Hybrid Situational Awareness Against Cyber-Attacks

2021 ◽  
pp. 233-245
Author(s):  
David Antunes ◽  
Manuel Esteve
Keyword(s):  
Situational Awareness ◽  
Cyber Attacks

scholarly journals A Review of Cyber-Ranges and Test-Beds: Current and Future Trends

Sensors ◽  
2020 ◽  
Vol 20 (24) ◽  
pp. 7148
Author(s):  
Elochukwu Ukwandu ◽  
Mohamed Amine Ben Farah ◽  
Hanan Hindy ◽  
David Brosset ◽  
Dimitris Kavallieros ◽  
...  
Keyword(s):  
Decision Making ◽  
Situational Awareness ◽  
Cyber Attacks ◽  
Future Trends ◽  
Accurate Assessment ◽  
Comprehensive Understanding ◽  
The Future ◽  
Test Beds

Cyber situational awareness has been proven to be of value in forming a comprehensive understanding of threats and vulnerabilities within organisations, as the degree of exposure is governed by the prevailing levels of cyber-hygiene and established processes. A more accurate assessment of the security provision informs on the most vulnerable environments that necessitate more diligent management. The rapid proliferation in the automation of cyber-attacks is reducing the gap between information and operational technologies and the need to review the current levels of robustness against new sophisticated cyber-attacks, trends, technologies and mitigation countermeasures has become pressing. A deeper characterisation is also the basis with which to predict future vulnerabilities in turn guiding the most appropriate deployment technologies. Thus, refreshing established practices and the scope of the training to support the decision making of users and operators. The foundation of the training provision is the use of Cyber-Ranges (CRs) and Test-Beds (TBs), platforms/tools that help inculcate a deeper understanding of the evolution of an attack and the methodology to deploy the most impactful countermeasures to arrest breaches. In this paper, an evaluation of documented CRs and TBs platforms is evaluated. CRs and TBs are segmented by type, technology, threat scenarios, applications and the scope of attainable training. To enrich the analysis of documented CRs and TBs research and cap the study, a taxonomy is developed to provide a broader comprehension of the future of CRs and TBs. The taxonomy elaborates on the CRs/TBs dimensions, as well as, highlighting a diminishing differentiation between application areas.

Providing Cyber Situational Awareness (CSA) for PTC Using a Distributed IDS System (DIDS)

2018 ◽  
Author(s):  
Satish Kolli ◽  
Joshua Lilly ◽  
Duminda Wijesekera
Keyword(s):  
Real Time ◽  
Cyber Security ◽  
Software Defined Radio ◽  
Situational Awareness ◽  
Radio Networks ◽  
Cyber Attacks ◽  
Worker Safety ◽  
The Status ◽  
Interface Unit ◽  
Office System

American Railroads are planning to complete implementation of their Positive Train Control (PTC) systems by 2020 with the primary safety objectives of avoiding inter-train collisions, train derailments and ensuring railroad worker safety. Under published I-ETMS specifications, the onboard unit (OBU) communicates with two networks; (1) the Signaling network that conveys track warrants to occupy blocks etc. and (2) the Wayside Interface Unit (WIU) network, a sensor network situated on tracks to gather navigational information. These include the status of rail infrastructure (such as switches) and any operational hazards that may affect the intended train path. In order to facilitate timely delivery of messages, PTC systems will have a reliable radio network operating in the reserved 220MHz spectrum, although the PTC system itself is designed to be a real-time fail safe distributed control systems. Both the signaling and the WIUs communicate their information (track warrants, speed restrictions, and Beacon status) using software defined radio networks. Given that PTC systems are controlled by radio networks, they are subjected to cyber-attacks. We show a design and a prototype implementation of a PTC Cyber Situational awareness system that gathers information from WIU devices and Locomotives for the use of rail operators. In order to do so, we designed secure IDS components to reside on the On Board Units (OBU), signaling points (SP) and the WIUs that gather real-time status information and share them with the Back Office system to provide the cyber-security health of the communication fabric. Our system is able to detect and share information about command replay, hash breaking guessing and message corruption attacks.

scholarly journals Enhancing Navigator Competence by Demonstrating Maritime Cyber Security

