Digital landscape transforms remarkably and grows exponentially tackling important societal challenges and needs. In the modern age, futuristic digital concepts are ideated and developed. These digital developments create a diverse pallet of opportunities for organizations and their members like decision makers and financial personnel. Simultaneously, they also introduce different factors that influence users’ behaviour related to digital security. However, no method exists to determine whether users’ behaviour could be considered responsible or not, and in case this behaviour is irresponsible, how it could be managed effectively to avoid negative consequences. Thus far, no attempt was made to investigate this to the best of our knowledge. Then this research aims to: (i) introduce ‘responsible digital security behaviour’ notion, (ii) identify different factors influencing this behaviour, (iii) design a Bayesian Network model that classifies responsible/irresponsible digital security behaviour considering these factors, and (iv) draw recommendations for improving users’ responsible digital security behaviour. To address these, extensive literature review is conducted through technical, ethical, and social lenses in a Design Science Research approach for defining, building, and exemplifying the model. The results contribute to increasing digital security awareness and empowering in a responsible way users’ behaviours and decision-processes involved in developing and adopting new standards, methodologies, and tools in the modern digital era.
{"title":"Responsible Digital Security Behaviour: Definition and Assessment Model","authors":"Clara Maathuis, S. Chockalingam","doi":"10.34190/eccws.21.1.203","DOIUrl":"https://doi.org/10.34190/eccws.21.1.203","url":null,"abstract":"Digital landscape transforms remarkably and grows exponentially tackling important societal challenges and needs. In the modern age, futuristic digital concepts are ideated and developed. These digital developments create a diverse pallet of opportunities for organizations and their members like decision makers and financial personnel. Simultaneously, they also introduce different factors that influence users’ behaviour related to digital security. However, no method exists to determine whether users’ behaviour could be considered responsible or not, and in case this behaviour is irresponsible, how it could be managed effectively to avoid negative consequences. Thus far, no attempt was made to investigate this to the best of our knowledge. Then this research aims to: (i) introduce ‘responsible digital security behaviour’ notion, (ii) identify different factors influencing this behaviour, (iii) design a Bayesian Network model that classifies responsible/irresponsible digital security behaviour considering these factors, and (iv) draw recommendations for improving users’ responsible digital security behaviour. To address these, extensive literature review is conducted through technical, ethical, and social lenses in a Design Science Research approach for defining, building, and exemplifying the model. The results contribute to increasing digital security awareness and empowering in a responsible way users’ behaviours and decision-processes involved in developing and adopting new standards, methodologies, and tools in the modern digital era.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116896248","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A modern society includes several critical infrastructures in which digitalization can have positive impacts on the levels of autonomy and efficiency in the use of infrastructure systems. Maritime transportation is an example of an infrastructure that currently needs development in the digitalization of its operations and processes. At the same time, maritime processes represent a large-scale cyber environment, thus trustable information distribution between system elements of the processes is needed. Since 2020, the Sea4Value / Fairway (S4VF) research program in Finland has been working to develop maritime digitalization which can lead to autonomy processes in the future. The first stage of the program has led to a demonstration phase of remote fairway piloting. This remote fairway piloting process, “ePilotage,” is a complex system-of-systems entity. In this entity, fairway systems, ship systems and control center systems are the main processes from the operational point of view. Remote pilotage operations need support processes such as vessel traffic service (VTS) and weather forecast services. Situation awareness from other vessels and the stakeholder’s processes are also essential information for the entire piloting operation. In this context, a new concept of information flows at the technical level will be based partly on cloud servers. In this paper, a cybersecurity risk assessment has been carried out at the technical level of information and communication technologies (ICT), and it concerns information transmission between a ship and a cloud server. It describes the most important topics for a comprehensive risk assessment in a specific ship-to-cloud information flow of the fairway process. The findings of the study can be considered good examples of the management of cybersecurity risks in critical information flows between all main system blocks of the fairway process. The research question is as follows: “How can the cybersecurity risks of information flows in a system-of-systems entity be described and evaluated?” The main findings are related to the risks of transmitting information from a ship to a cloud server. The methodology that has been used is based on analyzing the probabilities of cyberattacks occurring in relation to the probabilities to defend against these actions. The main risk assessment topics have been listed.
