Evaluación de la vulnerabilidad de sistemas eléctricos por medio de programación multinivel: una revisión bibliográfica

Vulnerability studies can identify critical elements in electric power systems in order to take protective measures against possible scenarios that may result in load shedding, which can be caused by natural events or deliberate attacks. This article is a literature review on the latter kind, i.e., the interdiction problem, which assumes there is a disruptive agent whose objective is to maximize the damage to the system, while the network operator acts as a defensive agent. The non-simultaneous interaction of these two agents creates a multilevel optimization problem, and the literature has reported several interdiction models and solution methods to address it. The main contribution of this paper is presenting the considerations that should be taken into account to analyze, model, and solve the interdiction problem, including the most common solution techniques, applied methodologies, and future studies. This literature review found that most research in this area is focused on the analysis of transmission systems considering linear approximations of the network, and a few interdiction studies use an AC model of the network or directly treat distribution networks from a multilevel standpoint. Future challenges in this field include modeling and incorporating new defense options for the network operator, such as distributed generation, demand response, and the topological reconfiguration of the system.f the system.Los estudios de vulnerabilidad pueden identificar elementos críticos en los sistemas de distribución de potencia eléctrica con el fin de tomar medidas de protección contra posibles escenarios que pueden resultar en desconexión de carga (también llamado deslastre de carga), que puede ser ocasionada por eventos naturales o ataques deliberados. Este artículo es una reseña bibliográfica sobre el segundo tipo de casos, es decir, los del problema de interdicción, en el que se asume la existencia de un agente disruptivo cuyo objetivo es maximizar los daños ocasionados al sistema mientras el operador de red actúa como agente de defensa del mismo. La interacción no simultánea de estos dos agentes crea un problema de optimización multinivel y en la bibliografía se reportan varios modelos de interdicción y soluciones para abordar el problema. La contribución principal de este artículo es la presentación de consideraciones que deben tomarse en cuenta para analizar, modelar y resolver el problema de la interdicción, incluyendo las soluciones, métodos y técnicas más comunes para solucionarlo, así como futuros estudios al respecto. Esta revisión encontró que la mayoría de la investigación en el tema se enfoca en el análisis de los sistemas de transmisión, considerando las aproximaciones lineales de la red; algunos estudios en interdicción usan un modelo AC de la red o tratan las redes de distribución directamente desde un enfoque multinivel. Algunos retos en este campo son el modelado y la inclusión de nuevas opciones de defensa para el operador de la red, como la generación distribuida, la respuesta a la demanda y la reconfiguración topológica del sistema.&nbsp

The Work-Averse Cyber Attacker Model: Theory and Evidence From Two Million Attack Signatures

The assumption that a cyber attacker will potentially exploit all present vulnerabilities drives most modern cyber risk management practices and the corresponding security investments. We propose a new attacker model, based on dynamic optimization, where we demonstrate that large, initial, fixed costs of exploit development induce attackers to delay implementation and deployment of exploits of vulnerabilities. The theoretical model predicts that mass attackers will preferably i) exploit only one vulnerability per software version, ii) largely include only vulnerabilities requiring low attack complexity, and iii) be slow at trying to weaponize new vulnerabilities. These predictions are empirically validated on a large dataset of observed massed attacks launched against a large collection of information systems. Findings in this paper allow cyber risk managers to better concentrate their efforts for vulnerability management, and set a new theoretical and empirical basis for further research defining attacker (offensive) processes

Relatório de estágio - O terrorismo na hotelaria: estudo de caso do Hotel Real Palácio

Ao longo dos últimos anos o setor turístico, no qual se inclui a indústria hoteleira, tem crescido de maneira exponencial. Acompanhando esse crescimento os perigos e ameaças à segurança dos turistas são também cada vez maiores. Entre algumas das tendências e preocupações que têm afetado as autoridades competentes inclui-se o terrorismo. A história leva-nos a crer que o fenómeno do terrorismo está muito longe de extinto e tem uma expressão cada vez maior no setor turístico, nomeadamente no universo hoteleiro. O presente relatório de estágio pretende abordar a temática do terrorismo num contexto de hotelaria, tentando dar a conhecer um lado mais prático da preparação e prevenção para este tipo de episódios, nesse sentido é utilizada a realidade do Hotel Real Palácio como base para o estudo realizado. Foi percetível através do estudo de alguns casos que, uma vez que as circunstâncias de cada unidade hoteleira são diferentes, o risco e a preparação para ataques terroristas são também distintos. Variáveis como a localização, a marca, o tipo e nacionalidade de clientes podem influenciar o risco de atentado terrorista. Ao longo da presente investigação foram dadas algumas sugestões relativamente à preparação que o hotel em estudo seria aconselhado fazer. Durante o relatório de estágio realizado ao longo de 3 meses, no hotel Real Palácio, no departamento de receção e de manutenção foram recolhidas informações através tanto de observação direta como através de duas entrevistas. Fruto desses instrumentos de observação percebeu-se que o Hotel Real Palácio tem espaço para melhorar no que respeita às medidas de segurança que apresenta para combater atentados terroristas, com isso, foram também propostas algumas sugestões para a melhoria.In recent years we have seen an exponential growth in the tourism industry, which includes the hospitality sector, that resulted in increased levels of security threats and dangers for tourists. The authorities now need to respond to developments and concerns such as terrorism. History suggests that the terrorist phenomenon is far from over; quite the contrary, it has gained expression in tourism, particularly in the hospitality industry. This internship report aims at approaching the topic of terrorism within the framework of hospitality, conveying practical views on the preparation and prevention of these incidents, while using the reality of Hotel Real Palácio as a basis for the study. It has become evident through the analysis of a few cases that, considering the varying circumstances of each hotel unit, the identified risk and the type of planning required for terrorist attacks also have to be different. Variables such as location, brand, type and nationality of the customers may well influence the risk assessment of an eventual terrorist attack. Throughout this present investigation a few suggestions have been given regarding the preparations the studied hotel is advised to undertake. While producing the internship report at the Hotel Real Palácio for three months, in the context of the reception and maintenance departments, information was compiled both through direct observation and by way of two interviews conducted during that time. Thanks to these processes of observation, it was possible to determine that there is room for improvement within the Hotel Real Palácio with regards to the existing security and safety measures in relation to dealing with terrorist attacks, therefore presenting a few suggestions for further improvement