Critical Infrastructure Protection Metrics and Tools Papers and Presentations

Contents: Dr. Hilda Blanco: Prioritizing Assets in Critical Infrastructure Systems; Christine Poptanich: Strategic Risk Analysis; Geoffrey S. French/Jin Kim: Threat-Based Approach to Risk Case Study: Strategic Homeland Infrastructure Risk Assessment (SHIRA); William L. McGill: Techniques for Adversary Threat Probability Assessment; Michael R. Powers: The Mathematics of Terrorism Risk Stefan Pickl: SOA Approach to the IT-based Protection of CIP; Richard John: Probabilistic Project Management for a Terrorist Planning a Dirty Bomb Attack on a Major US Port; LCDR Brady Downs: Maritime Security Risk Analysis Model (MSRAM); Chel Stromgren: Terrorism Risk Assessment and Management (TRAM); Steve Lieberman: Convergence of CIP and COOP in Banking and Finance; Harry Mayer: Assessing the Healthcare and Public Health Sector with Model Based Risk Analysis; Robert Powell: How Much and On What? Defending and Deterring Strategic Attackers; Ted G. Lewis: Why Do Networks Cascade

Security in Cloud Computing: Evaluation and Integration

Au cours de la dernière décennie, le paradigme du Cloud Computing a révolutionné la manière dont nous percevons les services de la Technologie de l’Information (TI). Celui-ci nous a donné l’opportunité de répondre à la demande constamment croissante liée aux besoins informatiques des usagers en introduisant la notion d’externalisation des services et des données. Les consommateurs du Cloud ont généralement accès, sur demande, à un large éventail bien réparti d’infrastructures de TI offrant une pléthore de services. Ils sont à même de configurer dynamiquement les ressources du Cloud en fonction des exigences de leurs applications, sans toutefois devenir partie intégrante de l’infrastructure du Cloud. Cela leur permet d’atteindre un degré optimal d’utilisation des ressources tout en réduisant leurs coûts d’investissement en TI. Toutefois, la migration des services au Cloud intensifie malgré elle les menaces existantes à la sécurité des TI et en crée de nouvelles qui sont intrinsèques à l’architecture du Cloud Computing. C’est pourquoi il existe un réel besoin d’évaluation des risques liés à la sécurité du Cloud durant le procédé de la sélection et du déploiement des services. Au cours des dernières années, l’impact d’une efficace gestion de la satisfaction des besoins en sécurité des services a été pris avec un sérieux croissant de la part des fournisseurs et des consommateurs. Toutefois, l’intégration réussie de l’élément de sécurité dans les opérations de la gestion des ressources du Cloud ne requiert pas seulement une recherche méthodique, mais aussi une modélisation méticuleuse des exigences du Cloud en termes de sécurité. C’est en considérant ces facteurs que nous adressons dans cette thèse les défis liés à l’évaluation de la sécurité et à son intégration dans les environnements indépendants et interconnectés du Cloud Computing. D’une part, nous sommes motivés à offrir aux consommateurs du Cloud un ensemble de méthodes qui leur permettront d’optimiser la sécurité de leurs services et, d’autre part, nous offrons aux fournisseurs un éventail de stratégies qui leur permettront de mieux sécuriser leurs services d’hébergements du Cloud. L’originalité de cette thèse porte sur deux aspects : 1) la description innovatrice des exigences des applications du Cloud relativement à la sécurité ; et 2) la conception de modèles mathématiques rigoureux qui intègrent le facteur de sécurité dans les problèmes traditionnels du déploiement des applications, d’approvisionnement des ressources et de la gestion de la charge de travail au coeur des infrastructures actuelles du Cloud Computing. Le travail au sein de cette thèse est réalisé en trois phases.----------ABSTRACT: Over the past decade, the Cloud Computing paradigm has revolutionized the way we envision IT services. It has provided an opportunity to respond to the ever increasing computing needs of the users by introducing the notion of service and data outsourcing. Cloud consumers usually have online and on-demand access to a large and distributed IT infrastructure providing a plethora of services. They can dynamically configure and scale the Cloud resources according to the requirements of their applications without becoming part of the Cloud infrastructure, which allows them to reduce their IT investment cost and achieve optimal resource utilization. However, the migration of services to the Cloud increases the vulnerability to existing IT security threats and creates new ones that are intrinsic to the Cloud Computing architecture, thus the need for a thorough assessment of Cloud security risks during the process of service selection and deployment. Recently, the impact of effective management of service security satisfaction has been taken with greater seriousness by the Cloud Service Providers (CSP) and stakeholders. Nevertheless, the successful integration of the security element into the Cloud resource management operations does not only require methodical research, but also necessitates the meticulous modeling of the Cloud security requirements. To this end, we address throughout this thesis the challenges to security evaluation and integration in independent and interconnected Cloud Computing environments. We are interested in providing the Cloud consumers with a set of methods that allow them to optimize the security of their services and the CSPs with a set of strategies that enable them to provide security-aware Cloud-based service hosting. The originality of this thesis lies within two aspects: 1) the innovative description of the Cloud applications’ security requirements, which paved the way for an effective quantification and evaluation of the security of Cloud infrastructures; and 2) the design of rigorous mathematical models that integrate the security factor into the traditional problems of application deployment, resource provisioning, and workload management within current Cloud Computing infrastructures. The work in this thesis is carried out in three phases

