Application of Cyber Security in Emerging C4ISR Systems

C4ISR stands for Command, Control, Communications, Computers, Intelligence, Surveillance & Reconnaissance. C4ISR systems are primarily used by organizations in the defense sector. However, they are also increasingly being used by civil sector organizations such as railways, airports, oil, and gas exploration departments. The C4ISR system is a system of systems and it can also be termed as network of networks and works on similar principles as the Internet. Hence it is vulnerable to similar attacks called cyber attacks and warrants appropriate security measures to save it from these attacks or to recover if the attack succeeds. All of the measures put in place to achieve this are called cyber security of C4ISR systems. This chapter gives an overview of C4ISR systems focusing on the perspective of cyber security warranting information assurance.

Download Full-text

UNIVERSITY CYBER SECURITY AS A METHOD FOR ANTI-FISHING FRAUD

ED/2019/1 - The economic discourse ◽

10.36742/2410-0919-2020-1-7 ◽

2020 ◽

pp. 59-67

Author(s):

Irina Tatomur

Keyword(s):

Cyber Security ◽

Educational Institution ◽

Visual Presentation ◽

Academic Community ◽

Cyber Attacks ◽

Asia Pacific ◽

Economic Losses ◽

Educational Institutions ◽

Security Measures ◽

Phishing Attacks

Introduction. With the rapid adoption of computer and networking technologies, educational institutions pay insufficient attention to the implementation of security measures to ensure the confidentiality, integrity and accessibility of data, and thus fall prey to cyber-attacks. Methods. The following methods were used in the process of writing the article: methods of generalization, analogy and logical analysis to determine and structure the motives for phishing attacks, ways to detect and prevent them; statistical analysis of data – to build a chronological sample of the world's largest cyber incidents and determine the economic losses suffered by educational institutions; graphical method – for visual presentation of results; abstraction and generalization – to make recommendations that would help reduce the number of cyber scams. Results. The article shows what role cyber security plays in counteracting phishing scams in the educational field. The motives for the implementation of phishing attacks, as well as methods for detecting and preventing them, have been identified and regulated. The following notions as "phishing", "submarine" and "whaling" are evaluated as the most dangerous types of fraud, targeting both small and large players in the information chain of any educational institution. An analytical review of the educational services market was conducted and a chronological sampling of the largest cyber incidents that occurred in the period 2010-2019 was made. The economic losses incurred by colleges, research institutions and leading universities in the world were described. It has been proven that the US and UK educational institutions have been the most attacked by attackers, somewhat inferior to Canada and countries in the Asia-Pacific region. It is found that education has become the top industry in terms of the number of Trojans detected on devices belonging to educational institutions and the second most listed among the most affected by the ransomware. A number of measures have been proposed to help reduce the number of cyber incidents. Discussion. The obtained results should be taken into account when formulating a strategy for the development of educational institutions, as well as raising the level of awareness of the representatives of the academic community in cybersecurity. Keywords: phishing, cyber security, cyber stalkers, insider threat, rootkit, backdoor.

Download Full-text

Cyber Security Issues in Navigation Systems of Marine Vessels From a Control Perspective

Volume 7B: Ocean Engineering ◽

10.1115/omae2017-61771 ◽

2017 ◽

Cited By ~ 4

Author(s):

Vahid Hassani ◽

Naveena Crasta ◽

António M. Pascoal

Keyword(s):

Cyber Security ◽

Cyber Attacks ◽

Gps Data ◽

Positioning System ◽

Navigation Systems ◽

State Variables ◽

Security Measures ◽

Security Issues ◽

Linear Control Theory ◽

Marine Vessels

Autonomous marine vessels are the way forward to revolutionize maritime operations. However, the safety and success of autonomous missions depend critically on the availability of a reliable positioning system and time information generated using global positioning system (GPS) data. GPS data are further used for guidance, navigation, and control (GNC) of vehicles. At a mission planning level GPS data are commonly assumed to be reliable. From this perspective, this article aims to highlight the perils of maritime navigation attacks, showing the need for the enhancement of standards and security measures to intercept any serious threats to marine vessels emanating from cyber attacks and GPS spoofing. To this end, we consider a case where a cyber attacker blocks the real GPS signals and dupes the GPS antennas on board the marine vehicle with fake signals. Using the Nomoto model for the steering dynamics of a marine vessel and exploiting tools from linear control theory we show analytically, and verify using numerical simulations, that it is possible to influence the state variables of the marine vessel by manipulating the compromised GPS data.

