Safe, Secure Executions at the Network Edge : Coordinating Cloud, Edge, and Fog Computing

System design where cyber-physical applications are securely coordinated from the cloud may simplify the development process. However, all private data are then pushed to these remote “swamps,” and human users lose actual control as compared to when the applications are executed directly on their devices. At the same time, computing at the network edge is still lacking support for such straightforward multidevice development, which is essential for a wide range of dynamic cyber-physical services. This article proposes a novel programming model as well as contributes the associated secure-connectivity framework for leveraging safe coordinated device proximity as an additional degree of freedom between the remote cloud and the safety-critical network edge, especially under uncertain environment constraints. This article is part of a special issue on Software Safety and Security Risk Mitigation in Cyber-physical Systems.Peer reviewe

Multiple security domain nondeducibility in cyber-physical systems

Cyber-physical Systems (CPS) present special problems for security. This dissertation examines the cyber security problem, the physical security problem, the security problems presented when cyber systems and physical systems are intertwined, and problems presented by the fact that CPS leak information simply by being observed. The issues presented by applying traditional cyber security to CPS are explored and some of the shortcomings of these models are noted. Specific models of a drive-by-wire\u27\u27 automobile connected to a road side assistance network, a Stuxnet type\u27\u27 attack, the smart grid, and others are presented in detail. The lack of good tools for CPS security is addressed in part by the introduction of a new model, Multiple Security Domains Nondeducibility over an Event System, or MSDND(ES). The drive-by-wire automobile is studied to show how MSDND(ES) is applied to a system that traditional security models do not describe well. The issue of human trust in inherently vulnerable CPS with embedded cyber monitors, is also explored. A Stuxnet type attack on a CPS is examined using both MSDND(ES) and Belief, Information acquisition, and Trust (BIT) logic to provide a clear and precise method to discuss issues of trust and belief in monitors and electronic reports. To show these techniques, the electrical smart grid as envisioned by the Future Renewable Electric Energy Delivery and Management Systems Center (FREEDM) project is also modeled. Areas that may lead to the development of additional tools are presented as possible future work to address the fact: CPS are different and require different models and tools to understand. --Abstract, page iii

The THREAT-ARREST Cyber-Security Training Platform

Cyber security is always a main concern for critical infrastructures and nation-wide safety and sustainability. Thus, advanced cyber ranges and security training is becoming imperative for the involved organizations. This paper presets a cyber security training platform, called THREAT-ARREST. The various platform modules can analyze an organization’s system, identify the most critical threats, and tailor a training program to its personnel needs. Then, different training programmes are created based on the trainee types (i.e. administrator, simple operator, etc.), providing several teaching procedures and accomplishing diverse learning goals. One of the main novelties of THREAT-ARREST is the modelling of these programmes along with the runtime monitoring, management, and evaluation operations. The platform is generic. Nevertheless, its applicability in a smart energy case study is detailed

Crossing the Digital Divide: Monism, Dualism and the Reason Collective Action is Critical for Cyber Theory Production

In studying topics in cyber conflict and cyber-security governance, scholars must ask—arguably more so than has been the case with any other emergent research agenda—where the epistemological and ontological value of different methods lies. This article describes the unique, dual methodological challenges inherent in the multifaceted program on global cyber-security and asks how problematic they are for scholarly efforts to construct knowledge about digital dynamics in world affairs. I argue that any answer to this question will vary depending on how one perceives the social science enterprise. While traditional dualistic perspectives on social science imply unique challenges for researcher, a monistic perspective of Weberian objectivity does not. Regardless of one’s perspective, however, the most important steps to be taken at the level of the research program are clearly those focused on constructing the trappings of community. To this end, I outline steps that might be taken to develop a range of community-building and -supporting mechanisms that can simultaneously support a micro-foundational approach to research and expose community elements to one another. Doing this stands to better opportunities for the production of knowledge and direct researchers towards fruitful avenues whilst shortening gaps between the ivory tower and the real world

On the complexity of collaborative cyber crime investigations

This article considers the challenges faced by digital evidence specialists when collaborating with other specialists and agencies in other jurisdictions when investigating cyber crime. The opportunities, operational environment and modus operandi of a cyber criminal are considered, with a view to developing the skills and procedural support that investigators might usefully consider in order to respond more effectively to the investigation of cyber crimes across State boundaries

Is the responsibilization of the cyber security risk reasonable and judicious?

Cyber criminals appear to be plying their trade without much hindrance. Home computer users are particularly vulnerable to attack by an increasingly sophisticated and globally dispersed hacker group. The smartphone era has exacerbated the situation, offering hackers even more attack surfaces to exploit. It might not be entirely coincidental that cyber crime has mushroomed in parallel with governments pursuing a neoliberalist agenda. This agenda has a strong drive towards individualizing risk i.e. advising citizens how to take care of themselves, and then leaving them to face the consequences if they choose not to follow the advice. In effect, citizens are “responsibilized .” Whereas responsibilization is effective for some risks, the responsibilization of cyber security is, we believe, contributing to the global success of cyber attacks. There is, consequently, a case to be made for governments taking a more active role than the mere provision of advice, which is the case in many countries. We conclude with a concrete proposal for a risk regulation regime that would more effectively mitigate and ameliorate cyber risk

The Intersection of Law and Ethics in Cyberwar: Some Reflections

The purpose of this short essay is to reflect upon a few issues that illustrate how legal and ethical issues intersect in the cyber realm. Such an intersection should not be especially surprising., Historian Geoffrey Best insists, “[I]t must never be forgotten that the law of war, wherever it began at all, began mainly as a matter of religion and ethics . . . “It began in ethics” Best says “and it has kept one foot in ethics ever since.” Understanding that relationship is vital to appreciating the full scope of the responsibilities of a cyber-warrior in the 21st century

Expanding alliance: ANZUS cooperation and Asia–Pacific security

Is an alliance conceived as a bulwark against a resurgence of Japanese militarism and which cut its military and intelligence teeth in the Cold War is still relevant to today’s strategic concerns? Overview The alliance between Australia and the US, underpinned by the formal ANZUS Treaty of 1951, continues to be a central part of Australian defence and security thinking and an instrument of American policy in the Asia–Pacific. How is it that an alliance conceived as a bulwark against a resurgence of Japanese militarism and which cut its military and intelligence teeth in the Cold War is still relevant to today’s strategic concerns? The answer is partly—and importantly—that the core values of the ANZUS members are strongly aligned, and successive Australian governments and American presidential administrations have seen great value in working with like-minded partners to ensure Asia–Pacific security. Far from becoming a historical curiosity, today it’s not just relevant, but of greater importance than has been the case in the past few decades. To explore new ideas on how to strengthen the US–Australia alliance, ASPI conducted a high-level strategic dialogue in Honolulu in July this year. Discussions canvassed the future strategic environment; the forthcoming Australian Defence White Paper; budget, sovereignty and expectation risks; and cooperation in the maritime, land, air, cyber, space and intelligence domains. A key purpose of the Honolulu dialogue was to help ASPI develop policy recommendations on the alliance relationship for government. This report is the product of those discussions