Exterminating the Cyber Flea: Irregular Warfare Lessons for Cyber Defence

Traditional approaches to tactical Computer Network Defence (CND), drawn from the lessons and doctrine of conventional warfare, are based on a team of deployed security professionals countering the adversary’s cyber forces. The concept of the adversary in cyberspace does not fit neatly into the conventional military paradigms. Rather than fighting an identifiable foe, cyber adversaries are clandestine, indistinguishable from legitimate users or external services, operate across state boundaries, and from safe havens that provide sanctuary from prosecution. The defender also faces imbalances with rules of engagement and a severe disparity between the cost of delivering the defence and the attackers ability to deliver an effect. These operational conditions are more akin with Irregular Warfare (IW) than a conventional conflict. This paper proposes a new approach to CND, based on a review of the literature on IW. Rather than fight the battle alone, the CND team should concentrate efforts to persuade and empower network users to take responsibility for protecting the organisation’s critical data. This approach seeks to apply the lessons learnt from IW, where the resistance to the adoption of security best practices, intentional or otherwise, is the real adversary. This approach appears more likely to deliver long term protection from the current cyber threats than a process, which requires the identification and tracking of adversaries that are invisible and constantly changing

Critical Infrastructure Protection Metrics and Tools Papers and Presentations

Contents: Dr. Hilda Blanco: Prioritizing Assets in Critical Infrastructure Systems; Christine Poptanich: Strategic Risk Analysis; Geoffrey S. French/Jin Kim: Threat-Based Approach to Risk Case Study: Strategic Homeland Infrastructure Risk Assessment (SHIRA); William L. McGill: Techniques for Adversary Threat Probability Assessment; Michael R. Powers: The Mathematics of Terrorism Risk Stefan Pickl: SOA Approach to the IT-based Protection of CIP; Richard John: Probabilistic Project Management for a Terrorist Planning a Dirty Bomb Attack on a Major US Port; LCDR Brady Downs: Maritime Security Risk Analysis Model (MSRAM); Chel Stromgren: Terrorism Risk Assessment and Management (TRAM); Steve Lieberman: Convergence of CIP and COOP in Banking and Finance; Harry Mayer: Assessing the Healthcare and Public Health Sector with Model Based Risk Analysis; Robert Powell: How Much and On What? Defending and Deterring Strategic Attackers; Ted G. Lewis: Why Do Networks Cascade

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Enhancing Cyber-Resiliency of DER-based SmartGrid: A Survey

The rapid development of information and communications technology has enabled the use of digital-controlled and software-driven distributed energy resources (DERs) to improve the flexibility and efficiency of power supply, and support grid operations. However, this evolution also exposes geographically-dispersed DERs to cyber threats, including hardware and software vulnerabilities, communication issues, and personnel errors, etc. Therefore, enhancing the cyber-resiliency of DER-based smart grid - the ability to survive successful cyber intrusions - is becoming increasingly vital and has garnered significant attention from both industry and academia. In this survey, we aim to provide a systematical and comprehensive review regarding the cyber-resiliency enhancement (CRE) of DER-based smart grid. Firstly, an integrated threat modeling method is tailored for the hierarchical DER-based smart grid with special emphasis on vulnerability identification and impact analysis. Then, the defense-in-depth strategies encompassing prevention, detection, mitigation, and recovery are comprehensively surveyed, systematically classified, and rigorously compared. A CRE framework is subsequently proposed to incorporate the five key resiliency enablers. Finally, challenges and future directions are discussed in details. The overall aim of this survey is to demonstrate the development trend of CRE methods and motivate further efforts to improve the cyber-resiliency of DER-based smart grid.Comment: Submitted to IEEE Transactions on Smart Grid for Publication Consideratio

Machine learning and blockchain technologies for cybersecurity in connected vehicles

Future connected and autonomous vehicles (CAVs) must be secured againstcyberattacks for their everyday functions on the road so that safety of passengersand vehicles can be ensured. This article presents a holistic review of cybersecurityattacks on sensors and threats regardingmulti-modal sensor fusion. A compre-hensive review of cyberattacks on intra-vehicle and inter-vehicle communicationsis presented afterward. Besides the analysis of conventional cybersecurity threatsand countermeasures for CAV systems,a detailed review of modern machinelearning, federated learning, and blockchain approach is also conducted to safe-guard CAVs. Machine learning and data mining-aided intrusion detection systemsand other countermeasures dealing with these challenges are elaborated at theend of the related section. In the last section, research challenges and future direc-tions are identified

Detecting Slow DDos Attacks on Mobile Devices

Denial of service attacks, distributed denial of service attacks and reflector attacks are well known and documented events. More recently these attacks have been directed at game stations and mobile communication devices as strategies for disrupting communication. In this paper we ask, How can slow DDos attacks be detected? The similarity metric is adopted and applied for potential application. A short review of previous literature on attacks and prevention methodologies is provided and strategies are discussed. An innovative attack detection method is introduced and the processes and procedures are summarized into an investigation process model. The advantages and benefits of applying the metric are demonstrated and the importance of trace back preparation discussed

The threat of terrestrial predators to mainland penguin colonies: searching for sustainable solutions

Anthropogenic activities including overexploitation of natural resources and the transformation of natural habitat have disturbed ecological systems and are increasingly challenging the natural persistence, movement, and interactions of wildlife populations. On the Cape Peninsula in South Africa, all large predators were extirpated to reduce threats to lives and livelihoods with the medium-sized caracal (Caracal caracal) emerging as the de facto apex predator. Overexploitation of Africa penguins (Spheniscus demersus), their prey and their island breeding sites in the south-western Cape resulted in a rapid decline in the African penguin population and a shift in their distribution. This shift coincided with the establishment of at least four mainland colonies, one of which is on the Cape Peninsula. In this manner a Least Concern, abundant predator encountered an Endangered bird species poorly adapted to terrestrial predators, setting the scene for a conservation conflict in the Anthropocene. My goal in attempting to mitigate this conflict was to first collate all available data on mainland penguin colony demographics and to understand the relative threat posed by terrestrial predators such as caracal on their mortality. Secondly, I reviewed historical and current management interventions by conservation authorities to protect mainland colonies from terrestrial predators and assessed both their success in protecting penguins and their impacts on the predators. Having identified discrepancies amongst stakeholders in how best to manage the interface between penguins and predators I reviewed the potential non-lethal and lethal methods and used a standardised evaluation scoring system to identify those strategies with the most support. I then developed a management plan that integrates these strategies and provides the most sustainable solution for reducing supernumerary predation events while also offering conservation benefits to caracal. I made use of a qualitative triangulation approach for the evaluation of management techniques as this explores anecdotal data from case-studies alongside the individual experiences of environmental managers and experts in the field. Annual counts at mainland penguin colonies revealed that only two of the four colonies had persisted, and both had exhibited strong early growth and were now recognised as important breeding sites with high conservation status. Surprisingly both surviving mainland colonies were established in peri-urban areas with high levels of anthropogenic disturbance including vehicular collisions, and disturbance by domestic animals and people. Leopard (Panthera pardus pardus) and caracal were both identified as posing a significant threat to the viability of the Stony Point and Simon's Town penguin populations respectively. Both predators had engaged in supernumerary predation events, which have cumulatively resulted in the recorded deaths of at least 346 penguins over the last decade. In response to predations local statutory authorities have attempted numerous intervention strategies at both colonies. Remote camera traps proved effective at early detection and identifying species responsible, while physical barriers were effective at reducing access to colonies. Capture and collaring of caracal on the Peninsula with follow-up monitoring of movement adjacent to the colony proved ineffective as the caracal readily evaded staff deployed to deter them. Relocation of caracal within the Peninsula has had limited success as only one individual established a stable territory far from the colony, while the remaining cats either returned to the colony or died in vehicular collisions. The average time between supernumerary predation events following relocations or the euthanasia of caracal was approximately six months. A total of 17 primary mitigation management interventions were evaluated by key stakeholders with three having high levels of support visà-vis: cameras for early detection of potential predators, physical barriers to deter entrance to the colony or funnel predators into capture cages for translocation to other protected areas within the City of Cape Town (CoCT). Together with local conservation authorities and managers these three interventions were then integrated into a management plan with standard operating procedures and a decision flow chart so as to 1) greatly reduce predation on penguins by terrestrial predators, 2) prioritise non-lethal interventions including the development of a translocation plan to CoCT nature reserves, 3) ensure the plan aligns with current local and international (IUCN) policy, 4) be cost effective and practically achievable with the resources available, and 5) have broad public, stakeholder, and statutory acceptability. Together these interventions provide a solution to a classic conservation conflict in the Anthropocene and can serve as a suitable template for the management of Least Concern predators impacted by urban development both in South Africa and elsewhere in the world