Adaptive Alert Management for Balancing Optimal Performance among Distributed CSOCs using Reinforcement Learning

Large organizations typically have Cybersecurity Operations Centers (CSOCs) distributed at multiple locations that are independently managed, and they have their own cybersecurity analyst workforce. Under normal operating conditions, the CSOC locations are ideally staffed such that the alerts generated from the sensors in a work-shift are thoroughly investigated by the scheduled analysts in a timely manner. Unfortunately, when adverse events such as increase in alert arrival rates or alert investigation rates occur, alerts have to wait for a longer duration for analyst investigation, which poses a direct risk to organizations. Hence, our research objective is to mitigate the impact of the adverse events by dynamically and autonomously re-allocating alerts to other location(s) such that the performances of all the CSOC locations remain balanced. This is achieved through the development of a novel centralized adaptive decision support system whose task is to re-allocate alerts from the affected locations to other locations. This re-allocation decision is non-trivial because the following must be determined: (1) timing of a re-allocation decision, (2) number of alerts to be re-allocated, and (3) selection of the locations to which the alerts must be distributed. The centralized decision-maker (henceforth referred to as agent) continuously monitors and controls the level of operational effectiveness-LOE (a quantified performance metric) of all the locations. The agent's decision-making framework is based on the principles of stochastic dynamic programming and is solved using reinforcement learning (RL). In the experiments, the RL approach is compared with both rule-based and load balancing strategies. By simulating real-world scenarios, learning the best decisions for the agent, and applying the decisions on sample realizations of the CSOC's daily operation, the results show that the RL agent outperforms both approaches by generating (near-) optimal decisions that maintain a balanced LOE among the CSOC locations. Furthermore, the scalability experiments highlight the practicality of adapting the method to a large number of CSOC locations

Harnessing Human Potential for Security Analytics

Humans are often considered the weakest link in cybersecurity. As a result, their potential has been continuously neglected. However, in recent years there is a contrasting development recognizing that humans can benefit the area of security analytics, especially in the case of security incidents that leave no technical traces. Therefore, the demand becomes apparent to see humans not only as a problem but also as part of the solution. In line with this shift in the perception of humans, the present dissertation pursues the research vision to evolve from a human-as-a-problem to a human-as-a-solution view in cybersecurity. A step in this direction is taken by exploring the research question of how humans can be integrated into security analytics to contribute to the improvement of the overall security posture. In addition to laying foundations in the field of security analytics, this question is approached from two directions. On the one hand, an approach in the context of the human-as-a-security-sensor paradigm is developed which harnesses the potential of security novices to detect security incidents while maintaining high data quality of human-provided information. On the other hand, contributions are made to better leverage the potential of security experts within a SOC. Besides elaborating the current state in research, a tool for determining the target state of a SOC in the form of a maturity model is developed. Based on this, the integration of security experts was improved by the innovative application of digital twins within SOCs. Accordingly, a framework is created that improves manual security analyses by simulating attacks within a digital twin. Furthermore, a cyber range was created, which offers a realistic training environment for security experts based on this digital twin

Cybersecurity and the Digital Health: An Investigation on the State of the Art and the Position of the Actors

Cybercrime is increasingly exposing the health domain to growing risk. The push towards a strong connection of citizens to health services, through digitalization, has undisputed advantages. Digital health allows remote care, the use of medical devices with a high mechatronic and IT content with strong automation, and a large interconnection of hospital networks with an increasingly effective exchange of data. However, all this requires a great cybersecurity commitment—a commitment that must start with scholars in research and then reach the stakeholders. New devices and technological solutions are increasingly breaking into healthcare, and are able to change the processes of interaction in the health domain. This requires cybersecurity to become a vital part of patient safety through changes in human behaviour, technology, and processes, as part of a complete solution. All professionals involved in cybersecurity in the health domain were invited to contribute with their experiences. This book contains contributions from various experts and different fields. Aspects of cybersecurity in healthcare relating to technological advance and emerging risks were addressed. The new boundaries of this field and the impact of COVID-19 on some sectors, such as mhealth, have also been addressed. We dedicate the book to all those with different roles involved in cybersecurity in the health domain

Establishing cyber situational awareness in industrial control systems

The cyber threat to industrial control systems is an acknowledged security issue, but a qualified dataset to quantify the risk remains largely unavailable. Senior executives of facilities that operate these systems face competing requirements for investment budgets, but without an understanding of the nature of the threat cyber security may not be a high priority. Operational managers and cyber incident responders at these facilities face a similarly complex situation. They must plan for the defence of critical systems, often unfamiliar to IT security professionals, from potentially capable, adaptable and covert antagonists who will actively attempt to evade detection. The scope of the challenge requires a coherent, enterprise-level awareness of the threat, such that organisations can assess their operational priorities, plan their defensive posture, and rehearse their responses prior to such an attack. This thesis proposes a novel combination of concepts found in risk assessment, intrusion detection, education, exercising, safety and process models, fused with experiential learning through serious games. It progressively builds a common set of shared mental models across an ICS operation to frame the nature of the adversary and establish enterprise situational awareness that permeates through all levels of teams involved in addressing the threat. This is underpinned by a set of coping strategies that identifies probable targets for advanced threat actors, proactively determining antagonistic courses of actions to derive an appropriate response strategy

