and to apply these solutions in the real world, emphasizing that the real race continues against the increasing complexity of the software we are trying to protect. The study points out that the main problems standing in the way of winning this race are scalability, sensitivity, and the scarcity of human cybersecurity expertise. In addition, the study argues that for the success of solution searches, it is necessary to reconsider old solutions and isolate limiting factors and shift powerful new computational resources and techniques to relatively critical areas. Dunn Cavelty and Wenger (2020) argues that the connection between technology, politics, and science will continue to impact the trajectory of both cybersecurity research and cybersecurity policy, in order to position it in its larger evolutionary perspective. According to researchers, the link between more complex socio-­ technical systems will grow in the future, and the digital transformation processes that will influence everything will raise the relevance of cybersecurity. The pervasive digitalization and automation of technological processes will enhance the complexity of socio-technical systems with the fourth industrial revolution, and cybersecurity concerns will surely expand to additional policy areas, both domestically and globally. These developments will create new demands for technical and organizational research that must be better integrated with approaches from social and political science. Artificial intelligence will become a core element of cybersecurity and will have a profound impact on the speed, scale, duration, autonomy, and complexity of cyber operations for both attack and defense. These new technologies will be developed primarily by global technology firms and the private sector. In their study, in which (Bockus, 2015) shared their predictions about the situation of cybersecurity in 2035, they emphasize that in a world where everything is interconnected, an attacker can enter the washing machine at home, but also reach

4  Patent Alert System

75

other devices, computers, tablets, and smart phones in a network. The greater the connections, the larger the attack surface. The real danger to the world of 2035 is that an attack that starts from a small and relatively insignificant element of the web will turn into a spillover with dire consequences. Benarous et al. (2017) sees the cybersecurity field as a research area that always has to advance every solution and improvement developed and requires continuity. The challenge for this development is that the threat creator always keeps trying to break security. This tension between safety guards and breakers is the motivation that makes both parties work harder to outperform the other. In summary, it is stated in the study that security problems and solutions will continue to evolve and develop as new technologies, systems, and protocols are invented and developed. Taillat (2019) claims that states’ perceptions of weakness and opportunity affect cybersecurity interactions and actions, but combating cybersecurity requires a collective security understanding. In this context, researchers suggest the establishment of a common regime to regulate the use of digital technologies and the main powers that guarantee the international political order to come to an agreement to fight against destructive and revolutionary actors. An agreement that will protect the benefits of the international order will be a more beneficial attitude toward the aggressors who feed on the uncertainty in the attitudes of the actors.

4.3 Technology Watch and Patents Technology watch, also known as “technology intelligence,” “technology monitoring,” or “patent intelligence,” is a practice used by organizations to continuously evaluate technological information in order to obtain insight and a competitive edge in a given technical sector (Jürgens & Herrero-Solana, 2017). Given that businesses that fail to adapt to a new technological environment are more likely to fail, assessing the technical landscape and spotting changes in the landscape might be one of the basic technology intelligence activities (An et al., 2018). Many technology intelligence technologies have been actively created to identify technology trends and provide technological insights from technical documents (Yoon & Kim, 2012). Since the 1980s, patents have been widely acknowledged and utilized as a technology indicator since they contain explicit technical information as well as hidden knowledge showing the relationships, status, and trends of technologies and related R & D activities (Chen et al., 2015). Patents have been widely utilized for identifying recent high-tech trends (Choi & Song, 2018; Durmuşoğlu & Durmuşoğlu, 2022; Durmusoglu & Unutmaz Durmusoglu, 2021; Evangelista et al., 2020; Hussin & Aroua, 2020; Shubbak, 2019; Virey et al., 2020), discovering new technology opportunities (Cho et al., 2021; Ma et al., 2022; Shi et al., 2019; Wang & Chen, 2019; Yoon & Magee, 2018; Yun et al., 2021), and developing technology roadmaps and plans (Bersano & Spreafico, 2021; Chun et al., 2021; Kwon et al., 2022; Martin & Daim, 2012; Yu & Zhang, 2019). The number of patents issued is an essential indicator of R & D output or technological capacity (Li et al., 2020).

76

A. Durmuşoğlu et al.

There are several well-known advantages of using patent data. First and foremost, the documentation contains a detailed explanation of the innovative idea; it is classified in terms of technical domains (Haščič et al., 2012). It is a rich document, while it covers information such as the number of claims, citations, inventors, and technological domains, which may be used to assess the quality of R & D (Lechevalier et al., 2011). It is an output measure which represents the actual product of an innovation process, while R & D investment represents the input to the innovation process. As being a component of patent information, patent counts (number of patents) are also widely used to discover the direction of innovation activity for certain domains. As part of their study, (Wagner et al., 2013) uses the PatBase® patent database to assess the evolution status of lithium-based battery (LIB) technology, estimating the number of patents and revealing disproportionately high growth rates in LIB patent applications in recent years compared to other selected energy technologies. Pilkington et al. (Pilkington et al., 2002) also utilized patent counts to examine the state of advancement in the electric vehicle market between 1977 and 2000. The change in yearly patent numbers is used by these researchers to determine the state of advancement in a certain technology. Another study (Aversa et al., 2021) reveals the progress of metal additive manufacturing (AM) technologies, taking into account the number of patents registered. While the growth in the number of patents showed the increasing interest in the field, key players in the field were determined by using the number of patents. Patents are then analyzed to understand the technology areas covered by each key player and investment trends. Finally, patents in materials and metallurgy are examined separately to identify the main issues faced by the most used alloy classes. Finally, based on the number of patents, the main gaps to be filled in the research area were determined. One of the most recent studies (Liu et al., 2021) presents the number of patents for seven coronaviruses known to infect humans. The results, in particular, show a rapid increase in the number of COVID-19 patents, exceeding those related to SARS and MERS.

4.4 Methodology In 2009, the Patent Alert System (PAS) was constructed (Dereli & Durmusoglu, 2009), which tracks changes in the number of patented innovations in the background and alerts users to significant changes. The PAS first extracts the linear model generated by the number of patents in a certain technological field and then provides alerts when the overall divergence from this model exceeds a particular threshold value. The Fuzzy PAS approach (Dereli & Durmuşoğlu, 2010), which allows the same method to function with fuzzy numbers, was presented by the same authors in 2010. In 2012, Daim et al. (2012) used two distinct iterations of the PAS to examine two alternative technologies based on wind energy. The most significant issue with using the relevant approach is that establishing the threshold value requires expertise in the field. To overcome the abovementioned problem, the alerts

4  Patent Alert System

77

in this study are based on the changing range of the number of patents over time and the 3-sigma deviations in this value, rather than on observations deviating from the linear model. To put it another way, the suggested technique incorporates the use of moving range charts, which are often used in statistical process control, for patent numbers, which are a social area. This improved approach is currently utilized to detect cybersecurity warnings generated by patents. Within the scope of this study, two different methods were used to detect the unusualness in the number of patents presented in Table 4.1. The first of these tries to detect whether there is an outlier in the data set while the second tests whether there are out-of-control points in the moving range control chart. We use Grubbs’ test to check if there is an outlier. Grubbs’ test is capable of checking whether a certain suspected data point is an outlier (Adikaram et al., 2015). This test compares the null hypothesis that a suspected result is an outlier against the alternative hypothesis that it isn’t (Aslam, 2020). Therefore, in this work, we only suspect from the maximum value obtained in the data set. We should test the normality of the data sets to use Grubbs’ test. For all of the time series given at Table 4.1, we tested the normality by Anderson Darling test. All p values were smaller than 0.05, and therefore, we fail to reject that our data sets are coming from non-normal distribution. This also builds a base (where the normality is expected to implement control charts) for using the moving range charts. In the second part, we used moving range charts to detect abnormalities in the given times series. The standard control charts are used to track process mean. However, controlling a process involves not just controlling the average value of the variable being monitored, but also its variability (de la Vega et al., 2012). The so-­ called moving range charts may be used to moving ranges of two successive measurements when working with individual observations. Moving-range charts are effective for examining time-series data patterns and could be beneficial in spotting outlier data that might show abnormal activity levels (Schwab & Mabee, 2014). Moving range charts can be used to identify periods of greatest shifts and the relationship(s) between measurements, between posts, and shifts before, during, and after handover (Jabangwe et al., 2015). Therefore, moving range charts can be very effective tools in managing the annual variation of patent numbers in a specific technology domain. The process for creating an MR chart is as follows (Wang et al., 2009): 1. Let’s consider the k consecutive individual measurements: X1, X2, X3, X4, ……Xk. 2. Compute sample moving ranges for an article sample of size n starting with Rm1, which is the difference between the largest and the smallest value in the first artificial sample X1, X2, X3, X4, ……Xn . Repeat this computation for each succeeding moving sample of artificial size n as follows: Compute Rm1 from Xi, …Xi+n−1 for i = 1, 2, ……, k–n + 1. 3. Calculate an average sample moving range from the sample moving ranges:



