Security Evaluation of Cyber-Physical Systems in Society- Critical Internet of Things

In this paper, we present evaluation of security awareness of developers and users of cyber-physical systems. Our study includes interviews, workshops, surveys and one practical evaluation. We conducted 15 interviews and conducted survey with 55 respondents coming primarily from industry. Furthermore, we performed practical evaluation of current state of practice for a society-critical application, a commercial vehicle, and reconfirmed our findings discussing an attack vector for an off-line societycritical facility. More work is necessary to increase usage of security strategies, available methods, processes and standards. The security information, currently often insufficient, should be provided in the user manuals of products and services to protect system users. We confirmed it lately when we conducted an additional survey of users, with users feeling as left out in their quest for own security and privacy. Finally, hardware-related security questions begin to come up on the agenda, with a general increase of interest and awareness of hardware contribution to the overall cyber-physical security. At the end of this paper we discuss possible countermeasures for dealing with threats in infrastructures, highlighting the role of authorities in this quest

Detection of advanced persistent threat using machine-learning correlation analysis

As one of the most serious types of cyber attack, Advanced Persistent Threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) Threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented sy

Perspectives for Cyber Strategists on Law for Cyberwar

The proliferation of martial rhetoric in connection with the release of thousands of pages of sensitive government documents by the WikiLeaks organization underlines how easily words that have legal meanings can be indiscriminately applied to cyber events in ways that can confuse decision makers and strategists alike. The WikiLeaks phenomenon is but the latest in a series of recent cyber-related incidents––ranging from cyber crises in Estonia and Georgia to reports of the Stuxnet cyberworm allegedly infecting Iranian computers––that have contributed to a growing perception that “cyberwar” is inevitable, if not already underway. All of this generates a range of legal questions, with popular wisdom being that the law is inadequate or lacking entirely. Lt Gen Keith B. Alexander, the first commander of US Cyber Command, told Congress at his April 2010 confirmation hearings that there was a “mismatch between our technical capabilities to conduct operations and the governing laws and policies.” Likewise, Jeffrey Addicott, a highly respected cyber-law authority, asserts that “international laws associated with the use of force are woefully inadequate in terms of addressing the threat of cyberwarfare.” This article takes a somewhat different tact concerning the ability of the law of armed conflict (LOAC) to address cyber issues. Specifically, it argues that while there is certainly room for improvement in some areas, the basic tenets of LOAC are sufficient to address the most important issues of cyberwar. Among other things, this article contends that very often the real difficulty with respect to the law and cyberwar is not any lack of “law,” per se, but rather in the complexities that arise in determining the necessary facts which must be applied to the law to render legal judgments

Machine Learning-Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats

Despite its technological benefits, Internet of Things (IoT) has cyber weaknesses due to the vulnerabilities in the wireless medium. Machine learning (ML)-based methods are widely used against cyber threats in IoT networks with promising performance. Advanced persistent threat (APT) is prominent for cybercriminals to compromise networks, and it is crucial to long-term and harmful characteristics. However, it is difficult to apply ML-based approaches to identify APT attacks to obtain a promising detection performance due to an extremely small percentage among normal traffic. There are limited surveys to fully investigate APT attacks in IoT networks due to the lack of public datasets with all types of APT attacks. It is worth to bridge the state-of-the-art in network attack detection with APT attack detection in a comprehensive review article. This survey article reviews the security challenges in IoT networks and presents the well-known attacks, APT attacks, and threat models in IoT systems. Meanwhile, signature-based, anomaly-based, and hybrid intrusion detection systems are summarized for IoT networks. The article highlights statistical insights regarding frequently applied ML-based methods against network intrusion alongside the number of attacks types detected. Finally, open issues and challenges for common network intrusion and APT attacks are presented for future research.Comment: ACM Computing Surveys, 2022, 35 pages, 10 Figures, 8 Table

Expanding Australia\u27s defence capabilities for technological asymmetric advantage in information, cyber and space in the context of accelerating regional military modernisation: A systemic design approach