SYNERGY OF BUILDING CYBERSECURITY SYSTEMS

The development of the modern world community is closely related to advances in computing resources and cyberspace. The formation and expansion of the range of services is based on the achievements of mankind in the field of high technologies. However, the rapid growth of computing resources, the emergence of a full-scale quantum computer tightens the requirements for security systems not only for information and communication systems, but also for cyber-physical systems and technologies. The methodological foundations of building security systems for critical infrastructure facilities based on modeling the processes of behavior of antagonistic agents in security systems are discussed in the first chapter. The concept of information security in social networks, based on mathematical models of data protection, taking into account the influence of specific parameters of the social network, the effects on the network are proposed in second chapter. The nonlinear relationships of the parameters of the defense system, attacks, social networks, as well as the influence of individual characteristics of users and the nature of the relationships between them, takes into account. In the third section, practical aspects of the methodology for constructing post-quantum algorithms for asymmetric McEliece and Niederreiter cryptosystems on algebraic codes (elliptic and modified elliptic codes), their mathematical models and practical algorithms are considered. Hybrid crypto-code constructions of McEliece and Niederreiter on defective codes are proposed. They can significantly reduce the energy costs for implementation, while ensuring the required level of cryptographic strength of the system as a whole. The concept of security of corporate information and educational systems based on the construction of an adaptive information security system is proposed. ISBN 978-617-7319-31-2 (on-line)ISBN 978-617-7319-32-9 (print) ------------------------------------------------------------------------------------------------------------------ How to Cite: Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O., Korol, O., Milevskyi, S. et. al.; Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O. (Eds.) (2021). Synergy of building cybersecurity systems. Kharkiv: РС ТЕСHNOLOGY СЕNTЕR, 188. doi: http://doi.org/10.15587/978-617-7319-31-2 ------------------------------------------------------------------------------------------------------------------ Indexing:                    Розвиток сучасної світової спільноти тісно пов’язаний з досягненнями в області обчислювальних ресурсів і кіберпростору. Формування та розширення асортименту послуг базується на досягненнях людства у галузі високих технологій. Однак стрімке зростання обчислювальних ресурсів, поява повномасштабного квантового комп’ютера посилює вимоги до систем безпеки не тільки інформаційно-комунікаційних, але і до кіберфізичних систем і технологій. У першому розділі обговорюються методологічні основи побудови систем безпеки для об'єктів критичної інфраструктури на основі моделювання процесів поведінки антагоністичних агентів у систем безпеки. У другому розділі пропонується концепція інформаційної безпеки в соціальних мережах, яка заснована на математичних моделях захисту даних, з урахуванням впливу конкретних параметрів соціальної мережі та наслідків для неї. Враховуються нелінійні взаємозв'язки параметрів системи захисту, атак, соціальних мереж, а також вплив індивідуальних характеристик користувачів і характеру взаємовідносин між ними. У третьому розділі розглядаються практичні аспекти методології побудови постквантових алгоритмів для асиметричних криптосистем Мак-Еліса та Нідеррейтера на алгебраїчних кодах (еліптичних та модифікованих еліптичних кодах), їх математичні моделі та практичні алгоритми. Запропоновано гібридні конструкції криптокоду Мак-Еліса та Нідеррейтера на дефектних кодах. Вони дозволяють істотно знизити енергетичні витрати на реалізацію, забезпечуючи при цьому необхідний рівень криптографічної стійкості системи в цілому. Запропоновано концепцію безпеки корпоративних інформаційних та освітніх систем, які засновані на побудові адаптивної системи захисту інформації. ISBN 978-617-7319-31-2 (on-line)ISBN 978-617-7319-32-9 (print) ------------------------------------------------------------------------------------------------------------------ Як цитувати: Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O., Korol, O., Milevskyi, S. et. al.; Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O. (Eds.) (2021). Synergy of building cybersecurity systems. Kharkiv: РС ТЕСHNOLOGY СЕNTЕR, 188. doi: http://doi.org/10.15587/978-617-7319-31-2 ------------------------------------------------------------------------------------------------------------------ Індексація:                 &nbsp

