scholarly journals Grid Cyber-Security Strategy in an Attacker-Defender Model

Cryptography ◽  
2021 ◽  
Vol 5 (2) ◽  
pp. 12
Author(s):  
Yu-Cheng Chen ◽  
Vincent John Mooney ◽  
Santiago Grijalva
Keyword(s):  
Cyber Security ◽  
Mathematical Proof ◽  
Power Grid ◽  
Cyber Attacks ◽  
Security Strategy ◽  
Defense Strategies ◽  
Access Controls ◽  
Average Probability ◽  
Novel Concept ◽  
First Time

The progression of cyber-attacks on the cyber-physical system is analyzed by the Probabilistic, Learning Attacker, and Dynamic Defender (PLADD) model. Although our research does apply to all cyber-physical systems, we focus on power grid infrastructure. The PLADD model evaluates the effectiveness of moving target defense (MTD) techniques. We consider the power grid attack scenarios in the AND configurations and OR configurations. In addition, we consider, for the first time ever, power grid attack scenarios involving both AND configurations and OR configurations simultaneously. Cyber-security managers can use the strategy introduced in this manuscript to optimize their defense strategies. Specifically, our research provides insight into when to reset access controls (such as passwords, internet protocol addresses, and session keys), to minimize the probability of a successful attack. Our mathematical proof for the OR configuration of multiple PLADD games shows that it is best if all access controls are reset simultaneously. For the AND configuration, our mathematical proof shows that it is best (in terms of minimizing the attacker′s average probability of success) that the resets are equally spaced apart. We introduce a novel concept called hierarchical parallel PLADD system to cover additional attack scenarios that require combinations of AND and OR configurations.

Cooperation and Free Riding in Cyber Security Information-Sharing Programs

2018 ◽  
pp. 309-324 ◽  
Author(s):  
Asmeret Bier Naugle ◽  
Austin Silva ◽  
Munaf Aamir
Keyword(s):  
Information Sharing ◽  
Cyber Security ◽  
Low Cost ◽  
Cost Savings ◽  
Free Riding ◽  
Cyber Attacks ◽  
Defense Strategies ◽  
Shared Information ◽  
Substantial Investment ◽  
Human Decision

Even with substantial investment in cyber defense, the risk of harm from cyber attacks is significant for many organizations. Multi-organization information-sharing programs have the potential to improve cyber security at relatively low cost by allowing organizations that face similar threats to share information on vulnerabilities, attacks, and defense strategies. The dynamics of an information-sharing program are likely to depend heavily on interactions between human decision makers. This article describes a system dynamics model of an information-sharing program. The model incorporates decision-making strategies of managers and cyber defenders in each participating organization. The model was used to assess how free-riding behavior is likely to affect the success of a multi-organization information-sharing program. Results shows that free riding may make information sharing more volatile and less beneficial early on, but other factors, including cost savings and the perceived utility of shared information, are likely to create success later in the time horizon.

scholarly journals Creating and Implementing an Effective and Deterrent National Cyber Security Strategy

2020 ◽  
Vol 2020 ◽  
pp. 1-19
Author(s):  
Mustafa Senol ◽  
Ertugrul Karacuha
Keyword(s):  
Cyber Security ◽  
Integrated Approach ◽  
Basic Structure ◽  
Management Control ◽  
Cyber Attacks ◽  
Security Strategy ◽  
Security Issues ◽  
New Concepts ◽  
National Power ◽  
High Degree

This paper presents a new national cyber security strategy (NCSS) covering the deterrence perspective from creation to implementation. With the aim of responding to and ensuring cyber security effectively, studies on which pathways should be followed and what methods should be used to develop, create, and implement a NCSS are being conducted in Turkey, as in all countries. In this context, by explaining the importance of cyber power, the need for cyber power to be considered as one of the elements of national power and the importance of providing security against cyber attacks with deterrence by cyber power are discussed, while a new and integrated approach for the creation and implementation of a NCSS and an authoritarian organizational structure responsible for this strategy is proposed. It can be concluded that the proposed effective and deterrent NCSS model and approaches might help to efficiently and effectively handle these issues for better management, control, and auditing for cyber security issues; provide new concepts for cyber security issues supported by cyber power and deterrence on this issue in the world; introduce integrated approach to cyber security strategies and policies on the stages of developing and implementing a NCSS; bring a number of issues to support cyber security and defence in different perspectives; and achieve a high degree of success, especially in terms of effectiveness and existing deterrence strategies and action plans of basic structure, with the proposed approach. Finally, it is expected that the proposed strategy, steps, and suggestions might help to improve cyber security issues and national strategies in near future to secure national assessment more than ever with a powerful concept of deterrence. In addition, this approach, which has been put forward for effective implementation of cyber security by ensuring better management, control, and supervision, can be easily used by all other countries.

