Strategies to Reduce the Fiscal Impact of Cyberattacks

A single cyberattack event involving 1 major corporation can cause severe business and social devastation. In this single case study, a major U.S. airline company was selected for exploration of the strategies information technology administrators and airline managers implemented to reduce the financial devastation that may be caused by a cyberattack. Seven participants, of whom 4 were airline managers and 3 were IT administrators, whose primary responsibility included implementation of strategies to plan for and respond to cyberattacks participated in the data collection process. This study was grounded on the general systems theory. Data collection entailed semistructured face-to-face and telephone interviews and collection and review of public documents. The data analysis process of this study involved the use of Yin\u27s 5-step process of compiling, disassembling, reassembling, interpreting, and concluding, which provided a detailed analysis of the emerging themes. The findings produced results that identified strategies organizational managers and administrators of a U.S. airline implemented to reduce the fiscal influence of cyberattacks, such as proactive plans for education and training, active management, and an incident response plan. The findings of this study might affect social change by offering all individuals a perspective on creating effective cyberculture. An understanding of cyberculture could include the focus of a heightened understanding, whereby, to ensure the security of sensitive or privileged data and information and of key assets, thus, reducing the fiscal devastation that may be caused by cyberattacks

Exploring the Effectiveness of Transit Security Awareness Campaigns in the San Francisco Bay Area, Research Report 09-19

Public involvement in alerting officials of suspicious and potentially harmful activity is critical to the overall security of a transit system. As part of an effort to get passengers and the public involved, many transit agencies have security awareness campaigns. The objective of this research is to learn how transit agencies seek to make security awareness campaigns effective and explore how they measure the effectiveness of such campaigns, if at all. This research project includes data from case studies of five major agencies that provide transit service in the San Francisco Bay Area region. The case study data are comprised of descriptions of the types of security awareness campaigns the agencies have implemented, the goals of the campaigns, and how they seek to make their campaigns effective, as well as whether and how these agencies measure and determine the effectiveness of their campaigns. A positive finding of this research is the consistency with which Bay Area transit organizations address the need for passenger awareness as part of their overall security program. However, none of the five agencies analyzed for this study measures the effectiveness of their campaigns. Whereas they all have a similar goal—to increase passenger awareness about security issues—little evidence exists confirming to what extent they are achieving this goal. The paper concludes with suggestions for using outcome measurements to provide a reasonable indication of a campaign’s effectiveness by capturing the public’s response to a campaign

Toward a Social Practice Theory of Relational Competing

This paper brings together the competitive dynamics and strategy-aspractice literatures to investigate relational competition. Drawing on a global ethnography of the reinsurance market, we develop the concept of micro-competitions, which are the focus of competitors’ everyday competitive practices. We find variation in relational or rivalrous competition by individual competitors across the phases of a micro-competition, between competitors within a micro-competition, and across multiple micro-competitions. These variations arise from the interplay between the unfolding competitive arena and the implementation of each firm’s strategic portfolio. We develop a conceptual framework that makes four contributions to: relational competition; reconceptualizing action and response; elaborating on the awareness-motivation-capability framework within competitive dynamics; and the recursive dynamic by which implementing strategy inside firms shapes, and is shaped by, the competitive arena

RSA Power Analysis Obfuscation: A Dynamic FPGA Architecture

The modular exponentiation operation used in popular public key encryption schemes, such as RSA, has been the focus of many side channel analysis (SCA) attacks in recent years. Current SCA attack countermeasures are largely static. Given sufficient signal-to-noise ratio and a number of power traces, static countermeasures can be defeated, as they merely attempt to hide the power consumption of the system under attack. This research develops a dynamic countermeasure which constantly varies the timing and power consumption of each operation, making correlation between traces more difficult than for static countermeasures. By randomizing the radix of encoding for Booth multiplication and randomizing the window size in exponentiation, this research produces a SCA countermeasure capable of increasing RSA SCA attack protection

Managerial Strategies Small Businesses Use to Prevent Cybercrime

Estimated worldwide losses due to cybercrime are approximately $375-575 billion annually, affecting governments, business organizations, economies, and society. With globalization on the rise, even small businesses conduct transactions worldwide through the use of information technology (IT), leaving these small businesses vulnerable to the intrusion of their networks. The purpose of this multiple case study was to explore the managerial strategies of small manufacturing business owners to protect their financial assets, data, and intellectual property from cybercrime. The conceptual framework was systems thinking and action theory. Participants included 4 small manufacturing business owners in the midwestern region of the United States. Data were collected via face-to-face interviews with owners, company documentation, and observations. Member checking was used to help ensure data reliability and validity. Four themes emerged from the data analysis: organizational policies, IT structure, managerial strategies, and assessment and action. Through effective IT security and protocols, proactive managerial strategies, and continuous evaluation of the organization\u27s system, the small business owner can sustain the business and protect it against potential cyberattacks on the organization\u27s network. The findings of the study have implications for positive social change by informing managers regarding (a) the elimination or reduction of cybercrimes, (b) the protection of customers\u27 information, and (c) the prevention of future breaches by implementing effective managerial strategies to protect individuals in society

Evidence-Based Analysis of Cyber Attacks to Security Monitored Distributed Energy Resources

This work proposes an approach based on dynamic Bayesian networks to support the cybersecurity analysis of network-based controllers in distributed energy plants. We built a system model that exploits real world context information from both information and operational technology environments in the energy infrastructure, and we use it to demonstrate the value of security evidence for time-driven predictive and diagnostic analyses. The innovative contribution of this work is in the methodology capability of capturing the causal and temporal dependencies involved in the assessment of security threats, and in the introduction of security analytics supporting the configuration of anomaly detection platforms for digital energy infrastructures

Analyzing audit trails in a distributed and hybrid intrusion detection platform

Efforts have been made over the last decades in order to design and perfect Intrusion Detection Systems (IDS). In addition to the widespread use of Intrusion Prevention Systems (IPS) as perimeter defense devices in systems and networks, various IDS solutions are used together as elements of holistic approaches to cyber security incident detection and prevention, including Network-Intrusion Detection Systems (NIDS) and Host-Intrusion Detection Systems (HIDS). Nevertheless, specific IDS and IPS technology face several effectiveness challenges to respond to the increasing scale and complexity of information systems and sophistication of attacks. The use of isolated IDS components, focused on one-dimensional approaches, strongly limits a common analysis based on evidence correlation. Today, most organizations’ cyber-security operations centers still rely on conventional SIEM (Security Information and Event Management) technology. However, SIEM platforms also have significant drawbacks in dealing with heterogeneous and specialized security event-sources, lacking the support for flexible and uniform multi-level analysis of security audit-trails involving distributed and heterogeneous systems. In this thesis, we propose an auditing solution that leverages on different intrusion detection components and synergistically combines them in a Distributed and Hybrid IDS (DHIDS) platform, taking advantage of their benefits while overcoming the effectiveness drawbacks of each one. In this approach, security events are detected by multiple probes forming a pervasive, heterogeneous and distributed monitoring environment spread over the network, integrating NIDS, HIDS and specialized Honeypot probing systems. Events from those heterogeneous sources are converted to a canonical representation format, and then conveyed through a Publish-Subscribe middleware to a dedicated logging and auditing system, built on top of an elastic and scalable document-oriented storage system. The aggregated events can then be queried and matched against suspicious attack signature patterns, by means of a proposed declarative query-language that provides event-correlation semantics