22 research outputs found
Armia Halicka jako przeciwnik Wojska Polskiego 1918–1919
Показано створення та реорганізацію Збройних сил ЗУНР, бої бригад Галицької
армії в ході українсько-польської війни (листопад 1918 – липень 1919 рр.).The article explores attempts to reorganize the Military Forces of the ZUNR and
battles fought by the Galician Army during the Polish-Ukrainian War (November 1918 –
July 1919)
PCaaD:Towards automated determination and exploitation of industrial systems
Over the last decade, Programmable Logic Controllers (PLCs) have been increasingly targeted by attackers to obtain control over industrial processes that support critical services. Such targeted attacks typically require detailed knowledge of system-specific attributes, including hardware configurations, adopted protocols, and PLC control-logic, i.e., process comprehension. The consensus from both academics and practitioners suggests stealthy process comprehension obtained from a PLC alone, to execute targeted attacks, is impractical. In contrast, we assert that current PLC programming practices open the door to a new vulnerability class, affording attackers an increased level of process comprehension. To support this, we propose the concept of Process Comprehension at a Distance (PCaaD), as a novel methodological and automatable approach towards the system-agnostic identification of PLC library functions. This leads to the targeted exfiltration of operational data, manipulation of control-logic behavior, and establishment of covert command and control channels through unused memory. We validate PCaaD on widely used PLCs through its practical application
Cyber Insurance: recent advances, good practices & challenges
The aim of this ENISA report is to raise awareness for the most impact to market advances, by shortly identifying the most significant cyber insurance developments for the past four years – during 2012 to 2016 – and to capture the good practices and challenges during the early stages of the cyber insurance lifecycle, i.e. before an actual policy is signed, laying the ground for future work in the area
Predictors of moving on from mental health supported accommodation in England: national cohort study
National Institute of Health Research (RP-PG-0610-10097
Design Considerations for Building Credible Security Testbeds: Perspectives from Industrial Control System Use Cases
This paper presents a mapping framework for design factors and an implementation process for building credible Industrial Control Systems (ICS) security testbeds. The security and resilience of ICSs has become a critical concern to operators and governments following widely publicised cyber security events. The inability to apply conventional Information Technology security practice to ICSs further compounds challenges in adequately securing critical systems. To overcome these challenges, and do so without impacting live environments, testbeds are widely used for the exploration, development, and evaluation of security controls. However, how a testbed is designed and its attributes, can directly impact not only its viability but also its credibility. Combining systematic and thematic analysis, and the mapping of identified ICS security testbed design attributes, we propose a novel relationship map of credibility-supporting design factors (and their associated attributes) and a process implementation flow structure for ICS security testbeds. The framework and implementation process highlight the significance of demonstrating some design factors such as user/experimenter expertise, clearly defined testbed design objectives, simulation implementation approach, covered architectural components, core structural and functional characteristics covered, and evaluations to enhance confidence, trustworthiness and acceptance of ICS security testbeds as credible. These can streamline testbed requirement definition, improve design consistency and quality while reducing implementation costs
Timing of Cyber-Physical Attacks on Process Control Systems
Part 1: Control Systems SecurityInternational audienceThis paper introduces a new problem formulation for assessing the vulnerabilities of process control systems. In particular, it considers an adversary who has compromised sensor signals and has to decide on the best time to launch an attack. The task of selecting the best time to attack is formulated as an optimal stopping problem that the adversary has to solve in real time. The theory underlying the best choice problem is used to identify an optimal stopping criterion, and a low-pass filter is subsequently used to identify when the time series of a process variable has reached the state desired by the attacker (i.e., its peak). The complexities associated with the problem are also discussed, along with directions for future research