Building the Operational Technology (OT) Cybersecurity Workforce: What are Employers Looking for?

A trained workforce is needed to protect operational technology (OT) and industrial control systems (ICS) within national critical infrastructure and critical industries. However, what knowledge, skills, and credentials are employers looking for in OT cybersecurity professionals? To best train the next generation of OT cybersecurity professionals, an understanding of current OT cybersecurity position requirements is needed. Thus, this work analyzes 100 OT cybersecurity positions to provide insights on key prerequisite requirements such as prior professional experience, education, industry certifications, security clearances, programming expertise, soft verbal and written communication skills, knowledge of OT frameworks, standards, and network communication protocols, and position travel. We found that OT cybersecurity roles are typically non-entry level, as experience was the most common requirement, and was required on 95% of analyzed positions. Possession of a bachelor’s degree or higher was required for 82% of positions, while industry certifications such as the Certified Information Systems Security Professional (CISSP) or the Global Information Assurance Certification (GIAC) Global Industrial Cyber Security Professional (GICSP) were listed on 64% of positions. Knowledge of OT or IT frameworks and standards and strong communication skills were listed on 48% of positions, while programming expertise, possession of the United States security clearance, and knowledge of OT or IT networking protocols were required for 18%, 24%, and 27% of positions, respectively. A work travel requirement was listed on 29% of positions. Individuals seeking to enter the OT cybersecurity field, and educational programs focusing on training OT cybersecurity professionals should prioritize obtaining experience, education, and certification, possessing strong communication skills, and knowledge of relevant OT and IT industry standards and frameworks

Cyber warfare: threats and opportunities

Relatório apresentado à Universidade Fernando Pessoa como parte dos requisitos para o cumprimento do programa de Pós-Doutoramento em Ciências da InformaçãoCybersecurity has gone through several changes that have presented new challenges in recent years, complicated by the rise of cybercrime and digital warfare. With the introduction of militarizing the space domain, it has become apparent that we must consider multidomain concepts. Thus, the threat landscape has again shifted, and defenders must become knowledgeable about how the cyber domain crosses into maritime, land, air, and space. The traditional thinking of protecting enterprise systems locked away in a building is no longer. Thus, we have the emergence of cyber warfare and cyber as a fifth domain that brings together maritime, land, space, and air. These domains are not just for the military but the civilian sector as well. Understanding the role of cyber and how it can be used to take advantage or secure the remaining domains will give entities the upper hand in strategy. The technological advancements that pave the way to the mass implementation of the Internet of Things (IoT) and Internet connectivity to everyday devices have led to an explosion in cyberattacks such as breaches resulting in millions of accounts being compromised. (Dawson, Eltayeb, & Omar, 2016). Bad actors such as those focused on criminal activities regarding human trafficking and espionage navigate these domains to circumvent law enforcement agencies globally. We must understand how exploitation, circumvention, and defense needs to occur in a multidomain concept. However, knowing that the cyber domain is a domain that goes through land, maritime, space, and air can be an area that serves as a central point for realizing assured security. Executive Orders (EO), laws, policies, doctrine, and other directives have shaped the landscape of cybersecurity. New EOs have been released that allow a cyber-attack with responsive measures such as one that involves military force. Laws created that impose rights for Personal Identifiable Information (PII) being breached, leaving millions of individuals unprotected. One of these most well-known items is General Data Protection Regulation (GDPR) as it relates to the European Union (EU) and the evolving threats with hyperconnectivity (Martínez, 2019a; Martínez, 2019b). Understanding the role of cybercrime and digital warfare and how they continue to play in shaping the technological landscape is critical. These various actions change the spectrum regarding combating nefarious actors or design errors that leave the system susceptible. As attacks continue to rise from bad actors such as nation-states, terrorists, and other entities, it is essential to understand the threat landscape and select cybersecurity methodologies that can be put in place to provide adequate measures. This document presents the work form a post-doctoral project that provides a perspective of cybersecurity under a information science perspective. This six-month project allows to stress the broadly importance that information and its management (not just within the information security context), and the urgent need to deal with cybersecurity as a societal challenge. The document is organized in four main chapters presenting different but complementary issues, going from high level to a more operational level: National Cybersecurity Education: Bridging Defense to Offense, stressing the importance of societal awareness and education. Emerging Technologies in the Fourth Industrial Revolution, stressing the importance to consider cybersecurity issues as core ones, even to economic and production areas. Nefarious Activities within the Deep Layers of the Internet, stressing the need to be part of digital places where information is traded, shared and, even sometimes, created. The fourth chapter provide a few hints and issues related with software development and test: Software Security Considerations. A final session presents several remarks as Final Thoughts, closing the work pointing out some of the current challenges that we are facing of.N/