Future Smart Grid Systems

This book focuses on the analysis, design and implementation of future smart grid systems. This book contains eleven chapters, which were originally published after rigorous peer-review as a Special Issue in the International Journal of Energies (Basel). The chapters cover a range of work from authors across the globe and present both the state-of-the-art and emerging paradigms across a range of topics including sustainability planning, regulations and policy, estimation and situational awareness, energy forecasting, control and optimization and decentralisation. This book will be of interest to researchers, practitioners and scholars working in areas related to future smart grid systems

The US-China military and defense relationship during the Obama presidency

Publisher PD

Rational Cybersecurity for Business

Use the guidance in this comprehensive field guide to gain the support of your top executives for aligning a rational cybersecurity plan with your business. You will learn how to improve working relationships with stakeholders in complex digital businesses, IT, and development environments. You will know how to prioritize your security program, and motivate and retain your team. Misalignment between security and your business can start at the top at the C-suite or happen at the line of business, IT, development, or user level. It has a corrosive effect on any security project it touches. But it does not have to be like this. Author Dan Blum presents valuable lessons learned from interviews with over 70 security and business leaders. You will discover how to successfully solve issues related to: risk management, operational security, privacy protection, hybrid cloud management, security culture and user awareness, and communication challenges. This open access book presents six priority areas to focus on to maximize the effectiveness of your cybersecurity program: risk management, control baseline, security culture, IT rationalization, access control, and cyber-resilience. Common challenges and good practices are provided for businesses of different types and sizes. And more than 50 specific keys to alignment are included. What You Will Learn Improve your security culture: clarify security-related roles, communicate effectively to businesspeople, and hire, motivate, or retain outstanding security staff by creating a sense of efficacy Develop a consistent accountability model, information risk taxonomy, and risk management framework Adopt a security and risk governance model consistent with your business structure or culture, manage policy, and optimize security budgeting within the larger business unit and CIO organization IT spend Tailor a control baseline to your organization’s maturity level, regulatory requirements, scale, circumstances, and critical assets Help CIOs, Chief Digital Officers, and other executives to develop an IT strategy for curating cloud solutions and reducing shadow IT, building up DevSecOps and Disciplined Agile, and more Balance access control and accountability approaches, leverage modern digital identity standards to improve digital relationships, and provide data governance and privacy-enhancing capabilities Plan for cyber-resilience: work with the SOC, IT, business groups, and external sources to coordinate incident response and to recover from outages and come back stronger Integrate your learnings from this book into a quick-hitting rational cybersecurity success plan Who This Book Is For Chief Information Security Officers (CISOs) and other heads of security, security directors and managers, security architects and project leads, and other team members providing security leadership to your busines

A methodology for cooperation between electric utilities and consumers for microgrid utilization based on a systems engineering approach

In recent years, the energy market has experienced important challenges in its structure and requirements of its actors, such as the necessity for more reliable electric service, energy efficiency, environmental care practices, and the incorporation of decentralized power generation based on distributed energy resources (DER). Given this context, microgrids offer several advantages to the grid and its actors. However, few microgrid projects have been implemented, and the participation of electric utilities is lower than the expected. Hence, this research explores how electric utility - customer interactions can accommodate mutual benefits for both parties through the proposal of a Microgrid Reference Methodology (MRM) that guides the cooperation of these actors for future microgrid projects. For this research, an understanding of the microgrid system was imperative; hence, the interests and concerns of electric utilities and industrial customers were determined via questionnaires, interviews, and a literature review of specialized articles, books, and magazines. In addition, the MRM development was based on different frameworks and concepts from the fields of Systems Engineering, System of Systems, Management Science, and Infrastructure Architectures. The proposed MRM uses a four-level microgrid system in which the delta (business) level is added to the other three levels that are traditionally analyzed in microgrid design and modeling. The steps and processes necessary to determine the actors in the system and their interests, goals, criteria, and factors are exemplified with a generic case study, in which the proposed MRM evaluates the impact of different alternatives on the objectives of both parties. In addition, it was possible to identify external factors that can be influenced by other actors, such as regulators and government, to incentivize the implementation of microgrid projects

Project Management in the Fourth Industrial Revolution. Beer production project

El objetivo de este documento es encontrar soluciones a los problemas de gestión de proyectos que surgen como consecuencia de la cuarta revolución industrial, que está cambiando la industria tal y como la conocemos y nos sitúa en un punto crítico de adaptación a una nueva realidad que traerá consigo grandes oportunidades y también grandes riesgos. Además, la gestión de los nuevos proyectos 4.0 supondrá un reto de comunicación entre expertos en tecnologías y lenguajes informáticos muy diferentes, por lo que este documento destaca los elementos a tener en cuenta en la revolución tecnológica y estudia cómo gestionar un proyecto en una Smart factory.The aim of this document is to find solutions to the project management problems that arise as a result of the fourth industrial revolution, which is changing industry as we know it and places us at a critical point of adaptation to a new reality that will bring great opportunities as well as great risks. In addition, the management of new 4.0 projects will pose a challenge for communication between experts in very different technologies and computer languages, which is why this document highlights the elements to be taken into account in the technological revolution and studies how to manage a project in a Smart factory.Hochschule Albstadt-SigmaringenGrado en Ingeniería en Organización Industria