Smart Grid Security: Threats, Challenges, and Solutions

The cyber-physical nature of the smart grid has rendered it vulnerable to a multitude of attacks that can occur at its communication, networking, and physical entry points. Such cyber-physical attacks can have detrimental effects on the operation of the grid as exemplified by the recent attack which caused a blackout of the Ukranian power grid. Thus, to properly secure the smart grid, it is of utmost importance to: a) understand its underlying vulnerabilities and associated threats, b) quantify their effects, and c) devise appropriate security solutions. In this paper, the key threats targeting the smart grid are first exposed while assessing their effects on the operation and stability of the grid. Then, the challenges involved in understanding these attacks and devising defense strategies against them are identified. Potential solution approaches that can help mitigate these threats are then discussed. Last, a number of mathematical tools that can help in analyzing and implementing security solutions are introduced. As such, this paper will provide the first comprehensive overview on smart grid security

Malware in the Future? Forecasting of Analyst Detection of Cyber Events

There have been extensive efforts in government, academia, and industry to anticipate, forecast, and mitigate cyber attacks. A common approach is time-series forecasting of cyber attacks based on data from network telescopes, honeypots, and automated intrusion detection/prevention systems. This research has uncovered key insights such as systematicity in cyber attacks. Here, we propose an alternate perspective of this problem by performing forecasting of attacks that are analyst-detected and -verified occurrences of malware. We call these instances of malware cyber event data. Specifically, our dataset was analyst-detected incidents from a large operational Computer Security Service Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on automated systems. Our data set consists of weekly counts of cyber events over approximately seven years. Since all cyber events were validated by analysts, our dataset is unlikely to have false positives which are often endemic in other sources of data. Further, the higher-quality data could be used for a number for resource allocation, estimation of security resources, and the development of effective risk-management strategies. We used a Bayesian State Space Model for forecasting and found that events one week ahead could be predicted. To quantify bursts, we used a Markov model. Our findings of systematicity in analyst-detected cyber attacks are consistent with previous work using other sources. The advanced information provided by a forecast may help with threat awareness by providing a probable value and range for future cyber events one week ahead. Other potential applications for cyber event forecasting include proactive allocation of resources and capabilities for cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs. Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa

A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper)

Computer networks are ubiquitous systems growing exponentially with a predicted 50 billion devices connected by 2050. This dramatically increases the potential attack surface of Internet networks. A key issue in cyber defense is to detect, categorize and identify these attacks, the way they are propagated and their potential impacts on the systems affected. The research presented in this paper models cyber attacks at large by considering the Internet as a complex system in which attacks are propagated over a network. We model an attack as a path from a source to a target, and where each attack is categorized according to its intention. We setup an experimental testbed with the concept of honeypot that evaluates the spatiotemporal distribution of these Internet attacks. The preliminary results show a series of patterns in space and time that illustrate the potential of the approach, and how cyber attacks can be categorized according to the concept and measure of entropy

Post-Westgate SWAT : C4ISTAR Architectural Framework for Autonomous Network Integrated Multifaceted Warfighting Solutions Version 1.0 : A Peer-Reviewed Monograph

Police SWAT teams and Military Special Forces face mounting pressure and challenges from adversaries that can only be resolved by way of ever more sophisticated inputs into tactical operations. Lethal Autonomy provides constrained military/security forces with a viable option, but only if implementation has got proper empirically supported foundations. Autonomous weapon systems can be designed and developed to conduct ground, air and naval operations. This monograph offers some insights into the challenges of developing legal, reliable and ethical forms of autonomous weapons, that address the gap between Police or Law Enforcement and Military operations that is growing exponentially small. National adversaries are today in many instances hybrid threats, that manifest criminal and military traits, these often require deployment of hybrid-capability autonomous weapons imbued with the capability to taken on both Military and/or Security objectives. The Westgate Terrorist Attack of 21st September 2013 in the Westlands suburb of Nairobi, Kenya is a very clear manifestation of the hybrid combat scenario that required military response and police investigations against a fighting cell of the Somalia based globally networked Al Shabaab terrorist group.Comment: 52 pages, 6 Figures, over 40 references, reviewed by a reade