{"title":"Cybersecurity risk assessment subjects in information flows","authors":"J. Pöyhönen","doi":"10.34190/eccws.21.1.263","DOIUrl":"https://doi.org/10.34190/eccws.21.1.263","url":null,"abstract":"A modern society includes several critical infrastructures in which digitalization can have positive impacts on the levels of autonomy and efficiency in the use of infrastructure systems. Maritime transportation is an example of an infrastructure that currently needs development in the digitalization of its operations and processes. At the same time, maritime processes represent a large-scale cyber environment, thus trustable information distribution between system elements of the processes is needed. Since 2020, the Sea4Value / Fairway (S4VF) research program in Finland has been working to develop maritime digitalization which can lead to autonomy processes in the future. The first stage of the program has led to a demonstration phase of remote fairway piloting. This remote fairway piloting process, “ePilotage,” is a complex system-of-systems entity. In this entity, fairway systems, ship systems and control center systems are the main processes from the operational point of view. Remote pilotage operations need support processes such as vessel traffic service (VTS) and weather forecast services. Situation awareness from other vessels and the stakeholder’s processes are also essential information for the entire piloting operation. In this context, a new concept of information flows at the technical level will be based partly on cloud servers. In this paper, a cybersecurity risk assessment has been carried out at the technical level of information and communication technologies (ICT), and it concerns information transmission between a ship and a cloud server. It describes the most important topics for a comprehensive risk assessment in a specific ship-to-cloud information flow of the fairway process. The findings of the study can be considered good examples of the management of cybersecurity risks in critical information flows between all main system blocks of the fairway process. The research question is as follows: “How can the cybersecurity risks of information flows in a system-of-systems entity be described and evaluated?” The main findings are related to the risks of transmitting information from a ship to a cloud server. The methodology that has been used is based on analyzing the probabilities of cyberattacks occurring in relation to the probabilities to defend against these actions. The main risk assessment topics have been listed.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129726905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In an increasingly interconnected and globalized world in which the volume but also the confidentiality of transmitted content is becoming ever more important, trust, confidence and trustworthiness are of fundamental importance. Particularly in human societies, this trust is established, sustained and strengthened by personal relationships and experiences. But, in a globally connected world with Cyber-Physical Production Systems (CPPS), Industrial Internet of Things (IIoT) and Digital Twins (DTs), these personal relationships do not longer exist. (Remote) access to systems is possible from anywhere on the globe. However, this implies that there have to be technical solutions to detect, identify and acknowledge entities -people and machines- in the networks and thus to establish an initial level of trust. �Especially since the proliferation of appropriate use-cases, Physical Layer Security (PhySec) is becoming increasingly popular in the scientific community. Using systems' intrinsic information for security applications provides a lightweight but secure alternative to traditional computationally intensive and complex cryptography. PhySec is therefore not only suitable for the IIoT and the multitude of resource-limited devices and sensors, it also opens up alternatives in terms of scalability and efficiency. Moreover, it provides security aspects regarding the entropy H and Perfect Forward Secrecy (PFS). �Therefore, this work provides insight into three major branches of PhySec: i) Human - Physically Unclonable Functions (PUFs) ii) silicon/electrical - PUFs, and iii) Channel-PUFs. Based on the PUF operating principle, the silicon derivatives consider the electrical properties of semiconductors. Individual and uninfluenceable deviations during the manufacturing process result in component-specific behavior, which is described in particular for Static- and Dynamic Random Access Memory (S-/DRAM). Following this PUF principle, human characteristics -biological, physiological and behavioral features-, are used to recognize and authenticate them. With respect to the wireless channel, the characteristic properties of electromagnetic wave propagation and the influences on the wireless channel -diffraction, reflection, refraction and scattering-, are used to achieve symmetric encryption of the channel. �In addition to the "conventional" wireless PhySec, especially the development of the Sixth Generation (6G) Wireless Systems, opens up a wide range of possibilities in terms of PhySec, for example in relation to Visible Light Communication (VLC), Reconfigurable Intelligent Surfaces (RIS) and in general the application of frequencies in the (sub)THz range. �Thus, the work provides an overview of PhySec fields of application in all areas of the IIoT: in terms of humans, machines, and the transmission channel.
