A Graphical Adversarial Risk Analysis Model for Oil and Gas Drilling Cybersecurity

Oil and gas drilling is based, increasingly, on operational technology, whose cybersecurity is complicated by several challenges. We propose a graphical model for cybersecurity risk assessment based on Adversarial Risk Analysis to face those challenges. We also provide an example of the model in the context of an offshore drilling rig. The proposed model provides a more formal and comprehensive analysis of risks, still using the standard business language based on decisions, risks, and value.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Blindspot: Indistinguishable Anonymous Communications

Communication anonymity is a key requirement for individuals under targeted surveillance. Practical anonymous communications also require indistinguishability - an adversary should be unable to distinguish between anonymised and non-anonymised traffic for a given user. We propose Blindspot, a design for high-latency anonymous communications that offers indistinguishability and unobservability under a (qualified) global active adversary. Blindspot creates anonymous routes between sender-receiver pairs by subliminally encoding messages within the pre-existing communication behaviour of users within a social network. Specifically, the organic image sharing behaviour of users. Thus channel bandwidth depends on the intensity of image sharing behaviour of users along a route. A major challenge we successfully overcome is that routing must be accomplished in the face of significant restrictions - channel bandwidth is stochastic. We show that conventional social network routing strategies do not work. To solve this problem, we propose a novel routing algorithm. We evaluate Blindspot using a real-world dataset. We find that it delivers reasonable results for applications requiring low-volume unobservable communication.Comment: 13 Page

Protection against Contagion in Complex Networks

In real-world complex networks, harmful spreads, commonly known as contagions, are common and can potentially lead to catastrophic events if uncontrolled. Some examples include pandemics, network attacks on crucial infrastructure systems, and the propagation of misinformation or radical ideas. Thus, it is critical to study the protective measures that inhibit or eliminate contagion in these networks. This is known as the network protection problem. The network protection problem investigates the most efficient graph manipulations (e.g., node and/or edge removal or addition) to protect a certain set of nodes known as critical nodes. There are two types of critical nodes: (1) predefined, based on their importance to the functionality of the network; (2) unknown, whose importance depends on their location in the network structure. For both of these groups and with no assumption on the contagion dynamics, I address three major shortcomings in the current network protection research: namely, scalability, imprecise evaluation metric, and assumption on global graph knowledge. First, to address the scalability issue, I show that local community information affects contagion paths through characteristic path length. The relationship between the two suggests that, instead of global network manipulations, we can disrupt the contagion paths by manipulating the local community of critical nodes. Next, I study network protection of predefined critical nodes against targeted contagion attacks with access to partial network information only. I propose the CoVerD protection algorithm that is fast and successfully increases the attacker’s effort for reaching the target nodes by 3 to 10 times compared to the next best-performing benchmark. Finally, I study the more sophisticated problem of protecting unknown critical nodes in the context of biological contagions, with partial and no knowledge of network structure. In the presence of partial network information, I show that strategies based on immediate neighborhood information give the best trade-off between performance and cost. In the presence of no network information, I propose a dynamic algorithm, ComMit, that works within a limited budget and enforces bursts of short-term restriction on small communities instead of long-term isolation of unaffected individuals. In comparison to baselines, ComMit reduces the peak of infection by 73% and shortens the duration of infection by 90%, even for persistent spreads