Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1039
Konstantinos Adamos, Ioannis Filippopoulos, G. Stergiopoulos, D. Gritzalis
Operators of Essential services (OESs) and Critical infrastructures (CIs), whether private companies or public organizations are going through a digital transformation to pace with the evolution of technology and to bring better services to customers and countries’ citizens. Operational Technology (OT) systems like Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) used to control and monitor functions in such infrastructures are converging with Information Technology (IT) environments. This convergence has exposed infrastructures to new cyber risks. For this reason, EU Member States have been trying to build resilience against cyber-attacks to ensure the stable operation of their states. Several countries have established cybersecurity incident response procedures as well as steps or phases of response before, during, and after a cyber incident. The sum of these procedures and guidelines constitutes their national cyber emergency plans (NCEPs). Still, these NCEPs differ widely in their approaches. These differences manifest as both managerial, governmental, legal, and technical, creating a complex environment worldwide. In this paper, we gather four major NCEPs worldwide to analyze and compare them with prominent standards and industry guidelines in cybersecurity, like the ISO 27001 and NIST 800 series. We investigate NCEP approaches to building cyber resilience based on their response models, their involved entities, the cooperation between agencies and other countries, and their risk-based categorization for cyber incidents. We elaborate on their differences, potential issues and divergences and argue whether these plans can be combined to bridge potential weaknesses. We selected and surveyed four (4) cyber emergency plans from four (4) countries that are frequent targets of cyber-attacks and have long experience in managing and responding to cyber incidents.
{"title":"A Survey on National Cyber Emergency Plans","authors":"Konstantinos Adamos, Ioannis Filippopoulos, G. Stergiopoulos, D. Gritzalis","doi":"10.34190/eccws.22.1.1039","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1039","url":null,"abstract":"Operators of Essential services (OESs) and Critical infrastructures (CIs), whether private companies or public organizations are going through a digital transformation to pace with the evolution of technology and to bring better services to customers and countries’ citizens. Operational Technology (OT) systems like Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) used to control and monitor functions in such infrastructures are converging with Information Technology (IT) environments. This convergence has exposed infrastructures to new cyber risks. For this reason, EU Member States have been trying to build resilience against cyber-attacks to ensure the stable operation of their states. Several countries have established cybersecurity incident response procedures as well as steps or phases of response before, during, and after a cyber incident. The sum of these procedures and guidelines constitutes their national cyber emergency plans (NCEPs). Still, these NCEPs differ widely in their approaches. These differences manifest as both managerial, governmental, legal, and technical, creating a complex environment worldwide. In this paper, we gather four major NCEPs worldwide to analyze and compare them with prominent standards and industry guidelines in cybersecurity, like the ISO 27001 and NIST 800 series. We investigate NCEP approaches to building cyber resilience based on their response models, their involved entities, the cooperation between agencies and other countries, and their risk-based categorization for cyber incidents. We elaborate on their differences, potential issues and divergences and argue whether these plans can be combined to bridge potential weaknesses. We selected and surveyed four (4) cyber emergency plans from four (4) countries that are frequent targets of cyber-attacks and have long experience in managing and responding to cyber incidents.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130601179","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1157
Nkata Sekonya, S. Sithungu
Industrial Control Systems (ICS) comprise software, hardware, network systems, and people that manage and operate industrial processes. Supervisory Control and Data Acquisition Systems (SCADA) and Distributed Control Systems (DCS) are two of the most prevalent ICS. An ICS facilitates the effective and efficient management and operation of industrial sectors, including critical infrastructure sectors like utilities, manufacturing, and water treatment facilities. An ICS collects and integrates data from various field controllers deployed in industrial contexts, enabling operators to make data-driven decisions in managing industrial operations. Historically, ICS were isolated from the internet, functioning as part of air-gapped networks. However, the efficiency improvements brought about by the emergence of Information Technology necessitated a shift towards a more connected industrial environment. The convergence of Information and Operational Technology (IT/OT) has made ICS vulnerable to cyberattacks. Due to the crucial nature of the infrastructure that ICS manage, cyberattacks against ICS may cause critical infrastructure sectors to experience downtime. This may have a crippling impact on a country's well-being and essential economic activities. Given the proliferation of cyber warfare, cyberattacks against ICS are increasingly significant at present, as was the case during the 2015 attack on Ukraine's power infrastructure, which was successful in causing a blackout that affected over 200 000 persons. The threat actors used malicious software known as "BlackEnergy3", which was created to interfere with the regular operation of the ICS in charge of controlling electrical substations. This was the first known instance of malicious software causing blackouts. In response to increasing cyberattacks against ICS, the SANS Institute, in a whitepaper titled “The Five ICS Cybersecurity Critical Controls”, present five critical controls for an ICS cybersecurity strategy. This paper discusses ICS and the increased convergence of IT and OT. The paper also outlines significant cyberattacks directed at ICS. The paper then follows an exploratory research methodology done in response to the Five ICS Cybersecurity Critical Controls to determine the state of ICS literature that can help ICS operators secure their environments in accordance with the framework. Additionally, the ICS Cybersecurity Critical Controls are mapped to the NERC CIP standards, which provide guidance on the security of the Bulk Electric System (BES) and associated critical assets in North America.
