Unit 1

1.Concept of Information Technology: An information society is a society or subculture where the

usage, creation, distribution, manipulation and integration of information is a significant activity. Its main
drivers are information and communication technologies, which have resulted in rapid growth of a variety
of forms of information. Proponents of this theory posit that these technologies are impacting most
important forms of social organization, including education, economy, health, government, warfare, and
levels of democracy. The people who are able to partake in this form of society are sometimes called
either computer users or even digital citizens, defined by K. Mossberger as “Those who use the Internet
regularly and effectively”. This is one of many dozen internet terms that have been identified to suggest
that humans are entering a new and different phase of society.

There is currently no universally accepted concept of what exactly can be defined as an information
society and what shall not be included in the term. Most theoreticians agree that a transformation can be
seen as started somewhere between the 1970s, the early 1990s transformations of the Eastern
Bloc nations from socialist to capitalist economies and the 2000s period that formed most of today's net
principles and currently as is changing the way societies work fundamentally. Information technology
goes beyond the internet, as the principles of internet design and usage influence other areas, and there are
discussions about how big the influence of specific media or specific modes of production really is. Frank
Webster notes five major types of information that can be used to define information society:
technological, economic, occupational, spatial and cultural. [7] According to Webster, the character of
information has transformed the way that we live today. How we conduct ourselves centers around
theoretical knowledge and information.

1.1 Development of the information society model

One of the first people to develop the concept of the information society was the economist Fritz
Machlup. In 1933, Fritz Machlup began studying the effect of patents on research.
2.Knowledge Society:

Knowledge has been at the heart of growth and development since time immemorial. The ability to invent
and innovate, and create new knowledge to trigger development of new products, processes and services
that help improve the quality of life has been a principal occupation of mankind .The terms ‘knowledge
society’, ‘knowledge-based economy’, however, are terms that were coined more recently. It is important
for proper understanding to make a distinction between knowledge and information. Knowledge
empowers its possessors with the capability for action- intellectual or physical. Knowledge is a matter of
cognitive capability. Information, on the other hand, takes the shape of structured and formatted data that
remain passive and inert until used by those with the knowledge needed to interpret and process them.
The term knowledge society was probably first used by Peter Drucker in 1969 (1). It is not a mere
coincidence that the idea emerged along with such notions as learning societies, life-long education, etc;
the notion of knowledge society is closely related to these. In a broad sense every society has been a
knowledge society as every society must have had its knowledge assets. However when the term is used
in the present context ,it often refers to a society in which knowledge is a primary factor of economic
productivity as contrasted with societies in which capital and labour still rule. There is another significant
difference between ‘knowledge society’ as understood today and the earlier knowledge societies. The
focus today is on human rights, inclusivity and participation of all sections of the society. A knowledge
society generates shares and applies knowledge for the prosperity and well-being of its people and for
overall development.

A closely related term ‘Post-industrial society’ was used as early as in 1914, i.e. 100 years ago. It was
Daniel Bell who revived its usage in his well known book, The Coming of Post-Industrial Society (2).
This term was the most frequently used one before the expression “information society” gained overall
acceptance; it defined the newly emerged social-economic phenomenon by emphasizing the fact that the
old structures of the industrial era were replaced by new ones rather than by focusing on its “content”.
Information Society is a closely related term and widely used today (3). Although the terms ‘Information
society’ and ‘Knowledge society’ are often used interchangeably there is a difference that needs to be
understood. The idea of ‘Information society’ as it is understood today, is primarily based on the
technological breakthroughs that resulted from the revolution in information and communication
technologies (ICT). While the idea of the Internet as a public network and as a platform for universal and
equitable access to knowledge resources is at the core of the concept of ‘Knowledge society’, the notion
has much broader implications as it has social, political, cultural and even ethical dimensions. Plans to
ushering in a Knowledge society’ should be based on the clear understanding that even in today’s
technology driven society the control of knowledge and access to knowledge can go hand in hand with
serious inequality, exclusion and social conflict. Ideally a true knowledge society should integrate all its
members and promote new forms of solidarity involving both present and future generations. Nobody
should be excluded from knowledge societies, where knowledge is a public good, available to every
individual.

