A national cybersecurity management framework for developing countries

Abstract : Please refer to full text to view abstract.D.Phil. (Computer Science

VirtuWind: Virtual and programmable industrial network prototype deployed in operational wind park.

With anticipated exponential growth of connected devices, future industrial networks require an open solutions architecture facilitated by standards and a strong ecosystem. Such solutions should also deal with range of quality of service requirements imposed by industrial networks. Preserving strict quality of service is particularly challenging when services pass across domains of multiple provides. VirtuWind aims to develop and demonstrate a Software Defined Networking and Network Function Virtualization ecosystem, based on an open, modular and secure framework to address stringent requirements of the industrial networks. A prototype of the framework for intra-domain and inter-domain scenarios will be showcased in real Wind Parks, as a representative use case of industrial networks. This paper details this vision and explains steps forward

AUGGMED: developing multiplayer serious games technology to enhance first responder training

Many serious games are designed for single player access only. However, the benefits of the immersive nature of serious games and virtual reality may be enhanced when teams who usually train together can also do so within a virtual environment. The purpose of this article is to outline the architecture of the AUGGMED serious game and discuss the technical challenges faced when creating a multiplayer counter terrorism training serious game utilising virtual reality, touch screen interfaces and a realistic crowd simulation. AUGGMED is designed using an agile modular approach utilising user centred design principles, with each technical developer owning a set of tools which are continuously integrated, piloted, and improved throughout the development cycle. Constant piloting with first responders enables iterative improvements, which meet end user training requirements. Building a multiplayer training game specialised in providing realistic simulation of real situations, and enabling users to interface with the simulation through virtual reality identifies a large set of technical challenges. The article identifies a number of the challenges faced while developing AUGGMED and the solutions used to overcome them, including barriers and logistical/technical difficulties to integrating multiple existing (Exodus crowd simulation) and new (virtual reality) technologies into a single serious game for training first responders

Critical Infrastructure Protection Approaches: Analytical Outlook on Capacity Responsiveness to Dynamic Trends

Overview: Critical infrastructures (CIs) – any asset with a functionality that is critical to normal societal functions, safety, security, economic or social wellbeing of people, and disruption or destruction of which would have a very significant negative societal impact. CIs are clearly central to the normal functioning of a nation’s economy and require to be protected from both intentional and unintentional sabotages. It is important to correctly discern and aptly manage security risks within CI domains. The protection (security) of CIs and their networks can provide clear benefits to owner organizations and nations including: enabling the attainment of a properly functioning social environment and economic market, improving service security, enabling integration to external markets, and enabling service recipients (consumers, clients, and users) to benefit from new and emerging technological developments. To effectively secure CI system, firstly, it is crucial to understand three things - what can happen, how likely it is to happen, and the consequences of such happenings. One way to achieve this is through modelling and simulations of CI attributes, functionalities, operations, and behaviours to support security analysis perspectives, and especially considering the dynamics in trends and technological adoptions. Despite the availability of several security-related CI modelling approaches (tools and techniques), trends such as inter-networking, internet and IoT integrations raise new issues. Part of the issues relate to how to effectively (more precisely and realistically) model the complex behavior of interconnected CIs and their protection as system of systems (SoS). This report attempts to address the broad goal around this issue by reviewing a sample of critical infrastructure protection approaches; comprising tools, techniques, and frameworks (methodologies). The analysis covers contexts relating to the types of critical infrastructures, applicable modelling techniques, risk management scope covered, considerations for resilience, interdependency, and policy and regulations factors. Key Findings: This research presents the following key findings: 1. There is not a single specific Critical Infrastructure Protection (CIP) approach – tool, technique, methodology or framework – that exists or emerges as a ‘fit-for-all’; to allow the modelling and simulation of cyber security risks, resilience, dependency, and impact attributes in all critical infrastructure set-ups. 2. Typically, two or more modelling techniques can be (need to be) merged to cover a broader scope and context of modelling and simulation applications (areas) to achieve desirable highlevel protection and security for critical infrastructures. 3. Empirical-based, network-based, agent-based, and system dynamics-based modelling techniques are more widely used, and all offer gains for their use. 4. The deciding factors for choosing modelling techniques often rest on; complexity of use, popularity of approach, types and objectives of user Organisation and sector. 5. The scope of modelling functions and operations also help to strike the balance between ‘specificity’ and ‘generality’ of modelling technique and approach for the gains of in-depth analysis and wider coverage respectively. 6. Interdependency and resilience modelling and simulations in critical infrastructure operations, as well as associated security and safety risks; are crucial characteristics that need to be considered and explored in revising existing or developing new CIP modelling approaches. Recommendations: Key recommendations from this research include: 1. Other critical infrastructure sectors such as emergency services, food & agriculture, and dams; need to draw lessons from the energy and transportation sectors for the successive benefits of: i. Amplifying the drive and efforts towards evaluating and understanding security risks to their infrastructure and operations. ii. Support better understanding of any associated dependencies and cascading impacts. iii. Learning how to establish effective security and resilience. iv. Support the decision-making process linked with measuring the effectiveness of preparedness activities and investments. v. Improve the behavioural security-related responses of CI to disturbances or disruptions. 2. Security-related critical infrastructure modelling approaches should be developed or revised to include wider scopes of security risk management – from identification to effectiveness evaluations, to support: i. Appropriate alignment and responsiveness to the dynamic trends introduced by new technologies such as IoT and IIoT. ii. Dynamic security risk management – especially the assessment section needs to be more dynamic than static, to address the recurrent and impactful risks that emerge in critical infrastructures

Network Security Intelligence Centres for Information Security Incident Management

