Cyber-Physical Smart Grid Security Tool for Education and Training Purposes

Cyber security education is now an essential piece of information to understand the current challenges in utilizing the technology in a secure manner. In this paper, we highlight the need of improving the human factors role and cyber security awareness in better securing the systems. We discuss a simulation tool called CPSA that can be used for education and training purposes to understand the impact of cyber-attacks on the physical power system, and overall system monitoring. The tool supports attacks modeling, different communication network topologies, simulation of bad data and malicious command received over the insecure network. This tool is helpful for students and researchers’ education to better understand the logics and prepare them with skills to evaluate the future cyber-physical system security. The tool can also be used for training purpose to the technical and non-technical staff at power utility

W4IPS: A Web-based Interactive Power System Simulation Environment For Power System Security Analysis

Modern power systems are increasingly evolving Cyber-Physical Systems (CPS) that feature close interaction between Information and Communication Technology (ICT), physical and electrical devices, and human factors. The interactivity and security of CPS are the essential building blocks for the reliability, stability and economic operation of power systems. This paper presents a web-based interactive multi-user power system simulation environment and open source toolset (W4IPS) whose main features are a publish/subscribe structure, a real-time data sharing capability, role-based multi-user visualizations, distributed multi-user interactive controls, an easy to use and deploy web interface, and flexible and extensible support for communication protocols. The paper demonstrates the use of W4IPS features as an ideal platform for contingency response training and cyber security analysis, with an emphasis on interactivity and expandability. In particular, we present the use cases and the results of W4IPS in power system operation education and security analysis

Guidelines for cybersecurity education campaigns

In our technology- and information-infused world, cyberspace is an integral part of modern-day society. As the number of active cyberspace users increases, so too does the chances of a cyber threat finding a vulnerable target increase. All cyber users who are exposed to cyber risks need to be educated about cyber security. Human beings play a key role in the implementation and governing of an entire cybersecurity and cybersafety solution. The effectiveness of any cybersecurity and cybersafety solutions in a societal or individual context is dependent on the human beings involved in the process. If these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in these cybersecurity solutions. It is essential that all users be educated to combat any threats. Children are a particularly vulnerable subgroup within society. They are digital natives and make use of ICT, and online services with increasing frequency, but this does not mean they are knowledgeable about or behaving securely in their cyber activities. Children will be exposed to cyberspace throughout their lifetimes. Therefore, cybersecurity and cybersafety should be taught to children as a life-skill. There is a lack of well-known, comprehensive cybersecurity and cybersafety educational campaigns which target school children. Most existing information security and cybersecurity education campaigns limit their scope. Literature reports mainly on education campaigns focused on primary businesses, government agencies and tertiary education institutions. Additionally, most guidance for the design and implementation of security and safety campaigns: are for an organisational context, only target organisational users, and mostly provide high-level design recommendations. This thesis addressed the lack of guidance for designing and implementing cybersecurity and cybersafety educational campaigns suited to school learners as a target audience. The thesis aimed to offer guidance for designing and implementing education campaigns that educate school learners about cybersecurity and cybersafety. This was done through the implementation of an action research process over a five-year period. The action research process involved cybersecurity and cybersafety educational interventions at multiple schools. A total of 18 actionable guidelines were derived from this research to guide the design and implementation of cybersecurity and cybersafety education campaigns which aim to educate school children

Revisiting Cybersecurity Awareness in the Midst of Disruptions

The awareness of cybersecurity and knowledge about risks from a variety of threats, which present harm or steal private information in internetworking could help in mitigation of vulnerabilities to risks of threats in safeguarding information from malware and bots. Revisiting cybersecurity awareness of every member and evaluation of organization’s posture might help to protect sensitive or private information from a network of computers, working together and forming into botnets. The purpose of the qualitative case study narrative was to explore prospects for integrating cybersecurity education into elementary school children’s curriculum through interviews of elementary schoolteachers, IT experts, and parents to gain feedback about perceptions on cybersecurity knowledge and awareness. The analysis of schools’ organizational security postures related to all levels of education, recommending in raising awareness of the underlying and unprecedented security vulnerabilities. One area of greatest need is in protecting the wellbeing of people in securing private or protected assets and sensitive information, most valuable and vulnerable amid disruption. The possible lack of cybersecurity awareness in online settings could increase an organizational vulnerability to risks of threats and outsider attempts to install malware during a variety of cyber-attacks. Organizations with online ambiguity face a threat from botnets to infect networks. This qualitative exploratory single case-study into perceptions of teachers and leaders, information technology (IT) experts, and parents of elementary school children about cybersecurity awareness level of children in elementary schools helped to reinforce the important role of education in building foundational cyber-safety practices

A framework to integrate information and communication technology security awareness into the South African education system

Text in EnglishThere is general consensus about the importance of Information and Communication Technology (ICT) security in South Africa. This consensus is evident from initiatives related to the formulation of legislation and policies like the Electronic Communications and Transactions (ECT) Act and the National Cyber Security Policy. A number of South African academic institutions have also come on board with initiatives aimed at enhancing ICT security awareness all over the country. In fact, ICT security awareness has been classified as an important component of South Africa’s national security. Many countries use ICT to improve and enhance the standard of their education systems. A number of scholars in South Africa have conducted studies with the aim of proving that ICT can play a major role in improving the quality of education in the country. The research in hand investigates the lack of integration of ICT security awareness into the South African education system. The literature review that was conducted reveals that there is a huge problem especially when it comes to the integration of ICT security awareness into the South African schooling system. The advancement of technology has come with a number of advantages and disadvantages. The easy access to information via the internet, coupled by unsupervised access to instant messaging applications (Skype, MXiT) and social media platforms (Facebook, Twitter and many more), hugely increases the vulnerability of school learners to ICT security attacks and ICT-related crime. The current research therefore investigates the vulnerability caused by the lack of ICT security awareness among school learners as one of the main disadvantages of the advancement of information technology. An analysis of existing models and frameworks in the two spheres of ICT, namely education and ICT security was conducted. The aim was to determine any similarities or overlap between these spheres and to determine whether the existing ICT models and frameworks are relevant to South Africa. The analysis showed a significant disparity and inconsistency between the two spheres and proved that there is a definite need for a framework (relevant to South Africa) that can be used for the integration of ICT security awareness into South African education. Hence, the researcher proposed a more integrated approach in the form of a framework that is directed at South African school learners, based on an in-depth literature review of past scholarly work, models and frameworks. Having reviewed a number of existing models and frameworks, and identifying the potential gaps, the researcher proposed a framework to address the lack of integration of ICT security awareness into the South African education system. The proposed framework, called the South African ICT Security Awareness Framework for Education (SAISAFE), was reviewed for its potential applicability in the South African context, and the results of the literature review analysis are reported to support the analysis of models and frameworks.School of ComputingM. A. (Computing

Securing intellectual capital:an exploratory study in Australian universities

Purpose – To investigate the links between IC and the protection of data, information and knowledge in universities, as organizations with unique knowledge-related foci and challenges.Design/methodology/approach – We gathered insights from existing IC-related research publications to delineate key foundational aspects of IC, identify and propose links to traditional information security that impact the protection of IC. We conducted interviews with key stakeholders in Australian universities in order to validate these links.Findings – Our investigation revealed two kinds of embeddedness characterizing the organizational fabric of universities: (1) vertical and (2) horizontal, with an emphasis on the connection between these and IC-related knowledge protection within these institutions.Research implications – There is a need to acknowledge the different roles played by actors within the university, and the relevance of information security to IC-related preservation.Practical implications – Framing information security as an IC-related issue can help IT security managers communicate the need for knowledge security with executives in higher education, and secure funding to preserve and secure such IC-related knowledge, once its value is recognized.Originality/value – This is one of the first studies to explore the connections between data and information security and the three core components of IC’s knowledge security in the university context

A FRAMEWORK FOR THE EVALUATION OF CYBERSECURITY EFFECTIVENESS OF ABU DHABI GOVERNMENT ENTITIES

Cyberspace has become one of the new frontiers for countries to demonstrate their power to survive in the digitized world. The UAE has become a major target for cyber conflicts due to the rapid increase in economic activity and technology. Further, the widespread use of the internet in the region to the tune of 88% by the end of 2014 has exposed the critical infrastructure to all forms of cyber threats. In this dissertation, the researcher presents a detailed study of the existing cybersecurity defences globally and an investigation into the factors that influence the effectiveness of cybersecurity defences in Abu Dhabi government entities. Further, the role of cybersecurity education, training, and awareness in enhancing the effectiveness of cybersecurity and the role of senior management in providing strategic direction to government entities on cybersecurity are evaluated in addition to determining the contribution of strategic planning and technology level in ensuring an effective cybersecurity system. The study has evaluated the level of Cybersecurity Effectiveness (CSE) in Abu Dhabi Government Entities and the results show that Science and Technology entity performed better than all other Entities with CSE Mean = 4.37 while Public Order showed the least performance with CSE Mean = 3.83 and the combined model of six factors with R-square value 0.317 after multiple regression implying that 32% change in CSE in the government entities is occurring due to the six (6) independent variables used in the study. Further, results show that management has the responsibility of putting in place strategies, frameworks and policies that respond appropriately to the prevention, detection and mitigation of cyberattacks. Results further indicate that culture-sensitive training and awareness programmes add to the quality and effectiveness of cybersecurity systems in government entities. Further, study findings reveal that qualified and experienced personnel in government entities show a greater understanding of cyber and information security issues. Finally, the researcher proposes a cybersecurity framework and a checklist, with checkpoints, for evaluating the effectiveness of cybersecurity systems within government entities and future research interventions

Addressing the cyber safety challenge: from risk to resilience

Addressing the cyber safety challenge: from risk to resilience describes the cyber safety issues emerging from a range of technology trends, how different populations are using technologies and the risks they face, and how we can effectively respond to each group’s unique cyber safety needs. Written by the University of Western Sydney for Telstra Corporation Ltd, the report advocates for continuing to move cyber safety from a ‘risk and protection’ framework to one that focuses on building digital resilience, as well as fostering trust and confidence in the online environment. To do this we need to: Address the needs of populations often neglected by current policies and programs – including adults, seniors, parents, and small to medium enterprises Continue to build the digital literacy skills of all populations, because digital literacy strongly influences users’ ability to engage safely online – this is best achieved by a hands-on learning approach Keep risk in perspective – the risks and benefits of digital participation go hand in hand Broaden the focus from awareness-raising to long-term behaviour change. As digital technologies become further integrated into the everyday lives of Australians, users are potentially exposed to greater risks. However, the risks and benefits of digital participation go hand in hand. The challenge, therefore, is to support users to minimise the risks without limiting their digital participation and their capacity to derive the full benefits of connectivity. If Australians are to benefit as either consumers or providers of online services and products in the e-commerce environment, consumer safety and trust need to be improved. Cyber safety needs to be considered against a transforming backdrop of technology trends, products and practices. While the rise of social media has tended to dominate recent debate and developments in cyber safety, particularly in relation to young people, a range of other trends is also shaping how users engage online, the risks they potentially face in the new media landscape, and the strategies used to address them. These trends include the rise of user generated content and content sharing platforms; the uptake of mobile technologies and, in particular, the adoption of smartphones; cloud computing; platform integration and single sign-on mechanisms; and the rise of GPS and location based services