3. Cyber Space:

Cyberspace is termed as a virtual and dynamic domain created by computer clones. Cyberspace best
describes the immaterial space where interactions through digital networks, the internet, and computer
systems take place. Firstly began by sci-fi pioneer William Gibson writing in his 1984 novel
"Neuromancer" and then subsequently looking forward to a virtual reality where users were capable of
moving through 3-dimensional digital spaces, cyberspace was initially developed in the early nineties.
While the concept has matured over time, its essence remains consistent, an area of making a tiny realm
of human faculties prone to technology. Cyberspace is fundamentally dependent on technical
advancement and innovation. All digital interactions in this space, including sending emails, visiting
websites, and using social media are part of cyberspace.

3.1 What Does Cyberspace Mean?

The Internet encompasses the area or place formed by the interconnection of computers where
communication of information is done digitally. This is the area concerned with facilitating
communication and sharing information through the internet, be it through access to websites, emails,
or social networks, among other things. The term is as broad and abstract as it covers all the modes of
communication and exchange of information through computer networks and therefore can be looked at
as a general heading that covers all the forms of communication in the digital world. Cyberspace,
therefore, embraces not only cyberspace, such as the internet, but also other digital and electronic.

3.2 Cyberspace vs. the Physical World

Aspect Cyberspace Physical World
Nature Virtual, digital Tangible, physical
Location Exists in computer networks Exists in the natural, material
and the internet environment
Communicatio Digital communication Face-to-face communication,
n (emails, messages, social physical mail
 media)
Commerce E-commerce, digital Traditional retail, physical
transactions currency transactions
Interactions Online interactions, virtual In-person interactions, physical
communities communities
Access Requires electronic devices Accessible without technology
and internet connection (physical presence)
Security Cybersecurity measures Physical security measures (locks,
(firewalls, encryption) surveillance)
Presence Avatars, usernames, digital Physical presence, real identities
identities
Regulation Digital laws, online Physical laws, regulations, and
governance, and policies societal norms
Environment Digital ecosystems Natural and built environments
(websites, platforms) (cities, nature)
3.3 Components of Cyberspace
Here are some of the components of cyberspace that are as follows:
 Networks: The basis of cyberspace is computer network architecture consisting of access networks,
MANs, and WANs that often extend to devices operating as channels through which data are
relayed. These networks may involve a great radius as in the case of single buildings or
astronomically long distances as is the case with space-based networks. They may employ media as
diverse as electrical cables, wirelines to switching nodes and bridges as well as spanning the whole
universe.
 The Internet: Mainly among the various features of this phenomenal space of cyberspace the
Internet is undoubtedly the most remarkable, a complex structure of structures essentially used as a
communication channel for the distribution of information & also online business platforms. The
internet is like a mixture of cyberspace that has websites where messages are sent and stuff for
entertainment purposes like online games and social networks.
Major Components of Cyberspace
 Data: It is data that guarantees the magnetic Connections of the peoples of Cyberspace. Information
is rushing over the net at billions of bits per second. Data as a whole has many different formats that
can be written, images, videos, or files. It would be virtually impossible to expect any online activity
undertaken without data being exchanged or compromised.
 Digital Platforms: It`s a virtual world that exists in the form of digital as well as online systems that
provide services, as well as resources via active interaction. Such a digital suitcase incorporating
social media and search platforms as well as cloud storage and online marketplace is the building
block of the framework of the digital world.
Characteristics of Cyberspace
Here are some of the key characteristics of cyberspace, which include:
 Borderless: While contrasting with real-world areas being strictly separated by geographic
boundaries, cyberspace is beyond classifications and does not have consideration of geographic
location in its connectivity instantaneously. This borderless condition creates a high level of
international cooperation as a positive side and can raise many of the challenges to cybersecurity as
a disadvantage.
 Dynamic: Cyberspace is characterized by high strength, arising from technological innovations,
among the people who access it, and the legal frameworks. Culture appears on the scene in a flash,
old technologies keep getting updated, and the threat of cyber-attacks continuously renews itself and
lays new and new challenges as the digital space changes around the clock.
 Accessible: The cyberspace idea is the comparison of it with the inhabitants of Earth, in that anyone
with an internet connection can gain access to the information and resources that would supposedly
 go for a long period without others. However, the overall national level of digital infrastructure,
social factors, and governmental constraints are the possible issues for reaching the space of cyber
for some populations.
 Anonymous: The users of the internet cannot be identified in the digital space because the
anonymity of virtual presence allows them to know privately without disclosing their real names.
Whilst on one side, anonymity can mean privacy and defense, it can also offer a great chance for
bad guys to commit web crime like cybercrimes and online harassment.
Challenges and Considerations
Cyberspace presents an array of challenges and considerations that are as follows:
 Cybersecurity: The cyber-realm breeds its intensity-in-scale dangers, with the increase in the use
of malware, phishing attacks, data leakages, and cyber wars. Shielding the computerized info and
Maintaining online safety is still an ongoing issue for people, enterprises, and governments.
 Privacy: The obtaining and the proper use of personal information not within physical space can be
considered the main problem that is connected to privacy. For instance, data tracking, data
surveillance, and unauthorized usage of personal data ask for the implementation of necessary data
privacy controls.
 Digital Divide: Unequal access to the net and computer literacy as well as less information
contribute to the formation of the chess paradigm meaning that those people who don't have enough
resources and expertise to utilize the cyber world fully are excluded from these processes. Bridging
this gap is a foremost priority for giving everyone the same chance to fully benefit from digital
opportunities and a more equal platform.
 Regulation and Governance: The undefinable scope of online activities and access to electronic
spaces creates a huge problem for government circles as there are no clear rules to govern them. It is
vital, at the same time, to maintain freedom of speech prevailing over the Net, yet some boundaries
should be set up with no excessive limitation. Policymakers and digital platforms have a great
challenge to fight against the negative content that goes beyond the liberality principle and
proscribed acts.

