SECURING HEALTH CARE INFORMATION SYSTEMS USING VISUALISATION TECHNIQUES (32)

Health care information systems form the backbone of health care infrastructures and are increasingly reliant on medical devices to capture and transmit data. These devices, however, are vulnerable to attacks from the digital domain. The number of differing medical devices and information systems interacting with one another in new and increasingly less secure and disparate ways creates new challenges in information systems security. This work-in-progress paper presents a system design and methodology for modelling data interactions and data flow within the health care infrastructure. The system will increase situational awareness for users of information systems and promote stronger cyber security best practices and policies within this rapidly evolving landscape

Securing Health Care Information Systems using Visualisation Techniques

Health care information systems form the backbone of health care infrastructures and are increasingly reliant on medical devices to capture and transmit data. These devices, however, are vulnerable to attacks from the digital domain. The number of differing medical devices and information systems interacting with one another in new and increasingly less secure and disparate ways creates new challenges in information systems security. This work-in-progress paper presents a system design and methodology for modelling data interactions and data flow within the health care infrastructure. The system will increase situational awareness for users of information systems and promote stronger cyber security best practices and policies within this rapidly evolving landscape

A Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure (TRACI)

Cybercrime against critical infrastructure such as nuclear reactors, power plants, and dams has been increasing in frequency and severity. Recent literature regarding these types of attacks has been extensive but due to the sensitive nature of this field, there is very little empirical data. We address these issues by integrating Routine Activity Theory and Rational Choice Theory, and we create a classification tool called TRACI (Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure). We take a Design Science Research approach to develop, evaluate, and refine the proposed artifact. We use mix methods to demonstrate that our taxonomy can successfully capture the characteristics of various cyberattacks against critical infrastructure. TRACI consists of three dimensions, and each dimension contains its own subdimensions. The first dimension comprises of hacker motivation, which can be financial, socio-cultural, thrill-seeking, and/or economic. The second dimension represents the assets such as cyber, physical, and/or cyber-physical components. The third dimension is related to threats, vulnerabilities, and controls that are fundamental to establishing and maintaining an information security posture and overall cyber resilience. Our work is among the first to utilize criminological theories and Design Science to create an empirically validated artifact for improving critical infrastructure risk management

Critical entities resilience failure indication

The adoption of the new Directive (EU) 2022/2557 on the resilience of critical entities has raised the question of how to assess the level of resilience of these entities in relation to current security threats. Until now, approaches have focused only on assessing the resilience of critical infrastructure elements. However, the new Directive exemplifies the need to pay attention not only to the element resilience, but also and more importantly to the resilience of their owners and operators, i.e., critical entities. Based on this fact, the authors of the article created a tool for Critical Entities Resilience Failure Indication (CERFI Tool). The essence of this tool is a probabilistic algorithm that predicts the relationship between the threat intensity and the protective part of critical entity resilience through indicators (to be created by the assessors themselves). The result of this prediction is an indication of the critical point of failure of the critical entity's resilience in phases of prevention and absorption of impacts. The CERFI Tool thus contributes to increasing the safety of technically oriented infrastructures, especially those of an energy and transport nature. The paper concludes with an example of the practical application of the developed tool on a selected critical entity in the energy sector.Ministerstvo Vnitra České Republiky, (SP2023/086, VK01030014)Ministry of the Interior of the Czech Republic [VK01030014]; VSB - Technical University in Ostrava [SP2023/086

An Integrated Cybersecurity Risk Management (I-CSRM) Framework for Critical Infrastructure Protection

