No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Safeguarding National Critical Energy Infrastructure using Cybersecurity Frameworks and Collaborative Approach for a Resilient Energy Future
Abstract
The government heavy reliance on information communication technology for their daily activities and administration to drive the operations of critical infrastructures cannot be overemphasized. This is evident largely in industrial control systems (ICS) among which the supervisory control and data acquisition (SCADA) system is used to monitor and manage essential operations exposing it to cyber threats and attacks. Cyber threats and attacks on critical infrastructure result to denial of service, vandalism, theft or manipulation of data and even physical harm which can lead to catastrophic national security and economic downturn. These are attributed to the integration and increasing interconnectivity of enterprise information technology and operational technology with standard solution instead of proprietary protocol and software. This paper presents analysis of threat: environment, classification and their attributes and cyber-security frameworks to guard against threats and attacks on critical energy infrastructures using case study approach to demonstrate practical applications in real-world scenarios. The emphasis is on supervisory control and data acquisition (SCADA) system for remote controlling switches, pumps and surveillance systems. This is for government to shape the cyber-security outlook of the critical energy infrastructures to be more secured, resilient, adaptive and sustainable. This will help government make meaningful informed decisions on the cyber-security solutions most appropriate to meet their specific needs and challenges. Besides, it will promote collaboration and knowledge sharing amongst professionals and stakeholders in government, energy companies, regulators, and cyber-security experts for greater innovation and advancement. Keywords: Cybersecurity Framework, Critical Infrastructure, Cyber Threat, Energy, Supervisory Control and Data Acquisition Systems (SCADA), Collaboration.
ResearchGate has not been able to resolve any citations for this publication.
Protecting sensitive data goes beyond regulatory compliance in our linked digital environment. This paper explores the complex field of cybersecurity and suggests moving away from traditional compliance-focused methods. The study highlights how crucial it is to comprehend the dynamic threat landscape and vulnerabilities that businesses face in the always-changing digital ecosystem. The study promotes a proactive approach to cybersecurity, acknowledging that compliance is insufficient to fend off sophisticated attackers and moving beyond a check-box mentality. This study deftly negotiates the complex terrain of new risks, technical weaknesses, and developing assault methods. Organizations may bolster their defenses and proactively reduce risks by cultivating a thorough awareness of these components. The study's conclusions enable organizations to match their cybersecurity plans to the current threat environment, providing helpful advice for resilience. This study navigates the nuanced landscape of emerging threats, technological vulnerabilities, and evolving attack vectors. By fostering a comprehensive understanding of these elements, organizations can fortify their defenses and proactively mitigate risks. The study's conclusions enable organizations to match their cybersecurity plans to the current state of threats, providing helpful advice for resiliency in the event of cyberattacks. The results highlight the need for comprehensive cybersecurity procedures and give firms the information they need to safeguard important assets. This report is a valuable resource for firms looking to go beyond compliance and establish a strong cybersecurity posture against constantly evolving threats as the digital landscape continues to change.
MITRE ATT&CK is a comprehensive knowledge-base of adversary tactics, techniques, and procedures (TTP) based on real-world attack scenarios. It has been used in different sectors, such as government, academia, and industry, as a foundation for threat modeling, risk assessment, and defensive strategies. There are valuable insights within MITRE ATT&CK knowledge-base that can be applied to various fields and applications, such as risk assessment, threat characterization, and attack modeling. No previous work has been devoted to the comprehensive collection and investigation of statistical insights of the MITRE ATT&CK dataset. Hence, this work aims to extract, analyze, and represent MITRE ATT&CK statistical insights providing valuable recommendations to improve the security aspects of Enterprise, Industrial Control Systems (ICS), and mobile digital infrastructures. For this purpose, we conduct a hierarchical analysis starting from MITRE ATT&CK threat profiles toward the list of techniques in the MITRE ATT&CK database. Finally, we summarize our key findings while providing recommendations that will pave the way for future research in the area.
