Modern Aspects of Cyber-Security Training and Continuous Adaptation of Programmes to Trainees

Nowadays, more-and-more cyber-security training is emerging as an essential process for the lifelong personnel education in organizations, especially for those which operate critical infrastructures. This is due to security breaches on popular services that become publicly known and raise people’s security awareness. Except from large organizations, small-to-medium enterprises and individuals need to keep their knowledge on the related topics up-to-date as a means to protect their business operation or to obtain professional skills. Therefore, the potential target-group may range from simple users, who require basic knowledge on the current threat landscape and how to operate the related defense mechanisms, to security experts, who require hands-on experience in responding to security incidents. This high diversity makes training and certification quite a challenging task. This study combines pedagogical practices and cyber-security modelling in an attempt to support dynamically adaptive training procedures. The training programme is initially tailored to the trainee’s needs, promoting the continuous adaptation to his/her performance afterwards. As the trainee accomplishes the basic evaluation tasks, the assessment starts involving more advanced features that demand a higher level of understanding. The overall method is integrated in a modern cyber-ranges platform, and a pilot training programme for smart shipping employees is presented

Cyra: A model-driven cyber range assurance platform

Digital technologies are facilitating our daily activities, and thus leading to the social transformation with the upcoming 5G communications and the Internet of Things. However, mainstream and sophisticated attacks are remaining a threat, both for individuals and organisations. Cyber Range emerges as a promising solution to effectively train people in cybersecurity aspects. A Training Programme is considered adequate only if it can adapt to the scope of the attacks they cover and if the trainees apply the learning material to the operational system. Therefore, this study introduces the model-driven CYber Range Assurance platform (CYRA). The solution allows a trainee to be trained for known and new cyber-attacks by adapting to the continuously evolving threat landscape and examines if the trainees transfer the acquired knowledge to the working environment. Furthermore, this paper presents a use case on an operational backend ICT system, showing how the CYRA platform was utilised to increase the security posture of the organisation

Sandboxed navigation and deep inspection of suspicious links reported by Humans as a Security Sensor (HaaSS)

This thesis is part of a long-lasting research carried out in the field of Humans as a Security Sensor. In this thesis, I propose a solution to help companies to fight back against phishing, in particular, targeted and highly-contextualized attacks also known as "spare phishing". The thesis aims to develop a deep inspection module of individual emails submitted to the system by human sensors. As soon as a suspicious email has been flagged, it is passed to the deep inspection module that takes care of navigating every URL while collecting evidence and marks of malicious activities. The characteristic of this project is that it mimics the behavior of a real human user while navigating. It does not stop at the initial page, instead, it follows the redirects and collects page links to further inspect them afterward. My work focuses only on the automated navigation and deep inspection part and integrates it with an existing project that provides emails to analyze and manages the human sensor network. The idea is related to the concept of a human honeypot and provides a toolset that can help gather precious information to augment phishing user reports. We design a system that can navigate potentially malicious URLs as a human user would do. It opens links and browses through the webpages while collecting data, with the crucial difference that all the navigation is carried out fully automatically and in a protected environment isolated from the rest, so that any infection remains confined

Cybersecurity knowledge requirements for a water sector employee

Abstract: Critical infrastructure in South Africa remains highly vulnerable to cybercrime threats due to a poor cyber -crime fighting capacity and a lack of a strong cybersecurity policy. South Africa appears to have lagged behind in terms of securing and defending cyberspace, despite the country’s reliability and its interconnectedness to the Internet. Furthermore, the rapid increase in remote working owing to Covid-19 has raised cybersecurity concerns, the prevalence of cybersecurity assaults and cybercrime has substantially increased, and state organizations have recently been victim to cyber-attacks. Cyber threats can be defined as attempting to gain unauthorized access to infrastructure systems through data communication pathways in an unauthorized manner. Globally, the water and wastewater sector were ranked number four in the global security incidents based on the Repository of Industrial Security Incidents. To date, systems that can protect themselves without involving human element has not yet been realized, as a consequence, systems are prone to be threatened by random or organized crimes through preying on humans. There is therefore a need to examine internal procedures and protection mechanisms to prevent cyber-attacks. Research shows that humans are the weakest link in cyberspace security as the internet users as well as the only guardian of computers and organizational network. This research presents the findings of a systematic literature review conducted to assess the cybersecurity knowledge required for a general employee in the water sector. This research further proposes a framework for determining the minimum knowledge required of a general employee in the water sector in order to protect the critical infrastructure. A systematic literature review was adopted from which this research followed the guidelines and procedures from the Cochrane handbook for Systematic Reviews of Interventions. Following the rigorous process and procedure of the systematic literature review, the final studies chosen for analysis and synthesis amounted to 23 out of the initial collected 2013 studies. Thematic analysis was used to examine the 23 studies. Following the analysis, eight themes for challenges were identified, the blocks of cybersecurity knowledge that employees must have been identified as: 1) Security breaches, 2) Unauthorized access, 3) Negligence, 4) Social Engineering, 5) Malicious insider, 6) Malware/Ransomware, 7) Stolen credentials, and 8) Denial of service. Furthermore, four themes for mitigating the eight identified cybersecurity challenges were identified as: 1) Cybersecurity knowledge and skills, 2) Cybersecurity awareness, 3) Cybersecurity culture and 4) Cybersecurity training. The first theme (cybersecurity knowledge and skills) assisted in identifying the cybersecurity knowledge required for employees. The second theme (cybersecurity awareness) and the third theme (cybersecurity culture) looked at finding meaning in what organisations can do to urge cybersecurity culture and awareness. Overall, the first, second and third themes assisted in answering the research question. The fourth and last theme focused on identifying the types of general employee cybersecurity training methods that can be undertaken to improve cyber resilience. The identified challenges and the mitigations were further used to develop a model to train employees in cybersecurity, the model will benefit the water sector by identifying key aspects to train employees in order to reduce the intrusion into cyber systems and processes that are used to run and operate critical infrastructure.M.Phil. (Engineering Management

