Cyber situational awareness: from geographical alerts to high-level management

This paper focuses on cyber situational awareness and describes a visual analytics solution for monitoring and putting in tight relation data from network level with the organization business. The goal of the proposed solution is to make different security profiles (network security officer, network security manager, and financial security manager) aware of the actual network state (e.g., risk and attack progress) and the impact it actually has on the business tasks, making clear the relationships that exist between the network level and the business level. The proposed solution is instantiated on the ACEA infrastructure, the Italian company that provides power and water purification services to cities in central Italy (millions of end users

Expanding alliance: ANZUS cooperation and Asia–Pacific security

Is an alliance conceived as a bulwark against a resurgence of Japanese militarism and which cut its military and intelligence teeth in the Cold War is still relevant to today’s strategic concerns? Overview The alliance between Australia and the US, underpinned by the formal ANZUS Treaty of 1951, continues to be a central part of Australian defence and security thinking and an instrument of American policy in the Asia–Pacific. How is it that an alliance conceived as a bulwark against a resurgence of Japanese militarism and which cut its military and intelligence teeth in the Cold War is still relevant to today’s strategic concerns? The answer is partly—and importantly—that the core values of the ANZUS members are strongly aligned, and successive Australian governments and American presidential administrations have seen great value in working with like-minded partners to ensure Asia–Pacific security. Far from becoming a historical curiosity, today it’s not just relevant, but of greater importance than has been the case in the past few decades. To explore new ideas on how to strengthen the US–Australia alliance, ASPI conducted a high-level strategic dialogue in Honolulu in July this year. Discussions canvassed the future strategic environment; the forthcoming Australian Defence White Paper; budget, sovereignty and expectation risks; and cooperation in the maritime, land, air, cyber, space and intelligence domains. A key purpose of the Honolulu dialogue was to help ASPI develop policy recommendations on the alliance relationship for government. This report is the product of those discussions

Resilient State Estimation in Presence of Severe Coordinated Cyber-Attacks on Large-Scale Power Systems

Providing situational awareness in light of severe coordinated cyber-attacks on power grids, where many measurements may be untrusted, is necessary for reliable monitoring and resilient operation of the grid. In this scenario, the set of good measurements is by itself insufficient for state estimation due to loss of observability. In this paper, we present a resilient state estimation algorithm, based on output clustering. By augmenting the measurement set by respective cluster variables, the system observability is regained, and a reliable state estimate can be computed. We show the numerical performance of our proposed algorithm and its ability to successfully replace corrupted measurements using cluster variables through an example on the IEEE 24-bus power system.Comment: arXiv admin note: substantial text overlap with arXiv:2004.0383

STOP-IT: strategic, tactical, operational protection of water infrastructure against cyberphysical threats

Water supply and sanitation infrastructures are essential for our welfare, but vulnerable to several attack types facilitated by the ever-changing landscapes of the digital world. A cyber-attack on critical infrastructures could for example evolve along these threat vectors: chemical/biological contamination, physical or communications disruption between the network and the supervisory SCADA. Although conceptual and technological solutions to security and resilience are available, further work is required to bring them together in a risk management framework, strengthen the capacities of water utilities to systematically protect their systems, determine gaps in security technologies and improve risk management approaches. In particular, robust adaptable/flexible solutions for prevention, detection and mitigation of consequences in case of failure due to physical and cyber threats, their combination and cascading effects (from attacks to other critical infrastructure, i.e. energy) are still missing. There is (i) an urgent need to efficiently tackle cyber-physical security threats, (ii) an existing risk management gap in utilities’ practices and (iii) an un-tapped technology market potential for strategic, tactical and operational protection solutions for water infrastructure: how the H2020 STOP-IT project aims to bridge these gaps is presented in this paper.Postprint (published version

ATTACK2VEC: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks

Despite the fact that cyberattacks are constantly growing in complexity, the research community still lacks effective tools to easily monitor and understand them. In particular, there is a need for techniques that are able to not only track how prominently certain malicious actions, such as the exploitation of specific vulnerabilities, are exploited in the wild, but also (and more importantly) how these malicious actions factor in as attack steps in more complex cyberattacks. In this paper we present ATTACK2VEC, a system that uses temporal word embeddings to model how attack steps are exploited in the wild, and track how they evolve. We test ATTACK2VEC on a dataset of billions of security events collected from the customers of a commercial Intrusion Prevention System over a period of two years, and show that our approach is effective in monitoring the emergence of new attack strategies in the wild and in flagging which attack steps are often used together by attackers (e.g., vulnerabilities that are frequently exploited together). ATTACK2VEC provides a useful tool for researchers and practitioners to better understand cyberattacks and their evolution, and use this knowledge to improve situational awareness and develop proactive defenses