{"title":"Physical Layer Security: About Humans, Machines and the Transmission Channel","authors":"C. Lipps, H. Schotten","doi":"10.34190/eccws.21.1.403","DOIUrl":"https://doi.org/10.34190/eccws.21.1.403","url":null,"abstract":"In an increasingly interconnected and globalized world in which the volume but also the confidentiality of transmitted content is becoming ever more important, trust, confidence and trustworthiness are of fundamental importance. Particularly in human societies, this trust is established, sustained and strengthened by personal relationships and experiences. But, in a globally connected world with Cyber-Physical Production Systems (CPPS), Industrial Internet of Things (IIoT) and Digital Twins (DTs), these personal relationships do not longer exist. (Remote) access to systems is possible from anywhere on the globe. However, this implies that there have to be technical solutions to detect, identify and acknowledge entities -people and machines- in the networks and thus to establish an initial level of trust. \u0000Especially since the proliferation of appropriate use-cases, Physical Layer Security (PhySec) is becoming increasingly popular in the scientific community. Using systems' intrinsic information for security applications provides a lightweight but secure alternative to traditional computationally intensive and complex cryptography. PhySec is therefore not only suitable for the IIoT and the multitude of resource-limited devices and sensors, it also opens up alternatives in terms of scalability and efficiency. Moreover, it provides security aspects regarding the entropy H and Perfect Forward Secrecy (PFS). \u0000Therefore, this work provides insight into three major branches of PhySec: i) Human - Physically Unclonable Functions (PUFs) ii) silicon/electrical - PUFs, and iii) Channel-PUFs. Based on the PUF operating principle, the silicon derivatives consider the electrical properties of semiconductors. Individual and uninfluenceable deviations during the manufacturing process result in component-specific behavior, which is described in particular for Static- and Dynamic Random Access Memory (S-/DRAM). Following this PUF principle, human characteristics -biological, physiological and behavioral features-, are used to recognize and authenticate them. With respect to the wireless channel, the characteristic properties of electromagnetic wave propagation and the influences on the wireless channel -diffraction, reflection, refraction and scattering-, are used to achieve symmetric encryption of the channel. \u0000In addition to the \"conventional\" wireless PhySec, especially the development of the Sixth Generation (6G) Wireless Systems, opens up a wide range of possibilities in terms of PhySec, for example in relation to Visible Light Communication (VLC), Reconfigurable Intelligent Surfaces (RIS) and in general the application of frequencies in the (sub)THz range. \u0000Thus, the work provides an overview of PhySec fields of application in all areas of the IIoT: in terms of humans, machines, and the transmission channel.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129734747","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cybersecurity is high on the agenda of national and international security policy discussions – mostly lead by diplomats. The practise of diplomacy has evolved since the Internet has become the backbone of society as we know it. Technological evolution has resulted in a significantly bigger and more accessible cyberspace, but the ability of governments and institutions to respond to and function in an expanding cyberspace seems to be lagging behind. The practice of diplomacy has similarly changed fundamentally and created a cyber-diplomacy environment where there is an increased utilization of inter alia social media platforms to achieve foreign policy goals. There is not enough attention given to practical processes to guide the new breed of diplomats in the evolving world of cyber-diplomacy and there is a need to improve the cybersecurity awareness of diplomats in all countries, but this article will focus primarily on developing countries. To mitigate potential cyber threats to diplomacy, diplomats need to be subjected to cyber-diplomacy orientation as well as functional cyber awareness training. Preliminary research conducted suggests that there is a gap between the existing and required cyber-diplomacy and cybersecurity awareness levels of diplomats from developing countries. The purpose of the article is to present a cyber-diplomacy and cybersecurity awareness framework (CDAF) that can be used by developing countries to equip their diplomats to play a more constructive role within the international cyber-diplomacy domain. The CDAF comprises of two distinct components, namely cyber-diplomacy and cybersecurity awareness, but this article will focus primarily on the cyber-diplomacy capacity building aspect of the CDAF. The CDAF was developed by following a design science research approach where a real-world problem was identified followed by an in-depth literature review to identify objectives and possible solutions to the problem. The subsequent outcomes were used to design and development of the CDAF. The article concludes with a critical evaluation of the proposed framework as well as how it can be incorporated into the developing cybersecurity knowledge modules of the Global Forum on Cyber Expertise (GFCE).
