Decision Support Elements and Enabling Techniques to Achieve a Cyber Defence Situational Awareness Capability

[ES] La presente tesis doctoral realiza un análisis en detalle de los elementos de decisión necesarios para mejorar la comprensión de la situación en ciberdefensa con especial énfasis en la percepción y comprensión del analista de un centro de operaciones de ciberseguridad (SOC). Se proponen dos arquitecturas diferentes basadas en el análisis forense de flujos de datos (NF3). La primera arquitectura emplea técnicas de Ensemble Machine Learning mientras que la segunda es una variante de Machine Learning de mayor complejidad algorítmica (lambda-NF3) que ofrece un marco de defensa de mayor robustez frente a ataques adversarios. Ambas propuestas buscan automatizar de forma efectiva la detección de malware y su posterior gestión de incidentes mostrando unos resultados satisfactorios en aproximar lo que se ha denominado un SOC de próxima generación y de computación cognitiva (NGC2SOC). La supervisión y monitorización de eventos para la protección de las redes informáticas de una organización debe ir acompañada de técnicas de visualización. En este caso, la tesis aborda la generación de representaciones tridimensionales basadas en métricas orientadas a la misión y procedimientos que usan un sistema experto basado en lógica difusa. Precisamente, el estado del arte muestra serias deficiencias a la hora de implementar soluciones de ciberdefensa que reflejen la relevancia de la misión, los recursos y cometidos de una organización para una decisión mejor informada. El trabajo de investigación proporciona finalmente dos áreas claves para mejorar la toma de decisiones en ciberdefensa: un marco sólido y completo de verificación y validación para evaluar parámetros de soluciones y la elaboración de un conjunto de datos sintéticos que referencian unívocamente las fases de un ciberataque con los estándares Cyber Kill Chain y MITRE ATT & CK.[CA] La present tesi doctoral realitza una anàlisi detalladament dels elements de decisió necessaris per a millorar la comprensió de la situació en ciberdefensa amb especial èmfasi en la percepció i comprensió de l'analista d'un centre d'operacions de ciberseguretat (SOC). Es proposen dues arquitectures diferents basades en l'anàlisi forense de fluxos de dades (NF3). La primera arquitectura empra tècniques de Ensemble Machine Learning mentre que la segona és una variant de Machine Learning de major complexitat algorítmica (lambda-NF3) que ofereix un marc de defensa de major robustesa enfront d'atacs adversaris. Totes dues propostes busquen automatitzar de manera efectiva la detecció de malware i la seua posterior gestió d'incidents mostrant uns resultats satisfactoris a aproximar el que s'ha denominat un SOC de pròxima generació i de computació cognitiva (NGC2SOC). La supervisió i monitoratge d'esdeveniments per a la protecció de les xarxes informàtiques d'una organització ha d'anar acompanyada de tècniques de visualització. En aquest cas, la tesi aborda la generació de representacions tridimensionals basades en mètriques orientades a la missió i procediments que usen un sistema expert basat en lògica difusa. Precisament, l'estat de l'art mostra serioses deficiències a l'hora d'implementar solucions de ciberdefensa que reflectisquen la rellevància de la missió, els recursos i comeses d'una organització per a una decisió més ben informada. El treball de recerca proporciona finalment dues àrees claus per a millorar la presa de decisions en ciberdefensa: un marc sòlid i complet de verificació i validació per a avaluar paràmetres de solucions i l'elaboració d'un conjunt de dades sintètiques que referencien unívocament les fases d'un ciberatac amb els estàndards Cyber Kill Chain i MITRE ATT & CK.[EN] This doctoral thesis performs a detailed analysis of the decision elements necessary to improve the cyber defence situation awareness with a special emphasis on the perception and understanding of the analyst of a cybersecurity operations center (SOC). Two different architectures based on the network flow forensics of data streams (NF3) are proposed. The first architecture uses Ensemble Machine Learning techniques while the second is a variant of Machine Learning with greater algorithmic complexity (lambda-NF3) that offers a more robust defense framework against adversarial attacks. Both proposals seek to effectively automate the detection of malware and its subsequent incident management, showing satisfactory results in approximating what has been called a next generation cognitive computing SOC (NGC2SOC). The supervision and monitoring of events for the protection of an organisation's computer networks must be accompanied by visualisation techniques. In this case, the thesis addresses the representation of three-dimensional pictures based on mission oriented metrics and procedures that use an expert system based on fuzzy logic. Precisely, the state-of-the-art evidences serious deficiencies when it comes to implementing cyber defence solutions that consider the relevance of the mission, resources and tasks of an organisation for a better-informed decision. The research work finally provides two key areas to improve decision-making in cyber defence: a solid and complete verification and validation framework to evaluate solution parameters and the development of a synthetic dataset that univocally references the phases of a cyber-attack with the Cyber Kill Chain and MITRE ATT & CK standards.Llopis Sánchez, S. (2023). Decision Support Elements and Enabling Techniques to Achieve a Cyber Defence Situational Awareness Capability [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/19424

Dynamic safety analysis of decommissioning and abandonment of offshore oil and gas installations

