An Integrated Cybersecurity Risk Management (I-CSRM) Framework for Critical Infrastructure Protection

Risk management plays a vital role in tackling cyber threats within the Cyber-Physical System (CPS) for overall system resilience. It enables identifying critical assets, vulnerabilities, and threats and determining suitable proactive control measures to tackle the risks. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This research aims for an effective Cyber Security Risk Management (CSRM) practice using assets criticality, predication of risk types and evaluating the effectiveness of existing controls. We follow a number of techniques for the proposed unified approach including fuzzy set theory for the asset criticality, machine learning classifiers for the risk predication and Comprehensive Assessment Model (CAM) for evaluating the effectiveness of the existing controls. The proposed approach considers relevant CSRM concepts such as threat actor attack pattern, Tactic, Technique and Procedure (TTP), controls and assets and maps these concepts with the VERIS community dataset (VCDB) features for the purpose of risk predication. Also, the tool serves as an additional component of the proposed framework that enables asset criticality, risk and control effectiveness calculation for a continuous risk assessment. Lastly, the thesis employs a case study to validate the proposed i-CSRM framework and i-CSRMT in terms of applicability. Stakeholder feedback is collected and evaluated using critical criteria such as ease of use, relevance, and usability. The analysis results illustrate the validity and acceptability of both the framework and tool for an effective risk management practice within a real-world environment. The experimental results reveal that using the fuzzy set theory in assessing assets' criticality, supports stakeholder for an effective risk management practice. Furthermore, the results have demonstrated the machine learning classifiers’ have shown exemplary performance in predicting different risk types including denial of service, cyber espionage, and Crimeware. An accurate prediction can help organisations model uncertainty with machine learning classifiers, detect frequent cyber-attacks, affected assets, risk types, and employ the necessary corrective actions for its mitigations. Lastly, to evaluate the effectiveness of the existing controls, the CAM approach is used, and the result shows that some controls such as network intrusion, authentication, and anti-virus show high efficacy in controlling or reducing risks. Evaluating control effectiveness helps organisations to know how effective the controls are in reducing or preventing any form of risk before an attack occurs. Also, organisations can implement new controls earlier. The main advantage of using the CAM approach is that the parameters used are objective, consistent and applicable to CPS

A Risk-based Approach to Cybersecurity: A Case Study of Financial Messaging Networks Data Breaches

With banking becoming increasingly global and largely digital, a magnitude of data breach incidents resulted from cyberattacks have been observed and can be frequently traced to ineffective security practices and procedures. Cyberattacks do not require physical proximity, nor are they deterred by national borders. Cybercriminals can remain undetected for a long period of time. Such breaches inevitably result in losses of reputation, customer confidence, and in some instances, productivity. The purpose of this study is to take a deeper look into various breaches of the SWIFT (Society for Worldwide Interbank Financial Telecommunication) messaging network to illuminate vulnerabilities inherent in the international banking system and the channels through which a series of advanced, persistent threats (APT) can take place. The author discusses a variety of venues for banks to embrace new cybersecurity mindsets and incorporate governance mechanisms into their risk management processes as it relates to security control, data retention, and continuous monitoring. The study further calls for financial institutions to make a collective effort in taking proper precautions to safeguard the banking ecosystem. The paper concludes with the lessons learnt and the future research directions

Cyber Risk Perception in the Maritime Domain: A Systematic Literature Review

This paper aims to present an approach to investigate cyber risk perception with use of recognized psychological models, and to give an overview of state-of-the-art research within the field of cyber risk perception in general and in the context of the maritime domain. The focus will be on determinative dimensions within the psychometric paradigm and cognitive biases, and to give recommendations on further research within these fields. Okoli and Schabram’s eight-step guide to plan, select, extract, and execute a systematic literature review is used as guidance. The search process resulted in 25 relevant articles which describes 24 dimensions of cyber risk perception in different online environments. Research within the area of maritime cyber security is increasing, however, no studies relevant for our literature review were found within the maritime domain. The nine dimensions in the psychometric model, perceived benefit and the optimistic bias is presented and discussed in a maritime context. Cyber risk perception is a complex research-area where both determinative factors and other cognitive processes can be influenced by each other. This can indicate that the dimensions differ across populations and professions, creating grounds for why context-specific studies are important. Further research may benefit from more multidisciplinary, descriptive, and inductive approaches, and contextual studies within maritime cyber risk perception can contribute to develop targeted tools for risk mitigation to enhance safety at sea.publishedVersio

Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 1)

In 2014 NATO’s Center of Excellence-Defence Against Terrorism (COE-DAT) launched the inaugural course on “Critical Infrastructure Protection Against Terrorist Attacks.” As this course garnered increased attendance and interest, the core lecturer team felt the need to update the course in critical infrastructure (CI) taking into account the shift from an emphasis on “protection” of CI assets to “security and resiliency.” What was lacking in the fields of academe, emergency management, and the industry practitioner community was a handbook that leveraged the collective subject matter expertise of the core lecturer team, a handbook that could serve to educate government leaders, state and private-sector owners and operators of critical infrastructure, academicians, and policymakers in NATO and partner countries. Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency is the culmination of such an effort, the first major collaborative research project under a Memorandum of Understanding between the US Army War College Strategic Studies Institute (SSI), and NATO COE-DAT. The research project began in October 2020 with a series of four workshops hosted by SSI. The draft chapters for the book were completed in late January 2022. Little did the research team envision the Russian invasion of Ukraine in February this year. The Russian occupation of the Zaporizhzhya nuclear power plant, successive missile attacks against Ukraine’s electric generation and distribution facilities, rail transport, and cyberattacks against almost every sector of the country’s critical infrastructure have been on world display. Russian use of its gas supplies as a means of economic warfare against Europe—designed to undermine NATO unity and support for Ukraine—is another timely example of why adversaries, nation-states, and terrorists alike target critical infrastructure. Hence, the need for public-private sector partnerships to secure that infrastructure and build the resiliency to sustain it when attacked. Ukraine also highlights the need for NATO allies to understand where vulnerabilities exist in host nation infrastructure that will undermine collective defense and give more urgency to redressing and mitigating those fissures.https://press.armywarcollege.edu/monographs/1951/thumbnail.jp

Evaluation of the 2015 DoD Cyber Strategy: Mild Progress in a Complex and Dynamic Military Domain

In 2011, the Department of Defense (DoD) released its Strategy for Operating in Cyberspace, which officially recognized cyberspace as an operational domain akin to the traditional military domains of land, sea, air, and space. This monograph examines the 2015 DoD Cyber Strategy to evaluate how well its five strategic goals and associated implementation objectives define an actionable strategy to achieve three primary missions in cyberspace: defend the DoD network, defend the United States and its interests, and develop cyber capabilities to support military operations. This monograph focuses on events and documents from the period of about 1 year before and 1 year after the 2015 strategy was released. This allows sufficient time to examine the key policies and guidance that influenced the development of the strategy as well as follow-on activities for the impacts from the strategy. This inquiry has five major sections that utilize different frameworks of analysis to assess the strategy: 1. Prima Facie Analysis: What is its stated purpose and key messages? 2. Historical Context Analysis: What unique contributions does it introduce into the evolution of national security cyberspace activities? 3. Traditional Strategy Analysis: Does it properly address specific DoD needs as well as broader U.S. ends in a way that is appropriate and actionable? 4. Analysis of Subsequent DoD Action: How are major military cyberspace components—joint and Service—planning to implement these goals and objectives? 5. Whole of U.S. Government Analysis: Does it integrate with the cyberspace-related activities of other U.S. Government departments and agencies? The monograph concludes with a section that integrates the individual section findings and offers recommendations to improve future cyberspace strategic planning documents.https://press.armywarcollege.edu/monographs/1401/thumbnail.jp

Cybersecurity Challenges of Power Transformers

The rise of cyber threats on critical infrastructure and its potential for devastating consequences, has significantly increased. The dependency of new power grid technology on information, data analytic and communication systems make the entire electricity network vulnerable to cyber threats. Power transformers play a critical role within the power grid and are now commonly enhanced through factory add-ons or intelligent monitoring systems added later to improve the condition monitoring of critical and long lead time assets such as transformers. However, the increased connectivity of those power transformers opens the door to more cyber attacks. Therefore, the need to detect and prevent cyber threats is becoming critical. The first step towards that would be a deeper understanding of the potential cyber-attacks landscape against power transformers. Much of the existing literature pays attention to smart equipment within electricity distribution networks, and most methods proposed are based on model-based detection algorithms. Moreover, only a few of these works address the security vulnerabilities of power elements, especially transformers within the transmission network. To the best of our knowledge, there is no study in the literature that systematically investigate the cybersecurity challenges against the newly emerged smart transformers. This paper addresses this shortcoming by exploring the vulnerabilities and the attack vectors of power transformers within electricity networks, the possible attack scenarios and the risks associated with these attacks.Comment: 11 page

Is Public Private Partnership a suitable way to cope with security issues?

