Providing Cyber Situational Awareness (CSA) for PTC Using a Distributed IDS System (DIDS)

2018 ◽  
Author(s):  
Satish Kolli ◽  
Joshua Lilly ◽  
Duminda Wijesekera
Keyword(s):  
Real Time ◽  
Cyber Security ◽  
Software Defined Radio ◽  
Situational Awareness ◽  
Radio Networks ◽  
Cyber Attacks ◽  
Worker Safety ◽  
The Status ◽  
Interface Unit ◽  
Office System

American Railroads are planning to complete implementation of their Positive Train Control (PTC) systems by 2020 with the primary safety objectives of avoiding inter-train collisions, train derailments and ensuring railroad worker safety. Under published I-ETMS specifications, the onboard unit (OBU) communicates with two networks; (1) the Signaling network that conveys track warrants to occupy blocks etc. and (2) the Wayside Interface Unit (WIU) network, a sensor network situated on tracks to gather navigational information. These include the status of rail infrastructure (such as switches) and any operational hazards that may affect the intended train path. In order to facilitate timely delivery of messages, PTC systems will have a reliable radio network operating in the reserved 220MHz spectrum, although the PTC system itself is designed to be a real-time fail safe distributed control systems. Both the signaling and the WIUs communicate their information (track warrants, speed restrictions, and Beacon status) using software defined radio networks. Given that PTC systems are controlled by radio networks, they are subjected to cyber-attacks. We show a design and a prototype implementation of a PTC Cyber Situational awareness system that gathers information from WIU devices and Locomotives for the use of rail operators. In order to do so, we designed secure IDS components to reside on the On Board Units (OBU), signaling points (SP) and the WIUs that gather real-time status information and share them with the Back Office system to provide the cyber-security health of the communication fabric. Our system is able to detect and share information about command replay, hash breaking guessing and message corruption attacks.

scholarly journals Design of a dynamic and self-adapting system, supported with artificial intelligence, machine learning and real-time intelligence for predictive cyber risk analytics in extreme environments – cyber risk in the colonisation of Mars

2021 ◽  
Author(s):  
Petar Radanliev ◽  
David De Roure ◽  
Kevin Page ◽  
Max Van Kleek ◽  
Omar Santos ◽  
...  
Keyword(s):  
Artificial Intelligence ◽  
Machine Learning ◽  
Real Time ◽  
Cyber Security ◽  
Extreme Environments ◽  
Learning Technologies ◽  
Cyber Attacks ◽  
Edge Computing ◽  
Mathematical Formulas ◽  
Cyber Risk

AbstractMultiple governmental agencies and private organisations have made commitments for the colonisation of Mars. Such colonisation requires complex systems and infrastructure that could be very costly to repair or replace in cases of cyber-attacks. This paper surveys deep learning algorithms, IoT cyber security and risk models, and established mathematical formulas to identify the best approach for developing a dynamic and self-adapting system for predictive cyber risk analytics supported with Artificial Intelligence and Machine Learning and real-time intelligence in edge computing. The paper presents a new mathematical approach for integrating concepts for cognition engine design, edge computing and Artificial Intelligence and Machine Learning to automate anomaly detection. This engine instigates a step change by applying Artificial Intelligence and Machine Learning embedded at the edge of IoT networks, to deliver safe and functional real-time intelligence for predictive cyber risk analytics. This will enhance capacities for risk analytics and assists in the creation of a comprehensive and systematic understanding of the opportunities and threats that arise when edge computing nodes are deployed, and when Artificial Intelligence and Machine Learning technologies are migrated to the periphery of the internet and into local IoT networks.

Cyber Security Operations Centre Concepts and Implementation

2020 ◽  
pp. 88-104
Author(s):  
Enoch Agyepong ◽  
Yulia Cherdantseva ◽  
Philipp Reinecke ◽  
Pete Burnap
Keyword(s):  
Real Time ◽  
Cyber Security ◽  
Situational Awareness ◽  
Vital Role ◽  
It Professionals ◽  
Enterprise Network ◽  
Security Operations

Cyber security operations centres (SOCs) are attracting much attention in recent times as they play a vital role in helping businesses to detect cyberattacks, maintain cyber situational awareness, and mitigate real-time cybersecurity threats. Literature often cites the monitoring of an enterprise network and the detection of cyberattacks as core functions of an SOC. While this may be true, an SOC offers more functions than the detection of cyberattacks. For example, an SOC can provide functions that focus on helping an organisation to meet regulatory and compliance requirement. A better understanding of the functions that could be offered by an SOC is useful as this can aid businesses running an in-house SOC to extend their SOC capabilities to improve their overall cybersecurity posture. The goal of this chapter is to present the basics one needs to know about SOCs. The authors also introduce readers and IT professionals who are not familiar with SOCs to SOC concepts, types of SOC implementation, the functions and services offered by SOCs, along with some of the challenges faced by an SOC.

scholarly journals Enhancing Navigator Competence by Demonstrating Maritime Cyber Security

2018 ◽  
Vol 71 (5) ◽  
pp. 1025-1039 ◽  
Author(s):  
Odd Sveinung Hareide ◽  
Øyvind Jøsok ◽  
Mass Soldal Lund ◽  
Runar Ostnes ◽  
Kirsi Helkala
Keyword(s):  
Work Environment ◽  
Information And Communication Technology ◽  
Communication Technology ◽  
Cyber Security ◽  
Situational Awareness ◽  
Cyber Attacks ◽  
The Internet ◽  
Cyber Attack ◽  
Cyber Threats ◽  
Information And Communication