2018 ◽  
Vol 71 (5) ◽  
pp. 1025-1039 ◽  
Author(s):  
Odd Sveinung Hareide ◽  
Øyvind Jøsok ◽  
Mass Soldal Lund ◽  
Runar Ostnes ◽  
Kirsi Helkala
Keyword(s):  
Work Environment ◽  
Information And Communication Technology ◽  
Communication Technology ◽  
Cyber Security ◽  
Situational Awareness ◽  
Cyber Attacks ◽  
The Internet ◽  
Cyber Attack ◽  
Cyber Threats ◽  
Information And Communication

As technology continues to develop, information and communication technology and operational technology on board ships are increasingly being networked, and more frequently connected to the Internet. The introduction of cyber systems changes the work environment with the aim of decreasing the workload for the navigator, but at the same time introduces more complexity and vulnerabilities that in turn may alter the competencies needed to perform safe and efficient navigation. Contemporary examples of how cyber-attacks can distort situational awareness and interfere with operations are needed to enhance the navigator's competence through increased system awareness. This paper demonstrates some of the possible attack vectors that a cyber-attack can present to a ship, as well as discussing the plausibility and consequences of such attacks. In this study we provide a practical example to better understand how one can demystify cyber threats in order to enhance the navigators' competence.

scholarly journals Towards Lightweight URL-Based Phishing Detection

2021 ◽  
Vol 13 (6) ◽  
pp. 154
Author(s):  
Andrei Butnaru ◽  
Alexios Mylonas ◽  
Nikolaos Pitropakis
Keyword(s):  
Situational Awareness ◽  
Initial Step ◽  
Cyber Attacks ◽  
Supervised Machine Learning ◽  
Web Browsers ◽  
Web Browsing ◽  
Security Risks ◽  
Phishing Attacks ◽  
Target Individual ◽  
One Year

Nowadays, the majority of everyday computing devices, irrespective of their size and operating system, allow access to information and online services through web browsers. However, the pervasiveness of web browsing in our daily life does not come without security risks. This widespread practice of web browsing in combination with web users’ low situational awareness against cyber attacks, exposes them to a variety of threats, such as phishing, malware and profiling. Phishing attacks can compromise a target, individual or enterprise, through social interaction alone. Moreover, in the current threat landscape phishing attacks typically serve as an attack vector or initial step in a more complex campaign. To make matters worse, past work has demonstrated the inability of denylists, which are the default phishing countermeasure, to protect users from the dynamic nature of phishing URLs. In this context, our work uses supervised machine learning to block phishing attacks, based on a novel combination of features that are extracted solely from the URL. We evaluate our performance over time with a dataset which consists of active phishing attacks and compare it with Google Safe Browsing (GSB), i.e., the default security control in most popular web browsers. We find that our work outperforms GSB in all of our experiments, as well as performs well even against phishing URLs which are active one year after our model’s training.

scholarly journals Impact of Spoofing of Navigation Systems on Maritime Situational Awareness

2021 ◽  
Vol 10 (2) ◽  
pp. 361-373
Author(s):  
Andrej Androjna ◽  
Marko Perkovič
Keyword(s):  
Case Studies ◽  
Swot Analysis ◽  
Situational Awareness ◽  
Satellite System ◽  
Data Encryption ◽  
Cyber Attacks ◽  
Automatic Identification ◽  
Identification System ◽  
Navigation Systems ◽  
Positioning Systems

The development of contemporary navigation and positioning systems have significantly improved reliability and speeds in maritime navigation. At the same time, the vulnerabilities of these systems to cyber threats represent a remarkable issue to the safety of navigation. Therefore, the maritime community has raised the question of cybersecurity of navigation systems in recent years. This paper aims to analyse the vulnerabilities of the Global Navigation Satellite System (GNSS), Electronic Chart Display Information System (ECDIS) and Automatic Identification System (AIS). The concepts of these systems were developed at a time when cybersecurity issues have not been among the  top priorities. Open broadcasts, the absence of or limited existence of data encryption and authentication can be considered as their primary security weaknesses. Therefore, these systems are vulnerable to cyber-attacks. The GPS as the data source of a ship’s position can relatively easily be jammed and/or spoofed, increasing the vulnerabilities of ECDIS and AIS. A systematic literature review was conducted for this article, supplemented by a SWOT analysis of the AIS service and particular case studies of recent cyber-attacks on these systems. The analysis of selected case studies confirmed that these systems could easily be spoofed and become a subject of data manipulation with significant consequences for the safety of navigation. The paper provides conclusions and recommendations highlighting the necessity for the users to be aware of the vulnerabilities of modern navigation systems.