{"title":"An Analysis of Critical Cybersecurity Controls for Industrial Control Systems","authors":"Nkata Sekonya, S. Sithungu","doi":"10.34190/eccws.22.1.1157","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1157","url":null,"abstract":"Industrial Control Systems (ICS) comprise software, hardware, network systems, and people that manage and operate industrial processes. Supervisory Control and Data Acquisition Systems (SCADA) and Distributed Control Systems (DCS) are two of the most prevalent ICS. An ICS facilitates the effective and efficient management and operation of industrial sectors, including critical infrastructure sectors like utilities, manufacturing, and water treatment facilities. An ICS collects and integrates data from various field controllers deployed in industrial contexts, enabling operators to make data-driven decisions in managing industrial operations. Historically, ICS were isolated from the internet, functioning as part of air-gapped networks. However, the efficiency improvements brought about by the emergence of Information Technology necessitated a shift towards a more connected industrial environment. The convergence of Information and Operational Technology (IT/OT) has made ICS vulnerable to cyberattacks. Due to the crucial nature of the infrastructure that ICS manage, cyberattacks against ICS may cause critical infrastructure sectors to experience downtime. This may have a crippling impact on a country's well-being and essential economic activities. Given the proliferation of cyber warfare, cyberattacks against ICS are increasingly significant at present, as was the case during the 2015 attack on Ukraine's power infrastructure, which was successful in causing a blackout that affected over 200 000 persons. The threat actors used malicious software known as \"BlackEnergy3\", which was created to interfere with the regular operation of the ICS in charge of controlling electrical substations. This was the first known instance of malicious software causing blackouts. In response to increasing cyberattacks against ICS, the SANS Institute, in a whitepaper titled “The Five ICS Cybersecurity Critical Controls”, present five critical controls for an ICS cybersecurity strategy. This paper discusses ICS and the increased convergence of IT and OT. The paper also outlines significant cyberattacks directed at ICS. The paper then follows an exploratory research methodology done in response to the Five ICS Cybersecurity Critical Controls to determine the state of ICS literature that can help ICS operators secure their environments in accordance with the framework. Additionally, the ICS Cybersecurity Critical Controls are mapped to the NERC CIP standards, which provide guidance on the security of the Bulk Electric System (BES) and associated critical assets in North America.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126898538","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1451
Helvi Salminen
We human beings are often convinced of having a clear picture of reality and believe ourselves to be thoroughly rational in our thinking and decision-making. However, our perception of reality is limited and prone to errors, and our decision-making is often guided by emotions and instincts instead of facts and rational thinking. If we don’t stop to think we often jump to conclusions based on partial or erroneous information, and eloquently justify our decisions with apparently rational arguments. In many areas of human activities, including security management, limits of perception and errors in decision-making can have harmful, even disastrous consequences. Very often in security management the decision-making process is not sufficiently challenged by critical thinking as decisions are often made hidden behind the veil of secrets. Cognitive biases - systematic errors in thinking affecting decisions and judgments - have been identified and analysed in various contexts, and the results have been applied to improve decision-making processes. However, in the heavily regulated and compliance-dominated world of security management sufficient attention hasn’t been paid to cognitive biases and their impacts. As result of insufficient attention an important risk factor is regularly underestimated. This paper includes an introduction to the concept of cognitive biases and the research on the phenomenon. The biases which in the author’s experience have a particularly harmful impact on security management are described in detail. This introduction is followed by description of scenarios and real-life examples where erroneous perception and decision-making of security actors leads to disasters. De-biasing is the strategy which aims at eliminating or at least limiting of the impact of cognitive biases. This strategy has been successfully implemented in various types of environments. This paper presents ideas how de-biasing strategies could be implemented in security management in order to improve the quality of decision-making.
