Cybersecurity for railways – A maturity model

Author(s):  
Ravdeep Kour ◽  
Ramin Karim ◽  
Adithya Thaduri

With the advancements in and widespread adoption of information and communication technologies in infrastructures, cyber-attacks are becoming more frequent and more severe. Advanced cybersecurity threats with automated capabilities are increasing in such sectors as finance, health, grid, retail, government, telecommunications, transportation, etc. Cyber-attacks are also increasing in railways with an impact on railway stakeholders, e.g. threat to the safety of employees, passengers, or the public in general; loss of sensitive railway information; reputational damage; monetary loss; erroneous decisions; loss of dependability, etc. There is a need to move towards advanced security analytics and automation to identify, respond to, and prevent such security breaches. The objective of this research is to reduce cyber risks and vulnerabilities and to improve the cybersecurity capabilities of railways by evaluating their cybersecurity maturity levels and making recommendations for improvements. After assessing various cybersecurity maturity models, the Cybersecurity Capability Maturity Model (C2M2) was selected to assess the cybersecurity capabilities of railway organizations. The contributions of this research are as follows. First, a new maturity level MIL4 (Maturity Indicator Level 4) is introduced in the C2M2 model. Second, the C2M2 model is adapted by adding advanced security analytics and threat intelligence to develop the Railway-Cybersecurity Capability Maturity Model (R-C2M2). The cybersecurity maturity of three railway organizations is evaluated using this model. Third, recommendations and available standards & guidelines are provided to the three railway organizations to improve maturity levels within different domains. In addition, they are given an action plan to implement the recommendations in a streamlined way. The application of this model will allow railway organizations to improve their capability to reduce the impacts of cyber-attacks and eradicate vulnerabilities. The approach can also be extended to other infrastructures with necessary adaptations.

Author(s):  
Fernando Sebastián Flores-Avila ◽  
Juan Manuel Riaño-Caraza ◽  
Jesús Antonio Colina-Alvarez

As part of its strategic plan 2014–2018 Pemex Exploration and Production (PEP) has decided to modify the organizational structure in order to change from a function based structure to a new one based in process, supported on three fundamental axes: People, Processes and Technology. On this direction, it has been assigned to the Technical Resources Management Vice-presidency the responsibility to implement a strategy that will enable to improve performance into the Assets of the Marine Region. This paper presents the experiences and achievements reached by implementing the strategy of “Integrated Production Management by Processes” which goal is to create and implement a management model that will contribute to the optimization of the Asset performance, integrating through the people, management processes, workflows and information and communication technologies. The “Integrated Production Management by Processes” model, is based on five elements that work integrated and coordinated way; these are: • Organizational issues. • Work methodologies. • Information management. • Monitoring key performance indicators (KPI). • Production costs management The proposal on this paper is based on developing a business process management methodology for PEMEX, by applying the 5 elements of the model to measure current performance of the production assets in order to find the existing gaps between the current management model and the Integrated Production Management by Processes and implement an action plan to close those gaps. In order to homologate and standardize the measurements in PEMEX’s assets, a Capability Maturity Model was developed according to the ISO 9004-2010 and Mexican Standard NMX-CC-9004-IMNC-2009. The maturity model allows weighting each one of the 5 elements into 5 dimensionless levels. The lowest level 1 means that the asset is in the initial stage and it has the Vision of a Functional Management; on the other hand, the highest level 5 means that asset has implemented the new model and has reached a Sustainable Management. To implement the Integrated Production Management by Processes, assets need to demonstrate that Level 4 has been reached.


2020 ◽  
Vol 26 (3) ◽  
pp. 39-42
Author(s):  
Mihaela Anamaria Bostan-Pop ◽  
Romana Oancea

AbstractConsidering that the level of cyber threats is constantly increasing, a necessary demand emerges from organizations and corporations worldwide to protect their networks against possible cyber-attacks. In the future all malicious actions that occur in cyberspace will continue to alter the way we approach the security of an entire network. The article presents the most stringent need concerning the technical specialization of future officers, highlighting the knowledge entailed in order to better understand the complexity of a mission that takes place in virtual space. Undoubtedly, modern battlefield incorporates a virtual component where nearly all weapons systems rely upon information and communication technologies in order to connect and achieve operational level. The demand for future cyber defence specialists in the military domain reached a high level all over the world, and there will be a challenging process to be able to create a highly skilled workforce to fight against a large scale of malicious activities that have impact upon the national security system.