4. Digital Economy:The digital economy is a portmanteau of digital computing and economy, and is
an umbrella term that describes how traditional brick-and-mortar economic activities (production,
distribution, trade) are being transformed by the Internet and World Wide Web technologies. It has also
been defined more broadly as the way "digital technologies are transforming work, organizations, and the
economy."

The digital economy is backed by the spread of information and communication technologies (ICT)
across all business sectors to enhance productivity. A phenomenon referred to as the Internet of
Things (IoT) is increasingly prevalent, as consumer products are embedded with digital services and
devices.

The digital economy, also referred to as the new economy, refers to an economy in which digital
computing technologies are used in economic activities.

Three main components of the digital economy concept can be identified:

 E-business infrastructure (hardware, software, telecom, networks, human capital, etc.),

 E-business (how business is conducted, any process that an organization conducts over computer-
mediated networks),
 E-commerce (transfer of goods, for example when a book is sold online).

The Digital Economy can be defined in three different approaches:

 Bottom-up approach: characterizing industries’ and firms‘ output or production processes to decide
whether they should be included in the Digital Economy,
 Top-down or trend-based approach: first identifying the key trends driving the digital transformation
and then analyzing the extent to which these are reflected in the real economy,
 Flexible or tiered approach: breaking the Digital Economy into core and non-core components, and
thereby finding a compromise between adaptability and the need to arrive at some common ground
on the meaning of the term.
Bottom-up definition
Bottom-up definitions define the Digital Economy as the aggregate of a specific indicator for a set of
industries identified as actors in the Digital Economy. Whether an industry is considered an actor depends
on the nature of the products (narrow) or the proportion of digital inputs used in production processes
(broad).

Top-down definition
Top-down definitions identify broad trends at play in the digital transformation and define the Digital
Economy as the result of their combined impact on value creation. These include such spillovers as
changes in labor market demand and regulations, platform economy, sustainability, and equality.

Unlike the bottom-up definition, the top-down definition has units of analysis extending beyond firms,
industries, and sectors to include individuals, communities, and societies. While the latter definition is
more inclusive, the IMF notes that it is subjective, qualitative, and open-ended, thus limiting meaningful
comparative analysis.

5. Critical Infrastructure: Critical infrastructure security involves protecting essential systems and assets
that are vital to national security, public health, and economic stability. Critical Infrastructure are those
assets, systems, and networks that provide functions necessary for our way of life. There are 16 critical
infrastructure sectors that are part of a complex, interconnected ecosystem and any threat to these sectors
could have potentially debilitating national security, economic, and public health or safety consequences.
CISA provides guidance to support state, local, and industry partners in identifying the critical
infrastructure sectors and the essential workers needed to maintain the services and functions Americans
depend on daily.

