Cybersecurity capabilities for critical infrastructure resilience

Purpose For many innovative organisations, Industry 4.0 paves the way for significant operational efficiencies, quality of goods and services and cost reductions. One of the ways to realise these benefits is to embark on digital transformation initiatives that may be summed up as the intelligent interconnectivity of people, processes, data and cyber-connected things. Sadly, this interconnectivity between the enterprise information technology (IT) and industrial control systems (ICS) environment introduces new attack surfaces for critical infrastructure (CI) operators. As a result of the ICS cybersecurity risk introduced by the interconnectivity between the enterprise IT and ICS networks, the purpose of this study is to identify the cybersecurity capabilities that CI operators must have to attain good cybersecurity resilience. Design/methodology/approach A scoping literature review of best practice international CI protection frameworks, standards and guidelines were conducted. Similar cybersecurity practices from these frameworks, standards and guidelines were grouped together under a corresponding National Institute of Standards and Technology (NIST) cybersecurity framework (CF) practice. Practices that could not be categorised under any of the existing NIST CF practices were considered new insights, and therefore, additions. Findings A CI cybersecurity capability framework comprising 29 capability domains (cybersecurity focus areas) was developed as an adaptation of the NIST CF with an added dimension. This added dimension emphasises cloud computing and internet of things (IoT) security. Each of the 29 cybersecurity capability domains is executed through various capabilities (cybersecurity processes and procedures). The study found that each cybersecurity capability can further be operationalised by a set of cybersecurity controls derived from various frameworks, standards and guidelines, such as COBIT®, CIS®, ISA/IEC 62443, ISO/IEC 27002 and NIST Special Publication 800-53. Practical implications CI sectors are immediately able to adopt the CI cybersecurity capability framework to evaluate their levels of resilience against cyber-attacks, given new attack surfaces introduced by the interconnectivity of cyber-connected things between the enterprise and ICS levels. Originality/value The authors present an added dimension to the NIST framework for CI cyber protection. In addition to emphasising cryptography, IoT and cloud computing security aspects, this added dimension highlights the need for an integrated approach to CI cybersecurity resilience instead of a piecemeal approach.

Download Full-text

Research study from industry-university collaboration on “No Fault Found” events

Journal of Quality in Maintenance Engineering ◽

10.1108/jqme-01-2014-0004 ◽

2015 ◽

Vol 21 (2) ◽

pp. 186-206 ◽

Cited By ~ 4

Author(s):

Samir Khan

Keyword(s):

Best Practice ◽

Knowledge Exchange ◽

Integrated Approach ◽

Subject Area ◽

Maintenance Management ◽

Problem Solver ◽

Content Type ◽

Road Map ◽

Technical Issues ◽

The Impact

Purpose – The purpose of this paper is to present the successes and barriers from an industry-university partnership on studying the impact of No Fault Found (NFF) events. As a consequence, various opportunities are explored to engage with industry to investigate the problem. A comprehensive training is also outlined to ensure that experience and troubleshooting techniques can be disseminated as guidelines across businesses. Design/methodology/approach – The study was performed by Cranfield University in collaboration with industrial partners on identifying the impact of the NFF problem within engineering services. This includes discussions with maintenance engineers, outcomes from a symposium organised specifically on NFF and the authors’ own experiences with the issue. Findings – The paper discusses the continuing serious problem with NFF events found at various maintenance echelons, and suggests a need for formal postgraduate training to be taught within the field of maintenance management. This includes not just technical issues, but also encompassing organisational structures, cultures and behaviours. Since focusing only on one issue at a time does not suffice in dealing with the NFF problem, an integrated approach is required for modern maintenance services and operations. Research limitations/implications – Higher education learning outcomes have been outlined for competent engineering personnel, to broaden their understanding on the subject area. This is based on discussions with industrial collaborators and recently published material. Practical implications – This paper emphasises the importance of the breath of interaction channels and demonstrates the opportunities for effective knowledge exchange by using the activities at Cranfield University to demonstrate their usefulness. The arguments clearly lead to the necessity of academia in this type of industrial problem. However, the presence of a university in this case is not as the sole problem solver, but the rather to act as a collaborative medium between various other outlets. Further ideas proposed, such as constructing guidelines for industries in handling NFF problems and benchmarking tools, can serve as real products that can be benefit industries. The study also aims to promote best practice in the field of maintenance management and outlines the foundations for NFF training material. Originality/value – The originality of the paper is that it presents a structured methodology for engaging with industry. It also outlines a curriculum for NFF training. It essentially serves as a road-map for research and offers a detailed account of areas that need to be taken into account in order to reduce the likely event of NFF.