Unmanned Aircraft Systems in the Cyber Domain

Unmanned Aircraft Systems are an integral part of the US national critical infrastructure. The authors have endeavored to bring a breadth and quality of information to the reader that is unparalleled in the unclassified sphere. This textbook will fully immerse and engage the reader / student in the cyber-security considerations of this rapidly emerging technology that we know as unmanned aircraft systems (UAS). The first edition topics covered National Airspace (NAS) policy issues, information security (INFOSEC), UAS vulnerabilities in key systems (Sense and Avoid / SCADA), navigation and collision avoidance systems, stealth design, intelligence, surveillance and reconnaissance (ISR) platforms; weapons systems security; electronic warfare considerations; data-links, jamming, operational vulnerabilities and still-emerging political scenarios that affect US military / commercial decisions. This second edition discusses state-of-the-art technology issues facing US UAS designers. It focuses on counter unmanned aircraft systems (C-UAS) – especially research designed to mitigate and terminate threats by SWARMS. Topics include high-altitude platforms (HAPS) for wireless communications; C-UAS and large scale threats; acoustic countermeasures against SWARMS and building an Identify Friend or Foe (IFF) acoustic library; updates to the legal / regulatory landscape; UAS proliferation along the Chinese New Silk Road Sea / Land routes; and ethics in this new age of autonomous systems and artificial intelligence (AI).https://newprairiepress.org/ebooks/1027/thumbnail.jp

Interaction Between Traditional Media and Social Media Coverage on Social Issues in China: A Content Analysis

Professional project report submitted in partial fulfillment of the requirements for the degree of Masters of Arts in Journalism from the School of Journalism, University of Missouri--Columbia.To what extent does online public opinion and traditional media coverage interact with each other on social issues in China? This research employs a content analysis of 524 Weibo posts and 327 news articles regarding a social incident in China. The researcher uses Chi-square tests to compare the use of alternative media and the frame selection of social media and traditional media in different phases. Social media and traditional media react differently when covering social issues. Social media have a better interaction with traditional media while traditional media make less reference to social media. Additionally, social media and traditional media play different social roles when covering public affairs by selecting different frames. Even if the traditional media are partially free and under the government control, social media can hardly substitute the role of social responsibility of traditional media in defining the problem and issue treatment. Noticeably, the choices of frame in both social media and traditional media are not influenced by their interactions, but instead by different time frames. Discussion focuses on the changes in the roles played by media, government, and Chinese citizens.Includes bibliographic references

Cyber Infrastructure Protection: Vol. II

View the Executive SummaryIncreased reliance on the Internet and other networked systems raise the risks of cyber attacks that could harm our nation’s cyber infrastructure. The cyber infrastructure encompasses a number of sectors including: the nation’s mass transit and other transportation systems; banking and financial systems; factories; energy systems and the electric power grid; and telecommunications, which increasingly rely on a complex array of computer networks, including the public Internet. However, many of these systems and networks were not built and designed with security in mind. Therefore, our cyber infrastructure contains many holes, risks, and vulnerabilities that may enable an attacker to cause damage or disrupt cyber infrastructure operations. Threats to cyber infrastructure safety and security come from hackers, terrorists, criminal groups, and sophisticated organized crime groups; even nation-states and foreign intelligence services conduct cyber warfare. Cyber attackers can introduce new viruses, worms, and bots capable of defeating many of our efforts. Costs to the economy from these threats are huge and increasing. Government, business, and academia must therefore work together to understand the threat and develop various modes of fighting cyber attacks, and to establish and enhance a framework to assess the vulnerability of our cyber infrastructure and provide strategic policy directions for the protection of such an infrastructure. This book addresses such questions as: How serious is the cyber threat? What technical and policy-based approaches are best suited to securing telecommunications networks and information systems infrastructure security? What role will government and the private sector play in homeland defense against cyber attacks on critical civilian infrastructure, financial, and logistical systems? What legal impediments exist concerning efforts to defend the nation against cyber attacks, especially in preventive, preemptive, and retaliatory actions?https://press.armywarcollege.edu/monographs/1527/thumbnail.jp

