19,021 research outputs found
A security metric for assessing the security level of critical infrastructures
The deep integration between the cyber and physical domains in complex systems make very challenging the security evaluation process, as security itself is more of a concept (i.e. a subjective property) than a quantifiable characteristic. Traditional security assessing mostly relies on the personal skills of security experts, often based on best practices and personal experience. The present work is aimed at defining a security metric allowing evaluators to assess the security level of complex Cyber-Physical Systems (CPSs), as Critical Infrastructures, in a holistic, consistent and repeatable way. To achieve this result, the mathematical framework provided by the Open Source Security Testing Methodology Manual (OSSTMM) is used as the backbone of the new security metric, since it allows to provide security indicators capturing, in a non-biased way, the security level of a system. Several concepts, as component Lifecycle, Vulnerability criticality and Damage Potential – Effort Ratio are embedded in the new security metric framework, developed in the scope of the H2020 project ATENA
Structural Vulnerability Analysis of Electric Power Distribution Grids
Power grid outages cause huge economical and societal costs. Disruptions in
the power distribution grid are responsible for a significant fraction of
electric power unavailability to customers. The impact of extreme weather
conditions, continuously increasing demand, and the over-ageing of assets in
the grid, deteriorates the safety of electric power delivery in the near
future. It is this dependence on electric power that necessitates further
research in the power distribution grid security assessment. Thus measures to
analyze the robustness characteristics and to identify vulnerabilities as they
exist in the grid are of utmost importance. This research investigates exactly
those concepts- the vulnerability and robustness of power distribution grids
from a topological point of view, and proposes a metric to quantify them with
respect to assets in a distribution grid. Real-world data is used to
demonstrate the applicability of the proposed metric as a tool to assess the
criticality of assets in a distribution grid
Supply chains and energy security in a low carbon transition
This special edition to be published in Applied Energy brings together a range of papers that explore the complex, multi-dimensional and inter-related issues associated with the supply or value chains that make up energy systems and how a focus on them can bring new insights for energy security in a low carbon transition.
Dealing with the trilemma of maintaining energy security, reducing greenhouse gas emissions and maintaining affordability for economies and end users are key issues for all countries, but there are synergies and trade-offs in simultaneously dealing with these different objectives. Currently, industrialised energy systems are dominated by supply chains based on fossil fuels and these, for the most part, have been effective in enabling energy security and affordability. However, they are increasingly struggling to do this, particularly in respect to efforts to tackle climate change, given that the energy sector is responsible for around two-thirds of the global greenhouse gas emissions [1]. A key challenge is therefore how to decarbonise energy systems, whilst also ensuring energy security and affordability. This special issue, through a focus on supply chains, particularly considers the interactions and relationships between energy security and decarbonisation.
Energy security is a property of energy systems and their ability to withstand short-term shocks and longer-term stresses depends on other important system properties including resilience, robustness, flexibility and stability [2]. Energy systems are essentially a supply chain comprising of multiple and interrelated sub-chains based around different fuels, technologies, infrastructures, and actors, operating at different scales and locations – from extraction/imports and conversion through to end use [3]. These supply chains have become increasingly globalised and are influenced by the on-going shifts in global supply and demand. Thus the aim of this special issue is to explore and discuss how to enable the development of a secure and sustainable energy system through a better understanding of both existing and emerging low carbon energy supply chains as well as of new approaches to the design and management of energy systems. In part, because moving from a system dominated by fossil fuels to one based on low carbon creates a new set of risks and uncertainties for energy security as well as new opportunities.
A large number of submissions from over 18 countries were received for this special edition and 16 papers were accepted after peer review. These address a variety of issues and we have chosen to discuss the findings under two key themes, although many of the papers cut across these: (1) Insights from, and for, supply chain analysis. (2) Insights for energy security and its management. We then provide in (3) a summary of insights and research gaps. Table 1 provides a snapshot of the areas covered by the papers showing: theme (s); empirical domains; and geographical coverage
Classifying Web Exploits with Topic Modeling
This short empirical paper investigates how well topic modeling and database
meta-data characteristics can classify web and other proof-of-concept (PoC)
exploits for publicly disclosed software vulnerabilities. By using a dataset
comprised of over 36 thousand PoC exploits, near a 0.9 accuracy rate is
obtained in the empirical experiment. Text mining and topic modeling are a
significant boost factor behind this classification performance. In addition to
these empirical results, the paper contributes to the research tradition of
enhancing software vulnerability information with text mining, providing also a
few scholarly observations about the potential for semi-automatic
classification of exploits in the existing tracking infrastructures.Comment: Proceedings of the 2017 28th International Workshop on Database and
Expert Systems Applications (DEXA).
http://ieeexplore.ieee.org/abstract/document/8049693
Secure Cloud-Edge Deployments, with Trust
Assessing the security level of IoT applications to be deployed to
heterogeneous Cloud-Edge infrastructures operated by different providers is a
non-trivial task. In this article, we present a methodology that permits to
express security requirements for IoT applications, as well as infrastructure
security capabilities, in a simple and declarative manner, and to automatically
obtain an explainable assessment of the security level of the possible
application deployments. The methodology also considers the impact of trust
relations among different stakeholders using or managing Cloud-Edge
infrastructures. A lifelike example is used to showcase the prototyped
implementation of the methodology
Multi-Layer Cyber-Physical Security and Resilience for Smart Grid
The smart grid is a large-scale complex system that integrates communication
technologies with the physical layer operation of the energy systems. Security
and resilience mechanisms by design are important to provide guarantee
operations for the system. This chapter provides a layered perspective of the
smart grid security and discusses game and decision theory as a tool to model
the interactions among system components and the interaction between attackers
and the system. We discuss game-theoretic applications and challenges in the
design of cross-layer robust and resilient controller, secure network routing
protocol at the data communication and networking layers, and the challenges of
the information security at the management layer of the grid. The chapter will
discuss the future directions of using game-theoretic tools in addressing
multi-layer security issues in the smart grid.Comment: 16 page
Risk assessment methodologies for Critical Infrastructure Protection. Part I: A state of the art
Effective risk assessment methodologies are the cornerstone of a successful Critical Infrastructure Protection program. The extensive number of risk assessment methodologies for critical infrastructures clearly supports this argument. Risk assessment is indispensable in order to identify threats, assess vulnerabilities and evaluate the impact on assets, infrastructures or systems taking into account the probability of the occurrence of these threats. This is a critical element that differentiates a risk assessment from a typical impact assessment methodologyJRC.G.6-Security technology assessmen
- …