STOP-IT: strategic, tactical, operational protection of water infrastructure against cyberphysical threats

Water supply and sanitation infrastructures are essential for our welfare, but vulnerable to several attack types facilitated by the ever-changing landscapes of the digital world. A cyber-attack on critical infrastructures could for example evolve along these threat vectors: chemical/biological contamination, physical or communications disruption between the network and the supervisory SCADA. Although conceptual and technological solutions to security and resilience are available, further work is required to bring them together in a risk management framework, strengthen the capacities of water utilities to systematically protect their systems, determine gaps in security technologies and improve risk management approaches. In particular, robust adaptable/flexible solutions for prevention, detection and mitigation of consequences in case of failure due to physical and cyber threats, their combination and cascading effects (from attacks to other critical infrastructure, i.e. energy) are still missing. There is (i) an urgent need to efficiently tackle cyber-physical security threats, (ii) an existing risk management gap in utilities’ practices and (iii) an un-tapped technology market potential for strategic, tactical and operational protection solutions for water infrastructure: how the H2020 STOP-IT project aims to bridge these gaps is presented in this paper.Postprint (published version

Security Incident Response Criteria: A Practitioner's Perspective

Industrial reports indicate that security incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security incident response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security incident response solutions and second, as a guide, to support future security incident response improvement initiatives

On the use of serious games technology to facilitate large-scale training in cybercrime response

As technology becomes pervasive in everyday life, there are very few crimes that don’t have some ‘cyber’ element to them. The vast majority of crime now has some digital footprint; whether it’s from a CCTV camera, mobile phone or IoT device, there exists a vast range of technological devices with the ability to store digital evidence that could be of use during a criminal investigation. There is a clear requirement to ensure that digital forensic investigators have received up-to-date training on appropriate methods for the seizure, acquisition and analysis of digital devices. However, given the increasing number of crimes now involving a range of technological devices it is increasingly important for those police officers who respond to incidents of crime to have received appropriate training.The aim of our research is to transform the delivery of first responder training in tackling cybercrime.A project trialling the use of computer games technology to train officers in cybercrime response is described. A game simulating typical cybercrime scenes has been developed and its use in training first responders has been evaluated within Police Scotland. Overall, this approach to the large-scale provision of training (potentially to a whole force) is shown to offer potential