Development of Cybersecurity Competency and Professional Talent for Cyber Ummah

The world is facing with threats in digital transformation. Cyber threats become trending as reported by my countries. Developed countries like Britain, America, Europe and Japan already prepared countermeasures for various incidents on computer threats since Internet was introduced. They formulated and developed a successful model to produce computer security expert and highly skilled talent at various level diploma, bachelor and professional. University and College established academic program in computer and internet security at bachelor and postgraduate level. Industries at those countries introduced certification program in computer and internet security. Throughout our studies, limited initiatives related to talent development in combating computer security issues including cyber threats. Previous studies showed development of cybersecurity talent in Muslim countries is critical. Malaysia needs 20000 cybersecurity professional in 2025 and only achieved 2500 at present. This study presents our experience in developing cybersecurity competencies and professional talent for OIC-Country. We collaborated virtually with OIC-CERT (OIC Centre for Emergency and Response Team) in knowledge exchange, proposed appropriate competency model and participate in professional certification development. We presented the eight years active involvement with OIC-CERT activities.  All initiatives established by OIC-CERT has produced outstanding impact to OIC Countries. One of the impactful initiatives known GlobalAce, it getting serious attention by many muslim countries. We also get benefit of other programs such as  training for risks analysis, incident management and policy development. Our students be able to participate with Virtual Lecture on Combating Insider Threats, Cyber Threats Drill, and Security Audit. OIC-CERT also introduce the first Industry Journal in Cybersecurity known as OIC-CERT Journal of Cybersecurity.   

Impact and key challenges of insider threats on organizations and critical businesses

The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed

Human Trafficking and Terrorism: Utilizing National Security Resources to Prevent Human Trafficking in the Islamic State

This is a report of a Master’s thesis done in behalf of the local network in Stockholm, under Fortum Distribution AB. The thesis was to conduct a review of a distribution station named Fs Myrängen located in Täby. A model was created for the 11 kV network linked to the secondary side of Fs Myrängen. Based on this model and using symmetrical components, theoretical fault currents (short circuit and ground fault) could be calculated. The results of these fault currents are used to investigate and develop new settings for relay protection and ground equipment in the station. The results of the calculated fault currents were also used to investigate unwanted voltages that occurs for grounded parts due to earth faults. The value of these unwanted voltages was then compared to heavy current regulations developed by the Electrical Safety Authority in Sweden. Another element of the work was to create a rehabilitation plan for the structure on the 11 kV side of Fs Myrängen, the main goal regarding the rehabilitation plan was to investigate the advantages and disadvantages that exist at a possible transition to numerical protection relays. This was done by making a market overview of the different types of numerical protection relays and compare these with the existing analog protective device in Fs Myrängen. The study showed that protective relay settings should be revised according to the recommendations in the report, ground equipment should be replaced with a self-regulating type, transformers should be replaced due to age and capacity limitations. Regarding a switch to numerical protection relays the type REF615 from ABB was recommended, in that case the control board in the station should be replaced to a station computer. Furthermore should current transformers be replaced to recive a desired sensitivity regarding detection of ground faults. The report also showed that Fs Myrängen meets the regulations of unwanted voltages over grounded parts in distribution stations due to earth faults.Detta är en rapport av ett examensarbete utfört i uppdrag av lokalnät Stockholm under Fortum Distribution AB. Examensarbetet gick ut på att göra en översyn av en fördelningsstation vid namn Fs Myrängen som är belägen i Täby. En modell skapades av 11 kV nätet kopplat till Fs Myrängen, utifrån denna modell samt med hjälp av symmetriska komponenter beräknades teoretiska felströmmar både för kortslutning och jordslutning. Resultaten av dessa felströmmar användes för att utreda och ta fram inställningar på reläskydd och nollpunktsutrustning i stationen. Resultaten på framräknade jordfelsströmmar användes även för att utreda vilken spänningssättning som uppstår vid jordfel, i de nätstationer som matas av Fs Myrängen. Spänningssättningen på nätstationerna jämfördes sedan med de starkströmsföreskrifter som är framtagna av elsäkerhetsverket. Ett annat moment i arbetet var att skapa en upprustningsplan för skyddsanordningen på 11 kV sidan i Fs Myrängen, huvudmålet för den biten var att utreda vilka fördelar och nackdelar som finns vid en eventuell övergång till numeriska skydd. Detta gjordes genom att göra en marknadsöversikt över olika typer av numeriska reläskydd, samt jämföra dessa med den befintliga skyddsanordningen i Myrängen som är av analog typ. Studien visade att reläskyddsinställningar bör ses över enligt rekommendationer i rapporten, nollpunktsutrustningen bör bytas ut till självreglerande typ, transformatorerna bör bytas ut p.g.a. ålder och kapacitetsbegränsning. Gällande skyddsanordningen rekommenderas en övergång till numeriska skydd av typen REF615, och i samband med detta byta ut den befintliga kontrolltavlan i stationen till en stationsdator. Vidare bör även strömtransformatorer för jordfelsskydden bytas ut för att uppnå önskad känslighet gällande detektering av jordfel. För spänningssättning av nätstationer vid jordfel, visar resultaten att stationen uppfyller kraven enligt starkströmsföreskrifterna från elsäkerhetsverket

TANDI: Threat Assessment of Network Data and Information

Current practice for combating cyber attacks typically use Intrusion Detection Sensors (IDSs) to passively detect and block multi-stage attacks. This work leverages Level-2 fusion that correlates IDS alerts belonging to the same attacker, and proposes a threat assessment algorithm to predict potential future attacker actions. The algorithm, TANDI, reduces the problem complexity by separating the models of the attacker\u27s capability and opportunity, and fuse the two to determine the attacker\u27s intent. Unlike traditional Bayesian-based approaches, which require assigning a large number of edge probabilities, the proposed Level-3 fusion procedure uses only 4 parameters. TANDI has been implemented and tested with randomly created attack sequences. The results demonstrate that TANDI predicts future attack actions accurately as long as the attack is not part of a coordinated attack and contains no insider threats. In the presence of abnormal attack events, TANDI will alarm the network analyst for further analysis. The attempt to evaluate a threat assessment algorithm via simulation is the first in the literature, and shall open up a new avenue in the area of high level fusion

Comprehensiveness of Response to Internal Cyber-Threat and Selection of Methods to Identify the Insider

A range of international regulatory documents state the importance of counteracting insiders, especially cyber-insiders, in  critical facilities and simultaneously providing complex protection, which includes technical, administrative and information protection. In that case the insider, who is familiar with the protection or information system, will be able to find vulnerabilities and weak points in the protection of the information system or control system. One of the most important aspects of the preventive measures against insiders is personnel checks using different techniques, including interviews, social network analysis, and local area network analysis. In the case of having limited financial resources, it is necessary to choose a technique from a checklist rationally

The Computer Misuse Act 1990: lessons from its past and predictions for its future

The age of the internet has thrown down some real challenges to the Computer Misuse Act 1990. Recently, the Government made changes to this piece of legislation, in an attempt to meet two of those challenges--the proliferation of “ Denial of Service” (DoS) attacks, and the creation and dissemination of “ Hackers' tools” --and to fulfil international commitments on cybercrime. Yet some of these new measures invite criticisms of policy, form and content, and bring doubts about how easy to interpret, and how enforceable, they will be