20,618 research outputs found
Latest Trends and Future Directions of Cyber Security Information Systems
The significance of the information system security is critical issue for the organizations since it leads to big financial losses. The understanding of cyber security threats is not only an innovative requirement but also it is a conservative task. The rapid changes in technologies and services are major driving and leading concerns to the cyber security, requiring reassessment and renewal of standardized policies for counter measures to the resistant vulnerabilities. The main aim of this paper is to improve the understanding and perception of latest security threats, security counter measures, and the future trends of cyberspace security. Therefore, we look forward proposing a new classification model of security threats in order to generalize the impact of threats into classes rather than the impact of every individual threat. The importance of this study comes from the neediness to forecast the future trends of information system cyber security on the long basis, as well as the identification of future security measures that would be reliable. Cyber security models need to improve according to the situational awareness over all situations and at all levels in order to avoid conflicting interests and priorities. Keywords: security, cyber security, cyber-attacks, information system security
Smart Grid Security: Threats, Challenges, and Solutions
The cyber-physical nature of the smart grid has rendered it vulnerable to a
multitude of attacks that can occur at its communication, networking, and
physical entry points. Such cyber-physical attacks can have detrimental effects
on the operation of the grid as exemplified by the recent attack which caused a
blackout of the Ukranian power grid. Thus, to properly secure the smart grid,
it is of utmost importance to: a) understand its underlying vulnerabilities and
associated threats, b) quantify their effects, and c) devise appropriate
security solutions. In this paper, the key threats targeting the smart grid are
first exposed while assessing their effects on the operation and stability of
the grid. Then, the challenges involved in understanding these attacks and
devising defense strategies against them are identified. Potential solution
approaches that can help mitigate these threats are then discussed. Last, a
number of mathematical tools that can help in analyzing and implementing
security solutions are introduced. As such, this paper will provide the first
comprehensive overview on smart grid security
Cybersecurity Challenges of Power Transformers
The rise of cyber threats on critical infrastructure and its potential for
devastating consequences, has significantly increased. The dependency of new
power grid technology on information, data analytic and communication systems
make the entire electricity network vulnerable to cyber threats. Power
transformers play a critical role within the power grid and are now commonly
enhanced through factory add-ons or intelligent monitoring systems added later
to improve the condition monitoring of critical and long lead time assets such
as transformers. However, the increased connectivity of those power
transformers opens the door to more cyber attacks. Therefore, the need to
detect and prevent cyber threats is becoming critical. The first step towards
that would be a deeper understanding of the potential cyber-attacks landscape
against power transformers. Much of the existing literature pays attention to
smart equipment within electricity distribution networks, and most methods
proposed are based on model-based detection algorithms. Moreover, only a few of
these works address the security vulnerabilities of power elements, especially
transformers within the transmission network. To the best of our knowledge,
there is no study in the literature that systematically investigate the
cybersecurity challenges against the newly emerged smart transformers. This
paper addresses this shortcoming by exploring the vulnerabilities and the
attack vectors of power transformers within electricity networks, the possible
attack scenarios and the risks associated with these attacks.Comment: 11 page
Cross-layer Approach for Designing Resilient (Sociotechnical, Cyber-Physical, Software-intensive and Systems of) Systems
Our society’s critical infrastructures are sociotechnical cyber-physical systems (CPS) increasingly using open networks for operation. The vulnerabilities of the software deployed in the new control system infrastructure will expose the control system to many potential risks and threats from attackers. This paper starts to develop an information systems design theory for resilient software-intensive systems (DT4RS) so that communities developing and operating different security technologies can share knowledge and best practices using a common frame of reference. By a sound design theory, the outputs of these communities will combine to create more resilient systems, with fewer vulnerabilities and an improved stakeholder sense of security and welfare. The main element of DT4RS is a multi-layered reference architecture of the human, software (cyber) and platform (physical) layers of a cyber-physical system. The layered architecture can facilitate the understanding of the cross-layer interactions between the layers. Cyber security properties are leveraged to help analyzing the interactions between these layers
Machine-assisted Cyber Threat Analysis using Conceptual Knowledge Discovery
Over the last years, computer networks have evolved into highly dynamic and interconnected environments, involving multiple heterogeneous devices and providing a myriad of services on top of them. This complex landscape has made it extremely difficult for security administrators to keep accurate and be effective in protecting their systems against cyber threats. In this paper, we describe our vision and scientific posture on how artificial intelligence techniques and a smart use of security knowledge may assist system administrators in better defending their networks. To that end, we put forward a research roadmap involving three complimentary axes, namely, (I) the use of FCA-based mechanisms for managing configuration vulnerabilities, (II) the exploitation of knowledge representation techniques for automated security reasoning, and (III) the design of a cyber threat intelligence mechanism as a CKDD process. Then, we describe a machine-assisted process for cyber threat analysis which provides a holistic perspective of how these three research axes are integrated together
Methodological Framework to Collect, Process, Analyze and Visualize Cyber Threat Intelligence Data
Cyber attacks have increased in frequency in recent years, affecting small, medium and large companies, creating an urgent need for tools capable of helping the mitigation of such threats. Thus, with the increasing number of cyber attacks, we have a large amount of threat data from heterogeneous sources that needs to be ingested, processed and analyzed in order to obtain useful insights for their mitigation. This study proposes a methodological framework to collect, organize, filter, share and visualize cyber-threat data to mitigate attacks and fix vulnerabilities, based on an eight-step cyber threat intelligence model with timeline visualization of threats information and analytic data insights. We developed a tool to address needs in which the cyber security analyst can insert threat data, analyze them and create a timeline to obtain insights and a better contextualization of a threat. Results show the facilitation of understanding the context in which the threats are inserted, rendering the mitigation of vulnerabilities more effective
Autonomic computing architecture for SCADA cyber security
Cognitive computing relates to intelligent computing platforms that are based on the disciplines of artificial intelligence, machine learning, and other innovative technologies. These technologies can be used to design systems that mimic the human brain to learn about their environment and can autonomously predict an impending anomalous situation. IBM first used the term ‘Autonomic Computing’ in 2001 to combat the looming complexity crisis (Ganek and Corbi, 2003). The concept has been inspired by the human biological autonomic system. An autonomic system is self-healing, self-regulating, self-optimising and self-protecting (Ganek and Corbi, 2003). Therefore, the system should be able to protect itself against both malicious attacks and unintended mistakes by the operator
Individual Differences in Cyber Security
A survey of IT professionals suggested that despite technological advancement and organizational procedures to prevent cyber-attacks, users are still the weakest link in cyber security (Crossler, 2013). This suggests it is important to discover what individual differences may cause a user to be more or less vulnerable to cyber security threats. Cyber security knowledge has been shown to lead to increased learning and proactive cyber security behavior (CSB). Self-efficacy has been shown to be a strong predictor of a user’s intended behavior. Traits such as neuroticism have been shown to negatively influence cyber security knowledge and self-efficacy, which may hinder CSB. In discovering what individual traits may predict CSB, users and designers may be able to implement solutions to improve CSB. In this study, 183 undergraduate students at San José State University completed an online survey. Students completed surveys of self-efficacy in information security, and cyber security behavioral intention, as well as a personality inventory and a semantic cyber security knowledge quiz. Correlational analyses were conducted to test hypotheses related to individual traits expected to predict CSB. Results included a negative relationship between neuroticism and self-efficacy and a positive relationship between self-efficacy and CSB. Overall, the results support the conclusion that individual differences can predict self-efficacy and intention to engage in CSB. Future research is needed to investigate whether CSB is influenced by traits such as neuroticism, if CSB can be improved through video games, and which are the causal directions of these effects
- …