Rm

 

k  n 1 i 1

Rmi

k  n 1

4

11

6

13

18

19

28

33

25

33

41

72

117

158

242

514

587

889

1147

1529

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

236

281

231

237

165

148

131

116

118

103

75

82

93

95

89

78

99

92

67

63

202

224

171

168

164

91

100

80

94

74

65

79

70

78

59

51

70

76

52

43

557

525

433

400

346

261

262

228

180

181

154

174

198

210

184

167

153

143

136

87

125

115

104

95

81

76

59

44

51

42

28

35

29

34

27

28

27

13

12

7

2913

3188

2619

1787

1341

1071

902

804

814

672

621

651

707

722

665

665

609

543

634

411

Year(s)

2002

Q5-serv*, comput*, Q2-hard­ execut* Q1- hardware* ware* Q4-hard­ AND software* software* Q3-hard­ ware* verificat* malware* malware* ware* software* authenti­ AND AND software* malware* cat* verificat* crypto*, malware* AND authoriz* authenticat* encrypt*, AND priva*, block* authoriz* password*, protect*, safe*, chain* Q0-Cyber­ block* chain* encod*, secre*, sure*, block­ security block­chain* key* ­secur* policy* chain*

1747

1800

1612

1374

1203

921

930

781

803

758

674

634

659

685

697

685

706

616

580

609

3933

3676

2909

2433

1945

1701

1508

1389

1317

1097

987

892

927

951

979

932

956

815

802

770

1135

1091

903

876

756

582

535

502

511

465

374

337

314

321

308

316

335

263

224

207

12,775

13,365

10,838

7866

6272

5065

4650

4186

3845

3350

2904

3162

3137

3216

3024

2947

2722

2481

2347

2104

Q9- virtual*, digital*, Q6-serv*, data*, comput*, Q8-serv*, system* execut* Q7-serv*, comput*, AND AND comput*, execut* verificat* crypto*, execut* AND authenticat* encrypt*, AND priva*, authoriz* password*, protect*, safe*, block* encod*, secre*, sure*, chain* key* secur* policy* blockchain*

Table 4.1  Number of patents granted for the technologies covered by the given queries

5035

5239

4871

4178

3923

3361

3185

2980

2842

2629

2399

2410

2514

2538

2438

2390

2235

2236

1985

1919

Q10virtual*, digital*, data*, system* AND crypto*, encrypt*, password*, encod*, key*

14,431

14,004

13,080

12,426

10,996

9974

8915

7591

7331

6318

5239

5257

5324

5206

5087

4864

4589

4195

3856

3589

Q11virtual*, digital*, data*, system* AND protect*, secre*, secur*

8048

8114

6961

6450

5527

4722

4204

3501

3463

2812

2243

2016

1931

1816

1734

1669

1510

1449

1291

1176

Q12virtual*, digital*, data*, system* AND priva*, safe*, sure*, policy*

19,618

20,686

17,406

12,248

9848

7880

7498

6708

6155

5428

4503

4530

4231

4342

3943

3653

3355

2876

2605

2251

Q13- inform*, network*, device*, method*, applicat* AND verificat*, authenticat*, authoriz*, chain*, blockchain*

11,658

12,455

11,166

9352

8959

7538

7382

7010

7112

6188

5564

5674

5761

5874

5425

5172

4676

4468

3898

3744

Q14inform*, network*, device*, method*, applicat* AND crypto*, encrypt*, password*, encod*, key*

54,037

51,522

38,314

34,002

26,324

22,456

21,749

19,983

19,055

15,961

13,234

12,770

11,586

11,456

10,847

10,451

10,157

8942

7871

7380

Q15inform*, network*, device*, method*, applicat* AND protect*, secre*, secur*

20,812

19,696

14,644

13,148

9918

8393

7842

7251

6834

5560

4519

4287

3656

3661

3452

3466

3218

2808

2373

2362

Q16inform*, network*, device*, method*, applicat* AND priva*, safe*, sure*, policy*

4  Patent Alert System

79

This average moving range will serve as the centerline (CL) for the Rm chart 4. Plot the Rm ’s using the standard control chart conventions. 5. Use Rm as an estimate of the true process range. Calculate the control limits for the Rm  chart using Rm and constants D3 and D4 in table of control chart coefficients associated with the sample size n.



UCLRm = D4 Rm





LCLRm = D3 Rm



4.5 Data The first step of running the Patent Alarm System to find the number of alerts that occur in cybersecurity technologies is to determine how to identify the relevant patents. The Espacenet database was used to acquire patent documents online. In terms of free patent and open access sources, the European Patent Office’s (EPO) Espacenet is a patent search system offered by major patent authorities that not only cover their own patent collection but also collections from a variety of countries, making it one of the most popular free patent searching tools available (Jürgens & Herrero-Solana, 2015). Espacenet has over 90 million patent filings from throughout the world, and it’s a public-access, general-purpose patent search engine (Marttin & Derrien, 2018). In this study, we benefited from the work of (Özata et al., 2021) to identify the right keywords needed to find cybersecurity-related patents (Özata et al., 2021). followed the following steps in identifying keyword groups: 1. It has been determined that the companies that have invested the most in the field of information security in recent years are Cisco, IBM, Microsoft, Amazon, and Symantec. 2. To create the data set, the patents of these five companies in the last 3 years were examined. 3. Identified the most popular IPC classes in the field of information security. 4. H04L9 and G06F21 IPC classes were searched in the queries created to determine keywords. 5. 3283 patents were found related to two IPC classes received by five companies in the last 3 years. 6. Common words and phrases (and combinations thereof) were found in the titles of 3283 unique patents.

80

A. Durmuşoğlu et al.

7. To determine these combinations, 34,025 words in the titles of the documents that make up the preliminary data set were analyzed. As a result of the analysis, frequently used word groups were determined. The identified keyword groups are as follows: GROUP A-1: hardware*, software*, malware*. GROUP A-2: serv*, comput*, execut*. GROUP A-3: virtual*, digital*, data*, system*. GROUP A-4: inform*, network*, device*, method*, applicat*. GROUP B-1: verificat*, authenticat*, authoriz*, block* chain*, blockchain*. GROUP B-2: crypto*, encrypt*, password*, encod*, key*. GROUP B-3: protect*, secre*, secur*. GROUP B-4: priva*, safe*, sure*, policy*. In order to find the relevant patents, each of the Group A keyword groups (A1-A2-A3-A4) and each of the B keyword groups (B1-B2-B2-B4) were matched, and a total of 16 different combinations (such as A1 and B1, A1 and B2, A1 and B3, A1 and B4, A2 and B1, A2 and B2, A2 and B3, etc.) were determined. “OR” search operator was used to include at least one of the phrases in group A and group B. In addition to those keywords, we have also run a query to find the patents including the term “cybersecurity” (Q0) alone. The number of patents detected for the determined search words in the last 20 years is as shown in Table 4.1.