Risk management plays a vital role in tackling cyber threats within the Cyber-Physical System (CPS) for overall system resilience. It enables identifying critical assets, vulnerabilities, and threats and determining suitable proactive control measures to tackle the risks. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This research aims for an effective Cyber Security Risk Management (CSRM) practice using assets criticality, predication of risk types and evaluating the effectiveness of existing controls. We follow a number of techniques for the proposed unified approach including fuzzy set theory for the asset criticality, machine learning classifiers for the risk predication and Comprehensive Assessment Model (CAM) for evaluating the effectiveness of the existing controls. The proposed approach considers relevant CSRM concepts such as threat actor attack pattern, Tactic, Technique and Procedure (TTP), controls and assets and maps these concepts with the VERIS community dataset (VCDB) features for the purpose of risk predication. Also, the tool serves as an additional component of the proposed framework that enables asset criticality, risk and control effectiveness calculation for a continuous risk assessment. Lastly, the thesis employs a case study to validate the proposed i-CSRM framework and i-CSRMT in terms of applicability. Stakeholder feedback is collected and evaluated using critical criteria such as ease of use, relevance, and usability. The analysis results illustrate the validity and acceptability of both the framework and tool for an effective risk management practice within a real-world environment. The experimental results reveal that using the fuzzy set theory in assessing assets' criticality, supports stakeholder for an effective risk management practice. Furthermore, the results have demonstrated the machine learning classifiers’ have shown exemplary performance in predicting different risk types including denial of service, cyber espionage, and Crimeware. An accurate prediction can help organisations model uncertainty with machine learning classifiers, detect frequent cyber-attacks, affected assets, risk types, and employ the necessary corrective actions for its mitigations. Lastly, to evaluate the effectiveness of the existing controls, the CAM approach is used, and the result shows that some controls such as network intrusion, authentication, and anti-virus show high efficacy in controlling or reducing risks. Evaluating control effectiveness helps organisations to know how effective the controls are in reducing or preventing any form of risk before an attack occurs. Also, organisations can implement new controls earlier. The main advantage of using the CAM approach is that the parameters used are objective, consistent and applicable to CPS

Critical Infrastructure Automated Immuno-Response System (CIAIRS)

Critical Infrastructures play a central role in the world around us and are the backbone of everyday life. Their service provision has become more widespread, to the point where it is now practically ubiquitous in many societies. Critical Infrastructure assets contribute to the economy and society as a whole. Their impact on the security, economy and health sector are extremely vital. Critical Infrastructures now possess levels of automation that require the integration of, often, mutually incompatible technologies. Their increasing complexity has led to the creation of direct and indirect interdependent connections amongst the infrastructure groupings. In addition, the data generated is vast as the intricate level of interdependency between infrastructures has grown. Since Critical Infrastructures are the backbone of everyday life, their protection from cyber-threats is an increasingly pressing issue for governments and private industries. Any failures, caused by cyber-attacks, have the ability to spread through interconnected systems and are a challenge to detect; especially as the Internet is now heavily reliant on Critical Infrastructures. This has led to different security threats facing interconnected security systems. Understanding the complexity of Critical Infrastructure interdependencies, how to take advantage of it in order to minimize the cascading problem, enables the prediction of potential problems before they happen. Therefore, this work firstly discusses the interdependency challenges facing Critical Infrastructures; and how it can be used to create a support network against cyber-attacks. In much, the same way as the human immune system is able to respond to intrusion. Next, the development of a distributed support system is presented. The system employs behaviour analysis techniques to support interconnected infrastructures and distribute security advice throughout a distributed system of systems. The approach put forward is tested through a statistical analysis methodology, in order to investigate the cascading failure effect whilst taking into account the independent variables. Moreover, our proposed system is able to detect cyber-attacks and share the knowledge with interconnected partners to create an immune system network. The development of the ‘Critical Infrastructure Auto-Immune Response System’ (CIAIRS) is presented with a detailed discussion on the main segments that comprise the framework and illustrates the functioning of the system. A semi-structured interview helped to demonstrate our approach by using a realistic simulation to construct data and evaluate the system output

A Survey of Critical Infrastructure Security

Part 2: Infrastructure SecurityInternational audienceTraditionally, securing against environmental threats was the main focus of critical infrastructure protection. However, the emergence of cyber attacks has changed the focus – infrastructures are facing a different danger that has life-threatening consequences and the risk of significant economic losses. Clearly, conventional security techniques are struggling to keep up with the volume of innovative and emerging attacks. Fresh and adaptive infrastructure security solutions are required. This paper discusses critical infrastructures and the digital threats they face, and provides insights into current and future infrastructure security strategies