A Review of Testbeds on SCADA Systems with Malware Analysis

Supervisory control and data acquisition (SCADA) systems are among the major types of Industrial Control Systems (ICS) and are responsible for monitoring and controlling essential infrastructures such as power generation, water treatment, and transportation. Very common and with high added-value, these systems have malware as one of their main threats, and due to their characteristics, it is practically impossible to test the security of a system without compromising it, requiring simulated test platforms to verify their cyber resilience. This review will discuss the most recent studies on ICS testbeds with a focus on cybersecurity and malware impact analysis

Deep Learning Methods for Malware and Intrusion Detection: A Systematic Literature Review

Android and Windows are the predominant operating systems used in mobile environment and personal computers and it is expected that their use will rise during the next decade. Malware is one of the main threats faced by these platforms as well as Internet of Things (IoT) environment and the web. With time, these threats are becoming more and more sophisticated and detecting them using traditional machine learning techniques is a hard task. Several research studies have shown that deep learning methods achieve better accuracy comparatively and can learn to efficiently detect and classify new malware samples. In this paper, we present a systematic literature review of the recent studies that focused on intrusion and malware detection and their classification in various environments using deep learning techniques. We searched five well-known digital libraries and collected a total of 107 papers that were published in scholarly journals or preprints. We carefully read the selected literature and critically analyze it to find out which types of threats and what platform the researchers are targeting and how accurately the deep learning-based systems can detect new security threats. This survey will have a positive impact on the learning capabilities of beginners who are interested in starting their research in the area of malware detection using deep learning methods. From the detailed critical analysis, it is identified that CNN, LSTM, DBN, and autoencoders are the most frequently used deep learning methods that have effectively been used in various application scenarios

Modelling of the Electric Vehicle Charging Infrastructure as Cyber Physical Power Systems: A Review on Components, Standards, Vulnerabilities and Attacks

The increasing number of electric vehicles (EVs) has led to the growing need to establish EV charging infrastructures (EVCIs) with fast charging capabilities to reduce congestion at the EV charging stations (EVCS) and also provide alternative solutions for EV owners without residential charging facilities. The EV charging stations are broadly classified based on i) where the charging equipment is located - on-board and off-board charging stations, and ii) the type of current and power levels - AC and DC charging stations. The DC charging stations are further classified into fast and extreme fast charging stations. This article focuses mainly on several components that model the EVCI as a cyberphysical system (CPS)

Security Awareness Strategies Used in the Prevention of Cybercrimes by Cybercriminals

Cybercrime is a growing phenomenon that impacts many lives worldwide. Businesses, organizations, and governments continue to search for ways to protect their data and intellectual property from cybercrimes. Grounded in the routine activity theory, the purpose of this general qualitative study was to explore strategies information security officers used to prevent cybercrimes. The participants included seven information security officers listed on social media who manage information security within organizations located in the northeast geographic region of the United States. Data were collected using semistructured interviews, the National Institute of Standards and Technology documentations and analyzed using thematic analysis. Four key themes emerged from the analysis: policies to prevent cybercrimes, cybersecurity response plan, cybersecurity awareness as a culture, and train end-users/employees. The key recommendation is that IT professionals work closely with other IT professionals, experts, and engineers to create relevant cybersecurity policies through compliance, develop efficient cybersecurity response plans, develop a culture of cybersecurity awareness, and implement cybersecurity training programs. The implications for positive social change include the potential for cybercrime crime reduction and a change of people’s perceptions and knowledge of cybercrime threats in their communities, neighborhoods, and organizations

Data ethics : building trust : how digital technologies can serve humanity

Data is the magic word of the 21st century. As oil in the 20th century and electricity in the 19th century: For citizens, data means support in daily life in almost all activities, from watch to laptop, from kitchen to car, from mobile phone to politics. For business and politics, data means power, dominance, winning the race. Data can be used for good and bad, for services and hacking, for medicine and arms race. How can we build trust in this complex and ambiguous data world? How can digital technologies serve humanity? The 45 articles in this book represent a broad range of ethical reflections and recommendations in eight sections: a) Values, Trust and Law, b) AI, Robots and Humans, c) Health and Neuroscience, d) Religions for Digital Justice, e) Farming, Business, Finance, f) Security, War, Peace, g) Data Governance, Geopolitics, h) Media, Education, Communication. The authors and institutions come from all continents. The book serves as reading material for teachers, students, policy makers, politicians, business, hospitals, NGOs and religious organisations alike. It is an invitation for dialogue, debate and building trust! The book is a continuation of the volume “Cyber Ethics 4.0” published in 2018 by the same editors

A Trust-by-Design Framework for the Internet of Things

The Internet of Things (IoT) is an environment where interconnected entities can interact and can be identifiable, usable, and controllable via the Internet. However, in order to interact among them, such IoT entities must trust each other. Trust is difficult to define because it concerns different aspects and is strongly dependent on the context. For this reason, a holistic approach allowing developers to consider and implement trust in the IoT is highly desirable. Nevertheless, trust is usually considered among different IoT entities only when they have to interact among them. In fact, without considering it during the whole System Developmente Life Cycle (SDLC) there is the possibility that security issues will be raised. In fact, without a clear conception of the possible threats during the development of the IoT entity, the lack of planning can be insufficient in order to protect the IoT entity. For this reason, we believe that it is fundamental to consider trust during the whole SDLC in order to carefully plan how an IoT entity will perform trust decisions and interact with the other IoT entities. To fulfill this goal, in this thesis work, we propose a trust-by-design framework for the IoT that is composed of a K-Model and several transversal activities. On the one hand, the K-Model covers the SDLC from the need phase to the utilization phase. On the other hand, the transversal activities will be implemented differently depending on the phases. A fundamental aspect that we implement in this framework is the relationship that trust has with other related domains such as security and privacy. Thus we will also consider such domains and their characteristics in order to develop a trusted IoT entity

Unmanned Aircraft Systems in the Cyber Domain

Unmanned Aircraft Systems are an integral part of the US national critical infrastructure. The authors have endeavored to bring a breadth and quality of information to the reader that is unparalleled in the unclassified sphere. This textbook will fully immerse and engage the reader / student in the cyber-security considerations of this rapidly emerging technology that we know as unmanned aircraft systems (UAS). The first edition topics covered National Airspace (NAS) policy issues, information security (INFOSEC), UAS vulnerabilities in key systems (Sense and Avoid / SCADA), navigation and collision avoidance systems, stealth design, intelligence, surveillance and reconnaissance (ISR) platforms; weapons systems security; electronic warfare considerations; data-links, jamming, operational vulnerabilities and still-emerging political scenarios that affect US military / commercial decisions. This second edition discusses state-of-the-art technology issues facing US UAS designers. It focuses on counter unmanned aircraft systems (C-UAS) – especially research designed to mitigate and terminate threats by SWARMS. Topics include high-altitude platforms (HAPS) for wireless communications; C-UAS and large scale threats; acoustic countermeasures against SWARMS and building an Identify Friend or Foe (IFF) acoustic library; updates to the legal / regulatory landscape; UAS proliferation along the Chinese New Silk Road Sea / Land routes; and ethics in this new age of autonomous systems and artificial intelligence (AI).https://newprairiepress.org/ebooks/1027/thumbnail.jp