{"title":"A Cyber-Diplomacy and Cybersecurity Awareness Framework (CDAF) for Developing Countries","authors":"Hendrik Zwarts, Jaco du Toit, B. von Solms","doi":"10.34190/eccws.21.1.226","DOIUrl":"https://doi.org/10.34190/eccws.21.1.226","url":null,"abstract":"Cybersecurity is high on the agenda of national and international security policy discussions – mostly lead by diplomats. The practise of diplomacy has evolved since the Internet has become the backbone of society as we know it. Technological evolution has resulted in a significantly bigger and more accessible cyberspace, but the ability of governments and institutions to respond to and function in an expanding cyberspace seems to be lagging behind. The practice of diplomacy has similarly changed fundamentally and created a cyber-diplomacy environment where there is an increased utilization of inter alia social media platforms to achieve foreign policy goals. There is not enough attention given to practical processes to guide the new breed of diplomats in the evolving world of cyber-diplomacy and there is a need to improve the cybersecurity awareness of diplomats in all countries, but this article will focus primarily on developing countries. To mitigate potential cyber threats to diplomacy, diplomats need to be subjected to cyber-diplomacy orientation as well as functional cyber awareness training. Preliminary research conducted suggests that there is a gap between the existing and required cyber-diplomacy and cybersecurity awareness levels of diplomats from developing countries. The purpose of the article is to present a cyber-diplomacy and cybersecurity awareness framework (CDAF) that can be used by developing countries to equip their diplomats to play a more constructive role within the international cyber-diplomacy domain. The CDAF comprises of two distinct components, namely cyber-diplomacy and cybersecurity awareness, but this article will focus primarily on the cyber-diplomacy capacity building aspect of the CDAF. The CDAF was developed by following a design science research approach where a real-world problem was identified followed by an in-depth literature review to identify objectives and possible solutions to the problem. The subsequent outcomes were used to design and development of the CDAF. The article concludes with a critical evaluation of the proposed framework as well as how it can be incorporated into the developing cybersecurity knowledge modules of the Global Forum on Cyber Expertise (GFCE).","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"112 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115953665","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents a concept for utilising falsified documents and disinformation as a security measure by diminishing the utility of the stolen information for the attacker. Classical definition of tarpitting honeypots is to create virtual servers attractive to worms and other malware that answer their connection attempts in such a way that the machine on the other end becomes stuck. A common extension to the OSI model is to refer the user as the layer 8 on top of the application layer. By generating attractive looking but falsified documents and datasets within our secured network along with the real information, we could be able to force the malicious user on the other end similarly to be 'stuck' as they need to dig through and verify all the information they have managed to steal. This in effect slows down the opponents' decision making speed, can make their activity in the network more visible and possibly even mislead them. The concept has similarities to the Canary trap or Barium Meal type of tests, and using Honey tokens to help identify who might be the leaker or from which database the data was stolen. However, the amount of falsified data or fake entries in databases in our concept is significantly larger and the main purpose is to diminish the utility of the stolen data or otherwise leaked information. The requirement to verify the information and scan through piles of documents trying to found the real information among them can give more time to the defender to react if the attack was noticed. It will also reduce the value of the information if it is just dumped in the open, as its contents and authenticity can be more easily questioned. AI powered methods such as the GPT-3 that can generate massive amounts very realistic looking text which is hard to differentiate from human generated texts could make this type of concept more feasible to the defender to utilise. The shortcoming of this concept is the risk that legitimate end-users could also confuse the real and falsified information together if that is not prevented somehow.
