Initial Cybersecurity Framework in the New Capital City of Indonesia: Factors, Objectives, and Technology

Round 1

Reviewer 1 Report (Previous Reviewer 2)

The paper was improved by the revision process.

Author Response

Thank you for the comments and suggestions provided

Reviewer 2 Report (New Reviewer)

The authors claim this work includes a systematic literature review on the fields of cybersecurity, critical infrastructure and smart cities. a framework that was validated by three cybersecurity experts and that they applied a set of security objectives to the emerged framework in the context of the new Indonesian capital - Ibu Kota Nusantara.

 

The objective of this work has merit and is most definitely timely as the new capital is set to be inaugurated in 2024. Still, the work itself  has significant flaws, and if it does not suffer a comprehensive rewrite should not be considered for publication.

 

Let's start with the biggest issue. The authors proposed that they did a systematic literature review and that that resulted in a framework. But that "framework" is just the most basic tenets of Information and Cyber Security, namely the CIA triad (Confidentiality, Integrity and Availability) plus Privacy and Safety, and a set of keywords taken from a world cloud that reference a generic set of technologies. 

For a cybersecurity framework of a capital city of a sovereign nation this seems too simplistic, to the point that it becomes meaningless.

 

For this work to be reintroduced, at best, the authors should frame this as a very initial attempt at creating a framework. 

 

Now, besides this, there are other issues with this work. 

 

First the used methodology, PRISMA, is intended for the health field to conduct systematic reviews of actual interventions, with patients, and similar methodologies. And although the authors of PRISMA do not explicitly exclude other research fields, it is clear that this methodology, and the explicit inclusion of the checklist as a supplementary material  is not its intended use case.

 

But even assuming that PRISMA is a good enough approximation, the way the research was conducted is not ideal. From the initial 1954 records, the reduction of 1208 just because the keywords were not on the title, abstract or keyword list seems a bit too narrow. In onde phrase (lines 106-108) a justification for some record removal included references that don't match what the authors say (ref 14 as full paper for instance). But worst if the elimination of 89 records from the surviving 109 base on having the same subject. This is were following PRISMA does not make sense, rejecting a study because it applied the same drug or protocol might make sense in the medical field but it does not in computer science.

 

After the systematic review was conducted the only thing that seemed to be analysed was a set of word clouds, which at best convey semantic proximity of words and little else.

 

The rest of the analysis seems to follow similar approaches, where a small keyword set is used to justify the creation of two diagrams that are defined as a framework. Even here there are, besides the obvious, a few issues. Like Table 2 including the Non-Repudiation security objective that does not seem to be present in the research papers used nor does it appear anywhere else in the manuscript.

 

Finally the research question "What is the status of cybersecurity for IKN?" was not answered in any way.

 

Apart from this there are a few gramatical issues, but in this form I don't think they are worth mentioning. 

 

My suggestion is to either reframe this work as a very initial stage work to create the basis for further research on creating a cybersecurity framework for the city of IKN, or to completely redo the research phase and actually answer the research question proposed. A good starting point might even the two frameworks referenced, ISO 27001 (which by the way has a new version 2022)  and NIST.

 

 

 

Author Response

Thank you for the suggestion to improve our manuscript. We use the suggestion to frame the proposed framework as an initial framework. We also find an editorial mistake in not deleting non-repudiation and not re-checking our research question after conducting grammatical checking. We apologize for the error, and we have corrected it. Detail of the correction describes in the response document.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report (New Reviewer)

Thank you for your resubmitted work. I'll respond first to your replies.

 

Point 1 : addressed

 

Points 2 and 3: I believe you missed the point I was trying to make. Yes PRISMA can be used in other fields, but even the article you referenced suggested some extra constraints besides PRISMA. But the approach you took seems too naive for the purpose of the research effort. With such broad search terms going from 1954 results to 17 studies in the review seems almost impossible. But more importantly if the aim of this research effort is to establish a foundation for the cybersecurity efforts of a nations' capital city, going on 17 research papers instead of the already well established cybersecurity frameworks seems counterproductive at best. Still since you are not offering a proper systematic review, and are only using it in the course of your research, if you feel this approach has given you some insights I don't have a problem with it.

 

Points 4 and 5: Yes a world cloud is a useful mechanism but rarely is it the only one used.

 

Point 6: Not sure the phrasing is better. My suggestion would be "What is the initial cybersecurity framework for IKN?" or event "What are the initial building blocks for IKNs' cybersecurity framework?"

 

Point 7:  addressed but I still have some suggestions bellow

Point 8 :  addressed

 

Overall I still think this research effort needs improving if it is to be used in any meaningful way. But I can also understand that if your are starting from zero then you need some stepping stones, and the result from this effort might be enough in that regard. I however don't know if this is publishable material but I'll leave the final decision to the editors because it's more a question of whether it fits with the editorial objectives of the journal itself.

 

Finally if this is to be published I have some last suggestions in terms of grammar:

line 65: Ans with further considering -> Ans considering

line 67: can also define -> can also be defined

line 100: How is -> What is (or seed above)

line 162: Addition -> "We added" or "Safety was added"

line 256/257: objectives gain using -> not sure what the authors meant so can't suggest correction but should be rephrased

 

 

 

Author Response

Thank you for your comments and suggestions. We try to address six points that still need revision.

• We used PRISMA mainly because we wanted to publish our work in MDPI Journal. We also read that PRISMA can be used in the computer field of research, as cited in the article. We used the literature review approach because we found three main factors in IKN concerning cybersecurity, and we want to find common cybersecurity objectives and technologies according to those factors. In the conclusion section (lines 271-273), we suggest using the common security standard to gain five security objectives.
• We add reason and reference about word cloud in a literature review In lines 133-135.
• The research question changed to “What is the initial cybersecurity framework for IKN?”
• We made grammatical changes according to the recommendation

Author Response File: Author Response.pdf

This manuscript is a resubmission of an earlier submission. The following is a list of the peer review reports and author responses from that submission.

Round 1

Reviewer 1 Report

The study presents a literature review on cybersecurity in smart city.

The results of the study are of little if any significance, and do not add much to current knowledge.

In addition, before submission, the authors  should check with a native speaker the English language, which in the current manuscript is not acceptable (i.e. many sentence are missing part and /or has no meaning as they are)

Reviewer 2 Report

The goal of this paper, as exposed by the authors, is to identify how cybersecurity in the new capital city of Indonesia, IKN, based on Prisma systematic review.

 

The introduction is too short and does not present in detail the problems, current limitations and challenges of researchers regarding the requirements and scientific results. Its reading shows that it is basically a technical article of the design an initial framework validated by cybersecurity and smart city experts, and does not correspond to a new and valuable research in the field.

 

Section 3 it is very concise and does not provide the expected experimental material and data and the innovation factor brought by the authors. Results are not textual presented as much as it should. Based on the information presented in figure 3, what is the connection between Smart City and Critical Infrastructure? It is also necessary to include modify figure 4, because it is not at a good resolution and does not present substantial new information compared to figure 3 (there are redundant data). It is not clear whether the authors' contributions to THIS publication.

 

The authors present the results based on proposed framework without specifying the obtained data, and additionally the implication of cybersecurity in IKN. The aspects related to the network security and authentication must be explained, presented and validated with practical data.

 

On which OSI level is the authentication service implemented?

The authors should consider a better organization of the document. The reference section is good, citing new and relevant articles in the research area.