Apache Log4j2 is a prevalent logging library for Java-based applications. In December 2021, several critical and high-impact software vulnerabilities, including CVE-2021-44228, were publicly disclosed, enabling remote code execution (RCE) and denial of service (DoS) attacks. To date, these vulnerabilities are considered critical and the consequences of their disclosure far-reaching. The vulnerabilities potentially affect a wide range of internet of things (IoT) devices, embedded devices, critical infrastructure (CI), and cyber-physical systems (CPSs). In this paper, we study the effects and feasibility of exploiting these vulnerabilities in mission-critical aviation and maritime environments using the ACARS, ADS-B, and AIS protocols. We develop a systematic methodology and an experimental setup to study and identify the protocols’ exploitable fields and associated attack payload features. For our experiments, we employ software-defined radios (SDRs), use open-source software, develop novel tools, and develop features to existing software. We evaluate the feasibility of the attacks and demonstrate end-to-end RCE with all three studied protocols. We demonstrate that the aviation and maritime environments are susceptible to the exploitation of the Log4j2 vulnerabilities, and that the attacks are feasible for non-sophisticated attackers. To facilitate further studies related to Log4j2 attacks on aerospace, aviation, and maritime infrastructures, we release relevant artifacts (e.g., software, documentation, and scripts) as open-source, complemented by patches for bugs in open-source software used in this study.
This paper presented a realistic analysis of Stuxnet cyber-attack, aiming to uncover the complexities associated with the launch decision-making process. It managed to answer the question: Why were Stuxnet cyber-attack adopted, as a strategic choice for managing the conflict instead of traditional choices? It also gave an understanding for the security challenges and the strategic implications that cyber-attack had to pose. Finally, it reached a number of conclusions to the effect that: Realism, as a theory mostly concerned with issues of national security and power, can be a very suitable theoretical framework for analyzing and understanding cyber-attacks. The analysis confirmed that realism is an appropriate framework for identifying important issues related to security in the cyberspace and can provide useful insights into some of the enduring characteristics of international relations in the cyberspace.
Information security plays a key role in enterprises management, as it deals with the confidentiality, privacy, integrity, and availability of one of their most valuable resources: data and information. Small and Medium-sized enterprises (SME) are seen as a blind spot in information security and cybersecurity management, which is mainly due to their size, regional and familiar scope, and financial resources. This paper presents an information security and cybersecurity management project, in which a methodology based on the well-known ISO-27001:2013 standard was designed and implemented in fifty SMEs that were located in the center region of Portugal. The project was conducted by a business association located at the center of Portugal and mainly participated by SMEs. The Polytechnic of Leiria and an IT auditing/consulting team were the other two entities that participated on the project. The characterisation of the participating enterprises, the ISO-27001:2013 based methodology developed and implemented in SMEs, as well as the results obtained in this case study, are depicted and analysed in the paper. The attained results show a clear benefit to the audited and intervened SMEs, being mainly attested by the increasing of their information security management robustness and collaborators’ cyberawareness.
The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result.
In this paper, the cyber-security of smart microgrids is thoroughly discussed. In smart grids, the cyber system and physical process are tightly coupled. Due to the cyber system’s vulnerabilities, any cyber incidents can have economic and physical impacts on their operations. In power electronics-intensive smart microgrids, cyber-attacks can have much more harmful and devastating effects on their operation and stability due to low inertia, especially in islanded operation. In this paper, the cyber–physical systems in smart microgrids are briefly studied. Then, the cyber-attacks on data availability, integrity, and confidentiality are discussed. Since a false data injection (FDI) attack that compromises the data integrity in the cyber/communication network is one of the most challenging threats for smart microgrids, it is investigated in detail in this paper. Such FDI attacks can target state estimation, voltage and frequency control, and smart microgrids’ protection systems. The economic and physical/technical impacts of the FDI attacks on smart microgrids are also reviewed in this paper. The defensive strategies against FDI attacks are classified into protection strategies, in which selected meter measurements are protected, and detection/mitigation strategies, based on either static or dynamic detection. In this paper, implementation examples of FDI attacks’ construction and detection/mitigation in smart microgrids are provided. Samples of recent cyber-security projects in the world, and critical cyber-security standards of smart grids, are presented. Finally, future trends of cyber-security in smart microgrids are discussed.
The importance of looking into microgrid security is getting more crucial due to the cyber vulnerabilities introduced by digitalization and the increasing dependency on information and communication technology (ICT) systems. Especially with a current academic unanimity on the incremental significance of the microgrid’s role in building the future smart grid, this article addresses the existing approaches attending to cyber-physical security in power systems from a microgrid-oriented perspective. First, we start with a brief descriptive review of the most commonly used terms in the latest relevant literature, followed by a comprehensive presentation of the recent efforts explored in a manner that helps the reader to choose the appropriate future research direction among several fields.