2021 ◽  
pp. 96-102
Author(s):  
T. О. Pavlova

The article is devoted to the study of the influence of the process of digitalization on the transformation of modern criminal proceedings, the functioning of the institution of justice in general. The introduction of electronic criminal proceedings in our country is due to the development of a modern electronic society and trends in the introduction of information and communication technologies in the world. Electronic criminal proceedings is a “smart” information and analytical system that digitizes paper documents, allows the exchange of files within the framework of criminal proceedings. It is proposed to carry out a detailed and systematic analysis of the provisions of the current national legislation in order to introduce the appropriate substantiated legislative changes and consolidate the concept, stages, and algorithm of the electronic criminal proceedings; the introduction of electronic criminal proceedings on the basis of the functioning of Unified Register of Pre-trial Inquiry. Electronic criminal proceedings are an inevitable phenomenon of the modern information world. For the quality of operation of electronic criminal proceedings, it is necessary to take into account the advantages and risks of the functioning of a “smart” system. The advantages of introducing electronic criminal proceedings include: saving money and time; reduction of terms for consideration of procedural documents; simplification of access of subjects of criminal proceedings within their competence to procedural materials; increasing the efficiency of the investigation of criminal proceedings and so on. The introduction of electronic criminal proceedings should take place quite deliberately, with the understanding that digital technologies will inevitably affect relationship between people and the formation of their thinking. We believe that digital intelligence is not capable to replace a specialist completely. The digitalization of criminal proceedings will entail certain risks and difficulties. It is necessary to protect the collected personal data, which will prevent the drafting of clone documents and the «leaking» of confidential information in connection with cyber-attacks. It is also necessary to protect the provision of necessary equipment for law enforcement officers and judges in the field; the need to integrate among themselves the working electronic systems of the pre-trial inquiry bodies and the court; training of personnel capable of working with digital computer technologies and so on.


TEM Journal ◽  
2020 ◽  
pp. 915-923 ◽  
Author(s):  
Ekkachat Baikloy ◽  
Prasong Praneetpolgrang ◽  
Nivet Jirawichitchai

The research objectives were: 1) to develop cyber resilient model, 2) to develop the cyber resilient capability maturity model and 3) to develop self-assessment model for cyber resilient capability of cloud computing services which are qualitative and applicative research. Referring to the cybersecurity concept from National Institute of Standards and Technology (NIST) from the in-depth interview, focusgroup discussion was developed with cybersecurity experts and data collection from cloud services providers. It was found that trend of cyber-attacks was violent with smarter method. The authors had synthesized the concept of cyber resilient capability maturity model for cloud computing services including developed application for cloud services providers to evaluate their organization in order to improve the better cybersecurity level in cloud computing services and the cyber resilient capability maturity model in the future.


Author(s):  
Sandeep Bhaskar

This chapter presents evidence of using information and communication technologies (ICTs) towards the goal of sustainable community development. It argues that the biggest impediment to the growth of communities in the developing world is a lack of information and a fair incentive system, both of which can be addressed through ICTs. A three pronged action plan comprising of a development strategy, an information strategy, and a technology strategy is proposed towards this effect. The paper also showcases how a for-profit business, ITC Limited, transformed the face of agriculture in some parts of India, and how this model can be replicated in other parts of the world. It concludes with a description of the agricultural sector in Bangladesh and show how lessons drawn from the Indian case can be applied to Bangladesh and other developing countries.


Author(s):  
Sandeep Bhaskar

This chapter presents evidence of using information and communication technologies (ICTs) towards the goal of sustainable community development. It argues that the biggest impediment to the growth of communities in the developing world is a lack of information and a fair incentive system, both of which can be addressed through ICTs. A three pronged action plan comprising of a development strategy, an information strategy, and a technology strategy is proposed towards this effect. The chapter also showcases how a for-profit business, ITC Limited, transformed the face of agriculture in some parts of India, and how this model can be replicated in other parts of the world. It concludes with a description of the agricultural sector in Bangladesh and show how lessons drawn from the Indian case can be applied to Bangladesh and other developing countries.


