Cyber onboarding is ‘broken'

Cyber security operations centre (CSOC) is a horizontal business function responsible primarily for managing cyber incidents, in addition to cyber-attack detection, security monitoring, security incident triage, analysis and coordination. To monitor systems, networks, applications and services the CSOC must first on-board the systems and services onto their security monitoring and incident management platforms. Cyber Onboarding (a.k.a. Onboarding) is a specialist technical process of setting up and configuring systems and services to produce appropriate events, logs and metrics which are monitored through the CSOC security monitoring and incident management platform. First, logging must be enabled on the systems and applications, second, they must produce the right set of computing and security logs, events, traps and messages which are analysed by the detection controls, security analytics systems and security event monitoring systems such as SIEM, and sensors etc.; and further, network-wide information e.g. flow data, heartbeats and network traffic information are collected and analysed, and finally, threat intelligence data are ingested in real-time to detect, or be informed of threats which are out in the wild. While setting up a CSOC could be straightforward, unfortunately, the ‘people’ and ‘process’ aspects that underpin the CSOC are often challenging, complicated and occasionally unworkable. In this paper, CSOC and Cyber Onboarding are thoroughly discussed, and the differences between SOC vs SIEM are explained. Key challenges to Cyber Onboarding are identified through the reframing matrix methodology, obtained from four notable perspectives – Cyber Onboarding Perspective, CSOC Perspective, Client Perspective and Senior Management Team Perspective. Each of the views and interests are discussed, and finally, recommendations are provided based on lessons learned implementing CSOCs for many organisations – e.g. government departments, financial institutions and private sectors

Adaptive Alert Management for Balancing Optimal Performance among Distributed CSOCs using Reinforcement Learning

Large organizations typically have Cybersecurity Operations Centers (CSOCs) distributed at multiple locations that are independently managed, and they have their own cybersecurity analyst workforce. Under normal operating conditions, the CSOC locations are ideally staffed such that the alerts generated from the sensors in a work-shift are thoroughly investigated by the scheduled analysts in a timely manner. Unfortunately, when adverse events such as increase in alert arrival rates or alert investigation rates occur, alerts have to wait for a longer duration for analyst investigation, which poses a direct risk to organizations. Hence, our research objective is to mitigate the impact of the adverse events by dynamically and autonomously re-allocating alerts to other location(s) such that the performances of all the CSOC locations remain balanced. This is achieved through the development of a novel centralized adaptive decision support system whose task is to re-allocate alerts from the affected locations to other locations. This re-allocation decision is non-trivial because the following must be determined: (1) timing of a re-allocation decision, (2) number of alerts to be re-allocated, and (3) selection of the locations to which the alerts must be distributed. The centralized decision-maker (henceforth referred to as agent) continuously monitors and controls the level of operational effectiveness-LOE (a quantified performance metric) of all the locations. The agent's decision-making framework is based on the principles of stochastic dynamic programming and is solved using reinforcement learning (RL). In the experiments, the RL approach is compared with both rule-based and load balancing strategies. By simulating real-world scenarios, learning the best decisions for the agent, and applying the decisions on sample realizations of the CSOC's daily operation, the results show that the RL agent outperforms both approaches by generating (near-) optimal decisions that maintain a balanced LOE among the CSOC locations. Furthermore, the scalability experiments highlight the practicality of adapting the method to a large number of CSOC locations

Using operational risk to increase systems engineering effectiveness

Includes bibliographical references.2016 Summer.A key activity in the systems engineering process is managing risk. Systems engineers transform end-user needs into requirements that then drive design, development, and deployment activities. Experienced systems engineers are aware of both programmatic risk and technical risk and how these risks impact program outcomes. A programmatic change to cost, schedule, process, team structure, or a wide variety of other elements may impact the engineering effort and increase the risk of failing to deliver a product or capability when needed, with all required functionality, at the promised cost. Technical challenges may introduce risk as well. If a subcomponent or element of the design is immature or doesn’t perform as expected, additional effort may be required to redesign the element or may even necessitate a change in requirements or a complete system re-design. Anticipating programmatic and technical risks and implementing plans to mitigate these risks is part of the systems engineering process. Even with a potent risk management process in place, end-users reject new capabilities when the iii delivered capabilities fail to perform to their expectations or fail to address the end-user’s operational need. The time between the identification of an operational need and the delivery of the resulting capability may be months or even years. When delivered, the new capability either does not fulfil the original need or the need has evolved over time. This disconnect increases operational risk to the end-user’s mission or business objectives. When systems engineers explicitly identify and mitigate operational risk, in addition to programmatic and technical risk, program outcomes are more likely to meet the end-user’s real operational need. The purpose of this research is first to define the activities that could be used by systems engineers to ensure that engineering activities are influenced by operational risk considerations. Secondly, to determine if a focus on operational risk during the systems engineering lifecycle has a positive impact on program outcomes. A structured approach to addressing operational risk during the systems engineering process, Operational Risk-Driven Engineering Requirements/Engineering Development (ORDERED), is introduced. ORDERED includes an exhaustive operational risk taxonomy designed to assist systems engineers with incorporating the end-user’s evolving operational risk considerations into systems engineering activities. iv To examine the relationship between operational risk considerations during the systems engineering process and program outcomes, a survey instrument was developed and administered. In addition, a system dynamics model was developed to examine the relationship between operational risk and technical debt. Finally, case studies of successful and challenged programs were evaluated against characteristics of successfully addressing operational risk during the program lifecycle. These activities lead to the conclusion that a focus on operational risk during the systems engineering lifecycle has a positive impact on program outcomes

Aeronautics and space report of the President, 1980 activities

The year's achievements in the areas of communication, Earth resources, environment, space sciences, transportation, and space energy are summarized and current and planned activities in these areas at the various departments and agencies of the Federal Government are summarized. Tables show U.S. and world spacecraft records, spacecraft launchings for 1980, and scientific payload anf probes launched 1975-1980. Budget data are included

Hybrid ports: the role of IoT and Cyber Security in the next decade

The next future will be played on a cyber level that imposes the need to merge “physical” with “digital in all fields”: phygital will be the future of current world, in many sectors, primarily in the transportation fields. Nowadays ports are doing several investment to provide technical solution to attract freight flows, are they ready to provide an answer to the cyber threat? This paper wish to present an overview of the main implications related to the cyber threats and maritime transports

Aeronautics and space report of the President, 1982 activities

Achievements of the space program are summerized in the area of communication, Earth resources, environment, space sciences, transportation, aeronautics, and space energy. Space program activities of the various deprtments and agencies of the Federal Government are discussed in relation to the agencies' goals and policies. Records of U.S. and world spacecraft launchings, successful U.S. launches for 1982, U.S. launched applications and scientific satellites and space probes since 1975, U.S. and Soviet manned spaceflights since 1961, data on U.S. space launch vehicles, and budget summaries are provided. The national space policy and the aeronautical research and technology policy statements are included