Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Risk information services for Disaster Risk Management (DRM) in the Caribbean : operational documentation

The primary objective of this ESA project is to raise awareness within the World Bank (WB) of the capabilities of Earth Observation (EO) data and specialist service providers to supply information customised to the specific needs of individual projects. This project was set up within the ESA/WB eoworld initiative to contribute to the WB Caribbean Risk Information Program that is operating under a grant from the ACP-EU Natural Risk Reduction Program. The Caribbean is heavily affected by natural (and geo-) hazards with over 5 billion US$in losses in the last 20 years (source: CRED database). Figure 1 illustrates the division of natural disaster by occurrence in the region over the last 30 years, providing an insight into the impact in the region over a significant time period. A specific example of the environmental, social, economic and political issues that the project is addressing is highlighted by the effects of Hurricane Tomas on St Lucia in October 2010. The hurricane resulted in seven deaths with 5952 people severely affected, while the cost of the damage was estimated at US$336.2 million, representing 43.4% of GDP (ECLAC, 2011). Understanding and mitigating these “geo-environmental disasters” (as they are termed in ECLAC, 2011) is a primary concern in the region

myTrustedCloud: Trusted cloud infrastructure for security-critical computation and data managment

Copyright @ 2012 IEEECloud Computing provides an optimal infrastructure to utilise and share both computational and data resources whilst allowing a pay-per-use model, useful to cost-effectively manage hardware investment or to maximise its utilisation. Cloud Computing also offers transitory access to scalable amounts of computational resources, something that is particularly important due to the time and financial constraints of many user communities. The growing number of communities that are adopting large public cloud resources such as Amazon Web Services [1] or Microsoft Azure [2] proves the success and hence usefulness of the Cloud Computing paradigm. Nonetheless, the typical use cases for public clouds involve non-business critical applications, particularly where issues around security of utilization of applications or deposited data within shared public services are binding requisites. In this paper, a use case is presented illustrating how the integration of Trusted Computing technologies into an available cloud infrastructure - Eucalyptus - allows the security-critical energy industry to exploit the flexibility and potential economical benefits of the Cloud Computing paradigm for their business-critical applications

Risk information services for Disaster Risk Management (DRM) in the Caribbean : service readiness document

This document specifies the EO information products / services to be delivered in support of the World Bank project (Handbook for the Assessment of Landslide and Flood Hazards and Risks to Support Development Processes, led by ITC Netherlands), and describes the scope and extent of assessment that will be carried out following production and delivery. It is to be reviewed and agreed by the WB TTL for the project (and local users, if applicable), and will form the basis of subsequent activities to be carried out in the service assessment phase