Exploring Cyber Security Vulnerabilities in the Age of IoT

2017 ◽

pp. 192-206

Author(s):

Shruti Kohli

Keyword(s):

Cyber Security ◽

Low Cost ◽

Cyber Attacks ◽

Rolling Stock ◽

Security Vulnerabilities ◽

Security Breaches ◽

Closed Networks ◽

Train Control ◽

Potential Risks ◽

Physical Assets

The modernization of rail control systems has resulted in an increasing reliance on digital technology and increased the potential for security breaches and cyber-attacks. Higher-level European Train Control System(ETCS) systems in particular depend on communications technologies to enable greater automation of railway operations, and this has made the protecting the integrity of infrastructure, rolling stock, staff and passengers against cyber-attacks ever more crucial. The growth in Internet of Things (IoT) technology has also increased the potential risks in this area, bringing with it the potential for huge numbers of low-cost sensing devices from smaller manufacturers to be installed and used dynamically in large infrastructure systems; systems that previously relied on closed networks and known asset identifiers for protection against cyber-attacks. This chapter demonstrates that how existing data resources that are readily available to the railways could be rapidly combined and mapped to physical assets. This work contributes for developing secure reusable scalable framework for enhancing cyber security of rail assets

Download Full-text

Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security

Symmetry ◽

10.3390/sym12040664 ◽

2020 ◽

Vol 12 (4) ◽

pp. 664 ◽

Cited By ~ 4

Author(s):

Rajeev Kumar ◽

Abhishek Kumar Pandey ◽

Abdullah Baz ◽

Hosam Alhakami ◽

Wajdi Alhakami ◽

...

Keyword(s):

Decision Making ◽

Information Security ◽

Information Management ◽

Cyber Security ◽

Cyber Attacks ◽

Multi Criteria Decision Making ◽

Local Hospital ◽

Healthcare Information ◽

Security Breaches ◽

The Impact

Growing concern about healthcare information security in the wake of alarmingly rising cyber-attacks is being given symmetrical priority by current researchers and cyber security experts. Intruders are penetrating symmetrical mechanisms of healthcare information security continuously. In the same league, the paper presents an overview on the current situation of healthcare information and presents a layered model of healthcare information management in organizations. The paper also evaluates the various factors that have a key contribution in healthcare information security breaches through a hybrid fuzzy-based symmetrical methodology of AHP-TOPSIS. Furthermore, for assessing the effect of the calculated results, the authors have tested the results on local hospital software of Varanasi. Tested results of the factors are validated through the comparison and sensitivity analysis in this study. Tabulated results of the proposed study propose a symmetrical mechanism as the most conversant technique which can be employed by the experts and researchers for preparing security guidelines and strategies.

Download Full-text

Cooperation and Free Riding in Cyber Security Information-Sharing Programs

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch018 ◽

2018 ◽

pp. 309-324 ◽

Cited By ~ 1

Author(s):

Asmeret Bier Naugle ◽

Austin Silva ◽

Munaf Aamir

Keyword(s):

Information Sharing ◽

Cyber Security ◽

Low Cost ◽

Cost Savings ◽

Free Riding ◽

Cyber Attacks ◽

Defense Strategies ◽

Shared Information ◽

Substantial Investment ◽

Human Decision

Even with substantial investment in cyber defense, the risk of harm from cyber attacks is significant for many organizations. Multi-organization information-sharing programs have the potential to improve cyber security at relatively low cost by allowing organizations that face similar threats to share information on vulnerabilities, attacks, and defense strategies. The dynamics of an information-sharing program are likely to depend heavily on interactions between human decision makers. This article describes a system dynamics model of an information-sharing program. The model incorporates decision-making strategies of managers and cyber defenders in each participating organization. The model was used to assess how free-riding behavior is likely to affect the success of a multi-organization information-sharing program. Results shows that free riding may make information sharing more volatile and less beneficial early on, but other factors, including cost savings and the perceived utility of shared information, are likely to create success later in the time horizon.

Download Full-text

Role of Cyber Security in Today's Scenario

Detecting and Mitigating Robotic Cyber Security Risks - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-2154-9.ch013 ◽

2017 ◽

pp. 177-191 ◽

Cited By ~ 7

Author(s):

Manju Khari ◽

Gulshan Shrivastava ◽

Sana Gupta ◽

Rashmi Gupta

Keyword(s):

Information Security ◽

Computer Security ◽

Cyber Security ◽

Cyber Attacks ◽

Cyber Attack ◽

Individual Property ◽

Security Breaches ◽

Information Tools ◽

History Of ◽

Security Standards

Cyber Security is generally used as substitute with the terms Information Security and Computer Security. This work involves an introduction to the Cyber Security and history of Cyber Security is also discussed. This also includes Cyber Security that goes beyond the limits of the traditional information security to involve not only the security of information tools but also the other assets, involving the person's own confidential information. In computer security or information security, relation to the human is basically to relate their duty(s) in the security process. In Cyber security, the factor has an added dimension, referring humans as the targets for the cyber-attacks or even becoming the part of the cyber-attack unknowingly. This also involves the details about the cybercriminals and cyber risks going ahead with the classification of the Cybercrimes which is against individual, property, organisation and society. Impacts of security breaches are also discussed. Countermeasures for computer security are discussed along with the Cyber security standards, services, products, consultancy services, governance and strategies. Risk management with the security architecture has also been discussed. Other section involves the regulation and certification controls; recovery and continuity plans and Cyber security skills.