The smart grid faces a variety of physical and cyber attacks. Coordinated cyber‐physical attacks can cause severer consequences than the single cyber or physical attacks, which can be divided into two categories according to whether the physical attack is stealthy or not. Coordinated cyber‐physical attacks considering DoS attacks are investigated due to the lower cost of DoS attacks. In each category of coordinated cyber‐physical attacks, the mathematical models are derived and suitable methods are adopted to solve the corresponding issue. The experimental simulation demonstrates the potentially damaging effects and threats of this newly proposed attack. It is also presented that this newly proposed attack can use lower attack resources to introduce more catastrophic effects on the power system.
A systematic analysis of Hospital Episodes Statistics (HES) data was done to determine the effects of the 2017 WannaCry attack on the National Health Service (NHS) by identifying the missed appointments, deaths, and fiscal costs attributable to the ransomware attack. The main outcomes measured were: outpatient appointments cancelled, elective and emergency admissions to hospitals, accident and emergency (A&E) attendances, and deaths in A&E. Compared with the baseline, there was no significant difference in the total activity across all trusts during the week of the WannaCry attack. Trusts had 1% more emergency admissions and 1% fewer A&E attendances per day during the WannaCry week compared with baseline. Hospitals directly infected with the ransomware, however, had significantly fewer emergency and elective admissions: a decrease of about 6% in total admissions per infected hospital per day was observed, with 4% fewer emergency admissions and 9% fewer elective admissions. No difference in mortality was noted. The total economic value of the lower activity at the infected trusts during this time was £5.9 m including £4 m in lost inpatient admissions, £0.6 m from lost A&E activity, and £1.3 m from cancelled outpatient appointments. Among hospitals infected with WannaCry ransomware, there was a significant decrease in the number of attendances and admissions, which corresponded to £5.9 m in lost hospital activity. There was no increase in mortality reported, though this is a crude measure of patient harm. Further work is needed to appreciate the impact of a cyberattack or IT failure on care delivery and patient safety.
This paper introduces various concepts that relate to information technology and the development of energy transmission and distribution. Key challenges need to be addressed in relation to energy consumption, such as the need to be responsive to current demand, which have been addressed through information technology systems. With the increased connectedness of energy systems, there has also been an increased need to ensure the information security of these systems. The Internet of Things (IoT) concept will be reviewed in relation to the connection of objects in energy systems as well as the concepts of Big Data and Cloud Computing. The former has developed in response to the need to predict energy usage more accurately and the latter offers the advantages of increased failover potential as well as much faster provisioning of enhanced capacity in IT systems to meet consumer demand.
This study provides a comprehensive analysis of the governance of standard development
organizations (SDOs), with a particular emphasis on organizations developing standards for
Information and Communication Technologies (ICT). The analysis is based on 17 SDO case
studies, a survey of SDO stakeholders, an expert workshop, and a comprehensive review of
the legal and economic literature. The study considers the external factors conditioning SDO
decision making on rules and procedures, including binding legal requirements, government
influence, the network of cooperative relationships with other SDOs and related
organizations, and competitive forces. SDO decision-making is also shaped by internal
factors, such as the SDOs’ institutional architecture of decision-making bodies and their
respective decision-making processes, which govern the interaction among SDO
stakeholders and between stakeholders and the SDO itself. The study also analyzes
governance principles, such as openness, balance of interests, and consensus decisionmaking, and discusses their interplay. The insights from these analyses are applied to SDO decision making on Intellectual Property Rights (IPR) policies, which represents a
particularly salient and controversial aspect of SDO policy development.
Many organizations still rely on traditional methods to protect themselves against various cyber threats. This is effective when they deal with traditional threats, but it is less effective when it comes to Advanced Persistent Threat (APT) actors. APT attacks are carried by highly skilled (possibly state-sponsored) cyber criminal groups who have potentially unlimited time and resources.
In an effort to develop strong cyber resilience, international organisations, academic institutions, corporations and countries have been actively working to develop cybersecurity frameworks (CSFs). Such efforts emphasize various perspectives depending on the organisation’s intention, while their contents involve the same concept. The aim of this paper is to incorporate the many varied perspectives on CSFs and gather them into a concise view by contrasting different intentions and distilling shared concepts. To do so, this study uses the document analysis method alongside two cycles of coding (descriptive coding and pattern coding) to excerpt 12 extant CSFs. The various intentions can be cascaded with respect to four areas: 1) the promoted action, 2) the driver, 3) the framework milieu and 4) the audience. The frameworks can also be examined according to three common concepts: 1) shared actions, 2) cyber pillars and 3) the framework life cycle. A total of seven shared actions are distilled from the frameworks, while the human, organisational, infrastructure, technology and law and regulation pillar are the most frequently discussed excerpts from the CSFs. Moreover, there are three processes for securing cyberspace: profiling, delivering and assuring. The shared concepts presented in this paper may also be useful for developing a general model of a CSF.
