3,955 research outputs found

    Cybersecurity knowledge requirements for a water sector employee

    Get PDF
    Abstract: Critical infrastructure in South Africa remains highly vulnerable to cybercrime threats due to a poor cyber -crime fighting capacity and a lack of a strong cybersecurity policy. South Africa appears to have lagged behind in terms of securing and defending cyberspace, despite the country’s reliability and its interconnectedness to the Internet. Furthermore, the rapid increase in remote working owing to Covid-19 has raised cybersecurity concerns, the prevalence of cybersecurity assaults and cybercrime has substantially increased, and state organizations have recently been victim to cyber-attacks. Cyber threats can be defined as attempting to gain unauthorized access to infrastructure systems through data communication pathways in an unauthorized manner. Globally, the water and wastewater sector were ranked number four in the global security incidents based on the Repository of Industrial Security Incidents. To date, systems that can protect themselves without involving human element has not yet been realized, as a consequence, systems are prone to be threatened by random or organized crimes through preying on humans. There is therefore a need to examine internal procedures and protection mechanisms to prevent cyber-attacks. Research shows that humans are the weakest link in cyberspace security as the internet users as well as the only guardian of computers and organizational network. This research presents the findings of a systematic literature review conducted to assess the cybersecurity knowledge required for a general employee in the water sector. This research further proposes a framework for determining the minimum knowledge required of a general employee in the water sector in order to protect the critical infrastructure. A systematic literature review was adopted from which this research followed the guidelines and procedures from the Cochrane handbook for Systematic Reviews of Interventions. Following the rigorous process and procedure of the systematic literature review, the final studies chosen for analysis and synthesis amounted to 23 out of the initial collected 2013 studies. Thematic analysis was used to examine the 23 studies. Following the analysis, eight themes for challenges were identified, the blocks of cybersecurity knowledge that employees must have been identified as: 1) Security breaches, 2) Unauthorized access, 3) Negligence, 4) Social Engineering, 5) Malicious insider, 6) Malware/Ransomware, 7) Stolen credentials, and 8) Denial of service. Furthermore, four themes for mitigating the eight identified cybersecurity challenges were identified as: 1) Cybersecurity knowledge and skills, 2) Cybersecurity awareness, 3) Cybersecurity culture and 4) Cybersecurity training. The first theme (cybersecurity knowledge and skills) assisted in identifying the cybersecurity knowledge required for employees. The second theme (cybersecurity awareness) and the third theme (cybersecurity culture) looked at finding meaning in what organisations can do to urge cybersecurity culture and awareness. Overall, the first, second and third themes assisted in answering the research question. The fourth and last theme focused on identifying the types of general employee cybersecurity training methods that can be undertaken to improve cyber resilience. The identified challenges and the mitigations were further used to develop a model to train employees in cybersecurity, the model will benefit the water sector by identifying key aspects to train employees in order to reduce the intrusion into cyber systems and processes that are used to run and operate critical infrastructure.M.Phil. (Engineering Management

    Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy

    Get PDF
    Most of the actions that fall under the trilogy of cyber crime, terrorism,and war exploit pre-existing weaknesses in the underlying technology.Because these vulnerabilities that exist in the network are not themselvesillegal, they tend to be overlooked in the debate on cyber security. A UKreport on the cost of cyber crime illustrates this approach. Its authors chose to exclude from their analysis the costs in anticipation of cyber crime, such as insurance costs and the costs of purchasing anti-virus software on the basis that "these are likely to be factored into normal day-to-day expenditures for the Government, businesses, and individuals. This article contends if these costs had been quantified and integrated into the cost of cyber crime, then the analysis would have revealed that what matters is not so much cyber crime, but the fertile terrain of vulnerabilities that unleash a range of possibilities to whomever wishes to exploit them. By downplaying the vulnerabilities, the threats represented by cyber war, cyber terrorism, and cyber crime are conversely inflated. Therefore, reassessing risk as a strategy for security in cyberspace must include acknowledgment of understated vulnerabilities, as well as a better distributed knowledge about the nature and character of the overhyped threats of cyber crime, cyber terrorism, and cyber war

