Cyber Security of Critical Infrastructures

Critical infrastructures are vital assets for public safety, economic welfare, and the national security of countries. The vulnerabilities of critical infrastructures have increased with the widespread use of information technologies. As Critical National Infrastructures are becoming more vulnerable to cyber-attacks, their protection becomes a significant issue for organizations as well as nations. The risks to continued operations, from failing to upgrade aging infrastructure or not meeting mandated regulatory regimes, are considered highly significant, given the demonstrable impact of such circumstances. Due to the rapid increase of sophisticated cyber threats targeting critical infrastructures with significant destructive effects, the cybersecurity of critical infrastructures has become an agenda item for academics, practitioners, and policy makers. A holistic view which covers technical, policy, human, and behavioural aspects is essential to handle cyber security of critical infrastructures effectively. Moreover, the ability to attribute crimes to criminals is a vital element of avoiding impunity in cyberspace. In this book, both research and practical aspects of cyber security considerations in critical infrastructures are presented. Aligned with the interdisciplinary nature of cyber security, authors from academia, government, and industry have contributed 13 chapters. The issues that are discussed and analysed include cybersecurity training, maturity assessment frameworks, malware analysis techniques, ransomware attacks, security solutions for industrial control systems, and privacy preservation methods

EVA: a hybrid cyber range

Over the recent years, cyber attacks have increased constantly. Attacks targeting sensors networks, or exploiting the growing number of networked devices, are becoming even more frequent. This has led to the need to find a way to train the teams responsible for defending computer systems in order to make them able to respond to any threats quickly. The fact that it is impossible to carry out training operations directly on corporate networks or critical infrastructure has led to the birth of Cyber Ranges, virtual or hybrid systems that allow training in safe and isolated environments. In this paper we present a model for the implementation of a Hybrid Cyber-Range (HCR), based on the model of a real Water Supply System WSS). The HCR shall combine the dynamism and flexibility of virtualised Cyber-Ranges (CR) and the realism of Cyber-Physical Systems (CPS)

The Forgotten Emerging Technology: The Metaverse and Its Cybersecurity Implications

The widespread deployment of 5G devices in the United States will spur widespread use of augmented reality, virtual reality, and mixed reality applications—collectively known as extended reality. The over-commercialization of the term "metaverse" has impeded honest conversations about the implications of an insecure metaverse and the technologies associated with it. While these applications and devices will bring significant benefits, they will be accompanied by numerous cybersecurity challenges. As a result, U.S. policymakers run afoul of repeating past mistakes: failing to secure technology before it ushers in a new era of national security concerns. The U.S. government must work closely with industry, academia, nonprofits, and international partners to begin thinking about these consequential issues

Improving the Cybersecurity of Cyber-Physical Systems Through Behavioral Game Theory and Model Checking in Practice and in Education

This dissertation presents automated methods based on behavioral game theory and model checking to improve the cybersecurity of cyber-physical systems (CPSs) and advocates teaching certain foundational principles of these methods to cybersecurity students. First, it encodes behavioral game theory\u27s concept of level-k reasoning into an integer linear program that models a newly defined security Colonel Blotto game. This approach is designed to achieve an efficient allocation of scarce protection resources by anticipating attack allocations. A human subjects experiment based on a CPS infrastructure demonstrates its effectiveness. Next, it rigorously defines the term adversarial thinking, one of cybersecurity educations most important and elusive learning objectives, but for which no proper definition exists. It spells out what it means to think like a hacker by examining the characteristic thought processes of hackers through the lens of Sternberg\u27s triarchic theory of intelligence. Next, a classroom experiment demonstrates that teaching basic game theory concepts to cybersecurity students significantly improves their strategic reasoning abilities. Finally, this dissertation applies the SPIN model checker to an electric power protection system and demonstrates a straightforward and effective technique for rigorously characterizing the degree of fault tolerance of complex CPSs, a key step in improving their defensive posture

Ten Years In: Implementing Strategic Approaches to Cyberspace

This book represents a look beyond theories and analogies to examine the challenges of strategy implementation. In the essays that follow, practitioners who are building cyberspace forces at-scale join scholars who study power and force in this new domain to collectively offer a unique perspective on the evolution and future of cyber strategy and operations.https://digital-commons.usnwc.edu/usnwc-newport-papers/1044/thumbnail.jp

Impact of Artificial Intelligence on Strategic Stability and Nuclear Risk : Volume II East Asian Perspectives.

Artificial intelligence (AI) is not only undergoing a renaissance in its technical development, but is also starting to shape deterrence relations among nucleararmed states. This is already evident in East Asia, where asymmetries of power and capability have long driven nuclear posture and weapon acquisition. Continuing this trend, integration of AI into military platforms has the potential to offer weaker nuclear-armed states the opportunity to reset imbalances in capabilities, while at the same time exacerbating concerns that stronger states may use AI to further solidify their dominance and to engage in more provocative actions. This paradox of perceptions, as it is playing out in East Asia, is fuelled by a series of national biases and assumptions that permeate decision-making. They are also likely to serve as the basis for AI algorithms that drive future conventional and nuclear platforms

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management