Introduction. The aim of the project was to conduct a systemic design study to evaluate Australia\u27sopportunities and barriers for achieving a technological advantage in light of regional military technological advancement. It focussed on the three domains of (1) cybersecurity technology, (2) information technology, and (3) space technology. Research process. Employing a systemic design approach, the study first leveraged scientometric analysis, utilising informetric mapping software (VOSviewer) to evaluate emerging trends and their implications on defence capabilities. This approach facilitated a broader understanding of the interdisciplinary nature of defence technologies, identifying key areas for further exploration. The subsequent survey study, engaging 828 professionals across STEM, space, aerospace, defence/ law enforcement, and ICT, aimed to assess the impact, deployment likelihood, and developmental timelines of the identified technologies. Finally, five experts were interviewed to help elaborate on the findings in the survey and translate them into implications for the ADF. Findings. Key findings revealed significant overlaps in technology clusters, highlighting ten specific technologies or trends as potential force multipliers for the ADF. Among these, cybersecurity of critical infrastructure and optimisation and other algorithmic technologies were recognised for their immediate potential and urgency, suggesting a prioritisation for development investment. The analysis presented a clear imperative for urgent and prioritised technological investments, specifically in cybersecurity and information technologies, followed by space technologies. The research also suggested partnerships that Australia should develop to keep ahead in terms of regional military modernisation. Implications. To maintain a competitive edge, there is an urgent need for investment in the development and application of these technologies, as nearly all disruptive technologies identified for their potential impact, deployment/utilization likelihood, extensive use, and novelty for defence purposes are needed in the near-term (less than 5 years – cybersecurity and information technologies) or medium-term (less than 10 years – space technologies). In line with this, technology investments should be prioritized as follows: Priority 1 includes Cyber Security of critical infrastructure and optimization algorithms; Priority 2 encompasses Unmanned and autonomous systems and weapons, Deep/Machine Learning, and Space-based command and communications systems; and Priority 3 involves Industry 4.0 technologies, Quantum technology, Electromagnetic and navigation warfare systems, Hypersonic weapons, and Directed energy weapons. At the policy level, underfunding, bureaucratic inertia and outdated procurement models needed to be addressed to enhance agility of innovation. More critically, Australia needed to come up with creative ways to recruit, train and retain human capital to develop, manage and use these sophisticated technologies. Finally, in order to maintain a lead over competitors (China, Russia, Iran, North Korea) in the regional military technology competition, the survey and interviews indicate that Australia should continue its military technology alliances with long-standing partners (US, Europe, Israel), broaden its collaborations with more recent partners (Japan, Singapore, South Korea), and establish partnerships with new ones (India, Malaysia, Vietnam, Pacific Island nations). Conclusion. This study sheds light on the future direction for the ADF and Defence in general, underscoring the importance of strategic investments in up-and-coming technologies. By pinpointing strategic voids, potential partnerships, and sovereign technologies with high potential, this report acts as a roadmap for bolstering Australia’s defence capabilities and safeguarding its strategic interests amidst regional technological changes

Artificial Intelligence and Cyber Power from a Strategic Perspective

Artificial intelligence can outperform humans at narrowly defined tasks and will enable a new generation of autonomous weapon systems. Cyberspace will play a crucial role in future conflicts due to the integration of digital infrastructure in society and the expected prevalence of autonomous systems on the battlefield. AI cyber weapons create a dangerous class of persistent threats that can actively and quickly adjust tactics as they relentlessly and independently probe and attack networks

Security Aspects of Internet of Things aided Smart Grids: a Bibliometric Survey

The integration of sensors and communication technology in power systems, known as the smart grid, is an emerging topic in science and technology. One of the critical issues in the smart grid is its increased vulnerability to cyber threats. As such, various types of threats and defense mechanisms are proposed in literature. This paper offers a bibliometric survey of research papers focused on the security aspects of Internet of Things (IoT) aided smart grids. To the best of the authors' knowledge, this is the very first bibliometric survey paper in this specific field. A bibliometric analysis of all journal articles is performed and the findings are sorted by dates, authorship, and key concepts. Furthermore, this paper also summarizes the types of cyber threats facing the smart grid, the various security mechanisms proposed in literature, as well as the research gaps in the field of smart grid security.Comment: The paper is published in Elsevier's Internet of Things journal. 25 pages + 20 pages of reference

Cyber Threats Modeling: An Empirical Study

The immediacy of this study is determined by the need to fight back against the modern cyber threats that arise in the process of building a digital economy. The issues of countering various cyber threats in the activities of small and medium enterprises, firms stand to be a serious problem. Its relevance is constantly increasing. This is due to a number of objective reasons, the main of which are the following. Firstly, the globalization of economic processes, which leads to a situation where the technical, software and information component of the Information System (IS) is the same in relation to all countries developed in terms of information. Secondly, a significant change in the landscape of the IS threats themselves. It should be noted that the changes affected both quantitative and qualitative characteristics. Malware, Network Scanning, Man in the Middle, Phishing, DNS Spoofing, Trojan Horses. These are just a few examples of cyber threats carried out against small and mid-sized businesses and government information systems every day. The current condition of the information security system of governmental and commercial structures does not provide efficient resolving of up-to-date cybersecurity problems and creation of confident interaction between the critical infrastructure objects. It should be assumed that there is a need to update the theoretical and methodological base and practical developments that can protect the rights and legitimate interests of the individual, business and the state from modern security threats and increase the level of security of our economy. The article logically combines the study of the modern landscape of cybersecurity threats, the construction of an empirical model of security threats (with the allocation of a monetization block), the demonstration of the results of processing statistical data characterizing the distribution of the frequency of occurrence of specific threats. The paper aims to build an empirical model of cyber threats based on a study of huge number of relevant literature sources and statistical data