{"title":"We see what we want to see: Pitfalls of Perception and Decision-making in Security Management","authors":"Helvi Salminen","doi":"10.34190/eccws.22.1.1451","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1451","url":null,"abstract":"We human beings are often convinced of having a clear picture of reality and believe ourselves to be thoroughly rational in our thinking and decision-making. However, our perception of reality is limited and prone to errors, and our decision-making is often guided by emotions and instincts instead of facts and rational thinking. If we don’t stop to think we often jump to conclusions based on partial or erroneous information, and eloquently justify our decisions with apparently rational arguments. In many areas of human activities, including security management, limits of perception and errors in decision-making can have harmful, even disastrous consequences. Very often in security management the decision-making process is not sufficiently challenged by critical thinking as decisions are often made hidden behind the veil of secrets. Cognitive biases - systematic errors in thinking affecting decisions and judgments - have been identified and analysed in various contexts, and the results have been applied to improve decision-making processes. However, in the heavily regulated and compliance-dominated world of security management sufficient attention hasn’t been paid to cognitive biases and their impacts. As result of insufficient attention an important risk factor is regularly underestimated. This paper includes an introduction to the concept of cognitive biases and the research on the phenomenon. The biases which in the author’s experience have a particularly harmful impact on security management are described in detail. This introduction is followed by description of scenarios and real-life examples where erroneous perception and decision-making of security actors leads to disasters. De-biasing is the strategy which aims at eliminating or at least limiting of the impact of cognitive biases. This strategy has been successfully implemented in various types of environments. This paper presents ideas how de-biasing strategies could be implemented in security management in order to improve the quality of decision-making.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116914077","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1184
T. Ncubukezi
All institutions use end devices for information processing which includes sending and receiving on the network. This process helps them to improve their business production as well as perform daily activities at a faster rate. However, the increased usage of end devices by both employees and criminals raises concerns and exposes businesses to a range of cyber risks. End devices can sometimes be used as agents and weapons to expose internal business operations. The vulnerability of the end devices to cyber threats and attacks compromises business data, its safety, and security. This paper determines the risk likelihood of the end devices using the Bayesian network tools. To achieve this, the study illustrates the connections of the end device variables to simulate the risk likelihood and its impact. The analysis and interpretation of the simulation are performed using decision tree analysis (DTA), scenario analysis, and sensitivity analysis techniques (Tornado graphs, conditional probability tables (CPT), and value of information configuration (VOI)). The relationship of the variables is demonstrated on the AgenaRisk package. Results revealed variables that influence the risk probability and its impact. End device risks can be caused by insiders and cyber criminals. The risks associated with end devices are influenced by the level of security implementation on different levels. The impact of the cyber risks was also accounted for and the concluding remarks were also made.