Security evaluation of communication systems in smart grid poses a great challenge to the developers and operators. In recent years, many new smart grid standards were proposed, which paradoxically results in the difficulty in finding a relevant publication in this plethora of literature. This paper presents the results of a systematic analysis which aimed at addressing this issue by identifying standards that present sound security assessment guidance. This should help practitioners in choosing the standards that are applicable to their area. Additionally the contents extracted from the standards can serve as a useful guidance on security assessments of smart grid components.
In recent years, cyber-physical system (CPS) applications have been extensively utilised in the electric power grid to enable wide-area protection, control, and monitoring of power systems. Many of these applications in a smart grid CPS depend on reliable time synchronisation. For example, synchrophasor data from geographically distributed phasor measurement units (PMU) utilise global positioning system (GPS) for precise timing. However, these units are exposed to GPS time spoofing attacks that can lead to inaccurate monitoring and trigger unnecessary, and possibly destabilising, remedial control actions. The authors develop an end-to-end case study demonstrating the effect of GPS spoofing attacks on the phase angle monitoring and control functions of a PMU-based load shedding scheme. The evaluation of authors attack strategy is performed in a hardware-in-the-loop real-time digital simulator-enabled power system testbed.
Security threats and economic loss caused by network attacks, intrusions and vulnerabilities have motivated intensive studies on network security. Normally, data collected in a network system can reflect or can be used to detect security threats. We define these data as network security-related data. Studying and analyzing security-related data can help detect network attacks and intrusions, thus making it possible to further measure the security level of the whole network system. Obviously, the first step in detecting network attacks and intrusions is to collect security-related data. However, in the context of big data and 5G, there exist a number of challenges in collecting these security-related data. In this paper, we first briefly introduce network security-related data, including its definition and characteristics, and the applications of network data collection. We then provide the requirements and objectives for security-related data collection and present a taxonomy of data collection technologies. Moreover, we review existing collection nodes, collection tools and collection mechanisms in terms of network data collection and analyze them based on the proposed requirements and objectives towards high quality security-related data collection. Finally, we discuss open research issues and conclude with suggestions for future research directions.
The article deals with cybersecurity in relation to the energy security of Russia. The definitions of energy
security and cyber security of energy systems are given. It’s marked increasing of cyber threats in connection
with proliferation of Smart Grid concept, which provides raising level of computerization and intellectualization of energy systems. It is proposed to consider cyber threats as one of the most important contemporary
threats to Russia’s energy security. The current state of cybersecurity energy systems is analyzed. Energy
infrastructure is considered as one of the critical infrastructures. Proposed by the authors a methodological
approach to the development of cybersecurity measures in energy systems is formulated and the results of
its implementation is regarded.
Industrial control systems (ICSs) are transitioning from legacy-electromechanical-based systems to modern information and communication technology (ICT)-based systems creating a close coupling between cyber and physical components. In this paper, we explore the ICS cybersecurity landscape including: 1) the key principles and unique aspects of ICS operation; 2) a brief history of cyberattacks on ICS; 3) an overview of ICS security assessment; 4) a survey of 'uniquely-ICS' testbeds that capture the interactions between the various layers of an ICS; and 5) current trends in ICS attacks and defenses.
Information security awareness can play an important role in facing cyber-attacks by intruders. The main goal of this paper is to analyse the information security awareness among academic staff, researchers, undergraduate students and employee within educational environments in the Middle East in an attempt to understand the level of awareness of information security, the associated risks and overall impact on the institutions. The results reveal that the participants do not have the requisite knowledge and understanding of the importance of information security principles and their practical application in their day-to-day work. This situation can however be corrected through comprehensive awareness and training programs as well as adopting all the necessary safety measures at all levels of the institution to ensure that the students, academic staff and employees are trustworthy, technology savvy and keep their data safe. Without such training programs and awareness, there will be negative consequences on IT systems and their application usage, as well as on users’ personal security now and in the future. From the weaknesses identified in this survey, some essential recommendations are put forward to remedy the situation.