Download Full-text

Role of Cyber Security in Today's Scenario

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch001 ◽

2018 ◽

pp. 1-15 ◽

Cited By ~ 1

Author(s):

Manju Khari ◽

Gulshan Shrivastava ◽

Sana Gupta ◽

Rashmi Gupta

Keyword(s):

Information Security ◽

Computer Security ◽

Cyber Security ◽

Cyber Attacks ◽

Cyber Attack ◽

Individual Property ◽

Security Breaches ◽

Information Tools ◽

History Of ◽

Security Standards

Cyber Security is generally used as substitute with the terms Information Security and Computer Security. This work involves an introduction to the Cyber Security and history of Cyber Security is also discussed. This also includes Cyber Security that goes beyond the limits of the traditional information security to involve not only the security of information tools but also the other assets, involving the person's own confidential information. In computer security or information security, relation to the human is basically to relate their duty(s) in the security process. In Cyber security, the factor has an added dimension, referring humans as the targets for the cyber-attacks or even becoming the part of the cyber-attack unknowingly. This also involves the details about the cybercriminals and cyber risks going ahead with the classification of the Cybercrimes which is against individual, property, organisation and society. Impacts of security breaches are also discussed. Countermeasures for computer security are discussed along with the Cyber security standards, services, products, consultancy services, governance and strategies. Risk management with the security architecture has also been discussed. Other section involves the regulation and certification controls; recovery and continuity plans and Cyber security skills.

Download Full-text

Cooperation and Free Riding in Cyber Security Information-Sharing Programs

International Journal of System Dynamics Applications ◽

10.4018/ijsda.2017040104 ◽

2017 ◽

Vol 6 (2) ◽

pp. 71-85

Author(s):

Asmeret Bier Naugle ◽

Austin Silva ◽

Munaf Aamir

Keyword(s):

Information Sharing ◽

Cyber Security ◽

Low Cost ◽

Cost Savings ◽

Free Riding ◽

Cyber Attacks ◽

Defense Strategies ◽

Shared Information ◽

Substantial Investment ◽

Human Decision

Even with substantial investment in cyber defense, the risk of harm from cyber attacks is significant for many organizations. Multi-organization information-sharing programs have the potential to improve cyber security at relatively low cost by allowing organizations that face similar threats to share information on vulnerabilities, attacks, and defense strategies. The dynamics of an information-sharing program are likely to depend heavily on interactions between human decision makers. This article describes a system dynamics model of an information-sharing program. The model incorporates decision-making strategies of managers and cyber defenders in each participating organization. The model was used to assess how free-riding behavior is likely to affect the success of a multi-organization information-sharing program. Results shows that free riding may make information sharing more volatile and less beneficial early on, but other factors, including cost savings and the perceived utility of shared information, are likely to create success later in the time horizon.

Download Full-text

A Systematic Review of Network Security Breaches and Solutions

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.k7812.0991120 ◽

2020 ◽

Vol 9 (11) ◽

pp. 334-338

Keyword(s):

Network Security ◽

Cyber Security ◽

Ad Hoc ◽

Cyber Attacks ◽

Healthcare Sector ◽

Personal View ◽

Security Breaches ◽

Security Issues ◽

Different Types ◽

Security Rule

Cyber Security is the protection of unauthorized access of the information. Different threat and issues are present in the network which stole unpredictable amount of data every year. For the information technology and computer systems, a cyber security rule is required to compel different group as well as businesses to secure their systems and information from cyber-attacks. In the healthcare sector huge amount of data can be theft every year which is dangerous for both government and personal view. The technical advancements have increased the risk’s potential in the network in Cloud and Cyber. Security & privacy cracks are the vital issues which need to mitigate to maintain the dignity of the network. This paper conducted a review to secure the network from network security issues. There are various attacks which are vulnerable to the network like DoS, DDoS and Spoofing. These attacks have been described to identify the attacker’s capability. In order to facilitate this, networks such as cloud, ad-hoc, cyber has been described to determine the security, a paradigm. A literature from past studies has been conducted to identify the threats and their behavior. Different types of attacks and their behavior is also studied, and a tabular structure is also presented for better understanding.