Cooperation and Free Riding in Cyber Security Information-Sharing Programs

2017 ◽  
Vol 6 (2) ◽  
pp. 71-85
Author(s):  
Asmeret Bier Naugle ◽  
Austin Silva ◽  
Munaf Aamir
Keyword(s):  
Information Sharing ◽  
Cyber Security ◽  
Low Cost ◽  
Cost Savings ◽  
Free Riding ◽  
Cyber Attacks ◽  
Defense Strategies ◽  
Shared Information ◽  
Substantial Investment ◽  
Human Decision

Even with substantial investment in cyber defense, the risk of harm from cyber attacks is significant for many organizations. Multi-organization information-sharing programs have the potential to improve cyber security at relatively low cost by allowing organizations that face similar threats to share information on vulnerabilities, attacks, and defense strategies. The dynamics of an information-sharing program are likely to depend heavily on interactions between human decision makers. This article describes a system dynamics model of an information-sharing program. The model incorporates decision-making strategies of managers and cyber defenders in each participating organization. The model was used to assess how free-riding behavior is likely to affect the success of a multi-organization information-sharing program. Results shows that free riding may make information sharing more volatile and less beneficial early on, but other factors, including cost savings and the perceived utility of shared information, are likely to create success later in the time horizon.

An Adversarial Model for Expressing Attacks on Control Protocols

2012 ◽  
Vol 9 (3) ◽  
pp. 243-255 ◽  
Author(s):  
Jonathan Butts ◽  
Mason Rice ◽  
Sujeet Shenoi
Keyword(s):  
Communication Systems ◽  
Power Grid ◽  
Cyber Attacks ◽  
Gas Pipeline ◽  
Defense Strategies ◽  
Oil Pipelines ◽  
Control Protocols ◽  
Attack And Defense ◽  
Adversarial Model

In this paper we present a model for expressing attacks on control protocols that involve the exchange of messages. Attacks are modeled using the notion of an attacker who can block and/or fabricate messages. These two attack mechanisms cover a variety of scenarios ranging from power grid failures to cyber attacks on oil pipelines. The model provides a method to syntactically express communication systems and attacks, which supports the development of attack and defense strategies. For demonstration purposes, an attack instance is modeled that shows how a targeted messaging attack can result in the rupture of a gas pipeline.

scholarly journals A Cyber-secure Framework for Power Grids Based on Federated Learning

2020 ◽  
Author(s):  
Shutang You
Keyword(s):  
Power Systems ◽  
Cyber Security ◽  
Power Grid ◽  
Main Idea ◽  
Cyber Attacks ◽  
Power Grids ◽  
Grid Data ◽  
Local Data ◽  
Reliable Power Supply ◽  
Secure Framework

Cyber security is important of power grids to ensure secure and reliable power supply. This paper presented a cyber- secure framework for power grids based on federated learning. In this framework, each entity, which may be a distribution/transmission/generation service provider or even a customer, can contribute to the overall system immunity and robustness to cyber-attacks, while not required to share local data, which may have privacy, legal and property concerns. The main idea is to use the federated learning framework to share the knowledge learned from local data instead of sharing power grid data itself. With complete knowledge learned from all data from the power grid, each entity is better positioned to defend the cyber-attacks and improve power grid resiliency. Future work on applying this federated learning based framework in power systems is also discussed.

scholarly journals A Multi-Layer Security Scheme for Mitigating Smart Grid Vulnerability against Faults and Cyber-Attacks

2021 ◽  
Vol 11 (21) ◽  
pp. 9972
Author(s):  
Jian Chen ◽  
Mohamed A. Mohamed ◽  
Udaya Dampage ◽  
Mostafa Rezaei ◽  
Saleh H. Salmen ◽  
...  
Keyword(s):  
Smart Grid ◽  
Cyber Security ◽  
Power Grid ◽  
Cyber Attacks ◽  
Security Protocol ◽  
Comprehensive Approach ◽  
Transform Method ◽  
General Role ◽  
Uncertainty Parameters ◽  
The Impact

To comply with electric power grid automation strategies, new cyber-security protocols and protection are required. What we now experience is a new type of protection against new disturbances namely cyber-attacks. In the same vein, the impact of disturbances arising from faults or cyber-attacks should be surveyed by network vulnerability criteria alone. It is clear that the diagnosis of vulnerable points protects the power grid against disturbances that would inhibit outages such as blackouts. So, the first step is determining the network vulnerable points, and then proposing a support method to deal with these outages. This research proposes a comprehensive approach to deal with outages by determining network vulnerable points due to physical faults and cyber-attacks. The first point, the network vulnerable points against network faults are covered by microgrids. As the second one, a new cyber-security protocol named multi-layer security is proposed in order to prevent targeted cyber-attacks. The first layer is a cyber-security-based blockchain method that plays a general role. The second layer is a cyber-security-based reinforcement-learning method, which supports the vulnerable points by monitoring data. On the other hand, the trend of solving problems becomes routine when no ambiguity arises in different sections of the smart grid, while it is far from a big network’s realities. Hence, the impact of uncertainty parameters on the proposed framework needs to be considered. Accordingly, the unscented transform method is modeled in this research. The simulation results illustrate that applying such a comprehensive approach can greatly pull down the probability of blackouts.

