A Novel Cyber Resilience Framework – Strategies and Best Practices for Today's Organizations

Cyber resilience refers to an organization's ability to maintain its essential functions, services despite cyber-attacks and swiftly recover from any disruptions. It involves proactive measures like gathering threat intelligence and managing risks, as well as reactive measures such as incident response planning, data backup and recovery. To achieve cyber resilience, organizations must implement robust cyber security measures, regularly update their incident response plans, and educate employees on safe online practices. Furthermore, having a comprehensive backup and recovery strategy in place is crucial to swiftly restore critical systems and data in the event of an attack. Overall, the proposed framework emphasizes cyber resilience as a continuous and proactive approach for managing cyber security risks and safeguarding against the growing threat of cyber-attacks

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Healthcare systems protection: All-in-one cybersecurity approach

Cyber risks are increasingly widespread as healthcare organizations play a defining role in society. Several studies have revealed an increase in cybersecurity threats in the industry, which should concern us all. When it comes to cybersecurity, the consequences can be felt throughout the organization, from the smallest processes to the overall ability of the organization to function. Typically, a cyberattack results in the disclosure of confidential information that undermines your competitive advantage and overall trust. Healthcare as a critical sector has, like many other sectors, a late bet on its transformation to cybersecurity across the board. This dissertation reinforces this need by presenting a value-added solution that helps strengthen the internal processes of healthcare units, enabling their primary mission of saving lives while ensuring the confidentiality and security of patient and institutional data. The solution is presented as a technological composite that translates into a methodology and innovative artifact for integration, monitoring, and security of critical medical infrastructures based on operational use cases. The approach that involves people, processes, and technology is based on a model that foresees the evaluation of potential assets for integration and monitoring, as well as leveraging the efficiency in responding to security incidents with the formal development of a process and mechanisms for alert and resolution of exposure and attack scenarios. On a technical level, the artifact relies on the integration of a medical image archiving system (PACS) into a SIEM to validate application logs that are linked to rules to map anomalous behaviors that trigger the incident management process on an IHS platform with custom-developed features. The choice for integration in the validation prototype of the PACS system is based not only on its importance in the orchestration of activities in the organization of a health institution, but also with the recent recommendations of various cybersecurity agencies and organizations for the importance of their protection in response to the latest trends in cyberattacks. In line with the results obtained, this approach will have full applicability in a real operational context, following the latest practices and technologies in the sector.Os riscos cibernéticos estão cada vez mais difundidos à medida que as organizações de cuidados de saúde desempenham um papel determinante na sociedade. Vários estudos revelaram um aumento das ameaças de cibersegurança no setor, o que nos deve preocupar a todos. Quando se trata de cibersegurança, as consequências podem ser sentidas em toda a organização, desde os mais pequenos processos até à sua capacidade global de funcionamento. Normalmente, um ciberataque resulta na divulgação de informações confidenciais que colocam em causa a sua vantagem competitiva e a confiança geral. O healthcare como setor crítico apresenta, como muitos outros setores, uma aposta tardia na sua transformação para a cibersegurança de forma generalizada. Esta dissertação reforça esta necessidade apresentando uma solução de valor acrescentado que ajuda a potenciar os processos internos das unidades de saúde possibilitando a sua missão principal de salvar vidas, aumentando a garantia de confidencialidade e segurança dos dados dos pacientes e instituições. A solução apresenta-se como um compósito tecnológico que se traduz numa metodologia e artefacto de inovação para integração, monitorização e segurança de infraestruturas médicas críticas baseado em use cases de operação. A abordagem que envolve pessoas, processos e tecnologia assenta num modelo que prevê a avaliação de potenciais ativos para integração e monitorização, como conta alavancar a eficiência na resposta a incidentes de segurança com o desenvolvimento formal de um processo e mecanismos para alerta e resolução de cenários de exposição e ataque. O artefacto, a nível tecnológico, conta com a integração do sistema de arquivo de imagem médica (PACS) num SIEM para validação de logs aplicacionais que estão associados a regras que mapeiam comportamentos anómalos que originam o despoletar do processo de gestão de incidentes numa plataforma IHS com funcionalidades desenvolvidas à medida. A escolha para integração no protótipo de validação do sistema PACS tem por base não só a sua importância na orquestração de atividades na orgânica duma instituição de saúde, mas também com as recentes recomendações de várias agências e organizações de cibersegurança para a importância da sua proteção em resposta às últimas tendências de ciberataques. Em linha com os resultados auscultados, esta abordagem terá total aplicabilidade em contexto real de operação, seguindo as mais recentes práticas e tecnologias no sector