    Accelerating Cyber Security Improvements for Critical Infrastructure Industrial Control Systems

    Get PDF
    This thesis study introduces operational concepts for accelerating necessary cyber security improvements for critical infrastructure industrial control systems. National critical infrastructures’ industrial control systems experienced a 20% annual increase in cyber incidents during fiscal year 2015 (DHS ICS-CERT, 2015). Industrial control systems are used in several critical infrastructure sectors to include energy, transportation, manufacturing, and water utilities. Critical infrastructures support public health and life safety, economic vitality, national defense, and overarching societal well-being. Significant damage or disruptions to a critical infrastructure could result in potentially catastrophic and cascading consequences. For example, a disruptive cyber-attack on a water utility would have life safety and health consequences when fire hydrants fail during a fire, and hospitals’ operations are impaired

    A systemic review of the cybersecurity challenges in Australian water infrastructure management

    Get PDF
    Cybersecurity risks have become obstinate problems for critical water infrastructure management in Australia and worldwide. Water management in Australia involves a vast complex of smart technical control systems interconnected with several networks, making the infrastructure susceptible to cyber-attacks. Therefore, ensuring the use of security mechanisms in the control system modules and communication networks for sensors and actuators is vital. The statistics show that Australia is facing frequent cyber-attacks, most of which are either undetected or overlooked or require immediate response. To address these cyber risks, Australia has changed from a country with negligible recognition of attacks on critical infrastructure to a country with improved capability to manage cyber warfare. However, little attention is paid to reducing the risk of attacks to the critical water infrastructure. This study aims to evaluate Australia’s current cybersecurity attack landscape and the implemented controls for water infrastructure using a systematic literature review (SLR). This study also compares Australia in the context of global developments and proposes future research directions. The synthesis of the evidence from 271 studies in this review indicates the importance of managing security vulnerabilities and threats in SCADA water control systems, including the need to upgrade the contemporary water security architecture to mitigate emerging risks. Moreover, human resource development with a specific focus on security awareness and training for SCADA employees is found to be lacking, which will be essential for alleviating cyber threats to the water infrastructure in Australia

    State of Iowa Cybersecurity Strategy, July 2016

    Get PDF
    On December 21, 2015, Governor Branstad issued Executive Order 87 (EO87); a cybersecurity initiative for the State of Iowa. The executive order establishes a multi-agency partnership, the EO87 Leadership Team, with the Office of the Chief Information Officer, Iowa National Guard, Department of Public Safety, Iowa Communications Network, and the Iowa Homeland Security and Emergency Management Department. The order directs these agencies to develop a comprehensive cybersecurity strategy which addresses lifeline critical infrastructure, risk assessments, best practices, awareness training, public education and communication, collaboration, K-12 and higher education, data breach notifications, and incident response planning to protect the citizens of Iowa and Iowa businesses. The EO87 Leadership Team, along with several key partners, worked diligently over the last six months to prepare recommendations that will have a direct and sustainable impact on protecting lifeline critical infra-structure, reducing risk to government operations, and creating sustainable partnerships in cybersecurity

    The new EU cybersecurity framework:The NIS Directive, ENISA's role and the General Data Protection Regulation

    Get PDF
    The NIS Directive is the first horizontal legislation undertaken at EU level for the protection of network and information systems across the Union. During the last decades e-services, new technologies, information systems and networks have become embedded in our daily lives. It is by now common knowledge that deliberate incidents causing disruption of IT services and critical infrastructures constitute a serious threat to their operation and consequently to the functioning of the Internal Market and the Union. This paper first discusses the Directive's addressees particularly with regard to their compliance obligations as well as Member States’ obligations as regards their respective national strategies and cooperation at EU level. Subsequently, the critical role of ENISA in implementing the Directive, as reinforced by the proposal for a new Regulation on ENISA (the EU Cybersecurity Act), is brought forward, before elaborating upon the, inevitable, relationship of the NIS Directive with EU's General Data Protection Regulatio

    The future of Cybersecurity in Italy: Strategic focus area

    Get PDF
    This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management
    • …
    corecore