Programme: 6598 - Ph.D. on the Basis of Prior Published Works in Cyber SecurityIntensive IT development has led to qualitative changes in our living, which are driving current information security (IS) trends and require sophisticated structures and adequate approached to manage IS for different businesses. The wide range of threats is constantly growing in modern intranets; they have become not only numerous and diverse but more disruptive. In such circumstances, organizations realize that IS incidents’ timely detection and prevention in the future (what is more important) are not only possible but imperative. Any delay and only reactive actions to IS incidents put their assets under risk. A properly designed IS incident management system (ISIMS), operating as an integral part of the whole organization’s governance system, reduces IS incidents’ number and limits damage caused by them. To maximally automate IS incident management (ISIM) within one organization and to deepen its knowledge of IS level, this research proposes to unite together all advantages of a Security Intelligence Centre (SIC) and a Network Operations Centre (NOC) with their unique and joint toolkits and techniques in a unified Network SIC (NSIC). For this purpose the glossary of the research area was introduced, the taxonomy of IS threats, vulnerabilities, network attacks, and incidents was determined. Further, IS monitoring as one of the ISIM processes was described, the Security Information and Event Management (SIEM) systems’ role in it and their evolution were shown. The transition from Security Operations Centres (SOCs) to SICs was followed up. At least, modern network environment’s requirements for new protection solutions were formulated and it was proven that the NSIC proposed as a combination of a SIC and a NOC fully meets them. The NSIC’s zone security infrastructure with corresponding IS controls is proposed. Its implementation description at the Moscow Engineering Physics Institute concludes the research at this stage. In addition, some proposals for the training of highly qualified personnel for NSICs were formulated. The creation of an innovative NSIC concept, its interpretation, construction and initial implementation through original research presented are its main results. They contribute substantially to the modern networks’ security, as they extend the forefront of the SOCs and SICc used nowadays and generate significant new knowledge and understanding of network security requirements and solutions

A Design Approach to IoT Endpoint Security for Production Machinery Monitoring

The Internet of Things (IoT) has significant potential in upgrading legacy production machinery with monitoring capabilities to unlock new capabilities and bring economic benefits. However, the introduction of IoT at the shop floor layer exposes it to additional security risks with potentially significant adverse operational impact. This article addresses such fundamental new risks at their root by introducing a novel endpoint security-by-design approach. The approach is implemented on a widely applicable production-machinery-monitoring application by introducing real-time adaptation features for IoT device security through subsystem isolation and a dedicated lightweight authentication protocol. This paper establishes a novel viewpoint for the understanding of IoT endpoint security risks and relevant mitigation strategies and opens a new space of risk-averse designs that enable IoT benefits, while shielding operational integrity in industrial environments

Towards a framework to ensure alignment among information security professionals, ICT security auditors and regulatory officials in implementing information security in South Africa

Information security in the form of IT governance is part of corporate governance. Corporate governance requires that structures and processes are in place with appropriate checks and balances to enable directors to discharge their responsibilities. Accordingly, information security must be treated in the same way as all the other components of corporate governance. This includes making information security a core part of executive and board responsibilities. Critically, corporate governance requires proper checks and balances to be established in an organisation; consequently, these must be in place for all information security implementations. In order to achieve this, it is important to have the involvement of three key role players, namely information security professionals, ICT security auditors and regulatory officials (from now on these will be referred to collectively as the ‘role players’). These three role players must ensure that any information security controls implemented are properly checked and evaluated against the organisation’s strategic objectives and regulatory requirements. While maintaining their individual independence, the three role players must work together to achieve their individual goals with a view to, as a collective, contributing positively to the overall information security of an organisation. Working together requires that each role player must clearly understand its individual role, as well the role of the other players at different points in an information security programme. In a nutshell, the role players must be aligned such that their involvement will deliver maximum value to the organisation. This alignment must be based on a common framework which is understood and accepted by all three role players. This study proposes a South African Information Security Alignment (SAISA) framework to ensure the alignment of the role players in the implementation and evaluation of information security controls. The structure of the SAISA framework is based on that of the COBIT 4.1 (Control Objectives for Information and Related Technology). Hence, the SAISA framework comprises four domains, namely, Plan and Organise Information Security (PO-IS), Acquire and Implement Information Security (AI-IS), Deliver and Support Information Security (DS-IS) and Monitor and Evaluate Information Security (ME-IS). The SAISA framework brings together the three role players with a view to assisting them to understand their respective roles, as well as those of the other role players, as they implement and evaluate information security controls. The framework is intended to improve cooperation among the role players by ensuring that they view each other as partners in this process. Through the life cycle structure it adopts, the SAISA framework provides an effective and efficient tool for rolling out an information security programme in an organisationComputer ScienceM. Sc. (Computer Science

Identifying Security-Critical Cyber-Physical Components in Industrial Control Systems

In recent years, Industrial Control Systems (ICS) have become an appealing target for cyber attacks, having massive destructive consequences. Security metrics are therefore essential to assess their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs that represent cyber-physical dependencies among network components. Our metric is able to efficiently identify sets of critical cyber-physical components, with minimal cost for an attacker, such that if compromised, the system would enter into a non-operational state. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MAX-SAT problem. Our tool, META4ICS, leverages state-of-the-art techniques from the field of logical satisfiability optimisation in order to achieve efficient computation times. Our experimental results indicate that the proposed security metric can efficiently scale to networks with thousands of nodes and be computed in seconds. In addition, we present a case study where we have used our system to analyse the security posture of a realistic water transport network. We discuss our findings on the plant as well as further security applications of our metric.Comment: Keywords: Security metrics, industrial control systems, cyber-physical systems, AND-OR graphs, MAX-SAT resolutio