{"title":"Determination of the end device risk likelihood using the Bayesian network tools","authors":"T. Ncubukezi","doi":"10.34190/eccws.22.1.1184","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1184","url":null,"abstract":"All institutions use end devices for information processing which includes sending and receiving on the network. This process helps them to improve their business production as well as perform daily activities at a faster rate. However, the increased usage of end devices by both employees and criminals raises concerns and exposes businesses to a range of cyber risks. End devices can sometimes be used as agents and weapons to expose internal business operations. The vulnerability of the end devices to cyber threats and attacks compromises business data, its safety, and security. This paper determines the risk likelihood of the end devices using the Bayesian network tools. To achieve this, the study illustrates the connections of the end device variables to simulate the risk likelihood and its impact. The analysis and interpretation of the simulation are performed using decision tree analysis (DTA), scenario analysis, and sensitivity analysis techniques (Tornado graphs, conditional probability tables (CPT), and value of information configuration (VOI)). The relationship of the variables is demonstrated on the AgenaRisk package. Results revealed variables that influence the risk probability and its impact. End device risks can be caused by insiders and cyber criminals. The risks associated with end devices are influenced by the level of security implementation on different levels. The impact of the cyber risks was also accounted for and the concluding remarks were also made.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124171317","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1060
J. Pöyhönen
In Finland, the connections to global maritime transportation logistics systems are an essential part of the national critical infrastructure. As a part of maritime logistics systems, the port's operations are important elements for global maritime traffic and the transportation supply chain. Digitalization of seaport services makes it possible to increase the efficiency of terminal systems in the logistic processes. At the same time, port logistic processes can notably reduce its CO2 emissions by optimizing port operations. The improvement of port processes relies very much on the development of Information and Communication Technology (ICT) and Industrial Control Systems (ICS) or Operation Technologies (OT) systems. In port environment there are parts that are controlled (ICS/OT) from the cyber environment but directly interact with the physical surroundings. These are called Cyber-Physical Systems (CPS). In this environment, the cyber security aspects of the port logistic need to be addressed. In Finland, the Port SMARTER research program has been on the way since 2021. The aim of the program is to create port services within new technology solutions, and that way improve cargo and people flows while improving the experience for all stakeholders. However, this development increase also complicated system dimensions in the use of ports and makes port operations complex systems of systems environment characterized by a conglomeration of interconnected networks and dependencies. This paper describes a practical approach to risk assessment work regarding the SMARTER research case. It provides a comprehensive cyber security investigation approach to port operations at the system level. In risk assessment work, the paper emphasizes the importation of description of probabilities to defend the system element against estimated probabilities of cyber-attacks at all parts of port processes. The findings of the study are related to the comprehensive cyber security architecture of the SMARTER research goals. The following research interests are related to the issue: "How a comprehensive cyber security investigation can be conducted in smart ports operations?” This paper emphasizes cyber security risks assessment work should be covered from services for operation, information flows in and between systems, as well as electricity supplies to achieve holistic risks assessment in the smart terminal process.
{"title":"Assessment of Cyber Security risks: A Smart Terminal Process","authors":"J. Pöyhönen","doi":"10.34190/eccws.22.1.1060","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1060","url":null,"abstract":"In Finland, the connections to global maritime transportation logistics systems are an essential part of the national critical infrastructure. As a part of maritime logistics systems, the port's operations are important elements for global maritime traffic and the transportation supply chain. Digitalization of seaport services makes it possible to increase the efficiency of terminal systems in the logistic processes. At the same time, port logistic processes can notably reduce its CO2 emissions by optimizing port operations. The improvement of port processes relies very much on the development of Information and Communication Technology (ICT) and Industrial Control Systems (ICS) or Operation Technologies (OT) systems. In port environment there are parts that are controlled (ICS/OT) from the cyber environment but directly interact with the physical surroundings. These are called Cyber-Physical Systems (CPS). In this environment, the cyber security aspects of the port logistic need to be addressed. In Finland, the Port SMARTER research program has been on the way since 2021. The aim of the program is to create port services within new technology solutions, and that way improve cargo and people flows while improving the experience for all stakeholders. However, this development increase also complicated system dimensions in the use of ports and makes port operations complex systems of systems environment characterized by a conglomeration of interconnected networks and dependencies. This paper describes a practical approach to risk assessment work regarding the SMARTER research case. It provides a comprehensive cyber security investigation approach to port operations at the system level. In risk assessment work, the paper emphasizes the importation of description of probabilities to defend the system element against estimated probabilities of cyber-attacks at all parts of port processes. The findings of the study are related to the comprehensive cyber security architecture of the SMARTER research goals. The following research interests are related to the issue: \"How a comprehensive cyber security investigation can be conducted in smart ports operations?” This paper emphasizes cyber security risks assessment work should be covered from services for operation, information flows in and between systems, as well as electricity supplies to achieve holistic risks assessment in the smart terminal process.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126030388","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1210
Igor Bernik
As information security has become increasingly crucial in our daily lives, there is a growing need to teach its social science aspects. This paper explores the challenges and best practices for teaching social science aspects of information security. It begins with the importance of information security and cyberspace and highlights the human aspects of information security. Next, it discusses the role of social science in understanding information security and how social science can help us better design and implement security measures. The paper identifies challenges in teaching social science aspects of information security, such as the interdisciplinary nature of the subject and the need for a standardised curriculum. Finally, the paper outlines best practices for teaching social science aspects of information security, such as using case studies and real-world examples, incorporating interactive and experiential learning, and leveraging existing resources. The conclusion highlights the importance of incorporating social science aspects of information security in education and suggests future research directions.
