Governing autonomous vehicles: emerging responses for safety, liability, privacy, cybersecurity, and industry risks

The benefits of autonomous vehicles (AVs) are widely acknowledged, but there are concerns about the extent of these benefits and AV risks and unintended consequences. In this article, we first examine AVs and different categories of the technological risks associated with them. We then explore strategies that can be adopted to address these risks, and explore emerging responses by governments for addressing AV risks. Our analyses reveal that, thus far, governments have in most instances avoided stringent measures in order to promote AV developments and the majority of responses are non-binding and focus on creating councils or working groups to better explore AV implications. The US has been active in introducing legislations to address issues related to privacy and cybersecurity. The UK and Germany, in particular, have enacted laws to address liability issues, other countries mostly acknowledge these issues, but have yet to implement specific strategies. To address privacy and cybersecurity risks strategies ranging from introduction or amendment of non-AV specific legislation to creating working groups have been adopted. Much less attention has been paid to issues such as environmental and employment risks, although a few governments have begun programmes to retrain workers who might be negatively affected.Comment: Transport Reviews, 201

Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions

IoTSan: Fortifying the Safety of IoT Systems

Today's IoT systems include event-driven smart applications (apps) that interact with sensors and actuators. A problem specific to IoT systems is that buggy apps, unforeseen bad app interactions, or device/communication failures, can cause unsafe and dangerous physical states. Detecting flaws that lead to such states, requires a holistic view of installed apps, component devices, their configurations, and more importantly, how they interact. In this paper, we design IoTSan, a novel practical system that uses model checking as a building block to reveal "interaction-level" flaws by identifying events that can lead the system to unsafe states. In building IoTSan, we design novel techniques tailored to IoT systems, to alleviate the state explosion associated with model checking. IoTSan also automatically translates IoT apps into a format amenable to model checking. Finally, to understand the root cause of a detected vulnerability, we design an attribution mechanism to identify problematic and potentially malicious apps. We evaluate IoTSan on the Samsung SmartThings platform. From 76 manually configured systems, IoTSan detects 147 vulnerabilities. We also evaluate IoTSan with malicious SmartThings apps from a previous effort. IoTSan detects the potential safety violations and also effectively attributes these apps as malicious.Comment: Proc. of the 14th ACM CoNEXT, 201

Implementation of IS Security Standards on Pharmaceutical Manufacturing

This thesis addresses the issue of Information Systems (IS) security in pharmaceutical manufacturing which is closely related to the ISA 99 standard. The ISA 99 'Security for industrial Automation and Control Systems' standard is focused on the work for securing process automation systems from IS security threats. The main thought behind the ISA 99 standard is that a high level of IS security in computerized manufacturing environments cannot be achieved through just one project but needs long-term dedication. Therefore the ISA 99 standard suggests the implementation of an IS security program as the best way to reduce IS security risks to process automation systems and to sustain risk reduction over time. The overall objective of the study was to suggest an IS security program suitable for the pharmaceutical manufacturing at the AstraZeneca manufacturing and supply site in Södertälje, Sweden. The suggested IS security program can briefly be described as a long-term strategy for how to perform IS security activities in the manufacturing at the Södertälje site. The security program defines both technical and organizational requirements and recommendations. According to the ISA 99 standard, working with IS security in the process automation systems environment require both technical, cultural and organizational perspectives. The suggested security program therefore recommends the forming of a special group for working with IS security in the manufacturing within Sweden Operations. This group includes employees from different departments such as IS security, IS/IT, process automation systems managers, engineering, operators and managers in production areas as well as quality assurance personnel. The purpose with the group is to make the IS security work more effective through reducing bureaucracy, increasing communication and sharing of knowledge and business perspectives. The security program also presents IS security policies for the production at the Södertälje site. A security policy is a written document or directive that defines how the organization defines and operates IS security in the process automation systems environment. The security policy ensures both management support and understanding of roles and responsibilities for IS security in the process automation systems environment

Cooperation and Cluster Strategies Within and Between Technology-Intensive Organizations: How to Enhance Linkages among Firms in TechnoParks

World today is characterized by rapid transformations in all aspects of human’s life where innovation, technological change and technological progress play the most significant role. Therefore, technologyintensive organizations by engaging in strategic alliances, clusters and networks tend to extract maximum benefits i.e. to enable entry into the international markets and to develop core competences. Even though clusters have become a highly popular strategy, many of them fail to realize their intended goals. Thus, under the scope of this paper we explore why choosing a clustering strategy can be beneficial for technologyintensive organizations. Main focus will be on investigating if there are inter-firm and firm-university linkages among the actors located in a particular techno-park i.e. METU Techno-park and Bilkent Cyber-park. Results of the analysis showed certain extent of firm-university relationships and low level of inter-firm interactions. This further implied necessity of the policy interventions for enhancement of those interactions if the studied techno-parks are to become successful in the sense of the theoretical techno-park model, and if the tenant firms are to extract maximum benefits associated with cluster concept in theory.Clusters, Networks, Innovation, Techno-parks, Policy

Cyber-Physical Embedded Systems with Transient Supervisory Command and Control: A Framework for Validating Safety Response in Automated Collision Avoidance Systems

The ability to design and engineer complex and dynamical Cyber-Physical Systems (CPS) requires a systematic view that requires a definition of level of automation intent for the system. Since CPS covers a diverse range of systemized implementations of smart and intelligent technologies networked within a system of systems (SoS), the terms “smart” and “intelligent” is frequently used in describing systems that perform complex operations with a reduced need of a human-agent. The difference between this research and most papers in publication on CPS is that most other research focuses on the performance of the CPS rather than on the correctness of its design. However, by using both human and machine agency at different levels of automation, or autonomy, the levels of automation have profound implications and affects to the reliability and safety of the CPS. The human-agent and the machine-agent are in a tidal lock of decision-making using both feedforward and feedback information flows in similar processes, where a transient shift within the level of automation when the CPS is operating can have undesired consequences. As CPS systems become more common, and higher levels of autonomy are embedded within them, the relationship between human-agent and machine-agent also becomes more complex, and the testing methodologies for verification and validation of performance and correctness also become more complex and less clear. A framework then is developed to help the practitioner to understand the difficulties and pitfalls of CPS designs and provides guidance to test engineering design of soft computational systems using combinations of modeling, simulation, and prototyping

Digitalization of Offshore Wind Farm Systems

Master's thesis in Offshore Technology: Industrial asset managementThis thesis investigates how new digital technologies and digitalization can help further evolve the offshore wind industry using the Industry 4.0 concept as a basis and explores how technologies within this concept can contribute to an offshore wind farm that overcomes some of these challenges. The study focuses on an offshore wind farm from a systems perspective, including respective modules, and where the Industry 4.0 technologies can be applied. Following this is the establishment of a systematic digitalization framework and a proposal on how to cope with increased volumes of data, connectivity, and complexity.publishedVersio