The InfoSec Handbook

Computer scienc

Responsible machine learning: supporting privacy preservation and normative alignment with multi-agent simulation

This dissertation aims to advance responsible machine learning through multi-agent simulation (MAS). I introduce and demonstrate an open source, multi-domain discrete event simulation framework and use it to: (1) improve state-of-the-art privacy-preserving federated learning and (2) construct a novel method for normatively-aligned learning from synthetic negative examples. Due to their complexity and capacity, the training of modern machine learning (ML) models can require vast user-collected data sets. The current formulation of federated learning arose in 2016 after repeated exposure of sensitive user information from centralized data stores where mobile and wearable training data was aggregated. Privacy-preserving federated learning (PPFL) soon added stochastic and cryptographic layers to protect against additional vectors of data exposure. Recent state of the art protocols have combined differential privacy (DP) and secure multiparty computation (MPC) to keep client training data set parameters private from an ``honest but curious'' server which is legitimately involved in the learning process, but attempting to infer information it should not have. Investigation of PPFL can be cost prohibitive if each iteration of a proposed experimental protocol is distributed to virtual computational nodes geolocated around the world. It can also be inaccurate when locally simulated without concern for client parallelism, accurate timekeeping, or computation and communication loads. In this work, a recent PPFL protocol is instantiated as a single-threaded MAS to show that its model accuracy, deployed parallel running time, and resistance to inference of client model parameters can be inexpensively evaluated. The protocol is then extended using oblivious distributed differential privacy to a new state of the art secure against attacks of collusion among all except one participant, with an empirical demonstration that the new protocol improves privacy with no loss of accuracy to the final model. State of the art reinforcement learning (RL) is also increasingly complex and hard to interpret, such that a sequence of individually innocuous actions may produce an unexpectedly harmful result. Safe RL seeks to avoid these results through techniques like reward variance reduction, error state prediction, or constrained exploration of the state-action space. Development of the field has been heavily influenced by robotics and finance, and thus it is primarily concerned with physical failures like a helicopter crash or a robot-human workplace collision, or monetary failures like the depletion of an investment account. The related field of Normative RL is concerned with obeying the behavioral expectations of a broad human population, like respecting personal space or not sneaking up behind people. Because normative behavior often implicates safety, for example the assumption that an autonomous navigation robot will not walk through a human to reach its goal more quickly, there is significant overlap between the two areas. There are problem domains not easily addressed by current approaches in safe or normative RL, where the undesired behavior is subtle, violates legal or ethical rather than physical or monetary constraints, and may be composed of individually-normative actions. In this work, I consider an intelligent stock trading agent that maximizes profit but may inadvertently learn ``spoofing'', a form of illegal market manipulation that can be difficult to detect. Using a financial market based on MAS, I safely coerce a variety of spoofing behaviors, learn to distinguish them from other profit-driven strategies, and carefully analyze the empirical results. I then demonstrate how this spoofing recognizer can be used as a normative guide to train an intelligent trading agent that will generate positive returns while avoiding spoofing behaviors, even if their adoption would increase short-term profits. I believe this contribution to normative RL, of deriving an method for normative alignment from synthetic non-normative action sequences, should generalize to many other problem domains.Ph.D

The InfoSec Handbook

Computer scienc