{"title":"Teaching Social Science Aspects of Information Security","authors":"Igor Bernik","doi":"10.34190/eccws.22.1.1210","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1210","url":null,"abstract":"As information security has become increasingly crucial in our daily lives, there is a growing need to teach its social science aspects. This paper explores the challenges and best practices for teaching social science aspects of information security. It begins with the importance of information security and cyberspace and highlights the human aspects of information security. Next, it discusses the role of social science in understanding information security and how social science can help us better design and implement security measures. The paper identifies challenges in teaching social science aspects of information security, such as the interdisciplinary nature of the subject and the need for a standardised curriculum. Finally, the paper outlines best practices for teaching social science aspects of information security, such as using case studies and real-world examples, incorporating interactive and experiential learning, and leveraging existing resources. The conclusion highlights the importance of incorporating social science aspects of information security in education and suggests future research directions.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130968212","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1149
Tayba Al ali, Sara Al Fulaiti, Manal Abuzour, Sheikha Almaqahami, R. Ikuesan
Metaverse is a virtual space where users can interact with each other. It is a combination of virtual reality, augmented reality, and mixed reality. This evolving technology can offer many exciting opportunities that can be used for individuals and businesses. Although this technology has many advantages, people are misusing it for their benefit. Many cyberattacks are occurring in the metaverse world because it has various vulnerabilities and privacy issues. This paper explains four cyberattacks and a case scenario of each attack as it relates to the metaverse. Additionally, this study developed a metaverse forensic framework that can be used to investigate cyberattacks in the metaverse world. Furthermore, this study describes how forensic examiners can conduct a forensic investigation using state-of-the-art forensic solutions and tools. The developed framework can be used by forensic examiners, security researchers, as well as the general scientific community for the security of the metaverse.