2018 ◽  
Vol 8 (1) ◽  
pp. 52
Author(s):  
Arliyana Arliyana

The use of information and communication technologies continue to grow each year. This is in line with the increasing demands for the distribution of information quickly and accurately. To keep the system of information and communication technologies into one quality enhancer in a College, then required the existence of a system of governance audit of information technology communications so that all factors are interconnected with the use of information technology can run as expected and all service information and communication technology can continue to be improved by the application of information technology is right on target. The existence of a good system of governance is the answer for the use of information and communication technology systems that are reliable. The role of the audit of the governance system of information and communication technologies as a means of decision makers is needed by a college to ensure that the application of information technology is in compliance with the planning. The COBIT frameworks has a coverage of control purposes which consists of 4 domains (ITGI, 2007), that is Planning and Organization (PO), Acquisition and Implementation (AI), Delivery and Support (DS), and Monitor and Evaluate (ME). In addition to this COBIT framework also has a Maturity Model that is used to find out the position of the maturity of the current governance and continuously strive to improve the level up to the highest level in order for all aspects of the management towards information technology can be done more effectively. Then the results of this research is the description of the analysis of the level of maturity of the implementation of the corporate governance of information and communication technology systems using COBIT framework 4.1 on Library STMIK Palangkaraya.  


Author(s):  
Retno Waluyo ◽  
Gustin Setyaningsih ◽  
Muhammad Kholil

The development of information and communication technology (ICT) has brought change for the people of Indonesia. With ICT, people can more easily access various information and support work. But the problem that arises is the uneven penetration of ICT throughout Indonesia, including in the Randudongkal sub-district. This results in a digital divide and also weak ICT literacy. This study aims to describe the level of ICT Literacy, specifically internet literacy in the village apparatus in the Randudongkal sub-district. Measurement of internet apparatus of village apparatus in Randudongkal sub-district by using three indicators, namely basic knowledge, skills and utilization. The method for measuring literacy levels uses the Personal Capability Maturity Model (P-CMM). The results of internet literacy measurement research with three measurement indicators namely the internet have been used by village officials, but have not mastered and understood internet usage and currently, the level of internet apparatus in village apparatus is at level 2 by using Personal Capability Maturity Model (P-CMM).


2021 ◽  
Vol 11 (16) ◽  
pp. 7363
Author(s):  
Giovanni Battista Gaggero ◽  
Paola Girdinio ◽  
Mario Marchese

Microgrids are growing in importance in the Smart Grid paradigm for power systems. Microgrid security is becoming crucial since these systems increasingly rely on information and communication technologies. Many technologies have been proposed in the last few years for the protection of industrial control systems, ranging from cryptography, network security, security monitoring systems, and innovative control strategies resilient to cyber-attacks. Still, electrical systems and microgrids present their own peculiarities, and some effort has to be put forth to apply cyber-protection technologies in the electrical sector. In the present work, we discuss the latest advancements and research trends in the field of microgrid cybersecurity in a tutorial form.


Author(s):  
Asanee Kawtrakul ◽  
Nantanach Rungrusamiwatanakul ◽  
Somchoke Ruengittinun ◽  
Tawa Khampachua

With the commitment to ASEAN Community integration by 2015 and the continuing advances in information and communication technologies, Thailand has been provided a golden opportunity to not only catch up on current trends and technologies, but also to leap over e-Government and go directly towards Connected Government, or c-Government. In so doing, the government needs to focus on strategic implementation rather than simply developing a conceptual framework of e-Government. This chapter presents the core challenges and co-cultivated roadmap to accelerate connected government and a connected ASEAN. Firstly, there is the Management Challenge in enabling the progression and accelerating the adoption of transformational services; secondly, the Governance Challenge in establishing the comprehensive guiding principles to shape the vision, enterprise structure, committed leadership, coordinated efforts, and strategic action plans; and thirdly, the Foundation Challenge for leveraging the interoperability and establishing a standardized evaluation system with human resources development and joint key performance indices. To overcome these challenges, this chapter proposes proactive strategies and a sustainable roadmap, starting with a SWOT analysis of the lessons learnt in order to understand the current state of e-Government, followed by a clear vision of the future and an action plan for proactively and sustainably implementing c-Government. Input has been gathered not only from the public by e-survey and an IT group of 200 who attended a workshop, but the collective perception of directly concerned CIOs through discussion at a seminar.


Sign in / Sign up

Export Citation Format

Share Document