{"title":"Layer 8 Tarpits:","authors":"T. Virtanen, Petteri Simola","doi":"10.34190/eccws.21.1.252","DOIUrl":"https://doi.org/10.34190/eccws.21.1.252","url":null,"abstract":"This paper presents a concept for utilising falsified documents and disinformation as a security measure by diminishing the utility of the stolen information for the attacker. Classical definition of tarpitting honeypots is to create virtual servers attractive to worms and other malware that answer their connection attempts in such a way that the machine on the other end becomes stuck. A common extension to the OSI model is to refer the user as the layer 8 on top of the application layer. By generating attractive looking but falsified documents and datasets within our secured network along with the real information, we could be able to force the malicious user on the other end similarly to be 'stuck' as they need to dig through and verify all the information they have managed to steal. This in effect slows down the opponents' decision making speed, can make their activity in the network more visible and possibly even mislead them. The concept has similarities to the Canary trap or Barium Meal type of tests, and using Honey tokens to help identify who might be the leaker or from which database the data was stolen. However, the amount of falsified data or fake entries in databases in our concept is significantly larger and the main purpose is to diminish the utility of the stolen data or otherwise leaked information. The requirement to verify the information and scan through piles of documents trying to found the real information among them can give more time to the defender to react if the attack was noticed. It will also reduce the value of the information if it is just dumped in the open, as its contents and authenticity can be more easily questioned. AI powered methods such as the GPT-3 that can generate massive amounts very realistic looking text which is hard to differentiate from human generated texts could make this type of concept more feasible to the defender to utilise. The shortcoming of this concept is the risk that legitimate end-users could also confuse the real and falsified information together if that is not prevented somehow.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121693118","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A multi-channel communication architecture featuring distributed fragments of data is presented as a method for improving security available in a communication architecture. However, measuring security remains challenging. The Quality of Secure Service (QoSS) model defines a manner by which the probability of data leakage and the probability of data corruption may be used to estimate security properties for a given communication network. These two probabilities reflect two of the three aspects of the IT security triad, specifically confidentiality and integrity. The probability of data leakage is directly related to the probability of confidentiality and may be estimated based on the probabilities of data interception, decryption, and decoding. The number of listeners who have access to the communication channels influences these probabilities, and unique to the QoSS model, the ability to fragment and distribute data messages across multiple channels between sender and receiver. To simulate the behaviors of various communication architectures and the possibility of malicious interference, the probability of data leakage and its constituent metrics require a thorough analysis. Even if a listener is aware that multiple channels exist, each intermediate node (if any) simply appears to have one input and one output. There may be one or more listeners, and they may or may not be working cooperatively. Even if the listener(s) gains access to more than one channel, there is still the challenge of decrypting, decoding, or reassembling the fragmented data. The analysis presented herein will explore the probability of confidentiality from both the authorized user’s and the adversary’s perspective.
