A Prototype Tool for Distinguishing Attacks and Technical Failures in Industrial Control Systems

Critical Infrastructures (CIs) are governed by Industrial Control Systems (ICSs). Modern ICSs do not operate in isolation anymore, but they are connected to the Internet. This transformation introduced numerous advantages, however, there are a few drawbacks as well. Integration with the Internet has left ICS exposed to potential cyber-attacks. Additionally, ICSs could also encounter technical failures during operation. Consequently, it is crucial to distinguish between attacks and technical failures to initiate an appropriate response. There is a deficiency of robust technology to assist operators in distinguishing attacks and technical failures in an ICS environment. However, a framework is proposed to construct Bayesian Network (BN) models that would help to distinguish between attacks and technical failures for different observable problems in our previous work. There are tools available to implement such BN models, but these tools are not appropriate to use in an ICS environment. In order to address this limitation, this paper develops and demonstrates a prototype tool for swift identification of the major cause (Intentional Attack/Accidental Technical Failure) in case of an abnormal behaviour in a component of ICS.The proposed tool enables BN models to automatically update prior probabilities based on the historical data and/or expert knowledge corresponding to the application. The developed tool can be further evaluated and used to distinguish between attacks and technical failures during operation in CIs where ICSs are employed

Combining Bayesian Networks and Fishbone Diagrams to Distinguish between Intentional Attacks and Accidental Technical Failures

Because of modern societies' dependence on industrial control systems, adequate response to system failures is essential. In order to take appropriate measures, it is crucial for operators to be able to distinguish between intentional attacks and accidental technical failures. However, adequate decision support for this matter is lacking. In this paper, we use Bayesian Networks (BNs) to distinguish between intentional attacks and accidental technical failures, based on contributory factors and observations (or test results). To facilitate knowledge elicitation, we use extended fishbone diagrams for discussions with experts, and then translate those into the BN formalism. We demonstrate the methodology using an example in a case study from the water management domain

Combining Bayesian Networks and Fishbone Diagrams to Distinguish between Intentional Attacks and Accidental Technical Failures

Because of modern societies' dependence on industrial control systems, adequate response to system failures is essential. In order to take appropriate measures, it is crucial for operators to be able to distinguish between intentional attacks and accidental technical failures. However, adequate decision support for this matter is lacking. In this paper, we use Bayesian Networks (BNs) to distinguish between intentional attacks and accidental technical failures, based on contributory factors and observations (or test results). To facilitate knowledge elicitation, we use extended fishbone diagrams for discussions with experts, and then translate those into the BN formalism. We demonstrate the methodology using an example in a case study from the water management domain.Safety and Security Scienc

CYBERSECURITY RISK ASSESSMENT IN THE MARITIME INDUSTRY

Cybersecurity risks are becoming an increasingly significant concern within the maritime industry, particularly in light of the rapid advancement of digitised technologies and the emergence of autonomous shipping. Concurrently, the apprehension surrounding the potential for cybersecurity incidents in maritime settings has also heightened. In fact, the number of reported cases of cyber-attacks in the maritime sector has seen a substantial increase since 2010. Consequently, academic interest in researching maritime cybersecurity has grown, underscoring its importance for a thorough exploration of the subject. Nevertheless, a scrutiny of existing literature reveals that current cybersecurity research predominantly underscores the necessity for improvement but lacks a specific focus on cyber threats and measures for risk mitigation. Notably, the maritime industry faces a scarcity of comprehensive investigations into cybersecurity risk assessment, and there is also a dearth of scholarly endeavours aimed at establishing a comprehensive framework for evaluating cybersecurity risks relevant to maritime operations. This thesis aims to create a new framework for assessing cybersecurity risks, contributing to safety improvements in the maritime sector. The objective is to provide a visualised solution that assists stakeholders in understanding and refining their approaches to cybersecurity risk management. Through this innovative framework, the thesis seeks to enhance safety measures and promote effective risk mitigation strategies within the dynamic landscape of the maritime industry. To attain the research aim, a literature review and bibliometric analysis were conducted to discern maritime cybersecurity guidelines from diverse maritime organisations. This purposed to assess the current state of academic research in the cybersecurity field specific to the maritime sector and address identified research gaps. Subsequently, a systematic literature review was employed to identify various maritime cybersecurity threats, and cybersecurity risks were assessed using a FMEA-Rule-based Bayesian Network (FMEA-RBN) model. The next step involved the identification of cybersecurity mitigation measures and criteria through another systematic literature review. These measures were then ranked using the Fuzzy TOPSIS model, enabling the research team to prioritise them effectively. Additionally, the research sought to demonstrate how a bowtie diagram could be integrated into the cybersecurity assessment framework, providing a visual representation of its components. The collective pursuit of these research objectives is anticipated to yield a comprehensive understanding of maritime cybersecurity, contributing to the development of a more efficacious cybersecurity assessment framework tailored for the maritime sector. Several significances of this research have been proposed. First and foremost, despite numerous studies addressing maritime risk, safety, and security, there remains a notable scarcity of research specifically dedicated to maritime cybersecurity. To bridge this gap, this research systematically identifies various cyber threats in the maritime sector and organises them into distinct groups. This categorisation serves to assist maritime managers in discerning the potential impact of different cyber threats on their cybersecurity management, enabling them to allocate limited budgets more effectively. Secondly, in addition to the identification and assessment of cyber threats, this research puts forth seven risk control measures and six hierarchical criteria for evaluating maritime cybersecurity. This framework aids maritime managers in comprehending the significance of these measures and adapting their cybersecurity strategies to varying circumstances. For example, some companies may prioritise the reliability of measures, while others may place greater emphasis on economic affordability. The research also suggests diverse policies for stakeholders to enhance maritime cybersecurity. Thirdly, this research not only presents a framework for maritime cybersecurity but also conducts risk assessments and evaluates risk control measures using empirical data gathered from industry experts, rather than relying solely on secondary data. This approach provides real-world insights and reflects the current state of maritime cybersecurity. Lastly, the research introduces a bowtie framework for maritime cybersecurity risk management, demonstrating its application through the assessment of risks related to malware. The visual representation of the bowtie framework assists managers in comprehending maritime cyber threats, potential consequences, and the corresponding risk control measures to mitigate both threats and their consequences. In conclusion, this thesis significantly contributes to maritime cybersecurity understanding and management, offering practical insights and recommendations for stakeholders to enhance their cybersecurity preparedness and safeguard their operations against cyber threats. The proposed framework and empirical approach ensure their relevance and applicability in the context of current maritime cybersecurity challenges