4.6 Results and Discussion The number of patents presented in Table 4.1, were analyzed for checking existence of any outlier and the number of alerts created (out of control points in in the moving range control chart). Corresponding findings can be seen in Table 4.2. Just one outlier is detected among all data sets for the keyword “cybersecurity”related patents. While the total number of patents on “cybersecurity” was 1334 in the 15-year period between 2002 and 2017, the fact that 1529 patents on the same subject were obtained only in 2021 will provide a better understanding of this outlier situation. The remarkable increase in the number of patents containing the term “cybersecurity” with three alerts generated has been the alerts set that generated the most warnings among our 17 queries. The moving range chart for the corresponding technologies can be seen in Fig. 4.1. The number of patents that went stable between 2002 and 2012 started to form an increasing trend as of 2012. The sudden decreases in 2018 and 2020 are remarkable. These sudden drops widened the fluctuation range and caused PAS alerts to occur. The queries for which we got two warnings were Q9 and Q16. Q9 focusses on authentication−/authorization-related virtual, data, blockchain, and system technologies. The alerts point to two consecutive unusual patenting activities in the

4  Patent Alert System

81

Table 4.2  Results taken from the Patent Alert System Query ID Q0 Q1 Q2 Q3 Q4 Q5 Q6 Q7 Q8 Q9 Q10 Q11 Q12 Q13 Q14 Q15 Q16

Detected outlier YES NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO

Number of alerts 3 1 1 0 0 1 1 1 1 2 1 0 0 1 1 1 2

Alert year(s) 2017, 2019, 2021 2018 2017 NA NA 2019 2017 2020 2020 2019, 2020 2019 NA NA 2019 2019 2020 2018, 2020

Fig. 4.1  Moving range chart for cybersecurity patents showing three alert points

years 2019 and 2020. There are some other scientific studies that focus on the growing interest in blockchain technologies. As (Feng et al., 2019) points out, experts in e-finance, intellectual property protection, the Internet of things (IoT), and other

82

A. Durmuşoğlu et al.

fields have been paying close attention to blockchain (BC), an innovative distributed database technology with increased security and dependability (Wang et al., 2021). states that many researches by colleges and universities on the theory and application of blockchain may be effective in the increase in patents in these technologies. Similarly, safety (privacy)-related information and network technologies (devices and methods) create two alerts in the years 2018 and 2020. The most important development in Internet security in recent years has been the need for industrial network. With the development of the industrial Internet, a number of new important security events emerged and required a new perspective on security (Wu & Hu, 2019). The study of network security has become increasingly challenging due to the exponential increase of network size and applications, particularly the random dynamic access relationship formed on the static Internet physical connection network (Li et al., 2019). As the threats grow, various security techniques for safe use of our systems and the network are also developing. Focus of cybersecurity appears to shift into network-based protection rather than individual/residential protection. On the other hand, we have not detected any alert (no significant extraordinary range variation) for the following cybersecurity subdomains: • Hardware or software or malware technologies for protection and security purposes. • Virtual, digital, data, system technologies for protection and security purposes. Although there have been significant increases in the number of patents for these areas, the increases have not been statistically significant that they would indicate a paradigm shift.

4.7 Concluding Remarks In this study, various improvements have been made in the working system of PAS, which has been used for technological monitoring in various technology fields before (instead of the threshold value in the creation of alerts, deviations of the moving averages more than 3 standard deviations were used as a trigger), and this time, cybersecurity patents were examined as an application area. While the number of cybersecurity-related patents has been fluctuating, the numbers tend to increase overall. However, evaluating all increases in the same way can be time-consuming and challenging. Patent numbers vary very close to the normal distribution within a certain range unless there is a significant change (such as a paradigm shift). Some increases are large enough to invalidate the normal distribution assumption, which may mean that a new normal has occurred. Within the scope of this study, we tried to determine which special sub-areas experienced the most remarkable changes in cybersecurity technologies by using different keyword phrases. Blockchain-based security technologies and network−/system-based security technologies are the areas where the most meaningful changes are experienced among cybersecurity technologies, which are handled under different categories (searched with different

4  Patent Alert System

83

keywords). Fluctuations in these areas seem to point to the new paradigm. It can be stated that there is a transition from individual cybersecurity protection to network cybersecurity. As it is known, built-in gateways such as routers traditionally serve as a security boundary in home networks, but the understanding that these barriers can be easily overcome (Wasicek, 2020) has also affected the direction of the search for solutions. The growing interest in industrial internet and IoT devices along with developments has pushed the cybersecurity challenge toward digitally distributed, decentralized security solutions. As a leading ledger technology, blockchain has the capacity to be used in a variety of cyberspace applications. With blockchain technology, content is decentralized and stored on multiple nodes in the chain, making it nearly impossible for hackers to attack.

References Adikaram, K. K. L. B., Hussein, M. A., Effenberger, M., & Becker, T. (2015). Data transformation technique to improve the outlier detection power of Grubbs’ test for data expected to follow linear relation. Journal of Applied Mathematics, 2015, e708948. https://doi.org/10.1155/2015/708948 An, J., Kim, K., Mortara, L., & Lee, S. (2018). Deriving technology intelligence from patents: Preposition-based semantic analysis. Journal of Informetrics, 12(1), 217–236. https://doi. org/10.1016/j.joi.2018.01.001 Aslam, M. (2020). Introducing Grubbs’s test for detecting outliers under neutrosophic statistics – An application to medical data. Journal of King Saud University – Science, 32(6), 2696–2700. https://doi.org/10.1016/j.jksus.2020.06.003 Aversa, A., Saboori, A., Marchese, G., Iuliano, L., Lombardi, M., & Fino, P. (2021). Recent progress in beam-based metal additive manufacturing from a materials perspective: A review of patents. Journal of Materials Engineering and Performance, 30(12), 8689–8699. https://doi. org/10.1007/s11665-­021-­06273-­3 Benarous, L., Kadri, B., & Bouridane, A. (2017). A survey on cyber security evolution and threats: biometric authentication solutions. In R. Jiang, S. Al-maadeed, A. Bouridane, D. Crookes, & A. Beghdadi (Eds.), Biometric security and privacy: Opportunities & challenges in The Big Data Era (pp. 371–411). Springer. https://doi.org/10.1007/978-­3-­319-­47301-­7_15 Bersano, G., & Spreafico, M. (2021). Patent intelligence analysis to support technology roadmap on the sector of renewable energy. In Creative solutions for a sustainable development (pp. 182–193). https://doi.org/10.1007/978-­3-­030-­86614-­3_15 L.  Bertolin Furstenau et  al., 20 years of scientific evolution of cyber security: a science mapping. 2020. Bockus, N. F. (2015). Cyber in Space: 2035. In M. Blowers (Ed.), Evolution of Cyber Technologies and Operations to 2035 (pp. 39–57). Springer. https://doi.org/10.1007/978-­3-­319-­23585-­1_4 Chen, H., Zhang, G., Zhu, D., & Lu, J. (2015). A patent time series processing component for technology intelligence by trend identification functionality. Neural Computing and Applications, 26(2), 345–353. https://doi.org/10.1007/s00521-­014-­1616-­y Cho, Y., et al. (2021). Identifying technology opportunities for electric motors of railway vehicles with patent analysis. Sustainability, 13(5), Art. no. 5. https://doi.org/10.3390/su13052424 Choi, D., & Song, B. (2018). Exploring technological trends in logistics: Topic modeling-based patent analysis. Sustainability, 10(8), Art. no. 8. https://doi.org/10.3390/su10082810 Chun, E., Jun, S., & Lee, C. (2021). Identification of promising smart farm technologies and development of technology roadmap using patent map analysis. Sustainability, 13(19), Art. no. 19. https://doi.org/10.3390/su131910709