Download Full-text

Academic Research on the Role of Corporate Governance and IT Expertise in Addressing Cybersecurity Breaches: Implications for Practice, Policy and Research

Current Issues in Auditing ◽

10.2308/ciia-2020-034 ◽

2021 ◽

Author(s):

Caroline Hartmann ◽

Jimmy Carmenate

Keyword(s):

Corporate Governance ◽

Cyber Security ◽

Audit Committee ◽

Academic Research ◽

Active Role ◽

Cyber Attacks ◽

Security Risks ◽

Security Breaches ◽

Board Level

Frequent cyber-attacks on organizations in the last decade have caught the attention of practitioners and governance bodies, who have called for boards to take a more active role in managing and preventing future cyber risks. Governance surveys however, find that boards are not sufficiently prepared to address cyber security risks due to a lack of IT expertise. Firms have begun appointing technology experts, creating board level technology (IT) committees and delegating responsibilities to the audit committee as a means of managing cybersecurity risk. With the aim of understanding the current and future role of governance mechanisms in managing cybersecurity risks, this paper reviews the existing cybersecurity guidelines and regulations, and summarizes the empirical research related to corporate governance, security breaches, and IT expertise in overseeing cyber risks. Finally, we discuss implications for practice, policy and researchers.

Download Full-text

Challenges, Trends and Solutions for Communication Networks and Cyber-Security in Smart Grid.

Current Chinese Engineering Science ◽

10.2174/2665998002666220114145027 ◽

2022 ◽

Vol 02 ◽

Author(s):

Qutaiba I. Ali ◽

Firas S. Alsharbaty

Keyword(s):

Wireless Communication ◽

Smart Grid ◽

Communication Networks ◽

Cyber Security ◽

Low Cost ◽

High Capacity ◽

Human Growth ◽

Cyber Attacks ◽

Renewable Energy Resources ◽

Quantum Leap

Abstract: Power grid is one of the most important manifestations of the modern civilization and the engine of it where it is described as a digestive system of the civil life. It is a structure has three main functions: generation, transmission lines, distribution. This concept was appropriate for a century. However, the beginning of the twenty-first century brought dramatic changes on different domains: media, human growth, economic, environmental, political, and technical etc. Smart grid is a sophisticated structure including cyber and physical bodies hence it reinforces the sustainability, the energy management, the capability of integration with microgrids, and exploiting the renewable energy resources. The quantum leap of smart grid is related to the advanced communication networks that deal with the cyber part. Moreover, the communication networks of smart grid offer attractive capabilities such as monitoring, control, and protection at the level of real time. The wireless communication techniques in integration frame are promised solution to compensate the requirements of smart grid designing such as wireless local area networks, worldwide interoperability for microwave access, long term evolution, and narrowband- internet of things. These technologies could provide high capacity, flexibility, low-cost maintenance for smart grid. However, the multi-interfaces in smart grid may exploit by persons or agencies to implement different types of cyber-attacks may lead to dangerous damage. This research paper reviews the up-to-date researches in the field of smart grid to handle the new trends and topics in one frame in order to offer integration vision in this vital section. It concentrates on the section of communication networks the mainstay of smart grid. This paper discusses the challenging and requirements of adopting the wireless communication technologies and delves deeply into literature review to devise and suggest solutions to compensate the impairments efficiently. Moreover, it explores the cyber security that representing the real defiant to implement the concept of smart grid safely.

Download Full-text

Cyber Security Analysis for Advanced Train Control System (ATCS) in CTC Systems: Concepts and Methods

2019 Joint Rail Conference ◽

10.1115/jrc2019-1236 ◽

2019 ◽

Author(s):

Zezhou Wang ◽

Xiang Liu ◽

Yongxin Wang ◽

Chaitanya Yavvari ◽

Matthew Jablonski ◽

...

Keyword(s):

Control System ◽

Cyber Security ◽

Traffic Control ◽

Security Analysis ◽

Cyber Attacks ◽

Message Delivery ◽

Radio Communications ◽

Security Issues ◽

Train Control ◽

Train Control System

Advanced Train Control System (ATCS) is a proprietary network protocol that expands the functionality and efficiency of Centralized Traffic Control (CTC) systems, by using radio communications (radio code line) for message delivery. However, end-to-end cyber security issues were not considered during initial design of ATCS in the 1980s. Meanwhile, the landscape of cyber-physical threats and vulnerabilities has changed dramatically over the last three decades. Even though cutting-edge systems like Positive Train Control (PTC) have adopted security properties such as integrity check and encryption methods, major railroads in North America still deploy legacy ATCS standards to maintain their individual CTC system. This paper first illustrated the background and general specifications of ATCS applications in North American railroads. The research team has noticed that few studies have systematically analyzed this topic since the emergence of ATCS, though its applications are still prevailing in the industry. Divided by both vital and non-vital operational scenarios, this paper presented case studies for ATCS-related vulnerabilities. We used a sender-receiver sequencing-based analysis and proposed a consequence-based simulation model to identify and further evaluate the cyber and physical risks under potential cyber-attacks. For the identified risk, the paper evaluated the likelihood based on the practical operational sequences, and recommended potential countermeasures for the industry to improve the security over the specific case. The research concluded that the fail-safe design in the ATCS systems would prevent the exploiting known security vulnerabilities which could result in unsafe train movements. However, the service disruptions under certain speculated attacks need further evaluation. At the end of this paper, we discussed our ongoing work for disruption evaluation in the wake of successful cyber attacks.

Download Full-text