With the increasing significance of information technology, there is an urgent need for adequate measures of informa- tion security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems ap- peared in public, organizations have recognized their responsibilities to safeguard physical and information assets. Se- curity standards can be used as guideline or framework to develop and maintain an adequate information security man- agement system (ISMS). The standards ISO/IEC 27000, 27001 and 27002 are international standards that are receiving growing recognition and adoption. They are referred to as “common language of organizations around the world” for information security [1]. With ISO/IEC 27001 companies can have their ISMS certified by a third-party organization and thus show their customers evidence of their security measures.
Information technology (IT) is critical and valuable to our society. An important type of IT system is Supervisor Control And Data Acquisition (SCADA) systems. These systems are used to control and monitor physical industrial processes like electrical power supply, water supply and railroad transport. Since our society is heavily dependent on these industrial processes we are also dependent on the behavior of our SCADA systems. SCADA systems have become (and continue to be) integrated with other IT systems they are thereby becoming increasingly vulnerable to cyber threats. Decision makers need to assess the security that a SCADA system’s architecture offers in order to make informed decisions concerning its appropriateness. However, data collection costs often restrict how much information that can be collected about the SCADA system’s architecture and it is difficult for a decision maker to know how important different variables are or what their value mean for the SCADA system’s security. The contribution of this thesis is a modeling framework and a theory to support cyber security vulnerability assessments. It has a particular focus on SCADA systems. The thesis is a composite of six papers. Paper A describes a template stating how probabilistic relational models can be used to connect architecture models with cyber security theory. Papers B through E contribute with theory on operational security. More precisely, they contribute with theory on: discovery of software vulnerabilities (paper B), remote arbitrary code exploits (paper C), intrusion detection (paper D) and denial-of-service attacks (paper E). Paper F describes how the contribution of paper A is combined with the contributions of papers B through E and other operationalized cyber security theory. The result is a decision support tool called the Cyber Security Modeling Language (CySeMoL). This tool produces a vulnerability assessment for a system based on an architecture model of it.
Information systems are frequently exposed to various types of threats which can cause different types of damages that might lead to significant financial losses. Information security damages can range from small losses to entire information system destruction. The effects of various threats vary considerably: some affect the confidentiality or integrity of data while others affect the availability of a system. Currently, organizations are struggling to understand what the threats to their information assets are and how to obtain the necessary means to combat them which continues to pose a challenge. To improve our understanding of security threats, we propose a security threat classification model which allows us to study the threats class impact instead of a threat impact as a threat varies over time. This paper addresses different criteria of information system security risks classification and gives a review of most threats classification models. We define a hybrid model for information system security threat classification in order to propose a classification architecture that supports all threat classification principles and helps organizations implement their information security strategies.
Critical infrastructures (CI) depend on communications and information technology infrastructure (CITI) for many of their key functionalities, which is known as cyber interdependency. In this paper, we presented a cyber interdependency simulation technique that is based on the idea that overall performance of a CI network is determined by the behaviour of its components at multiple time scales. Accordingly, for cyber interdependency simulation, we decomposed CI network into two time scales; regular CI events are captured in large time-steps and data communication network events are captured in smaller time-steps. Two different simulators are used for each of these partitions and results from both simulations are synchronised appropriately. A real life example is presented to demonstrate the accuracy and usefulness of our approach. The hybrid simulation model gives significant flexibility to plug-in domain specific models into the critical infrastructure simulator for accurate and efficient solution.
In the rapidly evolving landscape of cybersecurity, the proliferation of sophisticated threats necessitates innovative approaches for detection and prevention. Machine learning algorithms have emerged as powerful tools in augmenting traditional cybersecurity measures, enabling proactive threat mitigation and enhanced defense mechanisms. This abstract explores the role of machine learning algorithms in cybersecurity, focusing on their capabilities in detecting and preventing a wide range of threats. Machine learning algorithms leverage data-driven techniques to analyze vast amounts of information, identifying patterns and anomalies indicative of malicious activities. By continuously learning from new data inputs, these algorithms adapt and evolve, bolstering cybersecurity defenses in real-time. From identifying known malware signatures to detecting previously unseen threats through anomaly detection, machine learning algorithms offer a versatile arsenal against cyber threats. One key advantage of machine learning in cybersecurity lies in its ability to discern complex relationships and subtle indicators of malicious intent. Through feature extraction and pattern recognition, these algorithms can uncover hidden threats that may evade traditional signature-based detection methods. Moreover, machine learning techniques such as deep learning enable the analysis of unstructured data types, such as network traffic and user behavior, facilitating comprehensive threat detection across diverse attack vectors. In the context of threat prevention, machine learning algorithms play a crucial role in proactive defense strategies. By leveraging historical data and predictive analytics, these algorithms can anticipate potential threats and vulnerabilities, allowing organizations to implement preemptive measures before an attack occurs. Furthermore, machine learning-based anomaly detection systems can swiftly identify deviations from normal behavior, enabling rapid response and containment of security incidents.