84

A. Durmuşoğlu et al.

Daim, T., et al. (2012). Patent analysis of wind energy technology using the patent alert system. World Patent Information, 34(1), 37–47. https://doi.org/10.1016/j.wpi.2011.11.001 de la Vega, J.  M., Martínez-Luna, R.  J., Guirado, D., Vilches, M., & Lallena, A.  M. (2012). Statistical control of the spectral quality index in electron beams. Radiotherapy and Oncology, 102(3), 406–411. https://doi.org/10.1016/j.radonc.2011.08.010 Dereli, T., & Durmusoglu, A. (2009). A trend-based patent alert system for technology watch. JSIR, 68(08). Available: http://nopr.niscair.res.in/handle/123456789/5299. Accessed 12 Sept 2017. [Online]. Dereli, T., & Durmuşoğlu, A. (2010). Application of possibilistic fuzzy regression for technology watch. Journal of Intelligent & Fuzzy Systems, 21(5), 353–363. https://doi.org/10.3233/ IFS-­2010-­0467 Dunn Cavelty, M., & Wenger, A. (2020). Cyber security meets security politics: Complex technology, fragmented politics, and networked science. Contemporary Security Policy, 41(1), 5–32. https://doi.org/10.1080/13523260.2019.1678855 Durmuşoğlu, A., & Durmuşoğlu, Z. D. U. (2022). Remembering Medical Ventilators and Masks in the Days of COVID-19: Patenting in the Last Decade in Respiratory Technologies. IEEE Transactions on Engineering Management, 1–15. https://doi.org/10.1109/TEM.2022.3151636 Durmusoglu, A., & Unutmaz Durmusoglu, Z. D. (2021). Traffic Control System Technologies for Road Vehicles: A Patent Analysis. IEEE Intelligent Transportation Systems Magazine, 13(1), 31–41. https://doi.org/10.1109/MITS.2020.3037319 Evangelista, A., Ardito, L., Boccaccio, A., Fiorentino, M., Messeni Petruzzelli, A., & Uva, A.  E. (2020). Unveiling the technological trends of augmented reality: A patent analysis. Computers in Industry, 118, 103221. https://doi.org/10.1016/j.compind.2020.103221 Feng, L., Zhang, H., Tsai, W.-T., & Sun, S. (Dec. 2019). System architecture for high-performance permissioned blockchains. Front. Comput. Sci., 13(6), 1151–1165. https://doi.org/10.1007/ s11704-­018-­6345-­4 Haščič, I., Johnstone, N., & Kahrobaie, N. (2012). International technology agreements for climate change: analysis based on co-invention data. OECD. https://doi.org/10.1787/5k9fgpw5tt9s-­en Hussin, F., & Aroua, M. K. (2020). Recent trends in the development of adsorption technologies for carbon dioxide capture: A brief literature and patent reviews (2014–2018). Journal of Cleaner Production, 253, 119707. https://doi.org/10.1016/j.jclepro.2019.119707 Jabangwe, R., Börstler, J., & Petersen, K. (2015). Handover of managerial responsibilities in global software development: a case study of source code evolution and quality. Software Quality Journal, 23(4), 539–566. https://doi.org/10.1007/s11219-­014-­9247-­1 Jones, S. L., Collins, E. I. M., Levordashka, A., Muir, K., & Joinson, A. (2019, May). What is ‘cyber security’? Differential language of cyber security across the lifespan. In Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems, New York, NY, USA (pp. 1–6). https://doi.org/10.1145/3290607.3312786 Jürgens, B., & Herrero-Solana, V. (2015). Espacenet, patentscope and depatisnet: A comparison approach. World Patent Information, 42, 4–12. https://doi.org/10.1016/j.wpi.2015.05.004 Jürgens, B., & Herrero-Solana, V. (2017). Patent bibliometrics and its use for technology watch. Journal of Intelligence Studies in Business, 7, 17–26. https://doi.org/10.37380/jisib.v7i2.236 Kwon, K., Jun, S., Lee, Y.-J., Choi, S., & Lee, C. (2022). Logistics technology forecasting framework using patent analysis for technology roadmap. Sustainability, 14(9), Art. no. 9. https://doi.org/10.3390/su14095430 Lechevalier, S., Ikeda, Y., & Nishimura, J. (2011). Investigating Collaborative R & D Using Patent Data: The Case Study of Robot Technology in Japan. Managerial and Decision Economics, 32(5), 305–323. https://doi.org/10.1002/mde.1536 Li, Y., Huang, G., Wang, C., & Li, Y. (2019). Analysis framework of network security situational awareness and comparison of implementation methods. EURASIP Journal on Wireless Communications and Networking, 2019(1), 205. https://doi.org/10.1186/s13638-­019-­1506-­1

4  Patent Alert System

85

Li, M., Wu, Z., Wang, L., & Zhou, K. (2020). Does firm’s value matter with firm’s patent quality in technology-intensive industries? IEEE Transactions on Engineering Management, 70, 1–18. https://doi.org/10.1109/TEM.2020.3014228 Liu, K., et al. (2021). Global landscape of patents related to human coronaviruses. International Journal of Biological Sciences, 17(6), 1588–1599. https://doi.org/10.7150/ijbs.58807 Loginov, A. (2020). Evolution of cyber-security research in an industrial setting. In Proceedings of the 2020 ACM Workshop on Forming an Ecosystem Around Software Transformation, New York, NY, USA (p. 15). https://doi.org/10.1145/3411502.3418422 Ma, J., Pan, Y., & Su, C.-Y. (2022). Organization-oriented technology opportunities analysis based on predicting patent networks: a case of Alzheimer’s disease. Scientometrics. https://doi. org/10.1007/s11192-­021-­04219-­z Madnick, B., Huang, K., & Madnick, S. (2021, November). The evolution of cyber security norm development in the digital age. In 2021 IEEE International Symposium on Technologies for Homeland Security (HST) (pp. 1–5). https://doi.org/10.1109/HST53381.2021.9619798 Martin, H., & Daim, T.  U. (2012). Technology roadmap development process (TRDP) for the service sector: A conceptual framework. Technology in Society, 34(1), 94–105. https://doi. org/10.1016/j.techsoc.2012.01.003 Marttin, E., & Derrien, A.-C. (2018). How to apply examiner search strategies in Espacenet. A case study. World Patent Information, 54, S33–S43. https://doi.org/10.1016/j.wpi.2017.06.001 Özata, H., Demir, Ö., & Dogan, B. (2021). Analysis of patents in cyber security with text mining. International Journal of Computer Theory and Engineering, 13, 24–28. https://doi.org/10.7763/ IJCTE.2021.V13.1285 Pilkington, A., Dyerson, R., & Tissier, O. (2002). The electric vehicle: Patent data as indicators of technological development. World Patent Information, 24(1), 5–12. https://doi.org/10.1016/ S0172-­2190(01)00065-­5 Ruohonen, J., Hyrynsalmi, S., & Leppänen, V. (2016). An outlook on the institutional evolution of the European Union cyber security apparatus. Government Information Quarterly, 33(4), 746–756. https://doi.org/10.1016/j.giq.2016.10.003 Schatz, D., Bashroush, R., & Wall, J. (2017). Towards a more representative definition of cyber security. Journal of Digital Forensics, Security and Law, 12(2). https://doi.org/10.15394/ jdfsl.2017.1476 Schwab, N., & Mabee, T. (2014). Winter acoustic activity of bats in Montana. Northwestern Naturalist, 95, 13–27. https://doi.org/10.1898/NWN13-­03.1 Shi, X., Cai, L., & Song, H. (2019). Discovering potential technology opportunities for fuel cell vehicle firms: A multi-level patent portfolio-based approach. Sustainability, 11(22), Art. no. 22. https://doi.org/10.3390/su11226381 Shubbak, M. H. (2019). Advances in solar photovoltaics: Technology review and patent trends. Renewable and Sustainable Energy Reviews, 115, 109383. https://doi.org/10.1016/j. rser.2019.109383 Taillat, S. (2019). Disrupt and restraint: The evolution of cyber conflict and the implications for collective security. Contemporary Security Policy, 40(3), 368–381. https://doi.org/10.108 0/13523260.2019.1581458 Virey, E. H., Baron, N., & Bouhamri, Z. (2020). 30-4: MicroLED Display Technology Trends and Intellectual Property Landscape. SID Symposium Digest of Technical Papers, 51(1), 436–439. https://doi.org/10.1002/sdtp.13898 Wagner, R., Preschitschek, N., Passerini, S., Leker, J., & Winter, M. (2013). Current research trends and prospects among the various materials and designs used in lithium-based batteries. Journal of Applied Electrochemistry, 43(5), 481–496. https://doi.org/10.1007/s10800-­013-­0533-­6 Wang, J., & Chen, Y.-J. (2019). A novelty detection patent mining approach for analyzing technological opportunities. Advanced Engineering Informatics, 42, 100941. https://doi. org/10.1016/j.aei.2019.100941