PENGUKURAN KINERJA DAN USULAN PERBAIKAN MAINTENANCE MESIN SCREW PRESS CB-MODIPALM P15 (PT. TAMORA AGRO LESTARI)

Muhammad Zulfi Ikhsan (2023): PENGUKURAN KINERJA DAN USULAN PERBAIKAN MAINTENANCE MESIN SCREW PRESS CB-MODIPALM P15 (PT. TAMORA AGRO LESTARI) PT. Tamora Agro Lestari (TAL) bergerak dalam bidang pengolahan tandan buah segar (TBS) kelapa sawit. Adapun hasil produksi Perusahaan meliputi crude palm oil, (CPO),dan kernel palm oil (KNO). PT. Tamora Agro Lestari (TAL) berlokasi di Desa Serosah Desa Serosah, Kecamatan Hulu Kuantan, Kabupaten Kuantan Singingi. Perusahaan ini beroperasi 6 hari dalam seminggu. Terdapat 4 mesin screw press yang digunakan dalam pengolahan kelapa sawit dengan masing-masing kapasitas olah mencapai 15 ton/jam. Masalah yang yang saat ini dihadapi Perusahaan adalah turunnya kapasitas olah akibat tingginya breakdown mesin screw press terkhusus mesin screw press no.2. permasalahan yang terjadi diidentifikasi melalui metode overall equipment effectiveness (OEE), dan dianalisa menggunakan metode reliability centered maintenance (RCM) untuk mengusulkan tindakan perawatan. Hasil yang didapatkan adalah kinerja mesin masih belum memenuhi standar OEE yakni mencapai 58% dari standar 85%, yang banyak disebabkan oleh masalah downtime mesin, dan penurunan kapasitas olah. Usulan yang diberikan terkait peningkatan OEE yakni pengecekan kondisi screw, shaft, dan bearing dengan tingkat keandalan 70%, Pengaturan tekanan screw untuk mengurangi dampak keausan, dan pembersihan press cage berkala dilakukan untuk meminimalisir penurunan kapasitas olah perjam yang berdampak pada perfroma mesin. Kata Kunci:Crude Palm Oil, Overall Equipment Effectiveness (OEE), Preventif Maintenance, Reliability Centered Maintenance (RCM

Risk Management

Every business and decision involves a certain amount of risk. Risk might cause a loss to a company. This does not mean, however, that businesses cannot take risks. As disengagement and risk aversion may result in missed business opportunities, which will lead to slower growth and reduced prosperity of a company. In today's increasingly complex and diverse environment, it is crucial to find the right balance between risk aversion and risk taking. To do this it is essential to understand the complex, out of the whole range of economic, technical, operational, environmental and social risks associated with the company's activities. However, risk management is about much more than merely avoiding or successfully deriving benefit from opportunities. Risk management is the identification, assessment, and prioritization of risks. Lastly, risk management helps a company to handle the risks associated with a rapidly changing business environment

Measuring knowledge sharing processes through social network analysis within construction organisations

The construction industry is a knowledge intensive and information dependent industry. Organisations risk losing valuable knowledge, when the employees leave them. Therefore, construction organisations need to nurture opportunities to disseminate knowledge through strengthening knowledge-sharing networks. This study aimed at evaluating the formal and informal knowledge sharing methods in social networks within Australian construction organisations and identifying how knowledge sharing could be improved. Data were collected from two estimating teams in two case studies. The collected data through semi-structured interviews were analysed using UCINET, a Social Network Analysis (SNA) tool, and SNA measures. The findings revealed that one case study consisted of influencers, while the other demonstrated an optimal knowledge sharing structure in both formal and informal knowledge sharing methods. Social networks could vary based on the organisation as well as the individuals’ behaviour. Identifying networks with specific issues and taking steps to strengthen networks will enable to achieve optimum knowledge sharing processes. This research offers knowledge sharing good practices for construction organisations to optimise their knowledge sharing processes

The 45th Australasian Universities Building Education Association Conference: Global Challenges in a Disrupted World: Smart, Sustainable and Resilient Approaches in the Built Environment, Conference Proceedings, 23 - 25 November 2022, Western Sydney University, Kingswood Campus, Sydney, Australia

This is the proceedings of the 45th Australasian Universities Building Education Association (AUBEA) conference which will be hosted by Western Sydney University in November 2022. The conference is organised by the School of Engineering, Design, and Built Environment in collaboration with the Centre for Smart Modern Construction, Western Sydney University. This year’s conference theme is “Global Challenges in a Disrupted World: Smart, Sustainable and Resilient Approaches in the Built Environment”, and expects to publish over a hundred double-blind peer review papers under the proceedings