The Cybersecurity features of critical infrastructure have rapidly emerged in a digital society and are
doing more on online networks. Present-time civilization is largely based on a variety of networks and
computer systems in which power supply systems, transportation infrastructure, hospitals, banks, and
other institutions of the financial systems operate.
The hard practice of cyber security has another side of vulnerability wherein the dependence on digital
technology may lead to a broken cyber defense system becoming one of the targets for cybercriminals.
Cybersecurity in critical infrastructure is not only about technicality but it is a matter of historic priority
to shrink the chances of economic crisis, public disorder, and national threat.
In this article, we will take a critical look at cyber security as it relates to the essential infrastructures
with their challenges, advised methodologies or best practices, and some of the scenarios or examples
in the real world where cyber security has been a problem.
What is Cyber Security in Critical Infrastructure?
The entire infrastructural operations of the economy and society are dependent on the safety of their
vital systems networks and resources, and that is called cybersecurity in critical infrastructure.
Operating these critical infrastructures against cyber-attacks is a must, and that is possible through
putting in place high-quality and strict policies.
Critical infrastructure of cybersecurity simply put ways of a general security strategy aimed at
maintaining the confidentiality, integrity, and availability of its related informational resources which
are to be protected. It's used to deny malicious users the opportunity to take advantage of vulnerabilities
for their power objective goals. This calls for the protection of national governments from the risk of
instigating cyberwarfare, resisting non-state individuals' coordinating efforts for cyberterrorism, taking
care of criminal syndicates on cybercrime undertakings, and separating malicious insiders or careless
employees as insider threats.
Critical infrastructure has to be cyber-secured because the possible attacks can result in damaged public
safety, might lead to disruption, and might lead to monetary loss. Initiatives need to be prioritized, and
risks need to be evaluated. defenses have to be reinforced, as concerns that organizations need to
handle. Sneaking in the midst, the cyber security of critical infrastructure is the guiding light that
promotes the strength, dependability, and constant operation of these central systems that support
modern civilization.
Cyber Security in Critical Infrastructure Threat Landscape
Cyber threats may compromise critical infrastructure and can come in many different forms,

such as:
Threat Landscape in Critical Infrastructure
 Cyber Warfare: Cyber threats could be launched by states and actors granted state support to
implement espionage, launching cyberattacks that collapse critical services or destroy advisory
systems.
 Cyber Terrorism: Cyber terrorist groups and other non-state actors can engage in such attacks to
create a sense of chaos, terror, and fear.
 Cyber Crime: Bypassing security systems poses an appealing opportunity, as organized crime
groups exploit vulnerabilities in critical infrastructures to steal or demand money, or to produce
service interruptions.
 Insider Threats: Insiders who are evil-minded or employees who are negligent with care are very
close to serious risks. They can access vital systems by either exploiting some vulnerabilities or
unintentionally leading to security lapses.
Major Challenges in Cyber Security for Critical Infrastructure
Challenges of cyber security for critical infrastructure, which include:
Major Challenges in Cyber Security for Critical Infrastructure

Legacy Systems: The dominance of outdated systems is one of the biggest challenges to critical
infrastructure cyber security. These outdated systems might be challenging to patch or upgrade as
security was frequently overlooked during their creation. They are therefore simply a reward
for hackers. These legacy systems often lack built-in features of security.

 Resource Constraints: Limitations of financial or budget constraints lead to conflicting objectives

that might restrict the amount of money allocated to cybersecurity precautions, leaving critical
infrastructure open to sophisticated cyberattacks.
 Interconnectedness: As the Critical infrastructure is networked or interconnected, it makes it more
vulnerable to attack as a breach in one system might give access to others.
 Complexity: Critical infrastructure systems are often complex that's why it is difficult to deploy
thorough cybersecurity measures because systems are frequently complex, including a large number
of components and stakeholders.
 Regulatory Compliance: Another layer of complexity and challenges arises due to complying with
cybersecurity standards and laws, which forces organizations to manage a maze of requirements
while preserving operational effectiveness.
Cyber Security in Critical Infrastructure Best Practices
Best practices of cyber security in critical infrastructure, which include:
Cyber Security Best Practices in Critical Infrastructure