86

A. Durmuşoğlu et al.

Wang, H., Zhang, Y., & Chen, G. (2009). Resistance spot welding processing monitoring based on electrode displacement curve using moving range chart. Measurement, 42(7), 1032–1038. https://doi.org/10.1016/j.measurement.2009.03.005 Wang, J., Fan, Y., Zhang, H., & Feng, L. (2021). Technology hotspot tracking: Topic discovery and evolution of China’s Blockchain patents based on a dynamic LDA model. Symmetry, 13(3), Art. no. 3. https://doi.org/10.3390/sym13030415 Wasicek, A. (2020). The future of 5G smart home network security is micro-segmentation. Network Security, 2020(11), 11–13. https://doi.org/10.1016/S1353-­4858(20)30129-­X Wu, Y., & Hu, X. (2019). Many measures to solve industrial internet security problems. In 2019 2nd International Conference on Safety Produce Informatization (IICSPI) (pp. 6–11). https:// doi.org/10.1109/IICSPI48186.2019.9095906 Yoon, J., & Kim, K. (2012). TrendPerceptor: A property–function based technology intelligence system for identifying technology trends from patents. Expert Systems with Applications, 39(3), 2927–2938. https://doi.org/10.1016/j.eswa.2011.08.154 Yoon, B., & Magee, C.  L. (2018). Exploring technology opportunities by visualizing patent information based on generative topographic mapping and link prediction. Technological Forecasting and Social Change, 132, 105–117. https://doi.org/10.1016/j.techfore.2018.01.019 Yu, X., & Zhang, B. (2019). Obtaining advantages from technology revolution: A patent roadmap for competition analysis and strategy planning. Technological Forecasting and Social Change, 145, 273–283. https://doi.org/10.1016/j.techfore.2017.10.008 Yun, S., Song, K., Kim, C., & Lee, S. (2021). From stones to jewellery: Investigating technology opportunities from expired patents. Technovation, 103, 102235. https://doi.org/10.1016/j.tech novation.2021.102235

Part II

Strategic Analyses

Chapter 5

Technology Assessment of Cybersecurity Hao Zhang and Tugrul U. Daim

Abstract  Science and technology are developing rapidly, but the negative effects of technology are often not obvious until a long time after its application, which makes it more and more difficult for people to deal with the technology itself and its consequences. At the same time, with the continuous development of society, the demand for social responsibility in the process of scientific and technological development has been paid more and more attention and increased. These demands are triggered by the increasing recognition of serious social and environmental problems caused by new technologies. In order to make better use of technology, reduce or prevent its possible negative impact on society and the environment, and have an intuitive and clear understanding and grasp of technology itself and its consequences as much as possible, a new type of research first emerged in the United States, that is, technology assessment. The term technology assessment (TA) was first used by Philip Yeager in 1966(Yeager, 1972).The first effort to begin the emergence of organized technology assessment is policy control, or early warning, of the potential negative impact of technology development. Technology assessment is used as an early warning tool for the negative risks of technology in the early stage and plays a great role. Technology assessment is considered to be the unconscious negative outcome of predicting technological innovation in order to facilitate more accurate policymaking (Banta, 2009). The most fundamental expectation of a technology assessment is that it will reveal the future consequences of new technologies in terms of current unrecognized benefits.

H. Zhang Chengdu Medical College, Chengdu, China T. U. Daim (*) Mark O. Hatfield Cybersecurity & Cyber Defense Policy Center, Portland State University, Portland, OR, USA e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 T. U. Daim, M. Dabić (eds.), Cybersecurity, Applied Innovation and Technology Management, https://doi.org/10.1007/978-3-031-34843-3_5

89

90

H. Zhang and T. U. Daim

5.1 Introduction Science and technology are developing rapidly, but the negative effects of technology are often not obvious until a long time after its application, which makes it more and more difficult for people to deal with the technology itself and its consequences. At the same time, with the continuous development of society, the demand for social responsibility in the process of scientific and technological development has been paid more and more attention and increased. These demands are triggered by the increasing recognition of serious social and environmental problems caused by new technologies. In order to make better use of technology, reduce or prevent its possible negative impact on society and the environment, and have an intuitive and clear understanding and grasp of technology itself and its consequences as much as possible, a new type of research first emerged in the United States, that is, technology assessment. The term technology assessment (TA) was first used by Philip Yeager in 1966(Yeager, 1972).The first effort to begin the emergence of organized technology assessment is policy control, or early warning, of the potential negative impact of technology development. Technology assessment is used as an early warning tool for the negative risks of technology in the early stage and plays a great role. Technology assessment is considered to be the unconscious negative outcome of predicting technological innovation in order to facilitate more accurate policymaking (Banta, 2009). The most fundamental expectation of a technology assessment is that it will reveal the future consequences of new technologies in terms of current unrecognized benefits. The early development center for technology assessment was founded in the United States, in 1972 by the US Office for Technology Evaluation (OTA), the first agency for technology assessment. Under the influence of American technology assessment theory and practice, some European countries such as Denmark and Holland began to be active in the 1980s. But the OTA was closed in 1995, and the focus of technology assessment began to shift from the United States to Europe. Technology assessment is an early warning tool in the early stage as a negative risk of technology, and it is carried out in the mode of OTA and plays a great role. For example, participatory TA appeared in Denmark, constructive TA appeared in Holland, and more innovations began to be made in the practice of technology assessment. With the transfer of technology assessment center to Europe, more and more countries participate in the development of technology assessment theory, and more and more new technology assessment theories and paradigms appear, such as public technology assessment, constructive technology assessment, interactive technology assessment, integrated technology assessment, and so on. Different from the characteristics of the simple analysis of the traditional early warning technology assessment, the new technology assessment considers the process as important as its analysis results. According to Smit and Leyten, “Technology assessment is the process of analyzing technology developments and their outcomes, and of discussing those outcomes.”(Smits et  al., 1995) Technology assessment began to pay attention to the prediction of technology and technology process and developed into a tool of early diagnosis technology change and potential development.

5  Technology Assessment of Cybersecurity

91

But it has been found in constant practice that technology assessment often gets stuck in the Collingridge dillemma, that is, in the early stages of technology development, when it is controllable, people do not have enough information about its possible consequences to provide a basis for how to control it; and when the technical consequences become obvious, the technology tends to be widely diffused and used, occupying production and markets, and controlling it will be costly and difficult to achieve results. The Collingridge dillema is inevitable, but the technology assessment or in an uncertain environment to make decisions, “do better than not to do.” Moreover, the characteristics of the technology itself are constantly changing, such as high-tech, divisive technologies and emerging technologies. Changes in the characteristics of modern technology also make its assessment methods and difficulties increased. At the same time, there are still some difficult problems in the development of technology assessment theory. For example, the most common problem of technology assessment is keeping pace with technology development. From the outset, it is hoped that technology assessment will reveal the unrecognized consequences of new technology. Yet this initial optimism about the technology’s predictions is fading. In reality, there are few “complete technology assessments” that focus on discovering all the social impacts of technology. More “limited” technology assessments are common. Even when many assessments begin to cover economic, social, psychological, ethical, and legal dimensions with great ambition, the end result usually shrinks. These practical problems and changes have brought pressure to the technology assessment theory. Scholars begin to re-examine the theory, methods, and means of technology assessment, but the results are not very obvious. In recent years, the development of technology assessment theory is slow. Indeed, many scholars believe that the origins of technology assessment can be traced back to the technology forecasting studies of the 1940s and 1950s, when technology forecasting attempted to predict technology trends, primarily to help governments and businesses adjust technology investment plans. Institutions such as Rand and Hudson have done a lot of research. As mentioned above, technology assessment has been attached importance to since the 1960s, developed independently, and formed a certain impact. However, with the closure of the OTA in the United States and some problems encountered in the practice of technology assessment in various countries, as well as the existence of the weakness of technology assessment theory itself which cannot be well solved, the upsurge of technology assessment theory and practice has gradually declined. People begin to think about technology assessment and technology forecasting again, and some scholars even think that technology evaluation is part of technology forecasting (Coates et al., 2001). In recent years, there has been less and less independent research on technology assessment, and the research on technology forecasting (or prediction) is the mainstream. Therefore, how to develop the technology assessment theory has encountered many difficult problems, such as how to continue to develop the need for further research. At the same time, modern science and technology in today’s society has shown many new features, the system of science and technology is expanding, the impact of science and technology on human society has reached a very high level, and people have never paid more attention to science and technology. Scientific management of science and technology is the concern of all countries in the world, and the political

