Enhancing Cyber-Resiliency of DER-based SmartGrid: A Survey

The rapid development of information and communications technology has enabled the use of digital-controlled and software-driven distributed energy resources (DERs) to improve the flexibility and efficiency of power supply, and support grid operations. However, this evolution also exposes geographically-dispersed DERs to cyber threats, including hardware and software vulnerabilities, communication issues, and personnel errors, etc. Therefore, enhancing the cyber-resiliency of DER-based smart grid - the ability to survive successful cyber intrusions - is becoming increasingly vital and has garnered significant attention from both industry and academia. In this survey, we aim to provide a systematical and comprehensive review regarding the cyber-resiliency enhancement (CRE) of DER-based smart grid. Firstly, an integrated threat modeling method is tailored for the hierarchical DER-based smart grid with special emphasis on vulnerability identification and impact analysis. Then, the defense-in-depth strategies encompassing prevention, detection, mitigation, and recovery are comprehensively surveyed, systematically classified, and rigorously compared. A CRE framework is subsequently proposed to incorporate the five key resiliency enablers. Finally, challenges and future directions are discussed in details. The overall aim of this survey is to demonstrate the development trend of CRE methods and motivate further efforts to improve the cyber-resiliency of DER-based smart grid.Comment: Submitted to IEEE Transactions on Smart Grid for Publication Consideratio

Resilience vs. Prevention. Which is the Better Cybersecurity Practice?

Students in multiple cohorts of our 3000 level Fundamentals of Information Systems Security course were given a discussion question where they had to either agree or disagree with the premise that given all the constant threats to our systems, we should dedicate more of our efforts to quickly repairing the damage of an attack rather than dedicate more of our time and energies to preventing such attacks. They were required to give their reasoning and provide sources to back up their analysis of his comment. This paper will describe and explain the concept of cyber resiliency. It will then evaluate the responses of the students and their sources to determine if they felt that emphasizing bringing systems back quickly over prevention is a cybersecurity practice that more organizations should consider, as well as give some recommendations about both cyber prevention and cyber resiliency methods

Increasing Cyber Resiliency of Industrial Control Systems

Industrial control systems (ICS) are designed to be resilient, capable of recovering from process faults and failures with limited impact to operations. Current ICS resiliency strategies use redundant PLCs. However, these redundant PLCs, being of similar make and model, can be exploited by the same cyber attack, defeating the ICS\u27s resiliency strategy. This research proposes a resiliency strategy for ICS that employs an active defense technique to remove the cyber common cause failure. The resiliency of the active defense strategy is compared to traditional ICS resiliency by implementing both strategies in a semi-simulated wastewater treatment plant aeration basin that experiences a cyber attack. The active defense technique was shown to maintain effective treatment of the wastewater through the cyber attack where the traditional implementation allowed a process disruption that prevented the effective treatment of the wastewater

Cyber resiliency for digital enterprises: A strategic leadership perspective

As organizations increasingly view information as one of their most valuable assets, which supports the creation and distribution of their products and services, information security will be an integral part of the design and operation of organizational business processes. Yet, risks associated with cyber attacks are on the rise. Organizations that are subjected to attacks can suffer significant reputational damage as well as loss of information and knowledge. As a consequence, effective leadership is cited as a critical factor for ensuring corporate level attention for information security. However, there is a lack of empirical understanding as to the roles strategic leaders play in shaping and supporting the cyber security strategy. This study seeks to address this gap in the literature by focusing on how senior leaders support the cyber security strategy. The authors conducted a series of exploratory interviews with leaders in the positions of Chief Information Officer, Chief Security Information Officer, and Chief Technology Officer. The findings revealed that leaders are engaged in both transitional, where the focus is on improving governance and integration, and transformational support, which involves fostering a new cultural mindset for cyber resiliency and the development of an ecosystem approach to security thinking. Managerial relevance statement Our findings provide interesting insights for managers particularly those in the role of Chief Information Officers (CIOs), Chief Security Information Officers (CSIOs), and Chief Technology Officers (CTOs). We propose a Cyber Security Strategy Framework (CSSF) which can be used by these information/technology managers to design an effective organizational strategy to develop cyber resilience in their organization. Our framework suggests that managers should focus on transitional and transformational support. The transitional support focuses on improving governance and integration whereas transformational support focuses on the emphasis of fostering a new cultural mindset for cyber resiliency and the development of an ecosystem approach to security thinking. Our findings provide good evidence showing how leaders can support more effective cyber security initiatives