Search Rank Fraud Prevention in Online Systems

The survival of products in online services such as Google Play, Yelp, Facebook and Amazon, is contingent on their search rank. This, along with the social impact of such services, has also turned them into a lucrative medium for fraudulently influencing public opinion. Motivated by the need to aggressively promote products, communities that specialize in social network fraud (e.g., fake opinions and reviews, likes, followers, app installs) have emerged, to create a black market for fraudulent search optimization. Fraudulent product developers exploit these communities to hire teams of workers willing and able to commit fraud collectively, emulating realistic, spontaneous activities from unrelated people. We call this behavior “search rank fraud”. In this dissertation, we argue that fraud needs to be proactively discouraged and prevented, instead of only reactively detected and filtered. We introduce two novel approaches to discourage search rank fraud in online systems. First, we detect fraud in real-time, when it is posted, and impose resource consuming penalties on the devices that post activities. We introduce and leverage several novel concepts that include (i) stateless, verifiable computational puzzles that impose minimal performance overhead, but enable the efficient verification of their authenticity, (ii) a real-time, graph based solution to assign fraud scores to user activities, and (iii) mechanisms to dynamically adjust puzzle difficulty levels based on fraud scores and the computational capabilities of devices. In a second approach, we introduce the problem of fraud de-anonymization: reveal the crowdsourcing site accounts of the people who post large amounts of fraud, thus their bank accounts, and provide compelling evidence of fraud to the users of products that they promote. We investigate the ability of our solutions to ensure that fraud does not pay off

Unmanned Vehicle Systems & Operations on Air, Sea, Land

Unmanned Vehicle Systems & Operations On Air, Sea, Land is our fourth textbook in a series covering the world of Unmanned Aircraft Systems (UAS) and Counter Unmanned Aircraft Systems (CUAS). (Nichols R. K., 2018) (Nichols R. K., et al., 2019) (Nichols R. , et al., 2020)The authors have expanded their purview beyond UAS / CUAS systems. Our title shows our concern for growth and unique cyber security unmanned vehicle technology and operations for unmanned vehicles in all theaters: Air, Sea and Land – especially maritime cybersecurity and China proliferation issues. Topics include: Information Advances, Remote ID, and Extreme Persistence ISR; Unmanned Aerial Vehicles & How They Can Augment Mesonet Weather Tower Data Collection; Tour de Drones for the Discerning Palate; Underwater Autonomous Navigation & other UUV Advances; Autonomous Maritime Asymmetric Systems; UUV Integrated Autonomous Missions & Drone Management; Principles of Naval Architecture Applied to UUV’s; Unmanned Logistics Operating Safely and Efficiently Across Multiple Domains; Chinese Advances in Stealth UAV Penetration Path Planning in Combat Environment; UAS, the Fourth Amendment and Privacy; UV & Disinformation / Misinformation Channels; Chinese UAS Proliferation along New Silk Road Sea / Land Routes; Automaton, AI, Law, Ethics, Crossing the Machine – Human Barrier and Maritime Cybersecurity.Unmanned Vehicle Systems are an integral part of the US national critical infrastructure The authors have endeavored to bring a breadth and quality of information to the reader that is unparalleled in the unclassified sphere. Unmanned Vehicle (UV) Systems & Operations On Air, Sea, Land discusses state-of-the-art technology / issues facing U.S. UV system researchers / designers / manufacturers / testers. We trust our newest look at Unmanned Vehicles in Air, Sea, and Land will enrich our students and readers understanding of the purview of this wonderful technology we call UV.https://newprairiepress.org/ebooks/1035/thumbnail.jp

Cyber Law and Espionage Law as Communicating Vessels

Professor Lubin\u27s contribution is Cyber Law and Espionage Law as Communicating Vessels, pp. 203-225. Existing legal literature would have us assume that espionage operations and “below-the-threshold” cyber operations are doctrinally distinct. Whereas one is subject to the scant, amorphous, and under-developed legal framework of espionage law, the other is subject to an emerging, ever-evolving body of legal rules, known cumulatively as cyber law. This dichotomy, however, is erroneous and misleading. In practice, espionage and cyber law function as communicating vessels, and so are better conceived as two elements of a complex system, Information Warfare (IW). This paper therefore first draws attention to the similarities between the practices – the fact that the actors, technologies, and targets are interchangeable, as are the knee-jerk legal reactions of the international community. In light of the convergence between peacetime Low-Intensity Cyber Operations (LICOs) and peacetime Espionage Operations (EOs) the two should be subjected to a single regulatory framework, one which recognizes the role intelligence plays in our public world order and which adopts a contextual and consequential method of inquiry. The paper proceeds in the following order: Part 2 provides a descriptive account of the unique symbiotic relationship between espionage and cyber law, and further explains the reasons for this dynamic. Part 3 places the discussion surrounding this relationship within the broader discourse on IW, making the claim that the convergence between EOs and LICOs, as described in Part 2, could further be explained by an even larger convergence across all the various elements of the informational environment. Parts 2 and 3 then serve as the backdrop for Part 4, which details the attempt of the drafters of the Tallinn Manual 2.0 to compartmentalize espionage law and cyber law, and the deficits of their approach. The paper concludes by proposing an alternative holistic understanding of espionage law, grounded in general principles of law, which is more practically transferable to the cyber realmhttps://www.repository.law.indiana.edu/facbooks/1220/thumbnail.jp