A Systematic Review of the State of Cyber-Security in Water Systems

Critical infrastructure systems are evolving from isolated bespoke systems to those that use general-purpose computing hosts, IoT sensors, edge computing, wireless networks and artificial intelligence. Although this move improves sensing and control capacity and gives better integration with business requirements, it also increases the scope for attack from malicious entities that intend to conduct industrial espionage and sabotage against these systems. In this paper, we review the state of the cyber-security research that is focused on improving the security of the water supply and wastewater collection and treatment systems that form part of the critical national infrastructure. We cover the publication statistics of the research in this area, the aspects of security being addressed, and future work required to achieve better cyber-security for water systems

Cyber resilience and incident response in smart cities: A systematic literature review

© 2020 The Authors. Published by MDPI. This is an open access article available under a Creative Commons licence. The published version can be accessed at the following link on the publisher’s website: https://doi.org/10.3390/smartcities3030046The world is experiencing a rapid growth of smart cities accelerated by Industry 4.0, including the Internet of Things (IoT), and enhanced by the application of emerging innovative technologies which in turn create highly fragile and complex cyber–physical–natural ecosystems. This paper systematically identifies peer-reviewed literature and explicitly investigates empirical primary studies that address cyber resilience and digital forensic incident response (DFIR) aspects of cyber–physical systems (CPSs) in smart cities. Our findings show that CPSs addressing cyber resilience and support for modern DFIR are a recent paradigm. Most of the primary studies are focused on a subset of the incident response process, the “detection and analysis” phase whilst attempts to address other parts of the DFIR process remain limited. Further analysis shows that research focused on smart healthcare and smart citizen were addressed only by a small number of primary studies. Additionally, our findings identify a lack of available real CPS-generated datasets limiting the experiments to mostly testbed type environments or in some cases authors relied on simulation software. Therefore, contributing this systematic literature review (SLR), we used a search protocol providing an evidence-based summary of the key themes and main focus domains investigating cyber resilience and DFIR addressed by CPS frameworks and systems. This SLR also provides scientific evidence of the gaps in the literature for possible future directions for research within the CPS cybersecurity realm. In total, 600 papers were surveyed from which 52 primary studies were included and analysed.Published onlin

Cyber Security and Critical Infrastructures 2nd Volume

The second volume of the book contains the manuscripts that were accepted for publication in the MDPI Special Topic "Cyber Security and Critical Infrastructure" after a rigorous peer-review process. Authors from academia, government and industry contributed their innovative solutions, consistent with the interdisciplinary nature of cybersecurity. The book contains 16 articles, including an editorial that explains the current challenges, innovative solutions and real-world experiences that include critical infrastructure and 15 original papers that present state-of-the-art innovative solutions to attacks on critical systems

Secure Information Sharing with Distributed Ledgers

In 2009, blockchain technology was first introduced as the supporting database technology for digital currencies. Since then, more advanced derivations of the technology have been developed under the broader term Distributed Ledgers, with improved scalability and support for general-purpose application logic. As a distributed database, they are able to support interorganizational information sharing while assuring desirable information security attributes like non-repudiation, auditability and transparency. Based on these characteristics, researchers and practitioners alike have begun to identify a plethora of disruptive use cases for Distributed Ledgers in existing application domains. While these use cases are promising significant efficiency improvements and cost reductions, practical adoption has been slow in the past years. This dissertation focuses on improving three aspects contributing to slow adoption. First, it attempts to identify application areas and substantiated use cases where Distributed Ledgers can considerably advance the security of information sharing. Second, it considers the security aspects of the technology itself, identifying threats to practical applications and detection approaches for these threats. And third, it investigates success factors for successful interorganizational collaborations using Distributed Ledgers

Air Force Institute of Technology Research Report 2018

This Research Report presents the FY18 research statistics and contributions of the Graduate School of Engineering and Management (EN) at AFIT. AFIT research interests and faculty expertise cover a broad spectrum of technical areas related to USAF needs, as reflected by the range of topics addressed in the faculty and student publications listed in this report. In most cases, the research work reported herein is directly sponsored by one or more USAF or DOD agencies. AFIT welcomes the opportunity to conduct research on additional topics of interest to the USAF, DOD, and other federal organizations when adequate manpower and financial resources are available and/or provided by a sponsor. In addition, AFIT provides research collaboration and technology transfer benefits to the public through Cooperative Research and Development Agreements (CRADAs). Interested individuals may discuss ideas for new research collaborations, potential CRADAs, or research proposals with individual faculty using the contact information in this document

Texas Hospitality: Pro-Refugee Activism, Volunteerism, and Coalition-Building in Xenophobic Times

This project employs ethnographic methods to explore the experiences of forty ordinary Texans of different social and religious backgrounds who were active in pro-refugee volunteer and advocacy work during the four chaotic years of the Trump administration. The goal of this research is to better understand people’s reasons for volunteering and advocating on behalf of refugees during a time of political upheaval, when prominent public figures in positions of leadership around the country have repeatedly framed refugees as a threat to American security and cultural identity. Despite the crucial roles that local volunteers typically play in the process of refugee resettlement and integration, relatively little academic work has been done to understand how and why people become involved in this work, especially if they themselves do not have a recent family immigration background. These questions are particularly important during a time of rising xenophobia and political polarization. This study explores the interconnections between personal ethics, social identity, and civic engagement, and illuminates the unexpected social connections that can form across religious and other social boundaries when people unite in pursuit of a common goal. It contributes to the “anthropology of the good” by adding a new moral / ethical dimension to theoretical concepts of citizenship and civic engagement. Finally, it lays out some general conclusions with regards to refugee supporters’ ideas about what it means to do (and be) “good”; the role of faith-based organizations mobilizing (and sometimes suppressing) support for displaced people; common narratives about refugee / immigrant “deservingness”; and the relationship between volunteerism and activism

Insider Threats\u27 Behaviors and Data Security Management Strategies

As insider threats and data security management concerns become more prevalent, the identification of risky behaviors in the workplace is crucial for the privacy of individuals and the survival of organizations. The purpose of this three-round qualitative Delphi study was to identify real-time consensus among 25 information technology (IT) subject matter experts (SMEs) in the Washington metropolitan area about insider threats and data security management. The SMEs participating in this study were adult IT professionals and senior managers with certification in their area of specialization and at least 5 years of practical experience. The dark triad theory was the conceptual framework used for describing behaviors attributed to reasons and motivators for insider threats in public and private organizations. The research questions pertained to reasons and motivators for insider threats in organizations, security strategies and early interventions used, and potential policies and procedures to manage insider threats’ access to systems. One open-ended survey and two closed-ended surveys were disseminated via Survey Monkey. Data analysis consisted of data reduction through consolidation, data display, and data verification. Data were analyzed through categorization and direct interpretation using a 5-point Likert agreement scale. The findings revealed consensus about reasons and motivators such as insufficient guidelines and training, lack of background investigations, and financial gain and money; security strategies and early interventions; and policies and procedures to manage insider threats’ access to systems. Overall, training was the most important element preventing insider threats. The findings may inform how organizations build safe working environments that increase employee recruitment, retention, and loyalty while reducing identity theft and increasing data security in organizations