ENHANCING THE OPERATIONAL RESILIENCE OF CYBER- MANUFACTURING SYSTEMS (CMS) AGAINST CYBER-ATTACKS

Cyber-manufacturing systems (CMS) are interconnected production environments comprised of complex and networked cyber-physical systems (CPS) that can be instantiated across one or many locations. However, this vision of manufacturing environments ushers in the challenge of addressing new security threats to production systems that still contain traditional closed legacy elements. The widespread adoption of CMS has come with a dramatic increase in successful cyber-attacks. With a myriad of new targets and vulnerabilities, hackers have been able to cause significant economic losses by disrupting manufacturing operations, reducing outgoing product quality, and altering product designs. This research aims to contribute to the design of more resilient cyber-manufacturing systems. Traditional cybersecurity mechanisms focus on preventing the occurrence of cyber-attacks, improving the accuracy of detection, and increasing the speed of recovery. More often neglected is addressing how to respond to a successful attack during the time from the attack onset until the system recovery. We propose a novel approach that correlates the state of production and the timing of the attack to predict the effect on the manufacturing key performance indicators. Then a real-time decision strategy is deployed to select the appropriate response to maintain availability, utilization efficiency, and a quality ratio above degradation thresholds until recovery. Our goal is to demonstrate that the operational resilience of CMS can be enhanced such that the system will be able to withstand the advent of cyber-attacks while remaining operationally resilient. This research presents a novel framework to enhance the operational resilience of cyber-manufacturing systems against cyber-attacks. In contrast to other CPS where the general goal of operational resilience is to maintain a certain target level of availability, we propose a manufacturing-centric approach in which we utilize production key performance indicators as targets. This way we adopt a decision-making process for security in a way that is aligned with the operational strategy and bound to the socio-economic constraints inherent to manufacturing. Our proposed framework consists of four steps: 1) Identify: map CMS production goals, vulnerabilities, and resilience-enhancing mechanisms; 2) Establish: set targets of performance in production output, scrap rate, and downtime at different states; 3) Select: determine which mechanisms are needed and their triggering strategy, and 4) Deploy: integrate into the operation of the CMS the selected mechanisms, threat severity evaluation, and activation strategy. Lastly, we demonstrate via experimentation on a CMS testbed that this framework can effectively enhance the operational resilience of a CMS against a known cyber-attack

Examining the Risk Factors for Hospital Ransomware Attacks: A Qualitative Study

Ransomware attacks have started to affect the hospital industry and cause major disruptions in operations. There are at least five successful ransomware attacks that have affected hospitals. The only way they were able to regain access to their systems were to submit payment via bitcoin to the entity that conveyed the ransom or recover their systems from backups. In this study, we identified risk factors from published reports for hospital ransomware attacks. This study employed a qualitative review of published news articles and reports that discussed the events of the ransomware attacks. This exploratory method is appropriate for new and emerging topics and used to compare written text to established guidelines or models. We used the NIST Cyber Security Framework to code content and analyze information from journal articles, memos, blogs, research studies and white papers that contained information reported by the hospitals. Hospitals and media reports were not transparent in reporting detailed information surrounding the events of ransomware attacks. Overall, study results demonstrate that there are risk factors for hospitals to become targets for ransomware attacks