{"title":"Digital Forensic in A Virtual World; A Case of Metaverse and VR","authors":"Tayba Al ali, Sara Al Fulaiti, Manal Abuzour, Sheikha Almaqahami, R. Ikuesan","doi":"10.34190/eccws.22.1.1149","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1149","url":null,"abstract":"Metaverse is a virtual space where users can interact with each other. It is a combination of virtual reality, augmented reality, and mixed reality. This evolving technology can offer many exciting opportunities that can be used for individuals and businesses. Although this technology has many advantages, people are misusing it for their benefit. Many cyberattacks are occurring in the metaverse world because it has various vulnerabilities and privacy issues. This paper explains four cyberattacks and a case scenario of each attack as it relates to the metaverse. Additionally, this study developed a metaverse forensic framework that can be used to investigate cyberattacks in the metaverse world. Furthermore, this study describes how forensic examiners can conduct a forensic investigation using state-of-the-art forensic solutions and tools. The developed framework can be used by forensic examiners, security researchers, as well as the general scientific community for the security of the metaverse.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128814665","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1077
Pauliina Hirvonen, Martti J. Kari
Because previous academic research does not comment sufficiently on how the relevant content of the European Union (EU) General Data Protection Regulation (GDPR has been properly communicated to the organisations, or how the situational awareness (SA) of GDPR has been built in the organisations, this qualitative empirical research was regarded as a valuable approach for gathering authentic research material on the practical bases of this phenomena. The aim of this empirical case study (CS) is to develop a picture of what processes organisations use to build SA of the GDPR requirements. To guide the CS, we asked how the SA for decision-making was constructed and how it was perceived in organisations. The experiences of eight Finnish organisations showed that the organisations’ practices of building SA and their experiences with the quality and adequacy of SA differed. However, building SA proved to be a critical step for organisations in the overall process of meeting GDPR requirements. Especially the data coming from inside the organisation became very relevant in the SA process, because it supported decision makers to determine how the GDPR requirements should be implemented in the organisation. As a main contribution of this article, based on best practices shared by organisations a model of building SA was built. The proposed model is threefold and was constructed by combining the findings of an empirical CS analysis, the steps of the intelligence process, and the essential elements of the model of creating information security SA. The result is potentially beneficial for building situational understanding of any complex or ambiguous issue, especially in complex and digitalised technological areas, where combining information management with accurate and efficient decision-making is a common challenge. The results can be used by any party who is looking to build SA of an abstract issue in a complex environment.
{"title":"Building Situational Awareness of GDPR","authors":"Pauliina Hirvonen, Martti J. Kari","doi":"10.34190/eccws.22.1.1077","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1077","url":null,"abstract":"Because previous academic research does not comment sufficiently on how the relevant content of the European Union (EU) General Data Protection Regulation (GDPR has been properly communicated to the organisations, or how the situational awareness (SA) of GDPR has been built in the organisations, this qualitative empirical research was regarded as a valuable approach for gathering authentic research material on the practical bases of this phenomena. The aim of this empirical case study (CS) is to develop a picture of what processes organisations use to build SA of the GDPR requirements. To guide the CS, we asked how the SA for decision-making was constructed and how it was perceived in organisations. The experiences of eight Finnish organisations showed that the organisations’ practices of building SA and their experiences with the quality and adequacy of SA differed. However, building SA proved to be a critical step for organisations in the overall process of meeting GDPR requirements. Especially the data coming from inside the organisation became very relevant in the SA process, because it supported decision makers to determine how the GDPR requirements should be implemented in the organisation. As a main contribution of this article, based on best practices shared by organisations a model of building SA was built. The proposed model is threefold and was constructed by combining the findings of an empirical CS analysis, the steps of the intelligence process, and the essential elements of the model of creating information security SA. The result is potentially beneficial for building situational understanding of any complex or ambiguous issue, especially in complex and digitalised technological areas, where combining information management with accurate and efficient decision-making is a common challenge. The results can be used by any party who is looking to build SA of an abstract issue in a complex environment.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"157 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127367100","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1121
B. van Niekerk, Trishana Ramluckan
The Internet has provided a global mass communication system, and in particular social media technologies began a social revolution for the public sphere. However, these platforms have been exploited for the purposes of influence operations and disinformation campaigns to hinder or subvert national decision-making processes by affecting the policy makers, voters, or swaying general public opinion. Often this is achieved through manipulative means falling within a grey area of international and constitutional systems. Existing proposed normative frameworks for responsible state behaviour in Cyberspace have tended to focus on cyber operations. While online influence operations are recognised as a concern, they were not explicitly discussed in the frameworks, resulting in knowledge gaps related to countering influence operations and disinformation. There is a growing narrative that influence operations and disinformation campaigns are a cyber security issue and nations sometimes include legislation related to disinformation in cyber security. This indicates that existing cyber norms can be used to guide the development of norms for addressing disinformation and influence operations. This paper aims to propose a normative framework for state responsibility relating to influence operations emerging from thematic analysis of existing cyber norms and research on mitigating influence operations.