Download Full-text

Decomposition and sequential-AND analysis of known cyber-attacks on critical infrastructure control systems

Journal of Cybersecurity ◽

10.1093/cybsec/tyaa020 ◽

2020 ◽

Vol 6 (1) ◽

Author(s):

Peter Maynard ◽

Kieran McLaughlin ◽

Sakir Sezer

Keyword(s):

Control Systems ◽

Critical Infrastructure ◽

Cyber Attacks ◽

Industrial Control ◽

Comprehensive Overview ◽

Industrial Control Systems ◽

Attack Trees ◽

Incident Reports ◽

Detection Strategies ◽

Cyber Kill Chain

Abstract We perform a detailed survey and analysis of the most significant attacks, which have targeted industrial control systems over the past decade, based on detailed incident reports from scientific and non-traditional resources. This work is the first that considers together a comprehensive set of real-world cyber-attacks with the purpose of deriving a set of common features focusing particularly on the process control network. Each attack is decomposed to provide a comprehensive overview followed by a discussion of the commonalities identified across attacks. To achieve this, each attack is modelled using Attack Trees with Sequential AND, and mapped to the industrial control system Cyber Kill Chain. We focus on the methods of intrusion rather than the identification of actors. This article can be read in two parts: first, an analysis of each attack, and secondly a discussion of the derived commonalities. The resulting commonalities can be used to develop improved detection strategies to detect modern adversarial techniques and tactics.

Download Full-text

Beyond Physical Threats: Cyber-attacks on Critical Infrastructure as a Challenge of Changing Security Environment – Overview of Cyber-security legislation and implementation in SEE Countries

Annals of Disaster Risk Sciences ◽

10.51381/adrs.v3i1.45 ◽

2020 ◽

Vol 3 (1) ◽

Author(s):

Ivana Cesarec

Keyword(s):