Evidence-based Cybersecurity: Data-driven and Abstract Models

Achieving computer security requires both rigorous empirical measurement and models to understand cybersecurity phenomena and the effectiveness of defenses and interventions. To address the growing scale of cyber-insecurity, my approach to protecting users employs principled and rigorous measurements and models. In this dissertation, I examine four cybersecurity phenomena. I show that data-driven and abstract modeling can reveal surprising conclusions about longterm, persistent problems, like spam and malware, and growing threats like data-breaches and cyber conflict. I present two data-driven statistical models and two abstract models. Both of the data-driven models show that the presence of heavy-tailed distributions can make naive analysis of trends and interventions misleading. First, I examine ten years of publicly reported data breaches and find that there has been no increase in size or frequency. I also find that reported and perceived increases can be explained by the heavy-tailed nature of breaches. In the second data-driven model, I examine a large spam dataset, analyzing spam concentrations across Internet Service Providers. Again, I find that the heavy-tailed nature of spam concentrations complicates analysis. Using appropriate statistical methods, I identify unique risk factors with significant impact on local spam levels. I then use the model to estimate the effect of historical botnet takedowns and find they are frequently ineffective at reducing global spam concentrations and have highly variable local effects. Abstract models are an important tool when data are unavailable. Even without data, I evaluate both known and hypothesized interventions used by search providers to protect users from malicious websites. I present a Markov model of malware spread and study the effect of two potential interventions: blacklisting and depreferencing. I find that heavy-tailed traffic distributions obscure the effects of interventions, but with my abstract model, I showed that lowering search rankings is a viable alternative to blacklisting infected pages. Finally, I study how game-theoretic models can help clarify strategic decisions in cyber-conflict. I find that, in some circumstances, improving the attribution ability of adversaries may decrease the likelihood of escalating cyber conflict

Reviewing qualitative research approaches in the context of critical infrastructure resilience

Modern societies are increasingly dependent on the proper functioning of critical infrastructures (CIs). CIs produce and distribute essential goods or services, as for power transmission systems, water treatment and distribution infrastructures, transportation systems, communication networks, nuclear power plants, and information technologies. Being resilient becomes a key property for CIs, which are constantly exposed to threats that can undermine safety, security, and business continuity. Nowadays, a variety of approaches exist in the context of CIs’ resilience research. This paper provides a state-of-the-art review on the approaches that have a complete qualitative dimension, or that can be used as entry points for semi-quantitative analyses. The study aims to uncover the usage of qualitative research methods through a systematic review based on PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses). The paper identifies four principal dimensions of resilience referred to CIs (i.e., techno-centric, organisational, community, and urban) and discusses the related qualitative methods. Besides many studies being focused on energy and transportation systems, the literature review allows to observe that interviews and questionnaires are most frequently used to gather qualitative data, besides a high percentage of mixed-method research. The article aims to provide a synthesis of literature on qualitative methods used for resilience research in the domain of CIs, detailing lessons learned from such approaches to shed lights on best practices and identify possible future research directions

Cyber defensive capacity and capability::A perspective from the financial sector of a small state

This thesis explores ways in which the financial sectors of small states are able todefend themselves against ever-growing cyber threats, as well as ways these states can improve their cyber defense capability in order to withstand current andfuture attacks. To date, the context of small states in general is understudied. This study presents the challenges faced by financial sectors in small states with regard to withstanding cyberattacks. This study applies a mixed method approach through the use of various surveys, brainstorming sessions with financial sector focus groups, interviews with critical infrastructure stakeholders, a literature review, a comparative analysis of secondary data and a theoretical narrative review. The findings suggest that, for the Aruban financial sector, compliance is important, as with minimal drivers, precautionary behavior is significant. Countermeasures of formal, informal, and technical controls need to be in place. This study indicates the view that defending a small state such as Aruba is challenging, yet enough economic indicators indicate it not being outside the realm of possibility. On a theoretical level, this thesis proposes a conceptual “whole-of-cyber” model inspired by military science and the VSM (Viable Systems Model). The concept of fighting power components and governance S4 function form cyber defensive capacity’s shield and capability. The “whole-of-cyber” approach may be a good way to compensate for the lack of resources of small states. Collaboration may be an only out, as the fastest-growing need will be for advanced IT skillsets

Decentralized Finance (DeFi): A Survey

Decentralized Finance (DeFi) is a new paradigm in the creation, distribution, and utilization of financial services via the integration of blockchain technology. Our research conducts a comprehensive introduction and meticulous classification of various DeFi applications. Beyond that, we thoroughly analyze these risks from both technical and economic perspectives, spanning multiple layers. We point out research gaps and revenues, covering technical advancements, innovative economics, and sociology and ecology optimization