UK cyber security and critical national infrastructure protection

This article is intended to aid the UK government in protecting the UK from cyber attacks on its Critical National Infrastructure. With a National Cyber Security Centre now being established and an updated National Cyber Security Strategy due in 2016, it is vital for the UK government to take the right approach. This article seeks to inform this approach by outlining the scope of the problems Britain faces and what action the UK government is taking to combat these threats. In doing so, it offers a series of recommendations designed to further help mitigate these threats, drive up cyber resiliency and aid recovery plans should they be required. It argues that complete engagement and partnership with private sector owner–operators of Critical National Infrastructure are vital to the success of the government's National Cyber Security Strategy. It makes the case that for cyber resiliency to be fully effective, action is needed at national and global levels requiring states and private industry better to comprehend the threat environment and the risks facing Critical National Infrastructure from cyber attacks and those responsible for them. These are problems for all developed and developing states

A Novel Cyber Resilience Framework – Strategies and Best Practices for Today's Organizations

Cyber resilience refers to an organization's ability to maintain its essential functions, services despite cyber-attacks and swiftly recover from any disruptions. It involves proactive measures like gathering threat intelligence and managing risks, as well as reactive measures such as incident response planning, data backup and recovery. To achieve cyber resilience, organizations must implement robust cyber security measures, regularly update their incident response plans, and educate employees on safe online practices. Furthermore, having a comprehensive backup and recovery strategy in place is crucial to swiftly restore critical systems and data in the event of an attack. Overall, the proposed framework emphasizes cyber resilience as a continuous and proactive approach for managing cyber security risks and safeguarding against the growing threat of cyber-attacks

Organisational Cyber Resilience: research opportunities

Online reviews have become ubiquitous in modern day business environment. They shape consumer perception regarding a product or service, and thereby affect sales and profits of a business. Extant work on online review influence has investigated mechanisms by which a review may affect consumers’ decisions. The studies, however, have ignored the possibility of a change in the impact of drivers of influence over time, as more reviews are posted. This study attempts to bridge the gap. Drawing from elaboration likelihood model (ELM) and Simon’s theory of bounded rationality, hypotheses regarding temporal changes in the impact of drivers of influence have been proposed. The hypotheses have been tested based on online review data from Yelp.com. Additionally, in this study, it has been recognized that the gap or difference between review content being created and that needed by consumers to support decisions is more important than an understanding of the latter alone. Therefore, a set of hypotheses have been proposed regarding changes in review content characteristics over time, tested over the same dataset, and compared with the findings on temporal changes in the impact of drivers of review influence. The insights from this study have important implications for both theory and practice and have been discussed

Evaluating Resilience of Cyber-Physical-Social Systems

Nowadays, protecting the network is not the only security concern. Still, in cyber security, websites and servers are becoming more popular as targets due to the ease with which they can be accessed when compared to communication networks. Another threat in cyber physical social systems with human interactions is that they can be attacked and manipulated not only by technical hacking through networks, but also by manipulating people and stealing users’ credentials. Therefore, systems should be evaluated beyond cy- ber security, which means measuring their resilience as a piece of evidence that a system works properly under cyber-attacks or incidents. In that way, cyber resilience is increas- ingly discussed and described as the capacity of a system to maintain state awareness for detecting cyber-attacks. All the tasks for making a system resilient should proactively maintain a safe level of operational normalcy through rapid system reconfiguration to detect attacks that would impact system performance. In this work, we broadly studied a new paradigm of cyber physical social systems and defined a uniform definition of it. To overcome the complexity of evaluating cyber resilience, especially in these inhomo- geneous systems, we proposed a framework including applying Attack Tree refinements and Hierarchical Timed Coloured Petri Nets to model intruder and defender behaviors and evaluate the impact of each action on the behavior and performance of the system.Hoje em dia, proteger a rede não é a única preocupação de segurança. Ainda assim, na segurança cibernética, sites e servidores estão se tornando mais populares como alvos devido à facilidade com que podem ser acessados quando comparados às redes de comu- nicação. Outra ameaça em sistemas sociais ciberfisicos com interações humanas é que eles podem ser atacados e manipulados não apenas por hackers técnicos através de redes, mas também pela manipulação de pessoas e roubo de credenciais de utilizadores. Portanto, os sistemas devem ser avaliados para além da segurança cibernética, o que significa medir sua resiliência como uma evidência de que um sistema funciona adequadamente sob ataques ou incidentes cibernéticos. Dessa forma, a resiliência cibernética é cada vez mais discutida e descrita como a capacidade de um sistema manter a consciência do estado para detectar ataques cibernéticos. Todas as tarefas para tornar um sistema resiliente devem manter proativamente um nível seguro de normalidade operacional por meio da reconfi- guração rápida do sistema para detectar ataques que afetariam o desempenho do sistema. Neste trabalho, um novo paradigma de sistemas sociais ciberfisicos é amplamente estu- dado e uma definição uniforme é proposta. Para superar a complexidade de avaliar a resiliência cibernética, especialmente nesses sistemas não homogéneos, é proposta uma estrutura que inclui a aplicação de refinamentos de Árvores de Ataque e Redes de Petri Coloridas Temporizadas Hierárquicas para modelar comportamentos de invasores e de- fensores e avaliar o impacto de cada ação no comportamento e desempenho do sistema