92

H. Zhang and T. U. Daim

environment is changing. But the science and technology decision-­making is also more complex and needs to make the correct decision-making in many uncertainties; these all need to develop the modern science and technology management theory scientifically. Therefore, the management of modern science and technology is the hotspot of the world’s research. As a branch of the management of science and technology, the theory of technology assessment is now in an important moment that needs to be improved and studied deeply and systematically. How to continue the development of technology assessment theory in the historical experience has become a valuable part of science and technology management, which needs to be studied urgently. Security is an eternal topic in human society, and it is no exception in cyberspace. Due to the characteristics of openness and anonymity in cyberspace, coupled with the continuous progress of cyber hacking technology, cyberspace is extremely easy to be exploited. Cyber criminals may use cyberspace to steal money and engage in fraudulent activities, cyber espionage may use cyberspace to steal intelligence (such as military intelligence, business intelligence, etc.), terrorists may use cyberspace to engage in terrorist activities, and military agencies may use cyberspace to launch cyber wars. All these possibilities are warnings of the fragility of cyberspace. Cyberspace is an indispensable foundation for globalization. Therefore, ensuring the security of cyberspace is related to the future development of mankind. However, cyberspace is facing a variety of threats driven by various purposes. In this context, cybersecurity technologies have developed rapidly in recent years and have become one of the most dynamic and promising technology fields. In order to describe the technological development in this field, and then assess the potential future development direction of this field, this chapter constructs a new technology assessment method based on text mining technology and conducts analysis on the network security field accordingly.

5.2 Methodology Text mining is the process of obtaining useful information from text data, including meaningful and important patterns and knowledge. Text mining is developed from data mining, so its definition is similar to that of data mining. But compared with the traditional data mining, the text mining has its unique features: the document itself is semi-structured or unstructured, has no definite form, and lacks machine-­ understandable semantics. The main purpose of text mining is to extract the unknown knowledge from the original unprocessed text, but text mining is also a very difficult task, because it has to deal with the original fuzzy and unstructured text data, so it is a multidisciplinary hybrid field, covering the information technology, text analysis, pattern recognition, statistics, data visualization, database, machine learning, and data mining-related fields and technologies. With the continuous progress and development of science, many social science research methods have developed from the traditional method based on expert knowledge to the method based on data analysis. This is mainly due to the progress

5  Technology Assessment of Cybersecurity

93

of data acquisition and data analysis methods, so that previously unavailable data can now be obtained and previously unavailable data can now be analyzed. The development and application value of technology assessment are limited by the problems of timeliness and effectiveness of traditional methods. However, with the development of technology’s influence on social development, the value of technology assessment is paid more and more attention to, and the theories and methods of technology evaluation develop rapidly. Based on the current popular natural language processing and text mining technologies, we construct an automatic technology assessment method and apply it in the field of cybersecurity. This method has three major components, which are described in detail in the following subsections: 1 . The division of technology stage. 2. The identification of technology topics. 3. The calculation of the connection between technology topics.

5.2.1 Technology Stage Division 5.2.1.1 Related Theories The technology life cycle theory is an important theory of technology assessment and technology forecasting. The technology life cycle describes the entire process of entering the market and eventually exiting the market through product development and design, starting with the relevant basic science. Each stage of the technology life cycle is predictable and repeatable, and knowing the stages of technology development can help managers proactively address or avoid problems as early as possible. There are many ways to determine the technology life cycle, and the most common method is to use patent data to assess the technology life cycle. The advantages of patent data mainly include the following: firstly, patents contain a large amount of technical information and can describe the development of technologies; secondly, patents can reveal the commercial potential of technologies, because patent applications are the premise of commercial applications; thirdly, the sensitivity of technology life cycle analysis based on patent application data is higher than that based on product information and has certain priority in time; finally, patent data is easy to obtain and can be obtained through patent database. Based on the above advantages, this study uses patent data as one of the data sources of technology life cycle analysis. The life cycle of technology can be generally divided into four stages: emerging stage, growth stage, maturity stage, and saturation stage (Gao et al., 2013). The emerging stage is the period during which a new technology is tested in the lab. The number of relevant patents in this period is relatively small, and most of them are fundamental technologies. At this time, due to unclear technology market conditions and relatively high R & D risks, only a few companies usually participate in technology research and market development. With the resolution of basic

94

H. Zhang and T. U. Daim

technology problems and the elimination of market uncertainty, the target technology field begins to enter the growth stage, emerging technologies gradually gain market recognition and are adopted by the industrial field, and many companies begin to invest in technology R & D. For a company that has been developing since the emerging stage, as it has accumulated certain research and development experience, it may make use of the accumulated experience to further increase the research and development investment in innovative technology activities. A growing technology is often referred to as a pacing technology. Maturity stage is the period during which an emerging technology is accepted by society and used by the majority of users after its emerging and growth. During this period, technology competition is very fierce; industry R & D personnel have accumulated a wealth of R & D experience and knowledge and high degree of technology commercialization. When the technology is in the maturity stage, the growth rate of patent becomes slower due to the limited market; the saturation stage refers to the period when the leading edge of technology tends to disappear and the development of technology tends to be saturated after the technology has gone through the growth and maturity period, when the technology is called conventional technology. During the recession, the number of patents in the technology sector almost ceased to increase, and the number of patent applications and related companies showed a negative trend. Through carding the technology life cycle theory, it can be seen that the technology life cycle theory provides a scientific theoretical basis for the division of technology stage. Using the technology life cycle theory, the technology activities in the target domain can be divided into different stages, which can describe the technology R & D activities more completely and dynamically. The technology life cycle theory has become one of the theoretical bases of this research. 5.2.1.2 Method We use the technology roadmap as a way to display the results of technology assessment, one of the characteristics of technology roadmapping is that it can dynamically describe the R & D activities in the target domain and explain the evolution of the target domain over time. Therefore, in order to realize dynamic analysis, it is necessary to divide the R & D activities in the target domain into different stages. The technology life cycle theory provides a theoretical basis for the division of technology stages in this study. There are many methods to judge the technology life cycle stages, including S curve method, patent index method, relative growth rate method, technology life cycle diagram method, and TCT method. In this study, the commonly used S-curve method is used to judge the stage of technology life cycle. The emergence and development of technology has its own rules and trajectories, which are similar to the phenomenon of human life cycle, and can go through budding, growth, maturation, and recession. Every new technology is slowly growing at first. Once a limit is breached, its performance increases rapidly. As it nears

5  Technology Assessment of Cybersecurity

95

Fig. 5.1  Technology life cycle S curve

the upper limit, its performance gains become very difficult, and growth slows again, as graphical representations appear in the shape of S. Figure 5.1 illustrates the S-shaped concept of the technology life cycle. As can be seen from Fig. 5.1, the growth rate of technological R & D activities during the technology emerging stage is lower than that of R & D investment; in the growth stage, the growth of technological R & D activities is positive, the quadratic differential of the curve function is positive, the curve is concave, and the speed of technological development is constantly increasing; in the maturity period, the curve appears inflection point, the quadratic differential of the curve function becomes negative, the curve becomes convex, and the speed of technological development begins to decrease; in the saturation period, the improvement of technological R & D activities is small, and almost no new patents are generated. For different stages of technology R & D, because of the different characteristics of technology R & D activities, different R & D strategies are needed accordingly. In this study, S curve is used as the standard for dividing the stage of R & D activities.