European Union ◽

Cyber Security ◽

Critical Infrastructure ◽

Cyber Attacks ◽

Critical Infrastructures ◽

Cyber Attack ◽

Member States ◽

Industrial Control Systems ◽

Eu Member States ◽

Cyber Threats

States, organizations and individuals are becoming targets of both individual and state-sponsored cyber-attacks, by those who recognize the impact of disrupting security systems and effect to people and governments. The energy sector is seen as one of the main targets of cyber-attacks against critical infrastructure, but transport, public sector services, telecommunications and critical (manufacturing) industries are also very vulnerable. One of most used example of cyber-attack is the Ukraine power grid attack in 2015 that left 230,000 people without power for up to 6 hours. Another most high profile example of a cyber-attack against critical infrastructure is the Stuxnet computer virus (first used on Iranian nuclear facility) which could be adapted to attack the SCADA systems (industrial control systems) used by many critical infrastructures in Europe.Wide range of critical infrastructure sectors are reliant on industrial control systems for monitoring processes and controlling physical devices (sensors, pumps, etc.) and for that reason, physical connected devices that support industrial processes are becoming more vulnerable. Not all critical infrastructure operators in all sectors are adequately prepared to manage protection (and raise resilience) effectively across both cyber and physical environments. Additionally there are few challenges in implementation of protection measures, such as lack of collaboration between private and public sector and low levels of awareness on existence of national key legislation.From supranational aspect, in relation to this papers topic, the European Union has took first step in defense to cyber threats in 2016 with „Directive on security of network and information systems“ (NIS Directive) by prescribing member states to adopt more rigid cyber-security standards. The aim of directive is to improve the deterrent and increase the EU’s defenses and reactions to cyber attacks by expanding the cyber security capacity, increasing collaboration at an EU level and introducing measures to prevent risk and handle cyber incidents. There are lot of other „supporting tools“ for Member States countries, such as European Union Agency for Network and Information Security – ENISA (which organize regular cyber security exercises at an EU level, including a large and comprehensive exercise every two years, raising preparedness of EU states); Network of National Coordination Centers and the European Cybersecurity Industrial, Technology and Research Competence Centre; and Coordinated response to major cyber security incidents and crises (Blueprint) with aim to ensure a rapid and coordinated response to large-scale cyber attacks by setting out suitable processes within the EU.Yet, not all Member States share the same capacities for achieving the highest level of cyber-security. They need to continuously work on enhancing the capability of defense against cyber threats as increased risk to state institutions information and communication systems but also the critical infrastructure objects. In Southeast Europe there are few additional challenges – some countries even don't have designated critical infrastructures (lower level of protection; lack of „clear vision“ of criticality) and critical infrastructures are only perceived through physical prism; non-EU countries are not obligated to follow requirements of European Union and its legislation, and there are interdependencies and transboundary cross-sector effects that needs to be taken in consideration. Critical infrastructure Protection (CIP) is the primary area of action, and for some of SEE countries (like the Republic of Croatia) the implementation of cyber security provisions just complements comprehensive activities which are focused on physical protection.This paper will analyze few segments of how SEE countries cope with new security challenges and on which level are they prepared for cyber-attacks and threats: 1. Which security mechanisms they use; 2. The existing legislation (Acts, Strategies, Plan of Action, etc.) related to cyber threats in correlation with strategic critical infrastructure protection documents. Analysis will have two perspectives: from EU member states and from non-EU member states point of view. Additionally, for EU member states it will be analyzed if there were any cyber security legislation before NIS directive that meets same aims. The aim of research is to have an overall picture of efforts in region regarding cyber-security as possibility for improvement thorough cooperation, organizational measures, etc. providing also some recommendations to reduce the gap in the level of cyber-security development with other regions of EU.

Download Full-text

Artificial Intelligence Techniques to Prevent Cyber Attacks on Smart Grids

Annals of Disaster Risk Sciences ◽

10.51381/adrs.v3i1.42 ◽

2020 ◽

Vol 3 (1) ◽

Author(s):

Fabrizio Bertone ◽

Francesco Lubrano ◽

Klodiana Goga

Keyword(s):

Artificial Intelligence ◽

Smart Grids ◽

Critical Infrastructure ◽

Real Life ◽

Gain Control ◽

Cyber Attacks ◽

Smart Meters ◽

Production And Distribution ◽

Intelligent Devices ◽

Attack Surfaces

Energy is one of the main elements that allows society to maintain its living standards and continue as usual. For this reason, the energy distribution is both one of the most important and targeted by attacks Critical Infrastructure. Many of the other Critical Infrastructures rely on energy to work reliably. Some states are particularly interested in getting stealth access to -and take control of- energy production and distribution of other Nations. This way they can create huge disruption and get a significant advantage in case of conflict. In the recent past, we could observe some real-life demonstrations of this fact. The introduction of smart grids and ICT in the management of energy infrastructures has great benefits but also introduces new attack surfaces and ways for attackers to gain control. As a benefit, we can also collect more data and metrics to better understand the state of the grid. New techniques based on Artificial Intelligence and machine learning can take advantage of the available data to help the protection of the infrastructures and detect ongoing threats. Smart Meters which are connected intelligent devices spread over the grid and the geographical distribution of the population. For this reason, they can be very useful data collection assets but also a target for attack. In this paper, the authors consider and analyze various innovative techniques that can be used to enhance the security and reliability of Smart Grids.

Download Full-text

A review of security assessment methodologies in industrial control systems

Information and Computer Security ◽

10.1108/ics-04-2018-0048 ◽

2019 ◽

Vol 27 (1) ◽

pp. 47-61 ◽

Cited By ~ 4

Author(s):

Qais Saif Qassim ◽

Norziana Jamil ◽

Maslina Daud ◽

Ahmed Patel ◽

Norhamadi Ja’affar

Keyword(s):

Control Systems ◽

Cyber Security ◽

Electrical Power ◽

Assessment Method ◽

Cyber Attacks ◽

Security Requirements ◽

Security Assessment ◽

Industrial Control ◽

Industrial Control Systems ◽

Content Type

Purpose The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape continues to evolve, the ICS and their underlying architecture must be protected to withstand cyber-attacks. This study aims to review several ICS security assessment methodologies to identify an appropriate vulnerability assessment method for the ICS systems that examine both critical physical and cyber systems so as to protect the national critical infrastructure. Design/methodology/approach This paper reviews several ICS security assessment methodologies and explores whether the existing methodologies are indeed sufficient to meet the cyber security assessment exercise required to validate the security of electrical power control systems. Findings The study showed that most of the examined methodologies seem to concentrate on vulnerability identification and prioritisation techniques, whilst other security techniques received noticeably less attention. The study also showed that the least attention is devoted to patch management process due to the critical nature of the SCADA system. Additionally, this review portrayed that only two security assessment methodologies exhibited absolute fulfilment of all NERC-CIP security requirements, whilst the others only partially fulfilled the essential requirements. Originality/value This paper presents a review and a comparative analysis of several standard SCADA security assessment methodologies and guidelines published by internationally recognised bodies. In addition, it explores the adequacy of the existing methodologies in meeting cyber security assessment practices required for electrical power networks.

Download Full-text

Vulnerability assessment and interdependency analysis of critical infrastructures for climate adaptation and flood mitigation

International Journal of Disaster Resilience in the Built Environment ◽

10.1108/ijdrbe-02-2014-0019 ◽

2015 ◽

Vol 6 (3) ◽

pp. 313-346 ◽

Cited By ~ 11

Author(s):

Rodolfo Jr. Espada ◽

Armando Apan ◽

Kevin McDougall

Keyword(s):

Vulnerability Assessment ◽

Flood Risk ◽

Climate Adaptation ◽

Critical Infrastructure ◽

Integrated Approach ◽

System Of Systems ◽

Flood Mitigation ◽

Mitigation Measures ◽

Critical Infrastructures ◽

Content Type

Purpose – The purpose of this paper is to present a novel approach that examines the vulnerability and interdependency of critical infrastructures using the network theory in geographic information system (GIS) setting in combination with literature and government reports. Specifically, the objectives of this study were to generate the network models of critical infrastructure systems (CISs), particularly electricity, roads and sewerage networks; to characterize the CISs’ interdependencies; and to outline the climate adaptation (CA) and flood mitigation measures of CIS. Design/methodology/approach – An integrated approach was undertaken in assessing the vulnerability and interdependency of critical infrastructures. A single system model and system-of-systems model were operationalized to examine the vulnerability and interdependency of the identified critical infrastructures in GIS environment. Existing CA and flood mitigation measures from government reports were integrated in the above-mentioned findings to better understand and gain focus in the implementation of natural disaster risk reduction (DRR) policies, particularly during the 2010/2011 floods in Queensland, Australia. Findings – Using the results from the above-mentioned approach, the spatially explicit framework was developed with four key operational dimensions: conceiving the climate risk environment; understanding the critical infrastructures’ common cause and cascade failures; modeling individual infrastructure system and system-of-systems level within GIS setting; and integrating the above-mentioned results with the government reports to increase CA and resilience measures of flood-affected critical infrastructures. Research limitations/implications – While natural DRR measures include preparation, response and recovery, this study focused on flood mitigation. Temporal analysis and application to other natural disasters were also not considered in the analysis. Practical implications – By providing this information, government-owned corporations, CISs managers and other concerned stakeholders will allow to identify infrastructure assets that are highly critical, identify vulnerable infrastructures within areas of very high flood risk, examine the interdependency of critical infrastructures and the effects of cascaded failures, identify ways of reducing flood risk and extreme climate events and prioritize DRR measures and CA strategies. Originality/value – The individualist or “pigeon-hole” approach has been the common method of analyzing infrastructures’ exposure to flood hazards and tends to separately examine the risk for different types of infrastructure (e.g. electricity, water, sewerage, roads and rails and stormwater). This study introduced an integrated approach of analyzing infrastructure risk to damage and cascade failure due to flooding. Aside from introducing the integrated approach, this study operationalized GIS-based vulnerability assessment and interdependency of critical infrastructures which had been unsubstantially considered in the past analytical frameworks. The authors considered this study of high significance, considering that floodplain planning schemes often lack the consideration of critical infrastructure interdependency.

