57,291 research outputs found
A model of factors influencing deck officers' cyber risk perception in offshore operations
Offshore operations onboard vessels are increasingly reliant on digitalization, integration, automation, and networked-based systems, which creates new dimensions of cyber risks. The causes of cyber incidents often include complex relationships between humans and technology, and in offshore operations, the onboard crew can be both a cyber security risk and a vital resource in strengthening the cyber security. This makes the behaviour of the decisionmakers onboard important in both preventing and handling cyber risks at sea. By use of in-depth interviews and the constant comparative analysis (CCA), this paper investigates factors influencing deck officers’ cyber risk perception in offshore operations and presents a contextual model of these factors. The model indicates that deck officers’ cyber risk perception can be affected by a feeling of distance towards cyber risks, being more restricted in their working environment because of digitalization, and trust in their reliable cyber-physical systems and suppliers. Further, targeted cyber risk mitigation measures should be implemented on multiple levels in shipping companies. The measures may benefit from focusing on increased risk communication, operational training, awareness campaigns, vessel-specific procedures, and policies, in addition to increased communication from management regarding the demand for digitalization. With this approach, the contextual model can contribute to the ongoing work of developing targeted measures for cyber risk mitigation in the maritime domain and can be used as a point of departure for further studies to discover additional nuances and factors within cyber risk perception in this domain.publishedVersio
Autonomic computing architecture for SCADA cyber security
Cognitive computing relates to intelligent computing platforms that are based on the disciplines of artificial intelligence, machine learning, and other innovative technologies. These technologies can be used to design systems that mimic the human brain to learn about their environment and can autonomously predict an impending anomalous situation. IBM first used the term ‘Autonomic Computing’ in 2001 to combat the looming complexity crisis (Ganek and Corbi, 2003). The concept has been inspired by the human biological autonomic system. An autonomic system is self-healing, self-regulating, self-optimising and self-protecting (Ganek and Corbi, 2003). Therefore, the system should be able to protect itself against both malicious attacks and unintended mistakes by the operator
Medical Cyber-Physical Systems Development: A Forensics-Driven Approach
The synthesis of technology and the medical industry has partly contributed
to the increasing interest in Medical Cyber-Physical Systems (MCPS). While
these systems provide benefits to patients and professionals, they also
introduce new attack vectors for malicious actors (e.g. financially-and/or
criminally-motivated actors). A successful breach involving a MCPS can impact
patient data and system availability. The complexity and operating requirements
of a MCPS complicates digital investigations. Coupling this information with
the potentially vast amounts of information that a MCPS produces and/or has
access to is generating discussions on, not only, how to compromise these
systems but, more importantly, how to investigate these systems. The paper
proposes the integration of forensics principles and concepts into the design
and development of a MCPS to strengthen an organization's investigative
posture. The framework sets the foundation for future research in the
refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd
International Workshop on Security, Privacy, and Trustworthiness in Medical
Cyber-Physical Systems (MedSPT 2017
An Assurance Framework for Independent Co-assurance of Safety and Security
Integrated safety and security assurance for complex systems is difficult for
many technical and socio-technical reasons such as mismatched processes,
inadequate information, differing use of language and philosophies, etc.. Many
co-assurance techniques rely on disregarding some of these challenges in order
to present a unified methodology. Even with this simplification, no methodology
has been widely adopted primarily because this approach is unrealistic when met
with the complexity of real-world system development.
This paper presents an alternate approach by providing a Safety-Security
Assurance Framework (SSAF) based on a core set of assurance principles. This is
done so that safety and security can be co-assured independently, as opposed to
unified co-assurance which has been shown to have significant drawbacks. This
also allows for separate processes and expertise from practitioners in each
domain. With this structure, the focus is shifted from simplified unification
to integration through exchanging the correct information at the right time
using synchronisation activities
Smart Grid Security: Threats, Challenges, and Solutions
The cyber-physical nature of the smart grid has rendered it vulnerable to a
multitude of attacks that can occur at its communication, networking, and
physical entry points. Such cyber-physical attacks can have detrimental effects
on the operation of the grid as exemplified by the recent attack which caused a
blackout of the Ukranian power grid. Thus, to properly secure the smart grid,
it is of utmost importance to: a) understand its underlying vulnerabilities and
associated threats, b) quantify their effects, and c) devise appropriate
security solutions. In this paper, the key threats targeting the smart grid are
first exposed while assessing their effects on the operation and stability of
the grid. Then, the challenges involved in understanding these attacks and
devising defense strategies against them are identified. Potential solution
approaches that can help mitigate these threats are then discussed. Last, a
number of mathematical tools that can help in analyzing and implementing
security solutions are introduced. As such, this paper will provide the first
comprehensive overview on smart grid security
Supporting Cyber-Physical Systems with Wireless Sensor Networks: An Outlook of Software and Services
Sensing, communication, computation and control technologies are the essential building blocks of a cyber-physical system (CPS). Wireless sensor networks (WSNs) are a way to support CPS as they provide fine-grained spatial-temporal sensing, communication and computation at a low premium of cost and power. In this article, we explore the fundamental concepts guiding the design and implementation of WSNs. We report the latest developments in WSN software and services for meeting existing requirements and newer demands; particularly in the areas of: operating system, simulator and emulator, programming abstraction, virtualization, IP-based communication and security, time and location, and network monitoring and management. We also reflect on the ongoing
efforts in providing dependable assurances for WSN-driven CPS. Finally, we report on its applicability with a case-study on smart buildings
Methodology for Designing Decision Support Systems for Visualising and Mitigating Supply Chain Cyber Risk from IoT Technologies
This paper proposes a methodology for designing decision support systems for
visualising and mitigating the Internet of Things cyber risks. Digital
technologies present new cyber risk in the supply chain which are often not
visible to companies participating in the supply chains. This study
investigates how the Internet of Things cyber risks can be visualised and
mitigated in the process of designing business and supply chain strategies. The
emerging DSS methodology present new findings on how digital technologies
affect business and supply chain systems. Through epistemological analysis, the
article derives with a decision support system for visualising supply chain
cyber risk from Internet of Things digital technologies. Such methods do not
exist at present and this represents the first attempt to devise a decision
support system that would enable practitioners to develop a step by step
process for visualising, assessing and mitigating the emerging cyber risk from
IoT technologies on shared infrastructure in legacy supply chain systems
Proportionality and its Applicability in the Realm of Cyber Attacks
With an ever-increasing reliance on State cyber-attacks, the need for an international treaty governing the actions of Nation-States in the realm of cyberwarfare has never been greater. States now have the ability to cause unprecedented civilian loss with their cyber actions. States can destroy financial records, disrupt stock markets, manipulate cryptocurrency, shut off nuclear reactors, turn off power grids, open dams, and even shut down air traffic control systems with the click of a mouse. This article argues that any cyber-attack launched with a reasonable expectation to inflict “incidental loss of civilian life, injury to civilians, or damage to civilian objects,” must be subject to the existing laws of proportionality. This article further examines the broader concept of proportionality, and the difficulties associated with applying a proportionality analysis to an offensive cyber-strike. This paper asserts that the ambiguities and complexities associated with applying the law of proportionality—in its current state and within a cyber context—will leave civilian populations vulnerable to the aggressive cyber actions of the world’s cyber powers. Consequently, this article stresses the necessity of developing a proportionality standard within a unified international cyberwarfare convention and asserts that such a standard is required in order to prevent the creation of a pathway towards lethal cyber aggressions unrestrained by the laws of war
- …