Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power Systems

The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks is to execute a series of disruptive switching executions on multiple substations using compromised supervisory control and data acquisition (SCADA) systems. These actions can cause significant impacts to an interconnected power grid. Unlike the previous power blackouts, such high-impact initiating events can aggravate operating conditions, initiating instability that may lead to system-wide cascading failure. A systemic evaluation of "nightmare" scenarios is highly desirable for asset owners to manage and prioritize the maintenance and investment in protecting their cyberinfrastructure. This survey paper is a conceptual expansion of real-time monitoring, anomaly detection, impact analyses, and mitigation (RAIM) framework that emphasizes on the resulting impacts, both on steady-state and dynamic aspects of power system stability. Hypothetically, we associate the combinatorial analyses of steady state on substations/components outages and dynamics of the sequential switching orders as part of the permutation. The expanded framework includes (1) critical/noncritical combination verification, (2) cascade confirmation, and (3) combination re-evaluation. This paper ends with a discussion of the open issues for metrics and future design pertaining the impact quantification of cyber-related contingencies

Classification hardness for supervised learners on 20 years of intrusion detection data

This article consolidates analysis of established (NSL-KDD) and new intrusion detection datasets (ISCXIDS2012, CICIDS2017, CICIDS2018) through the use of supervised machine learning (ML) algorithms. The uniformity in analysis procedure opens up the option to compare the obtained results. It also provides a stronger foundation for the conclusions about the efficacy of supervised learners on the main classification task in network security. This research is motivated in part to address the lack of adoption of these modern datasets. Starting with a broad scope that includes classification by algorithms from different families on both established and new datasets has been done to expand the existing foundation and reveal the most opportune avenues for further inquiry. After obtaining baseline results, the classification task was increased in difficulty, by reducing the available data to learn from, both horizontally and vertically. The data reduction has been included as a stress-test to verify if the very high baseline results hold up under increasingly harsh constraints. Ultimately, this work contains the most comprehensive set of results on the topic of intrusion detection through supervised machine learning. Researchers working on algorithmic improvements can compare their results to this collection, knowing that all results reported here were gathered through a uniform framework. This work's main contributions are the outstanding classification results on the current state of the art datasets for intrusion detection and the conclusion that these methods show remarkable resilience in classification performance even when aggressively reducing the amount of data to learn from

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

A Framework for Improving Intrusion Detection Systems by Combining Artificial Intelligence and Situational Awareness

The vast majority of companies do not have the requisite tools and analysis to make use of the data obtained from security incidents in order to protect themselves from attacks and lower their risk. Intrusion Detection Systems (IDS) are deployed by numerous businesses to lessen the impact of network attacks. This is mostly attributable to the fact that these systems are able to provide a situational picture of network traffic regardless of the method or technology that is used to generate alerts. In this paper, a framework is proposed for improving the performance of contemporary IDSs by incorporating Artificial Intelligence (AI) into multiple layers, presenting the appropriate abstraction and accumulation of information, and generating valuable logs and metrics for security analysts to use in order to make the most informed decisions possible. This is further enabled by including Situational Awareness (SA) at the fundamental levels of the framework. Keywords: Intrusion Detection System, Machine Learning, Deep Learning, Shallow Learning, Security Operation Center, Situational Awarenes

An Empirical Analysis and Evaluation of Internet Robustness

The study of network robustness is a critical tool in the understanding of complex interconnected systems such as the Internet, which due to digitalization, gives rise to an increasing prevalence of cyberattacks. Robustness is when a network maintains its basic functionality even under failure of some of its components, in this instance being nodes or edges. Despite the importance of the Internet in the global economic system, it is rare to find empirical analyses of the global pattern of Internet traffic data established via backbone connections, which can be defined as an interconnected network of nodes and edges between which bandwidth flows. Hence in this thesis, I use metrics based on graph properties of network models to evaluate the robustness of the backbone network, which is further supported by international cybersecurity ratings. These cybersecurity ratings are adapted from the Global Cybersecurity Index which measures countries' commitments to cybersecurity and ranks countries based on their cybersecurity strategies. Ultimately this empirical analysis follows a three-step process of firstly mapping the Internet as a network of networks, followed by analysing the various networks and country profiles, and finally assessing each regional network's robustness. By using TeleGeography and ITU data, the results show that the regions with countries which have higher cybersecurity ratings in turn have more robust networks, when compared to regions with countries which have lower cybersecurity ratings

A Framework for Improving Intrusion Detection Systems by Combining Artificial Intelligence and Situational Awareness

The vast majority of companies do not have the requisite tools and analysis to make use of the data obtained from security incidents in order to protect themselves from attacks and lower their risk. Intrusion Detection Systems (IDS) are deployed by numerous businesses to lessen the impact of network attacks. This is mostly attributable to the fact that these systems are able to provide a situational picture of network traffic regardless of the method or technology that is used to generate alerts. In this paper, a framework is proposed for improving the performance of contemporary IDSs by incorporating Artificial Intelligence (AI) into multiple layers, presenting the appropriate abstraction and accumulation of information, and generating valuable logs and metrics for security analysts to use in order to make the most informed decisions possible. This is further enabled by including Situational Awareness (SA) at the fundamental levels of the framework. Keywords: Intrusion Detection System, Machine Learning, Deep Learning, Shallow Learning, Security Operation Center, Situational Awarenes

A Costing Framework for the Dynamic Computational Efficiency of the Network Security Detection Function

This study developed a comprehensive framework to systematically evaluate the economic implications of security policy implementation in IT-centric business processes. Focusing on the detection aspect of the NIST cybersecurity framework, the research explored the interrelation between business operations, computational efficiency, and security protocols. The framework comprises nine components, addressing the gap between cost projections and security policy enforcement. The insights provided valuable perspectives on managing security expenses and resource allocation in information security, ensuring alignment with revenue and expenditure outcomes while emphasizing the need for a comprehensive approach to cost management in information security management