5.2.2 Technology Topic Identification 5.2.2.1 Related Theories In recent years, topic model has become the mainstream of document topic discovery. As a kind of unsupervised learning method, topic model is essentially a graph model based on Bayesian network in technical level. All of the topic models are

96

H. Zhang and T. U. Daim

based on the following two basic assumptions: (1) each document contains multiple topics; and (2) each topic contains multiple words. In other words, the topic model is built on the idea that the semantics of a document are managed by some overlooked hidden or latent variables. Each document is composed of several topics, and each topic is a probability distribution of words. From the earliest LSA model, the topic model has experienced a long development process, until the emergence of the LDA model to achieve the true meaning of the topic model. Topic models are widely used in many fields of NLP. By analyzing the principles, advantages, and disadvantages of various topic models, we can clarify the theoretical basis of topic identification. The former includes LSA model and PLSA model, and the latter includes LDA model and LDA2vec model with the development of deep learning. Latent semantic analysis (LSA) is one of the basic technologies of subject modeling. In 1990, it was proposed by Deerwester et al. (Deerwester et al., 1990). LSA constructs new latent semantic space by using the method of singular value decomposition, reduces the dimension of data, and realizes the semantic analysis of text. The core idea of LSA is to decompose the document-term matrix into independent document-topic matrix and subject-term matrix by introducing semantic dimension. The introduction of semantic dimension reduces the dimensionality of data by mapping high-dimensional text vectors to low-dimensional semantic spaces, thus reducing the cost of text data representation. The proposition of LSA not only provides an important help for the semantic analysis of text but also provides an effective method to solve the polysemy problem, which is an efficient and fast method. However, LSA still has the following problems: (1) the embedded semantic dimension is poor in interpretability, that is, it is unable to interpret the content of the topic, and the randomicity of the content of the topic is high; (2) it requires a higher amount of data, and too little text data and vocabulary will seriously affect the effect of the model; and (3) the representation efficiency of the model is low, the calculation cost is high, and the parameters have no practical significance and only play the role of mathematics. Moreover, LSA is not a complete statistical probability model, and there is still some distance from the real topic model. Hofmann et al. proposed a probabilistic latent semantic analysis model (pLSA, probabilistic latent semantic analysis) in 1999  in response to problems with the LSA model (Hofmann, 2013). PLSA introduces the weights of probabilistic words into LSA model and uses probabilistic method instead of SVD as a way to reduce the dimension. PLSA has the following advantages: (1) It improves the interpretability of the model, introduces polynomial distribution, and has a stronger ability to describe the actual distribution of the text; and (2) it can more effectively solve the problems of “one word polysemy” and “one meaning polysemy.” However, there are still the following problems with pLSA: (1) processing of new text data, there is no probabilistic model for the document layer in the model, so there are no parameters for P (D) modeling, and the new text cannot be processed effectively; (2) overfitting of the model, there is a linear relationship between the number of parameters of pLSA

5  Technology Assessment of Cybersecurity

97

and the text data, and when the number of parameters increases, the number of parameters increases, which brings great difficulties to the solution of the model. Compared with LSA, the accuracy and efficiency of pLSA have been improved, but pLSA is also an incomplete probabilistic subject model. In response to the problems with pLSA, Blei et al. proposed a potential latent Dirichlet allocation (LDA) distribution based on pLSA (Blei et al., 2003). LDA can be thought of as a Bayesian version of pLSA, which uses Dirichlet a priori to handle document-topic and word-topic distributions, thus helping to generalize better. Dirichlet distribution is a kind of “distribution,” which is a brief summary of Dirichlet distribution. Essentially, it answers the question, “Given a distribution, what would the actual probability distribution look like?” Here is an example of the effect of the Dirichlet distribution: Suppose that the object corpus you are working on has documents from three completely different subject areas. If you want to model it, the desired distribution type will have the characteristic that it has a very high weight on one topic and a very low weight on the others. Assuming that there are three topics, some specific probability distributions might be: Mixed X: 90% Topic A, 5% Topic B, 5% Topic C. Mixed Y: 5% Topic A, 90% Topic B, 5% Theme C. Mix Z: 5% Theme A, 5% Theme B, 90% Theme C. If you plot a random probability distribution from a Dirichlet distribution and parameterize the larger weights on a single topic, you might get a distribution that is very similar to a hybrid X, Y, or Z and less likely to sample such a distribution: 33% for topic A, 33% for topic B, and 33% for topic C. In essence, the Dirichlet distribution provides a particular type of sampling probability distribution. Through the previous analysis of the pLSA model, we can see that the main process of the model is to sample the document and then sample the topic according to the document and then sample a word according to the topic. The LDA model uses the bag of word approach, which treats each document as a probability distribution composed of a set of topics, and each topic is a probability distribution composed of many words, thus forming a three-layer Bayesian network model of document-­ topic-­words. Figure 5.2 shows the structure of the LDA model. Based on the Dir (α) distribution of Dirichlet, LDA draw a random sample to represent the topic distribution or topic mix of a particular document. The subject distribution is recorded as theta. A particular topic Z can be selected from theta Fig. 5.2  Structure of LDA model

98

H. Zhang and T. U. Daim

based on distribution. Next, choose a random sample from another Dirichlet distribution to represent the word distribution for topic Z. The word distribution is phi. From phi, choose the word w. Two probability distributions can be obtained through the triple relation of “document-topic-words”: “document-topics” and “topic-­ words.” Because both of these distributions are described by polynomial distributions, the generation of these distributions can be regarded as the process of probability selection. For the first time, a topic was selected with probability on the document-topic distribution, and for the second time, the corresponding words were generated with probability on the theme-vocabulary distribution. The LDA training process includes: 1 . Each word in each document in the corpus is randomly assigned a topic number z. 2. Re-scan the corpus and use the Gibbs sampling formula to sample each word to derive its topic, which is updated in the corpus. 3. Repeat step 2 until Gibbs sampling converges. 4. Statistical corpus topic-word co-occurrence frequency matrix, which is the model of LDA. The reason why LDA works better than pLSA is that LDA can be easily generalized into new documents. In pLSA, document probabilities are a fixed point in the data set. If that file is not found, then there is no data point. In LDA, data sets are used as training data for the document-topic distribution of the Dirichlet distribution. Even if you don’t see a file, it’s easy to sample it from the Dirichlet distribution and move on. The LDA model can simulate the document generation process well, and the model based on probability level can accurately express the semantic hierarchy of the word without additional lexicon overhead. The main disadvantage of LDA is that it has better effect on long text, large amount of calculation, and long training time. 5.2.2.2 Method The core idea of the LDA topic model is the bag of word. The bag model refers to that when analyzing the topic of a document, only considering whether a word appears or not, regardless of the order in which it appears, for the words that can represent its content. In the bag model, for example, “I like you” is equivalent to “You like me.” The number of topics is one of the most significant parameters in LDA models, which has a significant impact on the model performance. If the number of models is too small, the model’s ability to describe data is limited; if the topic data is set too large, the meaning of the topic is reduced, and the model’s training time is increased. Current approaches to determining the number of topics K are mainly divided into empirical settings and perplexity-based calculations (Azzopardi et al., 2003). Experiential settings are usually used by researchers to determine the optimal number of topics through repeated testing or to determine the approximate number of topics needed based on past experience and on specific questions. Although this method is heuristic to the analyst’s experience, it is simple and easy to use, so it

5  Technology Assessment of Cybersecurity

99

becomes the most common method in practice. In fact, most of the research work is directly empirical to set the number of topics. In information theory, perplexity (degree of confusion) can be used to measure the quality of a probability distribution or probability model predicting the sample. In probabilistic language model, perplexity is used to evaluate the language model, and the basic idea is to give the test set a higher probability of the language model; the topic extraction results are better. Perplexity can be understood as the degree of uncertainty that the trained model has about the topic to which the document d belongs. This uncertainty is the perplexity. The lower the level of confusion, the better the effect of topic modeling. The formula for calculating the confusion degree of the LDA topic model is shown in Formula 5.1:



