Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Towards Building National Cybersecurity Awareness

The paper depicts a complex, distributed information system aimed at promoting cybersecurity awareness at the national level. The system, that is built in accordance with the Act on National Cybersecurity, passed by the Polish Parliament, enables collecting and processing in near-real time available information on the security status of essential services and digital services and, also, provides for assessment of negative impact of the identified threats concerned with the provision of those services. Advanced access control and dissemination mechanisms, for secure information sharing within the system, are provided in order to aggregate distributed knowledge and use this information for on-line security risk analysis and for generation and distribution  of early warnings

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Resilience of the Internet of Things (IoT) from an Information Assurance (IA) Perspective

Internet infrastructure developments and the rise of the IoT Socio-Technical Systems (STS) have frequently generated more unsecure protocols to facilitate the rapid intercommunication between the plethoras of IoT devices. Whereas, current development of the IoT has been mainly focused on enabling and effectively meeting the functionality requirement of digital-enabled enterprises we have seen scant regard to their IA architecture, marginalizing system resilience with blatant afterthoughts to cyber defence. Whilst interconnected IoT devices do facilitate and expand information sharing; they further increase of risk exposure and potential loss of trust to their Socio-Technical Systems. A change in the IoT paradigm is needed to enable a security-first mind-set; if the trusted sharing of information built upon dependable resilient growth of IoT is to be established and maintained. We argue that Information Assurance is paramount to the success of IoT, specifically its resilience and dependability to continue its safe support for our digital economy

Asset Criticality in Mission Reconfigurable Cyber Systems and its Contribution to Key Cyber Terrain

The concept of a common operational picture has been utilized by the military for situational awareness in warfare domains for many years. With the emergence of cyberspace as a domain, there is a necessity to develop doctrine and tools to enable situational awareness for key-decision makers. Our study analyzes key elements that define cyber situational awareness to develop a methodology to identify assets within key cyber terrain, thus enabling situational awareness at the tactical level. For the purposes of this work, we treat critical assets to be key cyber terrain, given that no formal study has determined differences between asset criticality and key cyber terrain. Mission- and operationally- based questions are investigated to identify critical assets with the TOPSIS methodology. Results show that the ICS system can be evaluated using TOPSIS to identify critical assets contributing to key cyber terrain, enabling further research into other interconnected systems

The Land, Space, and Cyberspace Nexus: Evolution of the Oldest Military Operations in the Newest Military Domains

Over the last century, the domains of air, space, and cyberspace have joined the traditional warfighting domains of land and sea. While the doctrine for land operations is relatively mature, the doctrine for space and cyberspace continue to evolve, often in an unstructured manner. This monograph examines the relationships among these domains and how they apply to U.S. Army and joint warfighting. It concentrates on the central question: How are U.S. military operations in the newest domains of space and cyberspace being integrated with operations in the traditional domain of land? This inquiry is divided into three major sections: • Existing Doctrine: This section presents an overview of the current state of joint and U.S. Army doctrinal development for each of the domains of land, space, and cyberspace. • Operations in Multiple Domains: This section examines the concept of cross-domain synergy and its ability to enhance globally integrated operations. • Future Operations: This section explores probable future operating environments as well as the resulting implications for U.S. Army and joint force development. It includes recommendations for policymakers and senior leaders regarding the future development and integration of space and cyberspace doctrine. Anticipated future trends favor the decreased emphasis on traditional large-scale land operations and increased frequency and intensity of conflict in space and cyberspace, perhaps even where these newer domains may become preeminent for a given operation. The joint staff’s pursuit of achieving cross-domain synergy in planning and operations offers a credible method to face some of the challenges of the future joint force, but this will likely remain an evolutionary vice revolutionary endeavor.https://press.armywarcollege.edu/monographs/1399/thumbnail.jp

ECHO Information sharing models

As part of the ECHO project, the Early Warning System (EWS) is one of four technologies under development. The E-EWS will provide the capability to share information to provide up to date information to all constituents involved in the E-EWS. The development of the E-EWS will be rooted in a comprehensive review of information sharing and trust models from within the cyber domain as well as models from other domains

Nuclear Deterrence and the Space and Cyber domains

NPS NRP Technical ReportThe space and cyber domains are becoming increasingly intertwined in both conventional and theoretical nuclear conflicts. Deterrence strategies involving aggression, escalation, and deterrence must evolve with ever changing reality of the world situation. The space and cyber domains are unique from other domains since actions taken in these domains may be unattributable to a state actor and damage that occurs may be non-kinetic yet severe at the same time. In the past the U.S. has clearly defined nuclear redlines and communicated these to potential adversaries to help them understand actions which could be interpreted by the U.S. as precursor to nuclear aggression. Clearly communicated nuclear redlines seem to have been effective strategy at deterring the actions defined by the redline. In many cases potential adversaries have protested some of the redlines, but regardless of their protest in practically every case they still abided by them. It is vitally important that nuclear redlines evolve as the world situation and technology progress. This is not a simple task. Many space and cyber assets are dual tasked with conventional and nuclear missions. This project will help define which events in these domains is significant enough to warrant a kinetic response from the U.S., and which may justified crossing the nuclear threshold. With this understanding, recommendations will be made to improve or modify U.S. nuclear deterrence strategy if necessary. Keywords: Nuclear Deterrence, Strategic Deterrence, Space domain, cyber domain, crossdomainN3/N5 - Plans & StrategyThis research is supported by funding from the Naval Postgraduate School, Naval Research Program (PE 0605853N/2098). https://nps.edu/nrpChief of Naval Operations (CNO)Approved for public release. Distribution is unlimited.