Cyber Storm II: final report

As an outcome of a 2006 review of e-security arrangements, the department was tasked to develop a cyber exercise program to improve the ability of governments and critical infrastructure owners and operators to manage incidents affecting the National Information Infrastructure. As part of this role, the department coordinated a national cyber exercise, Cyber Storm II. As an outcome of a 2006 review of e-security arrangements, the Attorney-General\u27s Department was tasked to develop a cyber exercise program to improve the ability of governments and critical infrastructure owners and operators to manage incidents affecting the National Information Infrastructure. As part of this role, the department coordinated a national cyber exercise, Cyber Storm II

PHOENI2X -- A European Cyber Resilience Framework With Artificial-Intelligence-Assisted Orchestration, Automation and Response Capabilities for Business Continuity and Recovery, Incident Response, and Information Exchange

As digital technologies become more pervasive in society and the economy, cybersecurity incidents become more frequent and impactful. According to the NIS and NIS2 Directives, EU Member States and their Operators of Essential Services must establish a minimum baseline set of cybersecurity capabilities and engage in cross-border coordination and cooperation. However, this is only a small step towards European cyber resilience. In this landscape, preparedness, shared situational awareness, and coordinated incident response are essential for effective cyber crisis management and resilience. Motivated by the above, this paper presents PHOENI2X, an EU-funded project aiming to design, develop, and deliver a Cyber Resilience Framework providing Artificial-Intelligence-assisted orchestration, automation and response capabilities for business continuity and recovery, incident response, and information exchange, tailored to the needs of Operators of Essential Services and the EU Member State authorities entrusted with cybersecurity

Towards multi-national capability development in cyber defence

Este artigo apresenta uma abordagem de desenvolvimento de uma capacidade multinacional de ciberdefesa que tem sido discutida entre vários países da NATO e a NATO Communications and Information Agency inserida no contexto da NATO Smart Defence. Existem ganhos potenciais se se alavancarem requisitos e recursos comuns, quando as capacidades existentes entre os vários países são variáveis e o financiamento destinado os desenvolvimento das mesmas é escasso, sendo que se apontam alguns dos fundamentos justificativos para esta cooperação multinacional.info:eu-repo/semantics/publishedVersio

A Healthy Game-Theoretic Evaluation of NATO and Indonesia's Policies in the Context of International Law

This study examines the policies of two prominent actors, the North Atlantic Treaty Organization (NATO) and Indonesia while considering their adherence to international law. The analysis is conducted through the lens of game theory, which provides a framework for evaluating strategic interactions in the cyber domain. This study aims to explore how game theory can be applied to assess the policies of NATO and Indonesia in combating and to establish the link between game-theoretic evaluation and conflict resolution in Indonesia's cyber landscape. By understanding strategic interactions and motivations of various actors, this study seeks to provide insights into fostering international cooperation, promoting responsible state behavior, and enhancing cybersecurity. This study employs a qualitative research design, relying on literature reviews, policy analyses, and case studies to examine the cybersecurity policies of NATO and Indonesia. Game theory serves as the primary analytical framework to model cyber conflicts and interactions between different actors. The policies of NATO and Indonesia are evaluated concerning cooperation, competition, and compliance with international law. The analysis reveals that both NATO and Indonesia employ distinct approaches to combating. NATO's collective response emphasizes coordination, information sharing, and cooperative defense strategies, reinforcing international cybersecurity efforts. On the other hand, Indonesia's response is shaped by its unique challenges and priorities, leading to tailored policies and collaborations. Game-theoretic evaluation establishes the importance of cooperation, deterrence, and adherence to international law in resolving conflicts arising from cyber threats in Indonesia. This research highlights the significance of international partnerships, capacity building, and context-specific best practices for a more secure digital environment in Indonesia and beyond. Ultimately, game-theoretic evaluation proves instrumental in shaping effective cybersecurity strategies and promoting responsible behavior in the ever-evolving cyber landscape