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures comprise of many interconnected cyber and physical assets, and as such are large scale cyber-physical systems. Hence, the conventional approach of securing these infrastructures by addressing cyber security and physical security separately is no longer effective. Rather more integrated approaches that address the security of cyber and physical assets at the same time are required. This book presents integrated (i.e. cyber and physical) security approaches and technologies for the critical infrastructures that underpin our societies. Specifically, it introduces advanced techniques for threat detection, risk assessment and security information sharing, based on leading edge technologies like machine learning, security knowledge modelling, IoT security and distributed ledger infrastructures. Likewise, it presets how established security technologies like Security Information and Event Management (SIEM), pen-testing, vulnerability assessment and security data analytics can be used in the context of integrated Critical Infrastructure Protection. The novel methods and techniques of the book are exemplified in case studies involving critical infrastructures in four industrial sectors, namely finance, healthcare, energy and communications. The peculiarities of critical infrastructure protection in each one of these sectors is discussed and addressed based on sector-specific solutions. The advent of the fourth industrial revolution (Industry 4.0) is expected to increase the cyber-physical nature of critical infrastructures as well as their interconnection in the scope of sectorial and cross-sector value chains. Therefore, the demand for solutions that foster the interplay between cyber and physical security, and enable Cyber-Physical Threat Intelligence is likely to explode. In this book, we have shed light on the structure of such integrated security systems, as well as on the technologies that will underpin their operation. We hope that Security and Critical Infrastructure Protection stakeholders will find the book useful when planning their future security strategies

Challenges in Cybersecurity and Privacy - the European Research Landscape

Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical systems and IoT, since they present additional vulnerabilities due to their constrained capabilities, their unattended nature and the usage of potential untrustworthiness components. Likewise, identity-theft, fraud, personal data leakages, and other related cyber-crimes are continuously evolving, causing important damages and privacy problems for European citizens in both virtual and physical scenarios. In this context, new holistic approaches, methodologies, techniques and tools are needed to cope with those issues, and mitigate cyberattacks, by employing novel cyber-situational awareness frameworks, risk analysis and modeling, threat intelligent systems, cyber-threat information sharing methods, advanced big-data analysis techniques as well as exploiting the benefits from latest technologies such as SDN/NFV and Cloud systems. In addition, novel privacy-preserving techniques, and crypto-privacy mechanisms, identity and eID management systems, trust services, and recommendations are needed to protect citizens’ privacy while keeping usability levels. The European Commission is addressing the challenge through different means, including the Horizon 2020 Research and Innovation program, thereby financing innovative projects that can cope with the increasing cyberthreat landscape. This book introduces several cybersecurity and privacy research challenges and how they are being addressed in the scope of 15 European research projects. Each chapter is dedicated to a different funded European Research project, which aims to cope with digital security and privacy aspects, risks, threats and cybersecurity issues from a different perspective. Each chapter includes the project’s overviews and objectives, the particular challenges they are covering, research achievements on security and privacy, as well as the techniques, outcomes, and evaluations accomplished in the scope of the EU project. The book is the result of a collaborative effort among relative ongoing European Research projects in the field of privacy and security as well as related cybersecurity fields, and it is intended to explain how these projects meet the main cybersecurity and privacy challenges faced in Europe. Namely, the EU projects analyzed in the book are: ANASTACIA, SAINT, YAKSHA, FORTIKA, CYBECO, SISSDEN, CIPSEC, CS-AWARE. RED-Alert, Truessec.eu. ARIES, LIGHTest, CREDENTIAL, FutureTrust, LEPS. Challenges in Cybersecurity and Privacy - the European Research Landscape is ideal for personnel in computer/communication industries as well as academic staff and master/research students in computer science and communications networks interested in learning about cyber-security and privacy aspects

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Resilience in Critical infrastructure within the energy sector of Norway

Master's thesis in Cyber security (IS507)This thesis investigates what are the characteristics of resilience within the energy sector, as well as what are the "best” known practices being used to increase awareness of the employees. By looking at the existing literature and finding differences between how the energy sector in Norway vs other nations approaches resilience. There is a difference in Norway's more decentralized power grid, where many smaller power stations supply energy, compared to other nation with single large power station. This influences how they will approach resilience. The study uses a qualitative research approach, with semi-structured interviews to gather data from several organizations within the energy sector of Norway. The results are then analyzed, and compared to existing research, to achieve a theoretical understanding of the result. The study identifies what are the characteristics that can be used to define resilience within the energy sector. And defines how these characteristics can be used to achieve resilience within an organization. Furniture more this study analyzes what constitutes “Best-practices” and if they truly are “best,” before investigating how such practices are used to increase awareness of resilience to the employee of the energy sector

Cyber Sentinel: Exploring Conversational Agents in Streamlining Security Tasks with GPT-4

In an era where cyberspace is both a battleground and a backbone of modern society, the urgency of safeguarding digital assets against ever-evolving threats is paramount. This paper introduces Cyber Sentinel, an innovative task-oriented cybersecurity dialogue system that is effectively capable of managing two core functions: explaining potential cyber threats within an organization to the user, and taking proactive/reactive security actions when instructed by the user. Cyber Sentinel embodies the fusion of artificial intelligence, cybersecurity domain expertise, and real-time data analysis to combat the multifaceted challenges posed by cyber adversaries. This article delves into the process of creating such a system and how it can interact with other components typically found in cybersecurity organizations. Our work is a novel approach to task-oriented dialogue systems, leveraging the power of chaining GPT-4 models combined with prompt engineering across all sub-tasks. We also highlight its pivotal role in enhancing cybersecurity communication and interaction, concluding that not only does this framework enhance the system's transparency (Explainable AI) but also streamlines the decision-making process and responding to threats (Actionable AI), therefore marking a significant advancement in the realm of cybersecurity communication

Toward a sustainable cybersecurity ecosystem

© 2020 by the authors. Licensee MDPI, Basel, Switzerland. Cybersecurity issues constitute a key concern of today’s technology-based economies. Cybersecurity has become a core need for providing a sustainable and safe society to online users in cyberspace. Considering the rapid increase of technological implementations, it has turned into a global necessity in the attempt to adapt security countermeasures, whether direct or indirect, and prevent systems from cyberthreats. Identifying, characterizing, and classifying such threats and their sources is required for a sustainable cyber-ecosystem. This paper focuses on the cybersecurity of smart grids and the emerging trends such as using blockchain in the Internet of Things (IoT). The cybersecurity of emerging technologies such as smart cities is also discussed. In addition, associated solutions based on artificial intelligence and machine learning frameworks to prevent cyber-risks are also discussed. Our review will serve as a reference for policy-makers from the industry, government, and the cybersecurity research community

Cyber Hygiene Maturity Assessment Framework for Smart Grid Scenarios

Cyber hygiene is a relatively new paradigm premised on the idea that organizations and stakeholders are able to achieve additional robustness and overall cybersecurity strength by implementing and following sound security practices. It is a preventive approach entailing high organizational culture and education for information cybersecurity to enhance resilience and protect sensitive data. In an attempt to achieve high resilience of Smart Grids against negative impacts caused by different types of common, predictable but also uncommon, unexpected, and uncertain threats and keep entities safe, the Secure and PrivatE smArt gRid (SPEAR) Horizon 2020 project has created an organization-wide cyber hygiene policy and developed a Cyber Hygiene Maturity assessment Framework (CHMF). This article presents the assessment framework for evaluating Cyber Hygiene Level (CHL) in relation to the Smart Grids. Complementary to the SPEAR Cyber Hygiene Maturity Model (CHMM), we propose a self-assessment methodology based on a questionnaire for Smart Grid cyber hygiene practices evaluation. The result of the assessment can be used as a cyber-health check to define countermeasures and to reapprove cyber hygiene rules and security standards and specifications adopted by the Smart Grid operator organization. The proposed methodology is one example of a resilient approach to cybersecurity. It can be applied for the assessment of the CHL of Smart Grids operating organizations with respect to a number of recommended good practices in cyber hygiene.This project has received funding from the European Union Horizon 2020 research and innovation program under grant agreement No. 787011 (SPEAR