Download Full-text

Are consumption patterns linked to life satisfaction? An exploratory study in Brazil

International Journal of Emerging Markets ◽

10.1108/ijoem-11-2019-0984 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

José Marcos Carvalho de Mesquita ◽

Gregory J. Kivenzor ◽

Natália Corradi Franco

Keyword(s):

Life Satisfaction ◽

Emerging Market ◽

Integrated Approach ◽

Theoretical Framework ◽

The Body ◽

Marketing Theory ◽

Hedonic Consumption ◽

General Validity ◽

Content Type ◽

Goods And Services

PurposeThe purpose of this study is to propose an integrated approach to diverse and convoluted types of consumption. The new theoretical framework represents composite types of tangible and intangible consumption contributing to consumer life satisfaction (LS) in EMs.Design/methodology/approachA field study conducted in Brazil surveyed real-world consumers belonging to various social and income groups. Data reflecting LS derived from consumption were analyzed using PLS methodology.FindingsEmpirical tests indicated that experiential-utilitarian, experiential-hedonic and material-utilitarian consumption types positively affect EM consumer LS. An interesting and somewhat surprising outcome is an insignificant effect of material-hedonic consumption. The strength of LS correlation with each type of consumption differs and partial effects also depend on household income of EM consumers.Research limitations/implicationsAlthough reasons exist to expect the general validity of the suggested theoretical framework across many markets, its scope of empirical testing needs to be expanded beyond a single emerging market, even so large as Brazil.Practical implicationsThe new taxonomy can help marketing practitioners better understand the main sources of LS stemming from each type of consumption to customize marketing mix and more effectively communicate to EM consumers.Social implicationsIn spite of the scope limited to Brazil, this study shall help policy-makers and NGOs design public goods and services, thereby significantly increasing consumer LS and improve living conditions in EMs.Originality/valueA systemic approach contributes to the body of marketing theory by replacing the dichotomic classifications of consumer LS with a clear conceptualization of all types of consumption that are integrated into a holistic framework.

Download Full-text

People-process-performance benchmarking technique in cloud computing environment

International Journal of Productivity and Performance Management ◽

10.1108/ijppm-04-2017-0083 ◽

2019 ◽

Vol 69 (9) ◽

pp. 1955-1972

Author(s):

Issam Kouatli

Keyword(s):

Cloud Computing ◽

Focus Group ◽

Performance Measurement ◽

Service Provider ◽

Data Center ◽

Best Practice ◽

Service Providers ◽

Cloud Service ◽

Process Performance ◽

Content Type

Purpose Cloud computing is relatively a new type of technology demanding a new method of management techniques to attain security and privacy leading to customer satisfaction regarding “Business Protection” measure. As cloud computing businesses are usually composed of multiple colocation sites/departments, the purpose of this paper is to propose a benchmark operation to measure and compare the overall integrated people-process-performance (PPP) among different departments within cloud computing organization. The purpose of this paper is to motivate staff/units to improve the process performance and meet the standards in a competitive approach among business units. Design/methodology/approach The research method was conducted at Cirrus Ltd, which is a cloud computing service provider where a focus group consists of six IT professionals/managers. The objective of the focus group was to investigate the proposed technique by selecting the best practices relevant criteria, with the relevant sub-criteria as a benchmarking performance tool to measure PPP via an analytic hierarchy processing (AHP) approach. The standard pairwise comparative AHP scale was used to measure the performance of three different teams defined as production team, user acceptance testing team and the development team. Findings Based on best practice performance measurement (reviewed in this paper) of cloud computing, the proposed AHP model was implemented in a local medium-sized cloud service provider named “Cirrus” with their single site data center. The actual criteria relevant to Cirrus was an adaptation of the “Best practice” described in the literature. The main reason for the adaptation of criteria was that the principle of PPP assumes multiple departments/datacenters located in a different geographical area in large service providers. As Cirrus is a type of SMEs, the adaptation of performance measurement was based on teams within the same data center location. Irrelevant of this adaptation, the objective of measuring vendors KPI using the AHP technique as a specific output of PPP is also a valid situation. Practical implications This study provides guidance for achieving cloud computing performance measurement using the AHP technique. Hence, the proposed technique is an integrated model to measure the PPP under monitored cloud environment. Originality/value The proposed technique measures and manages the performance of cloud service providers that also implicitly act as a catalyst to attain trust in such high information-sensitive environment leading to organizational effectiveness of managing cloud organizations.

