Simulation for Cybersecurity: State of the Art and Future Directions

In this article, we provide an introduction to simulation for cybersecurity and focus on three themes: (1) an overview of the cybersecurity domain; (2) a summary of notable simulation research efforts for cybersecurity; and (3) a proposed way forward on how simulations could broaden cybersecurity efforts. The overview of cybersecurity provides readers with a foundational perspective of cybersecurity in the light of targets, threats, and preventive measures. The simulation research section details the current role that simulation plays in cybersecurity, which mainly falls on representative environment building; test, evaluate, and explore; training and exercises; risk analysis and assessment; and humans in cybersecurity research. The proposed way forward section posits that the advancement of collecting and accessing sociotechnological data to inform models, the creation of new theoretical constructs, and the integration and improvement of behavioral models are needed to advance cybersecurity efforts

An integrated risk analysis framework for safety and cybersecurity of industrial SCADA system

The industrial control system (ICS) refers to a collection of various types of control systems commonly found in industrial sectors and critical infrastructures such as energy, oil and gas, transportation, and manufacturing. The supervisory control and data acquisition (SCADA) system is a type of ICS that controls and monitors operations and industrial processes scattered across a large geographic area. SCADA systems are relying on information and communication technology to improve the efficiency of operations. This integration means that SCADA systems are targeted by the same threats and vulnerabilities that affect ICT assets. This means that the cybersecurity problem in SCADA system is exacerbated by the IT heritage issue. If the control system is compromised due to this connection, serious consequences may follow. This leads to the necessity to have an integrated framework that covers both safety and security risk analysis in this context. This thesis proposes an integrated risk analysis framework that comprise of four stages, and that build on the advances of risk science and industry standards, to improve understanding of SCADA system complexity, and manage risks considering process safety and cybersecurity in a holistic approach. The suggested framework is committed to improving safety and security risk analysis by examining the expected consequences through integrated risk identifications and identifying adequate safeguards and countermeasures to defend cyber-attack scenarios. A simplified SCADA system and an undesirable scenario of overpressure in the pipeline are presented in which the relevant stages of the framework are applied

An Architecture for IoT-Enabled Smart Transportation Security System: A Geospatial Approach

Internet of Things (IoT) in urban transportation systems have been ubiquitously embedded into a variety of devices and transport entities. The IoT-enabled smart transportation system (STS) has thus gained growing tractions amongst scholars and practitioners. However, several IoT challenges in relation to cyber–physical security are exposed due to the heterogeneity, complexity and decentralisation of the IoT network. There also exist geospatial security concerns with respect to the embeddings of 5G networks into public infrastructures that are interconnected with the transport system via IoT. To address these concerns, this article aims to apply geospatial modelling approach to propose a smart transportation security systems (STSSs). It is modelled and simulated by undertaking an experimental study in the city of Beijing, China. The simulation outcome of the proposed architecture is expected to offer a strategic guide for strategic security management of urban smart transportation

A Deep Learning-Based Cyberattack Detection System for Transmission Protective Relays

The digitalization of power systems over the past decade has made the cybersecurity of substations a top priority for regulatory agencies and utilities. Proprietary communication protocols are being increasingly replaced by standardized and interoperable protocols providing utility operators with remote access and control capabilities at the expense of growing cyberattack risks. In particular, the potential of supply chain cyberattacks is on the rise in industrial control systems. In this environment, there is a pressing need for the development of cyberattack detection systems for substations and in particular protective relays, a critical component of substation operation. This paper presents a deep learning-based cyberattack detection system for transmission line protective relays. The proposed cyberattack detection system is first trained with current and voltage measurements representing various types of faults on the transmission lines. The cyberattack detection system is then employed to detect current and voltage measurements that are maliciously injected by an attacker to trigger the transmission line protective relays. The proposed cyberattack detection system is evaluated under a variety of cyberattack scenarios. The results demonstrate that a universal architecture can be designed for the deep learning-based cyberattack detection systems in substations

Challenges to Cybersecurity: Current State of Affairs

Despite increasing investment in cybersecurity initiatives, incidents such as data breach, malware infections, and cyberattacks on cyberphysical systems show an upward trend. I identify the technical, economic, legal, and behavioral challenges that continue to obstruct any meaningful effort to achieve reasonable cybersecurity. I also summarize the recent initiatives that various stakeholders have taken to address these challenges and highlight the limitations of those initiatives

The Internet of Things Connectivity Binge: What are the Implications?

Despite wide concern about cyberattacks, outages and privacy violations, most experts believe the Internet of Things will continue to expand successfully the next few years, tying machines to machines and linking people to valuable resources, services and opportunities

Machine Learning to Improve Security Operations Centers

Since the onset of the internet, the world has embraced this new technology and used it to collectively advance Humanity. Companies have followed the trend from the physical to the digital world, taking with them all their associated value. In order to safeguard this value, security needed to evolve, with enterprises employing departments of highly trained professionals. Nevertheless, the ever increasing amount of information in need of evaluation by these professionals requires the deployment of automation techniques, aiding in data analysis and bulk task processing, to reduce detection time and as such improve mitigation. This work proposes a novel tool designed to help in attack detection and alert aggregation, by leveraging machine learning techniques. The proposed solution is described in full and showcased using real data from an example implementation.Desde o aparecimento da internet, esta nova tecnologia tem sido usada para avançar a Humanidade. O mercado seguiu as tendências, passando do mundo físico para o digital e levando consigo todo o seu valor associado. De forma a salvaguardar este valor, a segurança precisou de se adaptar, com empresas a dedicarem departamentos inteiros com esse objetivo. No entanto, a quantidade cada vez mais elevada de informação a analisar exige o desenvolvimento de técnicas automáticas de processamento de dados e execução de tarefas em massa, para diminuir o tempo de deteção de ataques permitindo uma mitigação mais ágil dos mesmos. Este trabalho propõe uma ferramenta projetada para ajudar na deteção de ataques e agregação de alertas, usando técnicas de inteligência artificial. A solução proposta é descrita na íntegra e apresentada usando dados reais aplicados a uma implementação de exemplo

Securing industrial control system environments: the missing piece

Cyberattacks on industrial control systems (ICSs) are no longer matters of anticipation. These systems are continually subject to malicious attacks without much resistance. Network breaches, data theft, denial of service, and command and control functions are examples of common attacks on ICSs. Despite available security solutions, safety, security, resilience, and performance require both private public sectors to step-up strategies to address increasing security concerns on ICSs. This paper reviews the ICS security risk landscape, including current security solution strategies in order to determine the gaps and limitations for effective mitigation. Notable issues point to a greater emphasis on technology security while discounting people and processes attributes. This is clearly incongruent with; emerging security risk trends, the biased security strategy of focusing more on supervisory control and data acquisition systems, and the emergence of more sector-specific solutions as against generic security solutions. Better solutions need to include approaches that follow similar patterns as the problem trend. These include security measures that are evolutionary by design in response to security risk dynamics. Solutions that recognize and include; people, process and technology security enhancement into asingle system, and addressing all three-entity vulnerabilities can provide a better solution for ICS environments

Report of the 2014 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure

This event was supported in part by the National Science Foundation under Grant Number 1234408. Any opinions, findings, and conclusions or recommendations expressed at the event or in this report are those of the authors and do not necessarily reflect the views of the National Science Foundation