The goal of this book is to describe cyber analysis and targeting for defensive applications. One objective of developing a cyber analysis and targeting methodology is to add information technology (IT) considerations into traditional military operations research (OR). For example, we will include cyber threats, cyber terrain, IT architectures, and other information-related capabilities (IRCs) in a developing cyber analysis and targeting methodology, accounting for the steady ingress of cyber into military operations through IT-based improvements in weapons systems, telecommunications, and online media. In developing this cyber analysis and targeting methodology, we will leverage use cases that span from analysis to modeling and simulation. This includes a look at assessment, for resilient systems development, along with using novel modeling and simulation approaches to describe the target as a discrete event process that we will use to estimate the effects from a cyber attack.
Purpose
This paper aims to explore the evolution of a trend in which countries are developing or adopting cybersecurity implementation frameworks that are intended to be used nationally. This paper contrasts the cybersecurity frameworks that have been developed in three countries, namely, Australia, UK and USA.
Design/methodology/approach
The paper uses literature review and qualitative document analysis for the study. The paper developed and used an assessment matrix as its coding protocol. The contents of the three cybersecurity frameworks were then scored to capture the degree to which they covered the themes/items of the cybersecurity assessment matrix.
Findings
The analysis found that the three cybersecurity frameworks are oriented toward the risk management approach. However, the frameworks also had notable differences with regard to the security domains that they cover. For example, one of the frameworks did not offer guidelines with regard to what to do to respond to attacks or to plan for recovery.
Originality/value
The results of this study are beneficial to policymakers in the three countries targeted, as they are able to gain insights about how their cybersecurity frameworks compares to those of the other two countries. Such knowledge would be useful as decision-makers take steps to improve their existing frameworks. The results of this study are also beneficial to executives who have branches in all three countries. In such cases, security professionals could deploy the most comprehensive framework across all three countries and then extend the deployment in each location to meet country-specific requirements.
Industrial cyber-physical systems (CPSs) are largescale, geographically dispersed and life-critical systems, in which lots of sensors and actuators are embedded and networked together to facilitate real-time monitoring and closed-loop control. Their intrinsic features in geographic space and resources put forward to urgent requirements of reliability and scalability for designed filtering or control schemes. This paper presents a review of the state-of-the-art of distributed filtering and control of industrial CPSs described by differential dynamics models. Special attention is paid to sensor networks, manipulators and power systems. For real-time monitoring, some typical Kalman-based distributed algorithms are summarized and their performances on calculation burden,
communication burden as well as scalability are discussed in depth. Then, the characteristics of non-Kalman cases are further disclosed in light of constructed
filter structures. Furthermore, the latest development is surveyed for distributed cooperative control of mobile manipulators and distributed model predictive control in industrial automation systems. By resorting to droop characteristics, representative
distributed control strategies classified by controller structures are systematically summarized for power systems with the requirements of power sharing, and voltage and frequency regulation. In addition, distributed security control of industrial CPSs
is reviewed when cyber-attacks are taken into consideration. Finally, some challenges are raised to guide the future research.
People endorse the great power of cloud computing, but cannot fully trust the cloud providers to host privacy-sensitive data, due to the absence of user-to-cloud controllability. To ensure confidentiality, data owners outsource encrypted data instead of plaintexts. To share the encrypted files with other users, Ciphertext-Policy Attribute-based Encryption (CP-ABE) can be utilized to conduct fine-grained and owner-centric access control. But this does not sufficiently become secure against other attacks. Many previous schemes did not grant the cloud provider the capability to verify whether a downloader can decrypt. Therefore, these files should be available to everyone accessible to the cloud storage. A malicious attacker can download thousands of files to launch Economic Denial of Sustainability (EDoS) attacks, which will largely consume the cloud resource. The payer of the cloud service bears the expense. Besides, the cloud provider serves both as the accountant and the payee of resource consumption fee, lacking the transparency to data owners. These concerns should be resolved in real-world public cloud storage. In this paper, we propose a solution to secure encrypted cloud storages from EDoS attacks and provide resource consumption accountability. It uses CP-ABE schemes in a black-box manner and complies with arbitrary access policy of CP-ABE. We present two protocols for different settings, followed by performance and security analysis.
