Cyber Hygiene Maturity Assessment Framework for Smart Grid Scenarios

Cyber hygiene is a relatively new paradigm premised on the idea that organizations and stakeholders are able to achieve additional robustness and overall cybersecurity strength by implementing and following sound security practices. It is a preventive approach entailing high organizational culture and education for information cybersecurity to enhance resilience and protect sensitive data. In an attempt to achieve high resilience of Smart Grids against negative impacts caused by different types of common, predictable but also uncommon, unexpected, and uncertain threats and keep entities safe, the Secure and PrivatE smArt gRid (SPEAR) Horizon 2020 project has created an organization-wide cyber hygiene policy and developed a Cyber Hygiene Maturity assessment Framework (CHMF). This article presents the assessment framework for evaluating Cyber Hygiene Level (CHL) in relation to the Smart Grids. Complementary to the SPEAR Cyber Hygiene Maturity Model (CHMM), we propose a self-assessment methodology based on a questionnaire for Smart Grid cyber hygiene practices evaluation. The result of the assessment can be used as a cyber-health check to define countermeasures and to reapprove cyber hygiene rules and security standards and specifications adopted by the Smart Grid operator organization. The proposed methodology is one example of a resilient approach to cybersecurity. It can be applied for the assessment of the CHL of Smart Grids operating organizations with respect to a number of recommended good practices in cyber hygiene.This project has received funding from the European Union Horizon 2020 research and innovation program under grant agreement No. 787011 (SPEAR

Terrorist Capabilities for Cyberattack: Overview and Policy Issues

This report examines possible terrorists' objectives and computer vulnerabilities that might lead to an attempted cyberattack against the critical infrastructure of the U.S. homeland, and also discusses the emerging computer and other technical skills of terrorists and extremists. Policy issues include exploring ways to improve technology for cybersecurity, or whether U.S. counterterrorism efforts should be linked more closely to international efforts to prevent cybercrime

Unveiling the Potential of Open-Source Intelligence (OSINT) for Enhanced Cybersecurity Posture

Never before has it been more important to increase internal cybersecurity posture to prevent malicious activity, and organizations are forced to mobilize their resources to prepare for tomorrow's threats. Throughout the past few years, the usage of open-source intelligence (OSINT) has made its way from the military landscape into public, private, and commercial organizations. Using OSINT, organizations can tailor their countermeasures to the tactical, operational, and strategic procedures of potential cyber threat actors by benefiting from the knowledge within openly available sources. Leveraging the enormous information sharing on online platforms using OSINT also requires organizations to navigate the increasing information overload. Nevertheless, many are using ad hoc and unstructured approaches, contradicting the systematic fundamentals of the intelligence profession. Therefore, this study investigated how organizations can implement and use OSINT to improve cybersecurity posture using OSINT's advantages. A semi-systematic literature review (SSLR) highlighted a scant focus on organizational aspects of OSINT, whereas the focus has primarily relied on technical considerations. Interviews with nine representatives of different private, public, and commercial organizations helped understanding how each applied OSINT to extract as much value as possible from the CTI capability. During data collection and analysis, this thesis adopts the intelligence cycle, a well-known cyclic representation of the intelligence acquisition process. The thesis extends the theory by integrating several intelligence cycle theories and offers a more dynamic and comprehensive representation of the intelligence process. Through an inductive conceptual framework (ICF), the thesis highlights how OSINT can become a valuable tool to ensure organizations encounter the cyber threat landscape by considering relevant information about threat actors. The study emphasizes the significance of establishing an understandable definition of OSINT within one's organization and identifying intelligence requirements aligned with available resources. Determining the organization's motivation, prioritizing dialogue and feedback, and continuously evaluating the intelligence requirements are essential to leveraging OSINT's advantages. This new framework is one of the main contributions of this thesis, visualizing how the research findings all contribute to a coherent utilization of OSINT as a cybersecurity-enhancing tool. By guiding organizations through the entire intelligence cycle, they will likely experience a greater understanding of their own capabilities and potential cyber attackers

A multi-disciplinary framework for cyber attribution

Effective Cyber security is critical to the prosperity of any nation in the modern world. We have become dependant upon this interconnected network of systems for a number of critical functions within society. As our reliance upon this technology has increased, as has the prospective gains for malicious actors who would abuse these systems for their own personal benefit, at the cost of legitimate users. The result has been an explosion of cyber attacks, or cyber enabled crimes. The threat from hackers, organised criminals and even nations states is ever increasing. One of the critical enablers to our cyber security is that of cyber attribution, the ability to tell who is acting against our systems. A purely technical approach to cyber attribution has been found to be ineffective in the majority of cases, taking too narrow approach to the attribution problem. A purely technical approach will provide Indicators Of Compromise (IOC) which is suitable for the immediate recovery and clean up of a cyber event. It fails however to ask the deeper questions of the origin of the attack. This can be derived from a wider set of analysis and additional sources of data. Unfortunately due to the wide range of data types and highly specialist skills required to perform the deep level analysis there is currently no common framework for analysts to work together towards resolving the attribution problem. This is further exasperated by a communication barrier between the highly specialised fields and no obviously compatible data types. The aim of the project is to develop a common framework upon which experts from a number of disciplines can add to the overall attribution picture. These experts will add their input in the form of a library. Firstly a process was developed to enable the creation of compatible libraries in different specialist fields. A series of libraries can be used by an analyst to create an overarching attribution picture. The framework will highlight any intelligence gaps and additionally an analyst can use the list of libraries to suggest a tool or method to fill that intelligence gap. By the end of the project a working framework had been developed with a number of libraries from a wide range of technical attribution disciplines. These libraries were used to feed in real time intelligence to both technical and nontechnical analysts who were then able to use this information to perform in depth attribution analysis. The pictorial format of the framework was found to assist in the breaking down of the communication barrier between disciplines and was suitable as an intelligence product in its own right, providing a useful visual aid to briefings. The simplicity of the library based system meant that the process was easy to learn with only a short introduction to the framework required

A cyber exercise post assessment framework: In Malaysia perspectives

Critical infrastructures are based on complex systems that provide vital services to the nation. The complexities of the interconnected networks, each managed by individual organisations, if not properly secured, could offer vulnerabilities that threaten other organisations’ systems that depend on their services. This thesis argues that the awareness of interdependencies among critical sectors needs to be increased. Managing and securing critical infrastructure is not isolated responsibility of a government or an individual organisation. There is a need for a strong collaboration among critical service providers of public and private organisations in protecting critical information infrastructure. Cyber exercises have been incorporated in national cyber security strategies as part of critical information infrastructure protection. However, organising a cyber exercise involved multi sectors is challenging due to the diversity of participants’ background, working environments and incidents response policies. How well the lessons learned from the cyber exercise and how it can be transferred to the participating organisations is still a looming question. In order to understand the implications of cyber exercises on what participants have learnt and how it benefits participants’ organisation, a Cyber Exercise Post Assessment (CEPA) framework was proposed in this research. The CEPA framework consists of two parts. The first part aims to investigate the lessons learnt by participants from a cyber exercise using the four levels of the Kirkpatrick Training Model to identify their perceptions on reaction, learning, behaviour and results of the exercise. The second part investigates the Organisation Cyber Resilience (OCR) of participating sectors. The framework was used to study the impact of the cyber exercise called X Maya in Malaysia. Data collected through interviews with X Maya 5 participants were coded and categorised based on four levels according to the Kirkpatrick Training Model, while online surveys distributed to ten Critical National Information Infrastructure (CNII) sectors participated in the exercise. The survey used the C-Suite Executive Checklist developed by World Economic Forum in 2012. To ensure the suitability of the tool used to investigate the OCR, a reliability test conducted on the survey items showed high internal consistency results. Finally, individual OCR scores were used to develop the OCR Maturity Model to provide the organisation cyber resilience perspectives of the ten CNII sectors

“Be a Pattern for the World”: The Development of a Dark Patterns Detection Tool to Prevent Online User Loss

Dark Patterns are designed to trick users into sharing more information or spending more money than they had intended to do, by configuring online interactions to confuse or add pressure to the users. They are highly varied in their form, and are therefore difficult to classify and detect. Therefore, this research is designed to develop a framework for the automated detection of potential instances of web-based dark patterns, and from there to develop a software tool that will provide a highly useful defensive tool that helps detect and highlight these patterns

Minding the Gap: Computing Ethics and the Political Economy of Big Tech

In 1988 Michael Mahoney wrote that “[w]hat is truly revolutionary about the computer will become clear only when computing acquires a proper history, one that ties it to other technologies and thus uncovers the precedents that make its innovations significant” (Mahoney, 1988). Today, over thirty years after this quote was written, we are living right in the middle of the information age and computing technology is constantly transforming modern living in revolutionary ways and in such a high degree that is giving rise to many ethical considerations, dilemmas, and social disruption. To explore the myriad of issues associated with the ethical challenges of computers using the lens of political economy it is important to explore the history and development of computer technology

Technical Debt is an Ethical Issue

We introduce the problem of technical debt, with particular focus on critical infrastructure, and put forward our view that this is a digital ethics issue. We propose that the software engineering process must adapt its current notion of technical debt – focusing on technical costs – to include the potential cost to society if the technical debt is not addressed, and the cost of analysing, modelling and understanding this ethical debt. Finally, we provide an overview of the development of educational material – based on a collection of technical debt case studies - in order to teach about technical debt and its ethical implication