{"title":"Probability of Data Leakage and Its Impacts on Confidentiality","authors":"Paul M. Simon, Scott Graham","doi":"10.34190/eccws.21.1.472","DOIUrl":"https://doi.org/10.34190/eccws.21.1.472","url":null,"abstract":"A multi-channel communication architecture featuring distributed fragments of data is presented as a method for improving security available in a communication architecture. However, measuring security remains challenging. The Quality of Secure Service (QoSS) model defines a manner by which the probability of data leakage and the probability of data corruption may be used to estimate security properties for a given communication network. These two probabilities reflect two of the three aspects of the IT security triad, specifically confidentiality and integrity. The probability of data leakage is directly related to the probability of confidentiality and may be estimated based on the probabilities of data interception, decryption, and decoding. The number of listeners who have access to the communication channels influences these probabilities, and unique to the QoSS model, the ability to fragment and distribute data messages across multiple channels between sender and receiver. To simulate the behaviors of various communication architectures and the possibility of malicious interference, the probability of data leakage and its constituent metrics require a thorough analysis. Even if a listener is aware that multiple channels exist, each intermediate node (if any) simply appears to have one input and one output. There may be one or more listeners, and they may or may not be working cooperatively. Even if the listener(s) gains access to more than one channel, there is still the challenge of decrypting, decoding, or reassembling the fragmented data. The analysis presented herein will explore the probability of confidentiality from both the authorized user’s and the adversary’s perspective.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126064481","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The goal of this paper is to argue for the mandatory reporting of cyber-attacks on critical U.S. infrastructure, industries, and companies to the Department of Defense (DoD) for the DoD to improve national security through a clearer understanding of the threats and how to position the U.S. for better defense. The paper will first discuss who will be subject to mandatory reporting and propose a template for the requirements of reporting such as the turnaround time to report and the details needed from the attack. The paper will provide an argument showing the benefit to the DoD requiring reporting and why it should be concerned about external cyber-attacks on non-DoD systems. The paper will then look on the private sector viewpoints to discuss the benefits of mandatory reporting such as the bottom line and brand awareness. Additionally, the paper will also discuss how the consumer will benefit from mandatory reporting with a focus on both financial and privacy issues. Lastly, the paper will address some key points of dissent on the topic of mandatory reporting as well some evidence to push back or show how the negatives of not reporting outweighs the negative of reporting. After reading the paper, the reader will have a better picture of the current status of cyber-attacks on the private sector, how these attacks effect the DoD’s mission, and why mandatory reporting can help enhance private sector cybersecurity. More research is needed to better understand the legal argument for requiring reporting on cyber-attacks as well as economic incentives for compliance, however this paper is not intending to answer that argument given the authors do not come from the legal or economic disciplines.
{"title":"Operationalizing Cyber: Recommendations for Future Research","authors":"Baylor Franck, Mark Reith","doi":"10.34190/eccws.21.1.308","DOIUrl":"https://doi.org/10.34190/eccws.21.1.308","url":null,"abstract":"The goal of this paper is to argue for the mandatory reporting of cyber-attacks on critical U.S. infrastructure, industries, and companies to the Department of Defense (DoD) for the DoD to improve national security through a clearer understanding of the threats and how to position the U.S. for better defense. The paper will first discuss who will be subject to mandatory reporting and propose a template for the requirements of reporting such as the turnaround time to report and the details needed from the attack. The paper will provide an argument showing the benefit to the DoD requiring reporting and why it should be concerned about external cyber-attacks on non-DoD systems. The paper will then look on the private sector viewpoints to discuss the benefits of mandatory reporting such as the bottom line and brand awareness. Additionally, the paper will also discuss how the consumer will benefit from mandatory reporting with a focus on both financial and privacy issues. Lastly, the paper will address some key points of dissent on the topic of mandatory reporting as well some evidence to push back or show how the negatives of not reporting outweighs the negative of reporting. After reading the paper, the reader will have a better picture of the current status of cyber-attacks on the private sector, how these attacks effect the DoD’s mission, and why mandatory reporting can help enhance private sector cybersecurity. More research is needed to better understand the legal argument for requiring reporting on cyber-attacks as well as economic incentives for compliance, however this paper is not intending to answer that argument given the authors do not come from the legal or economic disciplines.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130094535","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Digital transformation and the utilization of Industrial IoT (IIoT) introduces numerous interconnected devices to factories increasing among others the challenge of managing their software versions and giving attackers new possibilities to exploit various software vulnerabilities. �Factory networks were earlier isolated from the Internet. However, this separation is no longer valid and there can be connections that allow intruders to penetrate into information systems of factories. Another issue is that although factories typically are physically isolated, it is not necessarily safe to assume that physical security is in good shape as the novel supply networks comprise subcontracted activities and temporary work force. Another threat can also arise from unauthorized monitoring of devices and the unauthorized replacement of existing ones. �Based on the previous, it is crucial that IIoT security should be built into factories of the future (FoF) right from the design phase and even low-end devices need to be supported. Trusted computing concept called remote attestation should be used. Remote attestation allows remote parties to verify the integrity of each system component. System components should include trusted hardware components that can be used to measure executable software. The term measurement means calculating the cryptographic hash of the binary component before passing control to it. Trusted hardware components should also have a mechanism to protect the integrity of the measurement list and cryptographic keys that can be used to sign integrity assertions. The verifier part should have a storage of reference integrity metrics identifying the expected values of these measurements. �Deploying trusted computing and remote attestation concepts to industrial automation is not straightforward. Even if it is possible to use remote attestation with suitable hardware components, it is not clear how remote attestation should be integrated with various operational technology (OT) industrial automation protocols. Approaches to use remote attestation with existing industrial automation protocols (e.g., OPC UA) is discussed. Advanced identity and access management (e.g., OAuth2, OpenID Connect) can be used to combine integrity measurements with device identity information so that the remote attestation process is triggered by authentication during the first transaction. The focus is on machine-to-machine (M2M) communications with immutable device identities and integrity evidence transfer.