{"title":"Towards Norms for State Responsibilities regarding Online Disinformation and Influence Operations","authors":"B. van Niekerk, Trishana Ramluckan","doi":"10.34190/eccws.22.1.1121","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1121","url":null,"abstract":"The Internet has provided a global mass communication system, and in particular social media technologies began a social revolution for the public sphere. However, these platforms have been exploited for the purposes of influence operations and disinformation campaigns to hinder or subvert national decision-making processes by affecting the policy makers, voters, or swaying general public opinion. Often this is achieved through manipulative means falling within a grey area of international and constitutional systems. Existing proposed normative frameworks for responsible state behaviour in Cyberspace have tended to focus on cyber operations. While online influence operations are recognised as a concern, they were not explicitly discussed in the frameworks, resulting in knowledge gaps related to countering influence operations and disinformation. There is a growing narrative that influence operations and disinformation campaigns are a cyber security issue and nations sometimes include legislation related to disinformation in cyber security. This indicates that existing cyber norms can be used to guide the development of norms for addressing disinformation and influence operations. This paper aims to propose a normative framework for state responsibility relating to influence operations emerging from thematic analysis of existing cyber norms and research on mitigating influence operations.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125773818","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1362
Jussi Simola, R. Savola, T. Frantti, Arttu Takala, Riku Lehkonen
Critical infrastructure protection requires a testing environment that allows the testing of different kinds of equipment, software, networks, and tools to develop vital functions of the critical industrial environment. Used electrical equipment must be reliable, capable and maintain a stable critical industrial ecosystem. An industrial business needs to develop cybersecurity capabilities that detect and prevent IT/ICT and OT/ICS threats in an industrial environment. The emerging trend has been to create security operations center (SOC) services to detect ICS-related threats in enterprise networks. The energy supply sector must consist of crucial elements for safe business continuity and supply chain management in the industrial sector. Threats have changed into a combination of threat types. Hybrid threats may prevent everyday industrial activities, processes, and procedures so that supply chain problems may become long-lasting and affects business continuity management.�The project CSG belongs to the (Cybersecurity governance of operational technology in the sector connected smart energy) research project consortium of Business Finland’s Digital Trust Programme. �The first research paper regarding the CSG (Cyber Security Governance) project concentrates on the applied theory background of this project. The research provides a research approach for investigating cyber security at the operational and technical levels. It answers the questions of where to concentrate on OT-related cyber security research and how we aim to deploy a testbed to develop a governance model in the CSG project. The study's primary purpose is to describe the operating OT-SOC environment and analyze system requirements for optimizing situational awareness in the testbed environment.
{"title":"Developing Cybersecurity in an Industrial Environment by Using a Testbed Environment","authors":"Jussi Simola, R. Savola, T. Frantti, Arttu Takala, Riku Lehkonen","doi":"10.34190/eccws.22.1.1362","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1362","url":null,"abstract":"Critical infrastructure protection requires a testing environment that allows the testing of different kinds of equipment, software, networks, and tools to develop vital functions of the critical industrial environment. Used electrical equipment must be reliable, capable and maintain a stable critical industrial ecosystem. An industrial business needs to develop cybersecurity capabilities that detect and prevent IT/ICT and OT/ICS threats in an industrial environment. The emerging trend has been to create security operations center (SOC) services to detect ICS-related threats in enterprise networks. The energy supply sector must consist of crucial elements for safe business continuity and supply chain management in the industrial sector. Threats have changed into a combination of threat types. Hybrid threats may prevent everyday industrial activities, processes, and procedures so that supply chain problems may become long-lasting and affects business continuity management.\u0000The project CSG belongs to the (Cybersecurity governance of operational technology in the sector connected smart energy) research project consortium of Business Finland’s Digital Trust Programme. \u0000The first research paper regarding the CSG (Cyber Security Governance) project concentrates on the applied theory background of this project. The research provides a research approach for investigating cyber security at the operational and technical levels. It answers the questions of where to concentrate on OT-related cyber security research and how we aim to deploy a testbed to develop a governance model in the CSG project. The study's primary purpose is to describe the operating OT-SOC environment and analyze system requirements for optimizing situational awareness in the testbed environment.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125852295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: