Formally designing and implementing cyber security mechanisms in industrial control networks.

This dissertation describes progress in the state-of-the-art for developing and deploying formally verified cyber security devices in industrial control networks. It begins by detailing the unique struggles that are faced in industrial control networks and why concepts and technologies developed for securing traditional networks might not be appropriate. It uses these unique struggles and examples of contemporary cyber-attacks targeting control systems to argue that progress in securing control systems is best met with formal verification of systems, their specifications, and their security properties. This dissertation then presents a development process and identifies two technologies, TLA+ and seL4, that can be leveraged to produce a high-assurance embedded security device. The method presented in this dissertation takes an informal design of an embedded device that might be found in a control system and 1) formalizes the design within TLA+, 2) creates and mechanically checks a model built from the formal design, and 3) translates the TLA+ design into a component-based architecture of a native seL4 application. The later chapters of this dissertation describe an application of the process to a security preprocessor embedded device that was designed to add security mechanisms to the network communication of an existing control system. The device and its security properties are formally specified in TLA+ in chapter 4, mechanically checked in chapter 5, and finally its native seL4 architecture is implemented in chapter 6. Finally, the conclusions derived from the research are laid out, as well as some possibilities for expanding the presented method in the future

Improving resilience to cyber-attacks by analysing system output impacts and costs

Cyber-attacks cost businesses millions of dollars every year, a key component of which is the cost of business disruption from system downtime. As cyber-attacks cannot all be prevented, there is a need to consider the cyber resilience of systems, i.e. the ability to withstand cyber-attacks and recover from them. Previous works discussing system cyber resilience typically either offer generic high-level guidance on best practices, provide limited attack modelling, or apply to systems with special characteristics. There is a lack of an approach to system cyber resilience evaluation that is generally applicable yet provides a detailed consideration for the system-level impacts of cyber-attacks and defences. We propose a methodology for evaluating the effectiveness of actions intended to improve resilience to cyber-attacks, considering their impacts on system output performance, and monetary costs. It is intended for analysing attacks that can disrupt the system function, and involves modelling attack progression, system output production, response to attacks, and costs from cyber-attacks and defensive actions. Studies of three use cases demonstrate the implementation and usefulness of our methodology. First, in our redundancy planning study, we considered the effect of redundancy additions on mitigating the impacts of cyber-attacks on system output performance. We found that redundancy with diversity can be effective in increasing resilience, although the reduction in attack-related costs must be balanced against added maintenance costs. Second, our work on attack countermeasure selection shows that by considering system output impacts across the duration of an attack, one can find more cost-effective attack responses than without such considerations. Third, we propose an approach to mission viability analysis for multi-UAV deployments facing cyber-attacks, which can aid resource planning and determining if the mission can conclude successfully despite an attack. We provide different implementations of our model components, based on use case requirements.Open Acces

Cloud engineering is search based software engineering too

Many of the problems posed by the migration of computation to cloud platforms can be formulated and solved using techniques associated with Search Based Software Engineering (SBSE). Much of cloud software engineering involves problems of optimisation: performance, allocation, assignment and the dynamic balancing of resources to achieve pragmatic trade-offs between many competing technical and business objectives. SBSE is concerned with the application of computational search and optimisation to solve precisely these kinds of software engineering challenges. Interest in both cloud computing and SBSE has grown rapidly in the past five years, yet there has been little work on SBSE as a means of addressing cloud computing challenges. Like many computationally demanding activities, SBSE has the potential to benefit from the cloud; ‘SBSE in the cloud’. However, this paper focuses, instead, of the ways in which SBSE can benefit cloud computing. It thus develops the theme of ‘SBSE for the cloud’, formulating cloud computing challenges in ways that can be addressed using SBSE

Strategies Managers Implement to Ensure Information Technology Infrastructure Services for Overseas Users