Enterprise Cybersecurity empowers organizations of all sizes to defend themselves with next-generation cybersecurity programs against the escalating threat of modern targeted cyberattacks. This book presents a comprehensive framework for managing all aspects of an enterprise cybersecurity program. It enables an enterprise to architect, design, implement, and operate a coherent cybersecurity program that is seamlessly coordinated with policy, programmatics, IT life cycle, and assessment.
Fail-safe cyberdefense is a pipe dream. Given sufficient time, an intelligent attacker can eventually defeat defensive measures protecting an enterprise’s computer systems and IT networks.
To prevail, an enterprise cybersecurity program must manage risk by detecting attacks early enough and delaying them long enough that the defenders have time to respond effectively. Enterprise Cybersecurity shows players at all levels of responsibility how to unify their organization’s people, budgets, technologies, and processes into a cost-efficient cybersecurity program capable of countering advanced cyberattacks and containing damage in the event of a breach.
The authors of Enterprise Cybersecurity explain at both strategic and tactical levels how to accomplish the mission of leading, designing, deploying, operating, managing, and supporting cybersecurity capabilities in an enterprise environment. The authors are recognized experts and thought leaders in this rapidly evolving field, drawing on decades of collective experience in cybersecurity and IT. In capacities ranging from executive strategist to systems architect to cybercombatant, Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, and Abdul Aslam have fought on the front lines of cybersecurity against advanced persistent threats to government, military, and business entities.
It is without doubt that today the volume and sophistication of cyber attacks keeps consistently growing, militating an endless arm race between attackers and defenders. In this context, full-fledged frameworks, methodologies, or strategies that are able to offer optimal or near-optimal reaction in terms of countermeasure selection, preferably in a fully or semi-automated way, are of high demand. This is reflected in the literature, which encompasses a significant number of major works on this topic spanning over a time period of 5 years, that is, from 2012 to 2016. The survey at hand has a dual aim, namely: first, to critically analyze all the pertinent works in this field, and second to offer an in-depth discussion and side-by-side comparison among them based on 7 common criteria. Also, a quite extensive discussion is offered to highlight on the shortcomings and future research challenges and directions in this timely area.
With increasing terrorism and sabotage activities, the power grid is becoming more vulnerable to various kinds of cyber and physical attacks. Coordination between the attacks could bring higher impacts on the power system, as evidenced by the 2015 Ukrainian power system cyberattack. There is limited study in existing literature about possible coordinated attack scenarios and the detailed mathematical modeling of them. To prevent future coordinated attacks against power systems, in this paper the cyber-physical security of the power system is analyzed and probable coordinated attack scenarios are proposed. Two typical attack coordination examples are studied in detail: the coordination between load redistribution (LR) attack and attacking generators; and the coordination between LR attack and attacking lines. They are formulated as bilevel optimization problems, where the attacker at the upper level aims to maximize the load curtailment while the defender at the lower level makes an effort to reduce the load curtailment. The case studies conducted based on a modified IEEE 14-bus system demonstrate the potential damaging effects of the coordinated attacks. And it is shown that coordinated attacks could cause higher load curtailment than the standalone attacks. This study can provide meaningful insights on how to prevent and mitigate such high-impact, low-frequency (HILF) coordinated attacks.
In recent years, cyberattacks have increased rapidly in huge volumes and diversity. Despite the existence of advanced cyber-defence systems, attacks and intrusions still occur. Defence systems tried to block previously known attacks, stop ongoing attacks and detect occurred attacks. However, often the damage caused by an attack is catastrophic. Consequently, the need for improved intrusion detection systems and proposed robust prediction system is more urgent these days. In this chapter, we investigate the intrusion prediction systems to show the need for such system, the insufficiency of the current intrusion detection systems and how prediction will improve the security capabilities for defence systems. A survey of intrusion prediction systems in cybersecurity, the concepts of work and methods used in these systems is presented.
