90    Artificial Intelligence for the Internet of Everything


          To-date, the cybersecurity engineering community has principally been
          focused on information systems, an area where the risks are different and
          the technical factors regarding cyber defense pose significantly different
          challenges.


          5.2.1 Historic Patterns for Addressing Cybersecurity

          While cybersecurity experts point to the fact that incorporating anticipatory
          cyber-security features into the design of systems provides a pathway for
          achieving better security, historically most solutions have been add-ons to
          systems in response to actual attacks (Miller, 2014b). The reasons for this
          are economic. When new innovations are in their early development phase
          (such as autonomous vehicles), designers are consumed with achieving a
          working system, and security is treated as something that will follow. When
          the innovation is ready to be brought to the market, concern about the cost
          impacts the security of the new products’ prices and further delays security
          implementation. When the new products are selling, but significant attacks
          have yet to occur, there is no pressing demand to anticipate attacks. When
          attacks start occurring, and there are already large numbers of existing sys-
          tems in use, responsive patching becomes the de-facto solution.
             For existing information systems the major consequences of cyber attacks
          have been financial in nature or related to privacy. Should human safety
          become a primary risk of cyber attacks in the future, new societal patterns
          may emerge that demand stronger anticipatory solutions. Anticipatory solu-
          tions must be designed not only on the basis of prior attacks, but also based
          upon predictions of what cyber attackers might target in the future and how
          they might implement these attacks. Prediction of attacker behavior is quite
          complex, requiring considerations such as: (1) historic attacks; (2) attacker
          motivations; (3) attack complexity and corresponding attacker skill require-
          ments; (4) costs of design and implementation; (5) risks of attacks failing; and
          (6) risks of getting caught. This situation is exacerbated by the need for com-
          petitors to share information (e.g., historic attack information) in order to
          have a more complete basis for making predictions and to provide the
          opportunity to derive a common framework for considering solutions that
          are related to a domain of similar products. Furthermore, for physical systems
          classes that include rapidly changing automation features, predictions can be
          unstable (e.g., the increasing rate for adding new automation features in
          automobiles points to the need for annual reconsideration of potential
          cyber attacks and the corresponding defenses). This situation is further