{"title":"Combining System Integrity Verification with Identity and Access Management","authors":"Markku Kylänpää, J. Salonen","doi":"10.34190/eccws.21.1.202","DOIUrl":"https://doi.org/10.34190/eccws.21.1.202","url":null,"abstract":"Digital transformation and the utilization of Industrial IoT (IIoT) introduces numerous interconnected devices to factories increasing among others the challenge of managing their software versions and giving attackers new possibilities to exploit various software vulnerabilities. \u0000Factory networks were earlier isolated from the Internet. However, this separation is no longer valid and there can be connections that allow intruders to penetrate into information systems of factories. Another issue is that although factories typically are physically isolated, it is not necessarily safe to assume that physical security is in good shape as the novel supply networks comprise subcontracted activities and temporary work force. Another threat can also arise from unauthorized monitoring of devices and the unauthorized replacement of existing ones. \u0000Based on the previous, it is crucial that IIoT security should be built into factories of the future (FoF) right from the design phase and even low-end devices need to be supported. Trusted computing concept called remote attestation should be used. Remote attestation allows remote parties to verify the integrity of each system component. System components should include trusted hardware components that can be used to measure executable software. The term measurement means calculating the cryptographic hash of the binary component before passing control to it. Trusted hardware components should also have a mechanism to protect the integrity of the measurement list and cryptographic keys that can be used to sign integrity assertions. The verifier part should have a storage of reference integrity metrics identifying the expected values of these measurements. \u0000Deploying trusted computing and remote attestation concepts to industrial automation is not straightforward. Even if it is possible to use remote attestation with suitable hardware components, it is not clear how remote attestation should be integrated with various operational technology (OT) industrial automation protocols. Approaches to use remote attestation with existing industrial automation protocols (e.g., OPC UA) is discussed. Advanced identity and access management (e.g., OAuth2, OpenID Connect) can be used to combine integrity measurements with device identity information so that the remote attestation process is triggered by authentication during the first transaction. The focus is on machine-to-machine (M2M) communications with immutable device identities and integrity evidence transfer.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126765381","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As the space sector continues to grow, so do the cybersecurity risks. As large as the attack surface of a space system is, the ground segment remains an attractive source of intrusion points, not only because of its relative accessibility but also because the ground system is often viewed as little more than a conventional IT system. Thus, a representative security assessment of a space system cannot avoid addressing the vulnerabilities of the associated ground system and the relevant threats. This motivates the construction of a virtual ground station testbed, as part of larger reference platform, to support our ongoing research on the cybersecurity of space systems. Presented here is a discussion of the preliminary work being undertaken at the University of South Australia node of the SmartSat Cooperative Research Centre on such a testbed. A distinguishing feature of the testbed is the integration of a security information and event management (SIEM) system justifying the name of the testbed, “SIEM4GS”. Based on the latest literature on ground stations, a logical architecture and an implementation plan involving only open-source software building blocks for SIEM4GS are proposed. Features of the ground station and SIEM services are discussed. A plan is provided on how to extend the SIEM system from a primarily “detect” role in the NIST Cybersecurity Framework to a “detect and respond” role.