As technology continues to develop, information and communication technology and operational technology on board ships are increasingly being networked, and more frequently connected to the Internet. The introduction of cyber systems changes the work environment with the aim of decreasing the workload for the navigator, but at the same time introduces more complexity and vulnerabilities that in turn may alter the competencies needed to perform safe and efficient navigation. Contemporary examples of how cyber-attacks can distort situational awareness and interfere with operations are needed to enhance the navigator's competence through increased system awareness. This paper demonstrates some of the possible attack vectors that a cyber-attack can present to a ship, as well as discussing the plausibility and consequences of such attacks. In this study we provide a practical example to better understand how one can demystify cyber threats in order to enhance the navigators' competence.

scholarly journals Cyber Situational Awareness in Critical Infrastructure Protection

2020 ◽  
Vol 3 (1) ◽  
Author(s):  
Jouni Pöyhönen ◽  
Jyri Rajamäki ◽  
Harri Ruoslahti ◽  
Martti Lehto
Keyword(s):  
Decision Making ◽  
Situation Awareness ◽  
Cyber Security ◽  
Situational Awareness ◽  
Critical Infrastructure ◽  
Research Question ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
The European Union ◽  
Domain Specific

The European Union promotes collaboration between authorities and the private sector, and the providers of the most critical services to society face security related obligations. In this paper, critical infrastructure is seen as a system of systems that can be subject to cyber-attacks and  other disturbances. Situational awareness (SA) enhances preparations for and decision-making during assessed and unforeseen disruptive incidents, and promoting Cyber effective situational  awareness (CSA) requires information sharing between the different interest groups. This research is constructive in nature, where innovative constructions developed as solutions  for domain-specific real world problems, while the research question is: “How can cyber  situational awareness protect critical infrastructures?” The Observe – Orient – Decide – Act (OODA) loop is examined as a way to promote  collaboration towards a shared situational picture, awareness and understanding to meet challenges of forming CSA in relation to risk assessment (RA) and improving resilience. Three levels of organizational decision-making are examined in relation a five-layer cyber structure of an organization to provide a more comprehensive systems view of organizational cyber security. Successful, crisis-management efforts enable organizations to sustain and resume operations, minimize losses, and adapt to manage future incidents, as many critical infrastructures typically lack resilience and may easily lose essential functionality when hit by an adverse event. Situation awareness is the main prerequisite towards cyber security. Without situation awareness, it is impossible to systematically prevent, identify, and protect the system from cyber incidents.

scholarly journals CLAP: A Cross-Layer Analytic Platform for the Correlation of Cyber and Physical Security Events Affecting Water Critical Infrastructures

2021 ◽  
Vol 1 (2) ◽  
pp. 365-386
Author(s):  
Gustavo Gonzalez-Granadillo ◽  
Rodrigo Diaz ◽  
Juan Caubet ◽  
Ignasi Garcia-Milà
Keyword(s):  
Real Time ◽  
Cyber Security ◽  
Cross Correlation ◽  
Cyber Attacks ◽  
Cross Layer ◽  
Decision Making Process ◽  
Physical Security ◽  
Security Analysts ◽  
Correlation Rules ◽  
Active Attack

Water CIs are exposed to a wide number of IT challenges that go from the cooperation and alignment between physical and cyber security teams to the proliferation of new vulnerabilities and complex cyber-attacks with potential disastrous consequences. Although novel and powerful solutions are proposed in the literature, most of them lack appropriate mechanisms to detect cyber and physical attacks in real time. We propose a Cross-Layer Analytic Platform (denoted as CLAP) developed for the correlation of Cyber and Physical security events affecting water CIs. CLAP aims to improve the detection of complex attack scenarios in real time based on the correlation of cyber and physical security events. The platform assigns appropriate severity values to each correlated alarm that will guide security analysts in the decision-making process of prioritizing mitigation actions. A series of passive and active attack scenarios against the target infrastructure are presented at the end of the paper to show the mechanisms used for the detection and correlation of cyber–physical security events. Results show promising benefits in the improvement of response accuracy, false rates reduction and real-time detection of complex attacks based on cross-correlation rules.

Real-time Worker Safety Management System Using Deep Learning-based Video Analysis Algorithm

2020 ◽  
Vol 9 (3) ◽  
pp. 25-30
Author(s):  
So Yeon Jeon ◽  
Jong Hwa Park ◽  
Sang Byung Youn ◽  
Young Soo Kim ◽  
Yong Sung Lee ◽  
...  
Keyword(s):  
Deep Learning ◽  
Real Time ◽  
Video Analysis ◽  
Management System ◽  
Safety Management ◽  
Worker Safety ◽  
Safety Management System ◽  
Analysis Algorithm

scholarly journals Spectrum Awareness for Cognitive Radios Supported by Radio Environment Maps: Zonal Approach

2021 ◽  
Vol 11 (7) ◽  
pp. 2910
Author(s):  
Paweł Kaniewski ◽  
Janusz Romanik ◽  
Edward Golan ◽  
Krzysztof Zubel
Keyword(s):  
Situational Awareness ◽  
Cognitive Radios ◽  
Field Tests ◽  
Radio Networks ◽  
Map Construction ◽  
Environment Map ◽  
Construction Techniques ◽  
Interpolation Techniques ◽  
Environment Maps ◽  
Radio Environment Maps

In this paper, we present the concept of the Radio Environment Map (REM) designed to ensure electromagnetic situational awareness of cognitive radio networks. The map construction techniques based on spatial statistics are presented. The results of field tests done for Ultra High Frequency (UHF) range with different numbers of sensors are shown. Exemplary maps with selected interpolation techniques are presented. Control points where the signal from licensed users is correctly estimated are identified. Finally, the map quality is assessed, and the most promising interpolation techniques are selected.

Sign in / Sign up

Export Citation Format

Share Document