Multi-aspect rule-based AI: Methods, taxonomy, challenges and directions towards automation, intelligence and transparent cybersecurity modeling for critical infrastructures

Critical infrastructure (CI) typically refers to the essential physical and virtual systems, assets, and services that are vital for the functioning and well-being of a society, economy, or nation. However, the rapid proliferation and dynamism of today\u27s cyber threats in digital environments may disrupt CI functionalities, which would have a debilitating impact on public safety, economic stability, and national security. This has led to much interest in effective cybersecurity solutions regarding automation and intelligent decision-making, where AI-based modeling is potentially significant. In this paper, we take into account “Rule-based AI” rather than other black-box solutions since model transparency, i.e., human interpretation, explainability, and trustworthiness in decision-making, is an essential factor, particularly in cybersecurity application areas. This article provides an in-depth study on multi-aspect rule based AI modeling considering human interpretable decisions as well as security automation and intelligence for CI. We also provide a taxonomy of rule generation methods by taking into account not only knowledge-driven approaches based on human expertise but also data-driven approaches, i.e., extracting insights or useful knowledge from data, and their hybridization. This understanding can help security analysts and professionals comprehend how systems work, identify potential threats and anomalies, and make better decisions in various real-world application areas. We also cover how these techniques can address diverse cybersecurity concerns such as threat detection, mitigation, prediction, diagnosis for root cause findings, and so on in different CI sectors, such as energy, defence, transport, health, water, agriculture, etc. We conclude this paper with a list of identified issues and opportunities for future research, as well as their potential solution directions for how researchers and professionals might tackle future generation cybersecurity modeling in this emerging area of study

Net Neutrality Powers Energy and Forestalls Climate Change

Drawing on my experience as a Commissioner of the California Public Utilities Commission (CPUC) from January 2011 to January 2017, this Article explores the interdependence of the electricity sector and the open and neutral internet. Section II of this Article discusses the evolution of critical infrastructure laws and policies. Section III examines California’s energy loading order adopted in 2003 to increase energy reliability and protect the environment. Section IV analyzes the evolution of federal and state Smart Grid policies to infuse communications and information technologies including the internet into the energy ecosystem. Section V discusses FERC’s authorization of demand response−the reduction of energy consumption on call−as a resource eligible to bid in FERC wholesale energy markets. Section VI examines the internet’s role in electric grid reliability, public safety, and environmental protection as exemplified by California’s response to: the outage of the San Onofre Nuclear Power plant beginning in 2012, natural gas shortages in California during the Polar Vortex of 2014, and the methane leak at the Aliso Canyon Natural Gas Storage field in Los Angeles beginning in November 2015 that diminished fuel resources for gas-fired electric power plants. Section VII analyzes the FCC’s 2018 Internet Freedom Order. It argues that the FCC’s failure to consider critical infrastructure including energy in its net neutrality repeal order constitutes arbitrary and capricious decision- making under the APA. This section examines the potential harms of ISP paid priority deals for electric reliability, safety, rates, and the environment. It analyzes the limits of antitrust, unfair competition, consumer protection laws, and disclosure rules which provide no redress for harms to energy safety, reliability, costs, and the environment, in contrast to the FCC’s 2015 Open Internet Order. Section VIII recommends that the FCC’s Internet Freedom Order be vacated in light of its serious deficiencies under the APA. Identity thieves allegedly submitted millions of comments in the Internet Freedom Docket in other people’s names without their authorization; the FCC’s shockingly poor comment process flunks the APA. This Article argues that publicly traded companies should report the FCC’s Internet Freedom Order as a material and cybersecurity risk under Securities and Exchange Commission (SEC) Rules. It argues that states and state Public Utility Commissions (PUCs) and Public Service Commissions (PSCs) (collectively PUCs) should protect their residents through the exercise of the police power inherent in the states and PUC’s jurisdiction. This Article concludes in Section IX by urging the maintenance of legally enforceable net neutrality rules to protect critical infrastructure, energy reliability, the economy, national security, public safety, democracy, and the open Internet

Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power Systems

The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks is to execute a series of disruptive switching executions on multiple substations using compromised supervisory control and data acquisition (SCADA) systems. These actions can cause significant impacts to an interconnected power grid. Unlike the previous power blackouts, such high-impact initiating events can aggravate operating conditions, initiating instability that may lead to system-wide cascading failure. A systemic evaluation of "nightmare" scenarios is highly desirable for asset owners to manage and prioritize the maintenance and investment in protecting their cyberinfrastructure. This survey paper is a conceptual expansion of real-time monitoring, anomaly detection, impact analyses, and mitigation (RAIM) framework that emphasizes on the resulting impacts, both on steady-state and dynamic aspects of power system stability. Hypothetically, we associate the combinatorial analyses of steady state on substations/components outages and dynamics of the sequential switching orders as part of the permutation. The expanded framework includes (1) critical/noncritical combination verification, (2) cascade confirmation, and (3) combination re-evaluation. This paper ends with a discussion of the open issues for metrics and future design pertaining the impact quantification of cyber-related contingencies

Cyber Security and Critical Infrastructures 2nd Volume

The second volume of the book contains the manuscripts that were accepted for publication in the MDPI Special Topic "Cyber Security and Critical Infrastructure" after a rigorous peer-review process. Authors from academia, government and industry contributed their innovative solutions, consistent with the interdisciplinary nature of cybersecurity. The book contains 16 articles, including an editorial that explains the current challenges, innovative solutions and real-world experiences that include critical infrastructure and 15 original papers that present state-of-the-art innovative solutions to attacks on critical systems

Risk Management for the Future

A large part of academic literature, business literature as well as practices in real life are resting on the assumption that uncertainty and risk does not exist. We all know that this is not true, yet, a whole variety of methods, tools and practices are not attuned to the fact that the future is uncertain and that risks are all around us. However, despite risk management entering the agenda some decades ago, it has introduced risks on its own as illustrated by the financial crisis. Here is a book that goes beyond risk management as it is today and tries to discuss what needs to be improved further. The book also offers some cases

Exploring Current Trends and Challenges in Cybersecurity: A Comprehensive Survey

Cyber security is the process of preventing unauthorized access, theft, damage, and interruption to computers, servers, networks, and data. It entails putting policies into place to guarantee the availability, confidentiality, and integrity of information and information systems. Cyber security seeks to protect against a variety of dangers, including as hacking, data breaches, malware infections, and other nefarious actions.  Cyber security has grown to be a major worry as a result of the quick development of digital technology and the growing interconnection of our contemporary society. In order to gain insight into the constantly changing world of digital threats and the countermeasures put in place to address them, this survey seeks to study current trends and issues in the area of cyber security. The study includes responses from end users, business executives, IT administrators, and experts across a wide variety of businesses and sectors. The survey gives insight on important problems such the sorts of cyber threats encountered, the efficacy of current security solutions, future technology influencing cyber security, and the human elements leading to vulnerabilities via a thorough analysis of the replies. The most important conclusions include an evaluation of the most common cyber dangers, such as malware, phishing scams, ransom ware, and data breaches, as well as an investigation of the methods and tools used to counter these threats. The survey explores the significance of staff education and awareness in bolstering cyber security defenses and pinpoints opportunities for development in this area. The survey also sheds insight on how cutting-edge technologies like cloud computing, artificial intelligence, and the Internet of Things (IoT) are affecting cyber security practices. It analyses the advantages and disadvantages of using these technologies while taking into account issues like data privacy, infrastructure security, and the need for specialized skills. The survey also looks at the compliance environment, assessing how industry norms and regulatory frameworks affect cyber security procedures. The survey studies the obstacles organizations encounter in attaining compliance and assesses the degree of knowledge and commitment to these requirements. The results of this cyber security survey help to better understand the current status of cyber security and provide organizations and individual’s useful information for creating effective policies to protect digital assets. This study seeks to promote a proactive approach to cyber security, allowing stakeholders to stay ahead of threats and build a safe digital environment by identifying relevant trends and concerns

A Shared Cybersecurity Awareness Platform, Journal of Telecommunications and Information Technology, 2021, nr 3

Ensuring a good level of cybersecurity of global IT systems requires that specific procedures and cooperation frameworks be adopted for reporting threats and for coordinating the activities undertaken by individual entities. Technical infrastructure enabling safe and reliable online collaboration between all teams responsible for security is an important element of the system as well. With the above taken into consideration, the paper presents a comprehensive distributed solution for continuous monitoring and detection of threats that may affect services that provision is essential to security and broadly understood the state’s economic interests. The said solution allows to collect, process and share distributed knowledge on hazard events. The partnership-based model of cooperation between the system’s users allows the teams to undertake specific activities at the central level, facilitates global cyber threat awareness, and enhances the process of predicting and assessing cyber risks in order to ensure a near-realtime response. The paper presents an overview of the system’s architecture, its main components, features, and threat intelligence tools supporting the safe sharing of information concerning specific events. It also offers a brief overview of the system’s deployment and its testing in an operational environment of NASK’s Computer Security Incident Response Team (CSIRT) and Security Operation Center (SOC) of essential services operator

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures comprise of many interconnected cyber and physical assets, and as such are large scale cyber-physical systems. Hence, the conventional approach of securing these infrastructures by addressing cyber security and physical security separately is no longer effective. Rather more integrated approaches that address the security of cyber and physical assets at the same time are required. This book presents integrated (i.e. cyber and physical) security approaches and technologies for the critical infrastructures that underpin our societies. Specifically, it introduces advanced techniques for threat detection, risk assessment and security information sharing, based on leading edge technologies like machine learning, security knowledge modelling, IoT security and distributed ledger infrastructures. Likewise, it presets how established security technologies like Security Information and Event Management (SIEM), pen-testing, vulnerability assessment and security data analytics can be used in the context of integrated Critical Infrastructure Protection. The novel methods and techniques of the book are exemplified in case studies involving critical infrastructures in four industrial sectors, namely finance, healthcare, energy and communications. The peculiarities of critical infrastructure protection in each one of these sectors is discussed and addressed based on sector-specific solutions. The advent of the fourth industrial revolution (Industry 4.0) is expected to increase the cyber-physical nature of critical infrastructures as well as their interconnection in the scope of sectorial and cross-sector value chains. Therefore, the demand for solutions that foster the interplay between cyber and physical security, and enable Cyber-Physical Threat Intelligence is likely to explode. In this book, we have shed light on the structure of such integrated security systems, as well as on the technologies that will underpin their operation. We hope that Security and Critical Infrastructure Protection stakeholders will find the book useful when planning their future security strategies

Critical Infrastructure Resilience: Findings From a Systematic Review

Globally, critical infrastructure (CI), such as energy, water, transport, information and communication technology, health, food supply, banking and finance, government services, safety and emergency services are required to ensure the provision of public services, economic growth and social development. Since the late 1990s, countries have been designing and implementing public policies and strategies to protect CI from various threats. Initially, policies were focused on the physical protection of CI to physical hazards such as terrorism due to events such as the 9/11 terrorist attacks in the United States and 2004 Madrid and 2005 London terrorist attacks but have quickly evolved to reflect the evolving and unpredictable global landscape of threats such as natural disasters, ageing infrastructure, cyber-attacks and many more. Scholars have noted that the adoption of “critical infrastructure resilience” is necessary to ensure the safety and well-being of global communities in light of the evolving landscape of threats, including political threats and the intricate interconnectedness of global infrastructure. Research of CI resilience shows promising signs of interest among scholars. However, some of the most fundamental questions around the concept are still not widely understood, such as: How is critical infrastructure resilience defined? How is it assessed?; How can governments, policy leaders, practitioners and CI owners and operators enhance CI resilience? For these reasons, this study seeks to fill the research gap and establish the current knowledge on critical infrastructure resilience among the literature and address several fundamental questions to ensure a consistent understanding of the concept. This study aims to contribute to knowledge about critical infrastructure resilience by systematically reviewing relevant scholarly literature, analyzing its major and minor themes, and identifying future research directions. The results draw several conclusions including the limited research of CI resilience outside of engineering, a lack of consensus surrounding the definition of CI resilience and a narrow perspective of the risks to CI. Finally, future research recommendations include an increased research focus on societal resilience and additional examination of non-physical risks. Furthermore, an analysis of CI resilience among a more diversified set of industries including healthcare, emergency services, food production and distribution and essential manufacturing and an assessment of non-technical solutions to enhance CI resilience