Information technology (IT) has become a critical success factor for businesses. IT leaders’ potential failures in implementing IT strategies aligned with the business objectives may negatively impact the success of organizations in the current global market. Grounded in the technology-organizational-environmental (TOE) framework, the purpose of this qualitative, pragmatic inquiry study was to explore the IT strategies used by IT managers of multinational companies in the United States to implement IT infrastructure services to businesses for overseas users in developing countries. The participants were nine IT leaders with experience or who have implemented IT strategies for organizations in the United States with businesses in developing countries. Data were collected using semistructured interviews. Through thematic analysis, six themes were identified: (a) hybrid cloud and on-premises adoption, (b) IT infrastructure redundancy or failover process, (c) development of standardized IT best practices, (d) IT infrastructure strategies by region, (e) measurement of the IT infrastructure services, and (f) external factors impact the adoption of IT infrastructure strategies. A key recommendation is for IT leaders to have cloud file services such as Microsoft 365 or One Drive, allowing employees to work from anywhere. The implications for positive social change include the potential to guide IT managers’ decisions that can lead to the long-term sustainability of businesses, thereby improving the socio-economic lifestyle of individuals in the United States and developing countries

Anti-fragile ICT Systems

This book introduces a novel approach to the design and operation of large ICT systems. It views the technical solutions and their stakeholders as complex adaptive systems and argues that traditional risk analyses cannot predict all future incidents with major impacts. To avoid unacceptable events, it is necessary to establish and operate anti-fragile ICT systems that limit the impact of all incidents, and which learn from small-impact incidents how to function increasingly well in changing environments. The book applies four design principles and one operational principle to achieve anti-fragility for different classes of incidents. It discusses how systems can achieve high availability, prevent malware epidemics, and detect anomalies. Analyses of Netflix’s media streaming solution, Norwegian telecom infrastructures, e-government platforms, and Numenta’s anomaly detection software show that cloud computing is essential to achieving anti-fragility for classes of events with negative impacts

Designing a Thrifty Approach for SME Business Continuity: Practices for Transparency of the Design Process

Business continuity (BC) management is an organizational approach to preparing information systems (IS) for incidents, but such approaches are uncommon among small and medium-sized enterprises (SMEs). Past research has indicated a gap in approaches that are designed for SMEs since BC management approaches tend to originate from larger organizations and SMEs lack the resources to implement them. To fill this gap, and to respond to a practical need by an IT consultancy company, we employed design science research (DSR) to develop a BC approach for SMEs coined as the thrifty BC management approach. Jointly with the company’s practitioners, we developed a set of meta-requirements for BC approaches for SMEs anchored in prior BC literature, practitioners’ practical expertise, and the theories of collective mindfulness and sociotechnical systems. We evaluated our thrifty BC management approach with multiple SMEs. These evaluations suggest that the designed approach mostly meets the defined meta-requirements. Moreover, the evaluations offered ample opportunities for learning. The design process, unfolding in a real-world setting, was precarious, rife with contingencies and ad hoc decisions. To render the design process transparent, we adapted four writing conventions from the confessional research genre familiar to ethnographic research but novel to DSR. We offer a threefold contribution. First, we contribute to SMEs’ BC with meta-requirements and their instantiation in a new BC approach (artifact); second, we contribute with four practices of confessional writing for transparency of DSR research; and third, we contribute with reflections on our theoretical learning from throughout the design process

PCI DSS case study: Impact in network design and security

The Payment Card Industry Data Security Standard is a set of twelve security requirements applicable to all institutions and systems handling, storing or transmitting cardholder information. It was created by the main card brands in a united effort to respond to the increasing number of attacks and data breaches cases targeted and linked to card and cardholder data. The standard considers points such as policies design, data security, network architecture, software design, application security, transmission encryption requirements and so on. Being compliant with the standard can be both expensive and traumatic for any business willing to do it. This research analyzes the impact that this compliance achievement process can have on an enterprise. This work is focused on the networking infrastructure and security and application security in general. This is a case study based on a real situation, where real current procedures and implementations were evaluated against the standard requirements regarding networking design, security and applications security. This will provide a benchmark of the situation towards getting the compliance validation in the company subject of this case study