  M log p  wd   Perplexity  exp  d 1 M   Azzopardi et al. 2003   d 1 N d  

D represents the test set in the corpus, M documents in total, Nd represents the number of words in each document d, wd represents the words in the document d, and p (wd) is the probability of word wd in the document. The LDA model also has two significant superparameters, α and β. Hyperparameter α can reflect the distribution of documents on topics. The higher α means the smoother the distribution, the more balanced the distribution of documents on each topic, while α is related to K value; β can reflect the distribution of words in each subject, usually related to the number of words W in the corpus. Based on his research, Asuncion recommends setting the parameter to α  =  50/K and beta = 200/W. Griffiths, on the basis of experience, considers it reasonable to set the parameter alpha = 50/K and beta = 0.01. Based on the above analysis, the results of the topic model should serve the purpose of the technology assessment; too large K value will lead to the topic is too scattered, not conducive to technology assessment analysis and results visualization. Therefore, we choose the first method, i.e., empirical setting, to set the parameters of the topic model. Based on the demand for the number of topics in previous technical forecasts, set the topic number K . Accessed 16 Aug 2022. Bowcut, S. (n.d.). “Cybersecurity in the food and agriculture industry”. Cybersecurity Guide. [Online]. Available: https://cybersecurityguide.org/industries/food-­and-­agriculture/. Accessed 12 Aug 2022. Cimpanu, C. (2021). “FBI warns of credential stuffing attacks against grocery and food delivery services”. The Record by Recorded Future. [Online]. Available: https://therecord.media/fbi-­ warns-­of-­credential-­stuffing-­attacks-­against-­grocery-­and-­food-­delivery-­services/. Accessed 12 Aug 2022. Curry, D. (2022). “Food delivery app revenue and usage statistics”. Business of Apps. [Online]. Available: https://www.businessofapps.com/data/food-­delivery-­app-­market/. Accessed 14 Aug 2022. “Cyber Threats Have Increased 81% since Global Pandemic”. (2021). Business Wire. [Online]. Available: ]https://www.businesswire.com/news/home/20211108005775/en/Cyber-­Threats-­ Have-­Increased-­81-­Since-­Global-­Pandemic. Accessed 12 Aug 2022. Demetrakakes, P. (2022). “How cybercriminals break into food & beverage plants”. Foodprocessing. com. [Online]. Available: https://www.foodprocessing.com/articles/2022/cybercriminals-­food-­ and-­beverage-­plants. Accessed 16 Aug 2022. Dombroski, S. (2020). “Why cybersecurity matters in the food & beverage supply chain”. QAD. [Online]. Available: https://www.qad.com/blog/2020/09/why-­cybersecurity-­matters-­in-­ the-­food-­and-­beverage-­supply-­chain. Accessed 12 Aug 2022.

190

C. Nguyen et al.

Duncan, S. et al. (2021). “Beyond ransomware: Securing the digital food chain”. IFT.org. [Online]. Available: https://www.ift.org/news-­and-­publications/food-­technology-­magazine/issues/2021/ october/features/digital-­food-­chain. Accessed 13 Aug 2022. ETM 590 team 2 project survey  - Cybersecurity technology roadmap for food E-commerce. (2022). [Online]. Available: https://docs.google.com/forms/d/e/1FAIpQLScGJrJibA8iydpV wmCvtZv4PhqgaNFFIlkNw81yvttskORFXA/viewform . Accessed 12 Aug 2022. Forrester, J. (2022). “Why cybersecurity is a major concern for food firms in 2022”. Powder Bulk Solids. [Online]. Available: https://www.powderbulksolids.com/food-­beverage/why-­ cybersecurity-­major-­concern-­food-­firms-­2022. Accessed 12 Aug 2022. Gaskell, A. (2021). “Who is most vulnerable to cybercrime: New report reveals surprising insights”. Cybernews. [Online]. Available: https://cybernews.com/security/who-­is-­most-­vulnerable-­to-­ cybercrime-­new-­report-­reveals-­surprising-­insights/. Accessed 12 Aug 2022. Guirdham, O. (2022). “Food and beverages e-commerce global market to grow at rate of 18% through 2026”. EIN News. [Online]. Available: https://www.einnews.com/pr_news/568265632/ food-­a nd-­b everages-­e -­c ommerce-­g lobal-­m arket-­t o-­g row-­a t-­r ate-­o f-­1 8-­t hrough-­2 026. Accessed 12 Aug 2022. Haug, K. (n.d.). “Cybersecurity budgets: By the numbers”. Klogix.png. [Online]. Available: https:// www.klogixsecurity.com/blog/cybersecurity-­budgets-­by-­the-­numbers. Accessed 16 Aug 2022. Kelso, A. (2019). “DoorDash data breach affects 4.9M people”. Restaurant Dive. [Online]. Available: https://www.restaurantdive.com/news/doordash-­data-­breach-­affects-­49m-­ people/563841/. Accessed 16 Aug 2022. Kenton, W. (2022). “Business-to-Consumer (B2C): What you need to know”. Investopedia. [Online]. Available: https://www.investopedia.com/terms/b/btoc.asp. Accessed 13 Aug 2022. Kerman, A., Borchert, O., Rose, S., & Tan, A. (2020). Implementing a zero trust architecture. National Institute of Standards and Technology, 2020, 17–17. Kleinerman, K. (2022). “Applications of blockchain-based cloud computing”. Ridge Cloud. [Online]. Available: https://www.ridge.co/blog/applications-­of-­blockchain-­based-­cloud-­ computing/. Accessed 13 Aug 2022. Lock, S. (2021). “Quick service restaurant delivery market size us 2022.” Statista. [Online]. Available: https://www.statista.com/statistics/1091458/quick-­service-­restaurant-­delivery-­ market-­size-­us/. Accessed 12 Aug 2022. MacKinney, N. (2020). “New research shows consumers want cybersecurity from service providers”. Cisco Umbrella. [Online]. Available: https://umbrella.cisco.com/blog/new-­research-­shows-­ consumers-­want-­cybersecurity-­from-­service-­providers. Accessed 16 Aug 2022. Mak, A. (2021). “Average cost of cyber insurance by industry”. AdvisorSmith. [Online]. Available: https://advisorsmith.com/business-­insurance/cyber-­liability-­insurance/cost-­by-­industry/. Accessed 16 Aug 2022. Matthews, T. (2022). “Creeper: The world’s first computer virus.” Exabeam. [Online]. Available: https://www.exabeam.com/information-security/creeper-computer-virus/. Accessed 13 Aug 2022. “Ordering Food Online? Cyberattackers May Be Watching You: Cyware Hacker News”. (2020). Cyware Labs. [Online]. Available: https://cyware.com/news/ordering-­food-­online-­ cyberattackers-­may-­be-­watching-­you-­7fcee182/. Accessed 12 Aug 2022. Raj, A. (2021). “Should businesses focus on food Cybersecurity?”. TechHQ. [Online]. Available: https://techhq.com/2021/08/should-­businesses-­focus-­on-­food-­cyber-­security/. Accessed 13 Aug 2022. Reiling, J. (2022). “Customer relationships in the business model canvas”. The Strategic Project Manager. [Online]. Available: https://bethestrategicpm.com/customer-­relationships-­in-­the-­ business-­model-­canvas/. Accessed 6 Aug 2022. RSI. (2022). Top 5 security tools in E-commerce | RSI security. [Online]. RSI Security. Available at: . Accessed 16 Aug 2022.

7  2030 Roadmap: Cybersecurity in Food E-Commerce

191

Sarabyn, K. (n.d.). “Why you should start a technology partner program”. Grow Revenue With Any Partner Program. [Online]. Available: https://partnerstack.com/articles/why-­start-­a-­ technology-­partner-­program. Accessed 13 Aug 2022. Theus, A. (2022). “Three example technology roadmaps”. ProductPlan. [Online]. Available: https:// www.productplan.com/learn/three-­example-­technology-­roadmaps/. Accessed 13 Aug 2022. Tunggal, A. (2022). “What is the cost of a data breach in 2022?: Upguard”. RSS. [Online]. Available: https://www.upguard.com/blog/cost-­of-­data-­breach. Accessed 16 Aug 2022. Ueland, S. (2022). 18 online security resources for small businesses. [Online]. Practical Ecommerce. Available at: