Protection against Cyber Attacks:Introducing Resilience for SCADA Networks

The sovereignty of nations is highly dependent on the continuous and uninterrupted operation of critical infrastructures. Recent security incidents on SCADA networks show that threats in these environments are increasing in sophistication and number. To protect critical infrastructures against cyber attacks and to cope with their complexity, we advocate the application of a resilience strategy. This strategy provides the guidelines and processes to investigate and ensure the resilience of systems. In this abstract, we briefly refer to our definition of resilience, our research work on the verification of resilience policies, and our resilience architecture for protecting SCADA networks against cyber attacks

Model Checking Access Control Policies: A Case Study using Google Cloud IAM

Authoring access control policies is challenging and prone to misconfigurations. Access control policies must be conflict-free. Hence, administrators should identify discrepancies between policy specifications and their intended function to avoid violating security principles. This paper aims to demonstrate how to formally verify access control policies. Model checking is used to verify access control properties against policies supported by an access control model. The authors consider Google's Cloud Identity and Access Management (IAM) as a case study and follow NIST's guidelines to verify access control policies automatically. Automated verification using model checking can serve as a valuable tool and assist administrators in assessing the correctness of access control policies. This enables checking violations against security principles and performing security assessments of policies for compliance purposes. The authors demonstrate how to define Google's IAM underlying role-based access control (RBAC) model, specify its supported policies, and formally verify a set of properties through three examples

Verification of Resilience Policies that Assist Attribute Based Access Control

Access control offers mechanisms to control and limit the actions or operations that are performed by a user on a set of resources in a system. Many access control models exist that are able to support this basic requirement. One of the properties examined in the context of these models is their ability to successfully restrict access to resources. Nevertheless, considering only restriction of access may not be enough in some environments, as in critical infrastructures. The protection of systems in this type of environment requires a new line of enquiry. It is essential to ensure that appropriate access is always possible, even when users and resources are subjected to challenges of various sorts. Resilience in access control is conceived as the ability of a system not to restrict but rather to ensure access to resources. In order to demonstrate the application of resilience in access control, we formally define an attribute based access control model (ABAC) based on guidelines provided by the National Institute of Standards and Technology (NIST). We examine how ABAC-based resilience policies can be specified in temporal logic and how these can be formally verified. The verification of resilience is done using an automated model checking technique, which eventually may lead to reducing the overall complexity required for the verification of resilience policies and serve as a valuable tool for administrators

Information assurance techniques:perceived cost effectiveness

The assurance technique is a fundamental component of the assurance ecosystem; it is the mechanism by which we assess security to derive a measure of assurance. Despite this importance, the characteristics of these assurance techniques have not been comprehensively explored within academic research from the perspective of industry stakeholders. Here, a framework of 20 “assurance techniques” is defined along with their interdependencies. A survey was conducted which received 153 responses from industry stakeholders, in order to determine perceptions of the characteristics of these assurance techniques. These characteristics include the expertise required, number of people required, time required for completion, effectiveness and cost. The extent to which perceptions differ between those in practitioner and management roles is considered. The findings were then used to compute a measure of cost-effectiveness for each assurance technique. Survey respondents were also asked about their perceptions of complementary assurance techniques. These findings were used to establish 15 combinations, of which the combined effectiveness and cost-effectiveness was assessed

A Framework to Support ICS Cyber Incident Response and Recovery

During the past decade there has been a steady increase in cyber attacks targeting Critical National Infrastructure. In order to better protect against an ever-expanding threat landscape, governments, standards bodies, and a plethora of industry experts have produced relevant guidance for operators in response to incidents. However, in a context where safety, reliability, and availability are key, combined with the industrial nature of operational systems, advice on the right practice remains a challenge. This is further compounded by the volume of available guidance, raising questions on where operators should start, which guidance set should be followed, and how confidence in the adopted approach can be established. In this paper, an analysis of existing guidance with a focus on cyber incident response and recovery is provided. From this, a work in progress framework is posited, to better support operators in the development of response and recovery operations

Verification of Policies in Human Cyber-Physical Systems:the Role and Importance of Resilience

Cyber-physical systems (CPS) are characterised by interactions of physical and computational components. A CPS also interacts with its operational environment, and thus with other entities including humans. Humans are an important aspect of human CPS (HCPS) since they are responsible for using (e.g., administering) these types of system. Such interactions are usually expressed though access control policies, which in many cases (e.g., when performing critical operations) are required to support the property of resilience to cope with challenges to the normal operation of the HCPS. In this paper, we pinpoint the importance of resilience as a property in access control policies and we describe a mechanism to conduct its formal verification. Finally, we identify potential future directions in the verification of access control properties, complementary to resilience

Assurance Techniques for Industrial Control Systems (ICS)

Assurance techniques generate evidence that allow us to make claims of assurance about security. For the purpose of certification to an assurance scheme, this evidence enables us to answer the question: are the implemented security controls consistent with organisational risk posture? This paper uses interviews with security practitioners to assess how ICS security assessments are conducted in practice, before introducing the five "PASIV" principles to ensure the safe use of assurance techniques. PASIV is then applied to three phases of the system development life cycle (development; procurement; operational), to determine when and when not, these assurance techniques can be used to generate evidence. Focusing then on the operational phase, this study assesses how assurances techniques generate evidence for the 35 security control families of ISO/IEC 27001:2013

All that glitters is not gold:on the effectiveness of cyber security qualifications

There has been a proliferation of industry-focused cyber security qualifications, which use different techniques to assess the competencies of cyber security professionals and certify them to employers. There is, however, a lingering question about these qualifications: do they effectively assess the competencies of cyber security professionals? 74 cyber security qualifications were analysed to determine how competency assessment is performed in practice, and five distinct techniques were identified together with the frequency of their use within qualifications. These techniques formed the basis of a large-scale survey of the perceptions of 153 industry stakeholders on the effectiveness of individual techniques and their cost-effectiveness as combinations. Despite a perceived low effectiveness of Multiple Choice Examinations, industry qualifications were found to rely on it heavily, often as a sole technique, and few qualifications utilised the cost-effective combinations identified by stakeholders