The global oil and gas industry have seen an increase in the number of installations moving towards decommissioning. Offshore decommissioning is a complex, challenging and costly activity, making safety one of the major concerns. The decommissioning operation is, therefore, riskier than capital projects, partly due to the uniqueness of every offshore installation, and mainly because these installations were not designed for removal during their development phases. The extent of associated risks is deep and wide due to limited data and incomplete knowledge of the equipment conditions. For this reason, it is important to capture every uncertainty that can be introduced at the operational level, or existing hazards due to the hostile environment, technical difficulties, and the timing of the decommissioning operations. Conventional accident modelling techniques cannot capture the complex interactions among contributing elements. To assess the safety risks, a dynamic safety analysis of the accident is, thus, necessary. In this thesis, a dynamic integrated safety analysis model is proposed and developed to capture both planned and evolving risks during the various stages of decommissioning. First, the failure data are obtained from source-to-source and are processed utilizing Hierarchical Bayesian Analysis. Then, the system failure and potential accident scenarios are built on bowtie model which is mapped into a Bayesian network with advanced relaxation techniques. The Dynamic Integrated Safety Analysis (DISA) allows for the combination of reliability tools to identify safetycritical causals and their evolution into single undesirable failure through the utilisation of source to-source variability, time-dependent prediction, diagnostic, and economic risk assessment to support effective recommendations and decisions-making. The DISA framework is applied to the Elgin platform well abandonment and Brent Alpha jacket structure decommissioning and the results are validated through sensitivity analysis. Through a dynamic-diagnostic and multi-factor regression analysis, the loss values of accident contributory factors are also presented. The study shows that integrating Hierarchical Bayesian Analysis (HBA) and dynamic Bayesian networks (DBN) application to modelling time-variant risks are essential to achieve a well-informed decommissioning decision through the identification of safety critical barriers that could be mitigated against to drive down the cost of remediation.The global oil and gas industry have seen an increase in the number of installations moving towards decommissioning. Offshore decommissioning is a complex, challenging and costly activity, making safety one of the major concerns. The decommissioning operation is, therefore, riskier than capital projects, partly due to the uniqueness of every offshore installation, and mainly because these installations were not designed for removal during their development phases. The extent of associated risks is deep and wide due to limited data and incomplete knowledge of the equipment conditions. For this reason, it is important to capture every uncertainty that can be introduced at the operational level, or existing hazards due to the hostile environment, technical difficulties, and the timing of the decommissioning operations. Conventional accident modelling techniques cannot capture the complex interactions among contributing elements. To assess the safety risks, a dynamic safety analysis of the accident is, thus, necessary. In this thesis, a dynamic integrated safety analysis model is proposed and developed to capture both planned and evolving risks during the various stages of decommissioning. First, the failure data are obtained from source-to-source and are processed utilizing Hierarchical Bayesian Analysis. Then, the system failure and potential accident scenarios are built on bowtie model which is mapped into a Bayesian network with advanced relaxation techniques. The Dynamic Integrated Safety Analysis (DISA) allows for the combination of reliability tools to identify safetycritical causals and their evolution into single undesirable failure through the utilisation of source to-source variability, time-dependent prediction, diagnostic, and economic risk assessment to support effective recommendations and decisions-making. The DISA framework is applied to the Elgin platform well abandonment and Brent Alpha jacket structure decommissioning and the results are validated through sensitivity analysis. Through a dynamic-diagnostic and multi-factor regression analysis, the loss values of accident contributory factors are also presented. The study shows that integrating Hierarchical Bayesian Analysis (HBA) and dynamic Bayesian networks (DBN) application to modelling time-variant risks are essential to achieve a well-informed decommissioning decision through the identification of safety critical barriers that could be mitigated against to drive down the cost of remediation

EJP-CONCERT. D3.7 Second joint roadmap for radiation protection research

EJP-CONCERT Work Package 3, Deliverable 3.7

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

A natural language generation approach to support understanding and traceability of multi-dimensional preferential sensitivity analysis in multi-criteria decision making

Multi-Criteria Decision Analysis (MCDA) enables decision makers (DM) and decision analysts (DA) to analyse and understand decision situations in a structured and formalised way. With the increasing complexity of decision support systems (DSSs), it becomes challenging for both expert and novice users to understand and interpret the model results. Natural language generation (NLG) techniques are used in various DSSs to cope with this challenge as they reduce the cognitive effort to achieve understanding of decision situations. However, NLG techniques in MCDA have so far mainly been developed for deterministic decision situations or one-dimensional sensitivity analyses. In this paper, a concept for the generation of textual explanations for a multi-dimensional preferential sensitivity analysis in MCDA is developed. The key contribution is a NLG approach that provides detailed explanations of the implications of preferential uncertainties in Multi-Attribute Value Theory (MAVT). It generates a report that assesses the influences of simultaneous or separate variations of inter-criteria and intra-criteria preferential parameters determined within the decision analysis. We explore the added value of the natural language report in an online survey. Our results show that the NLG approach is particularly beneficial for difficult interpretational tasks

Decision Maps for Distributed Scenario-Based Multi-Criteria Decision Support

This thesis presents the Decision Map approach to support decision-makers facing complex uncertain problems that defy standardised solutions. First, scenarios are generated in a distributed manner: the reasoning processes can be adapted to the problem at hand whilst respecting constraints in time and availability of experts. Second, by integrating scenarios and MCDA, this approach facilitates robust decision-making respecting multiple criteria in a transparent well-structured manner

EJP-CONCERT. D2.13 Updating the SRAs of MELODI, ALLIANCE, NERIS, EURADOS and EURAMED

EJP-CONCERT Work Package 2, Deliverable 2.13