The term “cyberspace” is characterized by a multiplicity of meanings, and the purpose of this article is to provide a taxonomy of these “cyberspaces.” Three levels of cyberspace are identified, the first being ontology, which includes notions of cyberspace as a paraspace or nonspace, as well as the concept of cyberspacetime. The second level includes building blocks such as physical conceptual and perceptual space or virtual space. The third level is that of synthesis, including varieties of cyberspace such as media space, aesthetic space, dataspace, and personal and social space.
This paper studies the feasibility of an early warning system that prevents users from the dangerous situations they may fall into during web surfing. Our approach adopts behavioral Hidden Markov Models to explore collective intelligence embedded in users' browsing behaviors for context-aware category prediction, and applies the results to web security threat prevention. Large-scale experiments show that our proposed method performs accuracy 0.463 for predicting the fine-grained categories of users' next accesses. In real-life filtering simulations, our method can achieve macro-averaging blocking rate 0.4293 to find web security threats that cannot be detected by the existing security protection solutions at the early stage, while accomplishes a low macro-averaging over-blocking rate 0.0005 with the passage of time. In addition, behavioral HMM is able to alert users for avoiding security threats by 8.4 hours earlier than the current URL filtering engine does. Our simulations show that the shortening of this lag time is critical to avoid severe diffusions of security threats.
Cyber threats are becoming more sophisticated with the blending of once distinct types of attack into more damaging forms. Increased variety and volume of attacks is inevitable given the desire of financially and criminally-motivated actors to obtain personal and confidential information, as highlighted in this paper. We describe how the Routine Activity Theory can be applied to mitigate these risks by reducing the opportunities for cyber crime to occur, making cyber crime more difficult to commit and by increasing the risks of detection and punishment associated with committing cyber crime. Potential research questions are also identified.
Last year marked a turning point in the history of cybersecurity-the arrival of the first cyber warfare weapon ever, known as Stuxnet. Not only was Stuxnet much more complex than any other piece of malware seen before, it also followed a completely new approach that's no longer aligned with conven tional confidentiality, integrity, and availability thinking. Con trary to initial belief, Stuxnet wasn't about industrial espionage: it didn't steal, manipulate, or erase information. Rather, Stuxnet's goal was to physically destroy a military target-not just meta phorically, but literally. Let's see how this was done.
Imperatives of egovernment and the future of Nigeria
- C C Asiabaka
Asiabaka, C.C. (2014) Imperatives of egovernment and the future of Nigeria.Owerri: FUTO. Accessed July 4, 2014
from www.softwareclubnigeria.org/.../FUTO%20VC%20E-Gov%20Imperatives%20)
Where does the word cyber come from?
- T Coe
Coe, T. (2015) 'Where does the word cyber come from?', OUP Blog (28 March).
https://blog.oup.com/2015/03/cyber-word-origins.
The bizarre evolution of the word 'Cyber
- A Newitz
Newitz, A. (2013) 'The bizarre evolution of the word 'Cyber'. Gizmodo. https://io9.gizmodo.com/todaycyber-means-war-but-back-in-the-1990s-it-mean-1325671487 (accessed 13 January 2023).
), which permits unrestricted use, distribution, and reproduction in any medium
- G A Crowther
Crowther, G.A. (2017) 'The cyber domain', The Cyber Defense Review 2 (3): 63-78.
Lee, M (2023) Cyber Threat Intelligence, First Edition.© John Wiley & Sons, Inc.
This is an Open Access article distributed under the terms of the Creative Commons Attribution License
(http://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the
original work is properly cited
Page | 45
Cybercom to Elevate to Combatant Command. US Department of Defense Press Release
- L Ferdinando
Ferdinando, L. (2018) Cybercom to Elevate to Combatant Command. US Department of Defense Press Release.
https://www.defense.gov/Explore/News/Article/Article/1511959/cybercom-to-elevate-to-combatantcommand (accessed 13 January 2023).
NATO cyber command to be fully operational in 2023
- R Emmott
Emmott, R. (2018). NATO cyber command to be fully operational in 2023. Reuters (26 October).
https://www.reuters.com/article/us-nato-cyber-idUSKCN1MQ1Z9 (accessed 13 January 2023).
Beyond Cybersecurity
- J M Kaplan
Kaplan, J.M. et al., (2015) Beyond Cybersecurity: Protecting Your Digital Business John Wiley & Sons.