Download Full-text

Conference report: innovation, interaction … and a lot of data: first time reflections on Internet Librarian International, UK 2018

Library Hi Tech News ◽

10.1108/lhtn-11-2018-0072 ◽

2019 ◽

Vol 36 (2) ◽

pp. 21-22

Author(s):

Ray Harper

Keyword(s):

Best Practice ◽

New Technologies ◽

Conference Report ◽

Library Services ◽

New Techniques ◽

Content Type ◽

Making A Difference ◽

Analyse Data ◽

Physical Spaces ◽

First Time

Purpose The purpose of this paper is to summarise a number of presentations at Day 1 of the Internet Librarian International conference, London, UK (16 October 2018). This was the 20th conference in the series, and the three key themes included were the next-gen library and librarian; understanding users, usage and user experience; and inclusion and inspiration: libraries making a difference. Design/methodology/approach This paper reports from the viewpoint of a first-time attendee of the conference. This summarises the main issues raised by each presentation and draws out the key learning points for practical situations. Findings The conference covered a variety of practical ways in which libraries can use technology to support users and make decisions about services. These include developing interactive physical spaces which include augmented reality; introducing “chat-bots” to support users; using new techniques to analyse data; and piloting new ways to engage users (such as coding clubs). A key theme was how we use and harness data in a way that is ethical, effective and relevant to library services. Originality/value This conference focussed on practical examples of how library and information services across sectors and countries are innovating in a period of huge change. The conference gave delegates numerous useful ideas and examples of best practice and demonstrated the strength of the profession in adapting to new technologies and developments.

Download Full-text

Utilising Flow Aggregation to Classify Benign Imitating Attacks

Sensors ◽

10.3390/s21051761 ◽

2021 ◽

Vol 21 (5) ◽

pp. 1761

Author(s):

Hanan Hindy ◽

Robert Atkinson ◽

Christos Tachtatzis ◽

Ethan Bayne ◽

Miroslav Bures ◽

...

Keyword(s):

Machine Learning ◽

Feature Extraction ◽

Network Traffic ◽

Cyber Attacks ◽

Detection Accuracy ◽

Computational Power ◽

Human Understanding ◽

Flow Aggregation ◽

Additional Level ◽

Attack Surfaces

Cyber-attacks continue to grow, both in terms of volume and sophistication. This is aided by an increase in available computational power, expanding attack surfaces, and advancements in the human understanding of how to make attacks undetectable. Unsurprisingly, machine learning is utilised to defend against these attacks. In many applications, the choice of features is more important than the choice of model. A range of studies have, with varying degrees of success, attempted to discriminate between benign traffic and well-known cyber-attacks. The features used in these studies are broadly similar and have demonstrated their effectiveness in situations where cyber-attacks do not imitate benign behaviour. To overcome this barrier, in this manuscript, we introduce new features based on a higher level of abstraction of network traffic. Specifically, we perform flow aggregation by grouping flows with similarities. This additional level of feature abstraction benefits from cumulative information, thus qualifying the models to classify cyber-attacks that mimic benign traffic. The performance of the new features is evaluated using the benchmark CICIDS2017 dataset, and the results demonstrate their validity and effectiveness. This novel proposal will improve the detection accuracy of cyber-attacks and also build towards a new direction of feature extraction for complex ones.

Download Full-text