Cyber Diplomacy

2021 ◽  
Vol 10 (2) ◽  
pp. 37-50
Author(s):  
Andreea DRAGOMIR
Keyword(s):  
European Union ◽  
Cyber Security ◽  
Main Idea ◽  
Cyber Attacks ◽  
The European Union ◽  
Security Strategy ◽  
Cyber Defense ◽  
Member States ◽  
Cross Border ◽  
The Cross

The article aims to highlight issues related to the risks to both the European Union and the Member States, but at the same time seeks to highlight current legislative and political approaches applicable in cyberspace. This set of tools used in cyber diplomacy includes the concepts of cooperation and diplomatic dialogue (common cyber network of EU states, common cyber defense unit) but also measures to prevent cyber-attacks (European Union Cyber Security Strategy), as well as sanctions. Throughout this presentation, the main idea is supported by the cross-border nature of cyberspace.

Analysis of Cyber-Attacks Against the Transportation Sector

2018 ◽  
pp. 1384-1402
Author(s):  
Brett van Niekerk
Keyword(s):  
Information Sharing ◽  
Cyber Security ◽  
Power Grid ◽  
Tourism Industry ◽  
Cyber Attacks ◽  
Transport Infrastructure ◽  
Cyber Defense ◽  
Transportation Sector ◽  
Threat Intelligence ◽  
Security Incidents

For many countries the physical transport infrastructure is critical to the economy, with ports forming a gateway for the majority of trade, and rail and road used to distribute goods. Airlines are crucial to the tourism industry. Whilst the focus of cyber-defense is on financial networks and the power grid, recent incidents illustrate that the transport infrastructure is also susceptible to cyber-attacks. The chapter provides an overview of cyber-security incidents related to the transportation sector, and analyses the reports of the incidents to illustrate the prevalence of threat types and impact. The chapter then discusses some efforts to mitigate the threats in terms of regulations, threat intelligence and information sharing, and awareness training.

scholarly journals Wireless Sensor Network Based Smart Grid Communications: Cyber Attacks, Intrusion Detection System and Topology Control

2016 ◽  
Author(s):  
Lipi Chhaya ◽  
Paawan Sharma ◽  
Govind Bhagwatikar ◽  
Adesh Kumar
Keyword(s):  
Communication Network ◽  
Smart Grid ◽  
Cyber Security ◽  
Power Grid ◽  
Cyber Attacks ◽  
Wireless Sensor ◽  
Grid Technology ◽  
Monitoring And Control ◽  
And Control ◽  
Smart Grid Technology

An existing power grid is going through a massive transformation. Smart grid technology is a radical approach for improvisation in prevailing power grid. Integration of electrical and communication infrastructure is inevitable for the deployment of Smart grid network. Smart grid technology is characterized by full duplex communication, automatic metering infrastructure, renewable energy integration, distribution automation and complete monitoring and control of entire power grid. Wireless sensor networks (WSNs) are small micro electrical mechanical systems which are accomplished to collect and communicate the data from surroundings. WSNs can be used for monitoring and control of smart grid assets. Security of wireless sensor based communication network is a major concern for researchers and developers. The limited processing capabilities of wireless sensor networks make them more vulnerable to cyber-attacks. The countermeasures against cyber-attacks must be less complex with an ability to offer confidentiality, data readiness and integrity. The address oriented design and development approach for usual communication network requires a paradigm shift to design data oriented WSN architecture. WSN security is an inevitable part of smart grid cyber security. This paper is expected to serve as a comprehensive assessment and analysis of communication standards, cyber security issues and solutions for WSN based smart grid infrastructure.

scholarly journals CYBER SECURITY STRATEGIES FOR HIGHER EDUCATION INSTITUTIONS

2021 ◽  
Vol XXVIII (4) ◽  
pp. 74-92
Author(s):  
Arina Alexei ◽  
Keyword(s):  
Higher Education ◽  
Cyber Security ◽  
Higher Education Institutions ◽  
Cost Effective ◽  
Cyber Attacks ◽  
Security Policies ◽  
Management Process ◽  
Security Strategy ◽  
Risk Management Process ◽  
Scientific Papers

Due to the large volume of data they manage, Higher Education Institutions (HEIs) are perfect targets for cyber attackers. University networks are open in design, decentralized and multi-user, making them vulnerable to cyber-attacks. The purpose of this research paper was to identify which is the recommended cyber security strategy and how comprehensive are these studies, within HEIs. The method proposed by Kitchenham was used, focused on the information community. Thus, the following results can be communicated: researchers recommend their own security strategies, because the standards analysed in the papers are not oriented on HEIs, and require important adjustments to be implemented. Most scientific papers do not describe risk management process. The implementation phases are also insufficiently analysed. The functions that the strategy addressed by HEIs should fulfill include identification, protection and detection. The validation methods used in the preimplementation and post-implementation phases are case studies and surveys. Most researchers recommend as final cyber security strategy IT Governance and security policies. The field of research has proved to be very interesting, the researches could contribute to the creation of a comprehensive cybersecurity strategy, focused on the specifics of HEIs, efficient, easy to implement and cost-effective.

Sign in / Sign up

Export Citation Format

Share Document