 Risk Assessment: Risk assessing is the phase where the risk is identified, decided, and analyzed and
this is known as the cyber security risk assessment process. Conducting routine risk assessment
procedures to locate flaws in the cybersecurity environment, ranking the threats, and spending
budgets wisely may be considered the best practice for the designing strategy of critical
infrastructure.
 Defense-in-Depth: Cybersecurity Defense-in-depth means the deployment of one control feature,
and the inclusion of another one, which is next to the previous security control. This design
approach aims to lower the possibility of security breaches. One primary thing is to have a safety
measure set up as an added layer and a backup in case threats arise. If the system is facing a security
loophole, the community must respond with a counteraction strategy. The layering of security
systems like intrusion detection systems (IDS), firewalls, access control, and encryption tools,
provide another measure to scale back threats to critical infrastructure. Unlike the strategy of
defending against only one cyber threat, the strategy of multi-layered security systems enables more
responses to different kinds of cyber threats allowing the system to prepare itself in case it is
attacked.
 Incident Response Planning: An official written prescription that summarizes an approach to data
incidents such as breaches, stealing, cyberattacks, etc, and keeping information secure is an incident
response plan. Planning policies are developed and tested and implementation of the incident
response plans in a quick order to efficiently respond to cyber events as well as to minimize
interruption and quick restoration is practiced.
 Collaboration and Information Sharing: Promoting joint work of government institutions,
organizations, and foreign allies to transfer knowledge on cybersecurity practices and threat
intelligence is supposed to be a maximum practice.
 Proper Employee Training: Another effective measure is appropriate education for the employees at
all levels in cybersecurity, which will help employees recognize and struggle with possible threats
such as phishing attacks or social engineering strategies.
 Continuous Monitoring: Adopting advanced monitoring tools to track intrusions timely, prevent
attacks as well as initiate aggressive defense is the best way for the cybersecurity of critical
infrastructure.
 Regular Updates and Patch Management: Keeping the installed software and systems up-to-date
with the latest security patches and updates enables the system to locate known vulnerabilities hence
reducing the amount of risk of exploitation in the system.
Examples of Cyber Security in Critical Infrastructure
Here are some examples of cybersecurity in critical infrastructure:

Examples of Cyber Security in Critical Infrastructure

 Transportation Security: The incorporation of encryption methods to protect military traffic

management and communication networks such as the ones used in air, rail, and waterway
transportation is a good example of cybersecurity in critical infrastructure, through adopting
biometric authentication methods and using restrictions to prohibit unauthorized people from
coming into critical assets such as airports and harbors.
 Power Grid Protection: Cyber security of critical infrastructure is a major need for power grid
systems provided by electrical systems. Among these will be the installation of new types
of firewalls and IDS (intrusion detection systems) that will have the ability to defend against online
attacks that attempt network accesses with the intent to compromise power distribution,
transmission, and generation infrastructure. Automated anomaly detection and traffic network
monitoring also allow the detection of cyber breaches ahead of time, penetration testing,
and vulnerability assessments, on the other hand, provide the necessary resilience to power plants
against ever-increasing threats.
 Financial Sector Defense: Weak cybersecurity measures are dangerous in the financial industry,
they can lead to data breaches or even financial losses. The cyberattacks can be against payment
networks, banking systems, and financial transactions, so the industry must protect all of them. The
management of cyber threats to banking and digital payment platforms which apply the most up-to-
date fraud detection systems and anomaly detection systems is the prevention of fraudulent incidents
being detected and bringing them to a halt. For secure financial transactions, the use of multi-factor
 authentication and tokenizing in conjunction with cybersecurity in critical infrastructure makes the
online banking system stronger and more secure, ensuring the protection of customer data.
 Healthcare System Resilience: Cyber security is essential to the healthcare industry as it aims to
prevent disruption to system reliability and data safety. One healthcare cybersecurity aims to secure
EHRs, medical equipment, and telemedicine platforms from cyberattacks targeting healthcare
systems by the deployment of strong cybersecurity measures. Although these technologies to some
extent contradict the fundamental principles of the Health Insurance Portability and Accountability
Act (HIPAA) regulations such as protecting the privacy of patients and the accuracy of data that is
stored and shared across healthcare networks, the experts recommend data encryption and secure
authentication methods to make these technological applications safe. Furthermore, the development
of an emergency plan and an alternative provision of healthcare services in case of a cyber disaster
might be important as it protects the health and security of the public when the infrastructure of a
healthcare institution is affected by a cyber disaster by providing patient care and important medical
service.
 Water and Wastewater Security: The guarding mechanisms of cybersecurity are necessary for
guaranteeing the safety and security of critical infrastructure during the process of water and waste.
Defenses such as segregating computers in the treatment facility and offsite secure access help put
water and wastewater systems out of reach of cyber attacks. Providing means of defense from the
manipulation of the leading units of Industrial Control Systems (ICS) by network whitelisting and
firmware integrity tests is the target of cybersecurity technologies. To better guarantee a constant
supply of water and sanitation services, protect people's health, and be environmentally friendly, the
dry run and cybersecurity training drills are undertaken.