scholarly journals Cyber Situational Awareness in Critical Infrastructure Protection

2020 ◽  
Vol 3 (1) ◽  
Author(s):  
Jouni Pöyhönen ◽  
Jyri Rajamäki ◽  
Harri Ruoslahti ◽  
Martti Lehto
Keyword(s):  
Decision Making ◽  
Situation Awareness ◽  
Cyber Security ◽  
Situational Awareness ◽  
Critical Infrastructure ◽  
Research Question ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
The European Union ◽  
Domain Specific

The European Union promotes collaboration between authorities and the private sector, and the providers of the most critical services to society face security related obligations. In this paper, critical infrastructure is seen as a system of systems that can be subject to cyber-attacks and  other disturbances. Situational awareness (SA) enhances preparations for and decision-making during assessed and unforeseen disruptive incidents, and promoting Cyber effective situational  awareness (CSA) requires information sharing between the different interest groups. This research is constructive in nature, where innovative constructions developed as solutions  for domain-specific real world problems, while the research question is: “How can cyber  situational awareness protect critical infrastructures?” The Observe – Orient – Decide – Act (OODA) loop is examined as a way to promote  collaboration towards a shared situational picture, awareness and understanding to meet challenges of forming CSA in relation to risk assessment (RA) and improving resilience. Three levels of organizational decision-making are examined in relation a five-layer cyber structure of an organization to provide a more comprehensive systems view of organizational cyber security. Successful, crisis-management efforts enable organizations to sustain and resume operations, minimize losses, and adapt to manage future incidents, as many critical infrastructures typically lack resilience and may easily lose essential functionality when hit by an adverse event. Situation awareness is the main prerequisite towards cyber security. Without situation awareness, it is impossible to systematically prevent, identify, and protect the system from cyber incidents.

scholarly journals METHOD FOR DETERMINING THE LEVEL OF CYBER SITUATIONAL AWARENES ON ENERGY FACILITIES

2020 ◽  
Author(s):  
Д.А. Гаськова
Keyword(s):  
Numerical Method ◽  
Situational Awareness ◽  
Local Area Network ◽  
Bayesian Belief Network ◽  
Research Direction ◽  
Local Area ◽  
Cyber Attacks ◽  
Area Network ◽  
Belief Network ◽  
Cyber Threats

В статье рассматриваются  результаты исследования ситуационной осведомленности в киберсреде энергетических объектов. Для повышения информированности о состоянии киберсреды таких объектов предлагаются модель сценариев экстремальных ситуаций в энергетике на основе байесовской сети доверия и численный метод определения киберситуационной осведомленности. Модель основана на причинно-следственных связях между уязвимостями локальной вычислительной сети (ЛВС) и возможных киберугрозах, представленных в виде векторов проникновения в ЛВС,  векторов развития кибернетических атак и векторов атак на целевой актив, объединённых в сценарии. В работе ставится акцент на сценарии, последствия которых могут расцениваться как экстремальные ситуации в энергетике, вызванные киберугрозами. The article describes the research direction of situational awareness in the cyber environment on energy facilities. A model based on a Bayesian Belief Network and a numerical method for determining cyber situational awareness are proposed to increase awareness of the cyber environment state on such facilities. The model is based on causal relationships between the vulnerabilities of the local area network and possible cyber threats, presented in the form of vectors of penetration into the network, vectors of the development of cyber attacks and attack vectors on the target asset, combined in scenarios. The work focuses on scenarios, the consequences of which can be regarded as extreme situations in the energy sector caused by cyber threats.

Sign in / Sign up

Export Citation Format

Share Document