This report investigates whether Public Private Partnership (PPP) is a suitable approach to tackle global security issues, with special reference to sensitive information sharing in the context of critical infrastructures protection. To this aim, it outlines the PPP concept starting from its introduction in the early nineties, and provides a critical view on the questions that arise in many application areas of PPP. An overview of the current EU guidelines concerning PPP is provided. Concerning security information sharing, early and current attempts to apply PPP are summarised, and the open issues involved highlighted.JRC.DG.G.6-Security technology assessmen

Information Security and Privacy in the Cloud of Healthcare Sector, and The Use of Miter Att&ck Framework to Keep the Healthcare Secure

With healthcare moving to the cloud, it is necessary to be concerned about the rising cyber-threats. The healthcare industry is one of the most targeted industries by cyber-criminals. This can be attributed to the weak security measures employed and the vast amounts of valuable data that the healthcare industry holds. To ensure that the healthcare industry is secure, this paper proposes the use of the MITRE ATT&CK framework. The MITRE ATT&CK framework presents the best possible way of staying ahead of the threat landscape by helping cyber-security experts understand adversaries\u27 thought processes. By understanding how attackers think and the techniques that they use to gain unauthorized access to IT systems, the healthcare industry can use this information to improve its security architecture. To collect data needed for the study, the qualitative research design will be utilized. Data will be gathered from multiple sources, and the information synthesized to understand how the healthcare industry can improve its security through the application of the MITRE ATT&CK framework

Ausgewählte Chancen und Herausforderungen der digitalen Transformation für die Produktentwicklung und Unternehmensorganisation im Finanzdienstleistungssektor

Vor dem Hintergrund der digitalen Transformation sind Finanzdienstleistungsunternehmen auf unterschiedlichen Ebenen zahlreichen Chancen sowie Herausforderungen ausgesetzt. Während der Einsatz neuer Technologien die Optimierung bestehender Geschäftsprozesse sowie das Angebot digitalisierter Finanzdienstleistungen ermöglicht, geht dies zugleich mit veränderten Arbeitsbedingungen innerhalb der Unternehmensorganisation einher. Darüber hinaus sind Finanzdienstleister dazu angehalten die sich ändernden Kundenerwartungen bei den bisherigen Geschäftsaktivitäten sowie bei der Produktentwicklung zu berücksichtigen. Das Ziel der vorliegenden kumulativen Dissertation ist es, bestehende Forschungsdesiderate hinsichtlich der Auswirkungen der digitalen Transformation auf den Finanzdienstleistungssektor, differenziert nach der Kunden- und Produktperspektive sowie der internen Unternehmensperspektive, vertiefend zu analysieren. Das Technology-Organization-Environment (TOE)-Framework von DePietro et al. (1990) wird dabei als theoretischer Rahmen zur Einordnung und Strukturierung der Forschungsmodule verwendet. Die Ergebnisse der acht Module zeigen, dass die Kundenbedürfnisse und –erwartungen im Finanzdienstleistungssektor verstärkt von der digitalen Transformation beeinflusst werden. Dies zeigt sich in der Beratungstätigkeit bspw. durch das Angebot neuer Kundenkanäle sowie der aus dem steigenden Wettbewerbsdruck resultierenden erhöhten Preistransparenz. Im Rahmen der Produktentwicklung sind zudem u. a. ESG-Risiken und Silent Cyber-Risiken zu beachten. Aus der Analyse der Auswirkungen der digitalen Transformation auf die Unternehmensorganisation geht hervor, dass über den Einsatz digitaler Innovationen innerhalb des Backoffice die Realisation von Effizienzgewinnen sowie das Entgegenwirken eines Personalmangels möglich ist. Darüber hinaus wird in den Modulen der Einfluss des Faktors Mensch auf die Cyber-Sicherheit hervorgehoben. Während dieser einerseits als „schwächstes Glied“ und potenzielles Angriffsziel im Sicherheitskonstrukt der Unternehmen dargestellt wird, ist andererseits das Potenzial der Beschäftigten zur Frühwarnung zu berücksichtigen