{"title":"SIEM4GS: Security Information and Event Management for a Virtual Ground Station Testbed","authors":"Yee Wei Law, J. Slay","doi":"10.34190/eccws.21.1.228","DOIUrl":"https://doi.org/10.34190/eccws.21.1.228","url":null,"abstract":"As the space sector continues to grow, so do the cybersecurity risks. As large as the attack surface of a space system is, the ground segment remains an attractive source of intrusion points, not only because of its relative accessibility but also because the ground system is often viewed as little more than a conventional IT system. Thus, a representative security assessment of a space system cannot avoid addressing the vulnerabilities of the associated ground system and the relevant threats. This motivates the construction of a virtual ground station testbed, as part of larger reference platform, to support our ongoing research on the cybersecurity of space systems. Presented here is a discussion of the preliminary work being undertaken at the University of South Australia node of the SmartSat Cooperative Research Centre on such a testbed. A distinguishing feature of the testbed is the integration of a security information and event management (SIEM) system justifying the name of the testbed, “SIEM4GS”. Based on the latest literature on ground stations, a logical architecture and an implementation plan involving only open-source software building blocks for SIEM4GS are proposed. Features of the ground station and SIEM services are discussed. A plan is provided on how to extend the SIEM system from a primarily “detect” role in the NIST Cybersecurity Framework to a “detect and respond” role.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117033651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sithembiso Sithembiso, Teballo, A. Kekana, Amanda Sibiya
The Internet of Things (IoT) now referend to as the Internet of Everything (IoE) has been in existence long before it was identified as a concept. It was introduced with the emergence of the Fourth Industrial Revolution and was aimed at improving people’s lives and economies across the globe by connecting physical items to the internet so they can be able to deliver specific services implicitly. The nature of IoT requires that all the systems ensure data privacy and security because much of data that is uploaded into and used by the system is personal and private. Thus, the aim of this research was to identify the tools and strategies that can be used for IoT data privacy and security while also providing a brief but intensive understanding of the concept of IoT and data privacy and security challenges faced by IoT systems. This qualitative research study utilised a pragmatic paradigm and data was collected and analysed using text-based secondary data sources and a PRISMA protocol through systematic review. A PRISMA flow diagram was utilised to assess the eligibility of the sources used for this research. The findings showed that hacking is a major challenge that affects IoT systems and that there are strategies that can be used to protect data such as authentication, encryption technology, and anonymisation amongst many. Additional findings found that the strategies have not yet been found effective, but standards have been set upon the results expected from them. The conclusion is that for the identified strategies to be proven effective, they must be implemented and tested in IoT systems, so further investigation can be conducted if they prove to be ineffective.
{"title":"Strategies for Internet of Things data privacy and security using systematic review","authors":"Sithembiso Sithembiso, Teballo, A. Kekana, Amanda Sibiya","doi":"10.34190/eccws.21.1.194","DOIUrl":"https://doi.org/10.34190/eccws.21.1.194","url":null,"abstract":"The Internet of Things (IoT) now referend to as the Internet of Everything (IoE) has been in existence long before it was identified as a concept. It was introduced with the emergence of the Fourth Industrial Revolution and was aimed at improving people’s lives and economies across the globe by connecting physical items to the internet so they can be able to deliver specific services implicitly. The nature of IoT requires that all the systems ensure data privacy and security because much of data that is uploaded into and used by the system is personal and private. Thus, the aim of this research was to identify the tools and strategies that can be used for IoT data privacy and security while also providing a brief but intensive understanding of the concept of IoT and data privacy and security challenges faced by IoT systems. This qualitative research study utilised a pragmatic paradigm and data was collected and analysed using text-based secondary data sources and a PRISMA protocol through systematic review. A PRISMA flow diagram was utilised to assess the eligibility of the sources used for this research. The findings showed that hacking is a major challenge that affects IoT systems and that there are strategies that can be used to protect data such as authentication, encryption technology, and anonymisation amongst many. Additional findings found that the strategies have not yet been found effective, but standards have been set upon the results expected from them. The conclusion is that for the identified strategies to be proven effective, they must be implemented and tested in IoT systems, so further investigation can be conducted if they prove to be ineffective.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"112 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128282075","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: