A Conceptual Model for the Development of a National Cybersecurity Index: An Integrated Framework

As ICT and cyberspace become sources of impressive innovation, the reliance of organizations, governments, and people on them will increase. However, with this vast reliance, hazardous vulnerabilities have emerged. These vulnerabilities may be exploited, resulting in information and cybersecurity issues at the national as well as the international levels. Cybersecurity is critical for sustaining resilience in critical infrastructures (CI) as well as information infrastructures (CII). Accordingly, cybersecurity should be incorporated into the economic and national security model of a nation. With this in mind, a cybersecurity index is a necessary tool to compare the performance of nations in terms of cybersecurity initiatives, and in articulating effective cybersecurity policies and strategies. This paper proposes a holistic framework for building a cybersecurity index taking into consideration the technological, legal, economic, cultural, and international relations factors pertinent to countries and paves the way for cybersecurity measures and metrics to be established and tested

Akıllı şehirlerdeki kritik altyapıların siber güvenliği

Smart city is a trending topic that many researchers from different disciplines are interested in. Even though it is supposed to be a study field of public administration, it has also technical dimensions which are focused on by researchers from engineering sciences. On the other hand, there is a security dimension of smart cities which has a boundary that includes multidisciplinary contributions. The security of cities has been an essential issue throughout the ages, but with the emergence of smart cities, the development of internet and communication technologies, and as a consequence of interconnection of critical infra structures in the smart cities, a new dimension of security has been emerged as the headline of security studies. This headline is cyber security. This study aims to investigate cyber security issues in smart cities particularly focusing on critical infrastructures and presents a recommendatory model for providing cyber security of critical infrastructures in smart cities.Akıllı şehir birçok farklı alandan araştırmacıların ilgisini çeken popüler bir konudur. Kamu yönetimi alanında bir çalışma alanı olmasına rağmen, mühendislik bilimlerindeki araştırmacılar tarafından odaklanılan teknik boyutlara da sahiptir. Öte yandan, çok disiplinli katkıları içeren bir sınırı olan akıllı şehirlerin bir de güvenlik boyutu vardır. Şehirlerin güvenliği, çağlar boyunca önemli bir mesele olmuştur, ancak akıllı şehirlerin ortaya çıkması, internet ve iletişim teknolojilerinin gelişimi ve akıllı şehirlerdeki kritik alt yapıların sanal ağlarla birbirlerine bağlanması sonucunda, güvenliğin yeni bir boyutu güvenlik çalışmalarının ana başlığı haline gelmiştir. Bu başlık siber güvenliktir. Bu çalışma, akıllı şehirlerde özellikle kritik altyapılara odaklanan siber güvenlik meselelerini sorgulamayı amaçlamakta ve akıllı şehirlerdeki kritikaltyapıların siber güvenliğini sağlamak için öneri niteliğinde bir model ortaya koymaktadır

Artificial Intelligence Techniques to Prevent Cyber Attacks on Smart Grids

Energy is one of the main elements that allows society to maintain its living standards and continue as usual. For this reason, the energy distribution is both one of the most important and targeted by attacks Critical Infrastructure. Many of the other Critical Infrastructures rely on energy to work reliably. Some states are particularly interested in getting stealth access to -and take control of- energy production and distribution of other Nations. This way they can create huge disruption and get a significant advantage in case of conflict. In the recent past, we could observe some real-life demonstrations of this fact. The introduction of smart grids and ICT in the management of energy infrastructures has great benefits but also introduces new attack surfaces and ways for attackers to gain control. As a benefit, we can also collect more data and metrics to better understand the state of the grid. New techniques based on Artificial Intelligence and machine learning can take advantage of the available data to help the protection of the infrastructures and detect ongoing threats. Smart Meters which are connected intelligent devices spread over the grid and the geographical distribution of the population. For this reason, they can be very useful data collection assets but also a target for attack. In this paper, the authors consider and analyze various innovative techniques that can be used to enhance the security and reliability of Smart Grids.</p

Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power Systems

The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks is to execute a series of disruptive switching executions on multiple substations using compromised supervisory control and data acquisition (SCADA) systems. These actions can cause significant impacts to an interconnected power grid. Unlike the previous power blackouts, such high-impact initiating events can aggravate operating conditions, initiating instability that may lead to system-wide cascading failure. A systemic evaluation of "nightmare" scenarios is highly desirable for asset owners to manage and prioritize the maintenance and investment in protecting their cyberinfrastructure. This survey paper is a conceptual expansion of real-time monitoring, anomaly detection, impact analyses, and mitigation (RAIM) framework that emphasizes on the resulting impacts, both on steady-state and dynamic aspects of power system stability. Hypothetically, we associate the combinatorial analyses of steady state on substations/components outages and dynamics of the sequential switching orders as part of the permutation. The expanded framework includes (1) critical/noncritical combination verification, (2) cascade confirmation, and (3) combination re-evaluation. This paper ends with a discussion of the open issues for metrics and future design pertaining the impact quantification of cyber-related contingencies

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Networked world: Risks and opportunities in the Internet of Things

The Internet of Things (IoT) – devices that are connected to the Internet and collect and use data to operate – is about to transform society. Everything from smart fridges and lightbulbs to remote sensors and cities will collect data that can be analysed and used to provide a wealth of bespoke products and services. The impacts will be huge - by 2020, some 25 billion devices will be connected to the Internet with some studies estimating this number will rise to 125 billion in 2030. These will include many things that have never been connected to the Internet before. Like all new technologies, IoT offers substantial new opportunities which must be considered in parallel with the new risks that come with it. To make sense of this new world, Lloyd’s worked with University College London’s (UCL) Department of Science, Technology, Engineering and Public Policy (STEaPP) and the PETRAS IoT Research Hub to publish this report. ‘Networked world’ analyses IoT’s opportunities, risks and regulatory landscape. It aims to help insurers understand potential exposures across marine, smart homes, water infrastructure and agriculture while highlighting the implications for insurance operations and product development. The report also helps risk managers assess how this technology could impact their businesses and consider how they can mitigate associated risks

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures comprise of many interconnected cyber and physical assets, and as such are large scale cyber-physical systems. Hence, the conventional approach of securing these infrastructures by addressing cyber security and physical security separately is no longer effective. Rather more integrated approaches that address the security of cyber and physical assets at the same time are required. This book presents integrated (i.e. cyber and physical) security approaches and technologies for the critical infrastructures that underpin our societies. Specifically, it introduces advanced techniques for threat detection, risk assessment and security information sharing, based on leading edge technologies like machine learning, security knowledge modelling, IoT security and distributed ledger infrastructures. Likewise, it presets how established security technologies like Security Information and Event Management (SIEM), pen-testing, vulnerability assessment and security data analytics can be used in the context of integrated Critical Infrastructure Protection. The novel methods and techniques of the book are exemplified in case studies involving critical infrastructures in four industrial sectors, namely finance, healthcare, energy and communications. The peculiarities of critical infrastructure protection in each one of these sectors is discussed and addressed based on sector-specific solutions. The advent of the fourth industrial revolution (Industry 4.0) is expected to increase the cyber-physical nature of critical infrastructures as well as their interconnection in the scope of sectorial and cross-sector value chains. Therefore, the demand for solutions that foster the interplay between cyber and physical security, and enable Cyber-Physical Threat Intelligence is likely to explode. In this book, we have shed light on the structure of such integrated security systems, as well as on the technologies that will underpin their operation. We hope that Security and Critical Infrastructure Protection stakeholders will find the book useful when planning their future security strategies

Mapping Cloud-Edge-IoT opportunities and challenges in Europe

While current data processing predominantly occurs in centralized facilities, with a minor portion handled by smart objects, a shift is anticipated, with a surge in data originating from smart devices. This evolution necessitates reconfiguring the infrastructure, emphasising computing capabilities at the cloud's "edge" closer to data sources. This change symbolises the merging of cloud, edge, and IoT technologies into a unified network infrastructure - a Computing Continuum - poised to redefine tech interactions, offering novel prospects across diverse sectors. The computing continuum is emerging as a cornerstone of tech advancement in the contemporary digital era. This paper provides an in-depth exploration of the computing continuum, highlighting its potential, practical implications, and the adjustments required to tackle existing challenges. It emphasises the continuum's real-world applications, market trends, and its significance in shaping Europe's tech future

Challenges in Cybersecurity and Privacy - the European Research Landscape

Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical systems and IoT, since they present additional vulnerabilities due to their constrained capabilities, their unattended nature and the usage of potential untrustworthiness components. Likewise, identity-theft, fraud, personal data leakages, and other related cyber-crimes are continuously evolving, causing important damages and privacy problems for European citizens in both virtual and physical scenarios. In this context, new holistic approaches, methodologies, techniques and tools are needed to cope with those issues, and mitigate cyberattacks, by employing novel cyber-situational awareness frameworks, risk analysis and modeling, threat intelligent systems, cyber-threat information sharing methods, advanced big-data analysis techniques as well as exploiting the benefits from latest technologies such as SDN/NFV and Cloud systems. In addition, novel privacy-preserving techniques, and crypto-privacy mechanisms, identity and eID management systems, trust services, and recommendations are needed to protect citizens’ privacy while keeping usability levels. The European Commission is addressing the challenge through different means, including the Horizon 2020 Research and Innovation program, thereby financing innovative projects that can cope with the increasing cyberthreat landscape. This book introduces several cybersecurity and privacy research challenges and how they are being addressed in the scope of 15 European research projects. Each chapter is dedicated to a different funded European Research project, which aims to cope with digital security and privacy aspects, risks, threats and cybersecurity issues from a different perspective. Each chapter includes the project’s overviews and objectives, the particular challenges they are covering, research achievements on security and privacy, as well as the techniques, outcomes, and evaluations accomplished in the scope of the EU project. The book is the result of a collaborative effort among relative ongoing European Research projects in the field of privacy and security as well as related cybersecurity fields, and it is intended to explain how these projects meet the main cybersecurity and privacy challenges faced in Europe. Namely, the EU projects analyzed in the book are: ANASTACIA, SAINT, YAKSHA, FORTIKA, CYBECO, SISSDEN, CIPSEC, CS-AWARE. RED-Alert, Truessec.eu. ARIES, LIGHTest, CREDENTIAL, FutureTrust, LEPS. Challenges in Cybersecurity and Privacy - the European Research Landscape is ideal for personnel in computer/communication industries as well as academic staff and master/research students in computer science and communications networks interested in learning about cyber-security and privacy aspects