Download Full-text

Design and Deployment of Network Testbed for Web Data Security

Journal of Cyber Security and Mobility ◽

10.13052/jcsm2245-1439.1121 ◽

2021 ◽

Author(s):

Shishir Kumar Shandilya

Keyword(s):

Cyber Security ◽

Vital Role ◽

Cyber Attacks ◽

Adaptive Security ◽

Security Measures ◽

Adaptive Responses ◽

Network Testbeds ◽

Library Support ◽

Proactive Security ◽

Effective Analysis

In recent years, the cyber security scenario has transformed predominantly from conventional response-based security mechanisms to proactive security strategies. And this transformation is still continuing which is shifting it from proactive security strategies to cyber immunity which eliminates the cyber threats by introducing stringent and adaptive security measures. In the process of developing new security algorithms/procedures, accurate modelling and effective simulation play a vital role for the robustness and effectiveness of proposed system. It is also necessary to analyze the behaviour of proposed system against multiple types of known cyber attacks. This paper focuses on the existing network testbeds for an effective analysis and monitoring while proposing a new network testbed for examining new security concepts like cyber immunity. The proposed network testbed is designed to incorporate the methods and procedures of Nature-inspired Cyber Security to accommodate the adaptive responses against the sophisticated and ever-advancing cyber attacks. The proposed testbed provides customizable analytical tool to design, test and examine the new security algorithms through a rich set of attack scenarios. It also allows developers to design, implement, and evaluate their defensive techniques with library support.

Download Full-text

A Community-Oriented Approach to CIIP in Developing Countries

Cross-Cultural Interaction ◽

10.4018/978-1-4666-4979-8.ch048 ◽

2014 ◽

pp. 849-871

Author(s):

Ian Ellefsen ◽

Sebastiaan von Solms

Keyword(s):

Developing Countries ◽

Computer Security ◽

Cyber Security ◽

Information Infrastructure ◽

Cyber Attacks ◽

Security Measures ◽

Developing Regions ◽

Infrastructure Protection ◽

Internal Structures ◽

Oriented Approach

Developing countries are fast becoming players in an increasingly interconnected world. Many developing countries are making use of technological solutions to address unique challenges. However, in many cases, this growth is not accompanied with the development of appropriate information infrastructure protection structures. As technological solutions are deployed in developing countries, there will be a large number of new users gaining access to Internet-based systems. In many cases, these new users might lack the skills necessary to identify computer security threats. Inadequate cyber security measures can increase the risk and impact of cyber attacks. The development of internal structures to address Critical Information Infrastructure Protection (CIIP) is dependent on the environment in which it will be deployed. Therefore, traditional CIIP structures might not adequately address the technological challenges found in developing countries. In this chapter, the authors aim to address the development of CIIP structures in developing regions by elaborating on the set of unique challenges that exist. Furthermore, they aim to present a community-oriented structure aimed at providing CIIP, in what they refer to as a “bottom-up” manner. The larger aim of CIIP structures in developing regions is to support the future development and deployment of cyber security mechanisms and to allow developing countries to play a trusted role in global cyber security efforts.

Download Full-text

A Community-Oriented Approach to CIIP in Developing Countries

Securing Critical Infrastructures and Critical Control Systems ◽

10.4018/978-1-4666-2659-1.ch010 ◽

2013 ◽

pp. 240-261

Author(s):

Ian Ellefsen ◽

Sebastiaan von Solms

Keyword(s):

Developing Countries ◽

Computer Security ◽

Cyber Security ◽

Information Infrastructure ◽

Cyber Attacks ◽

Security Measures ◽

Developing Regions ◽

Infrastructure Protection ◽

Internal Structures ◽

Oriented Approach

Developing countries are fast becoming players in an increasingly interconnected world. Many developing countries are making use of technological solutions to address unique challenges. However, in many cases, this growth is not accompanied with the development of appropriate information infrastructure protection structures. As technological solutions are deployed in developing countries, there will be a large number of new users gaining access to Internet-based systems. In many cases, these new users might lack the skills necessary to identify computer security threats. Inadequate cyber security measures can increase the risk and impact of cyber attacks. The development of internal structures to address Critical Information Infrastructure Protection (CIIP) is dependent on the environment in which it will be deployed. Therefore, traditional CIIP structures might not adequately address the technological challenges found in developing countries. In this chapter, the authors aim to address the development of CIIP structures in developing regions by elaborating on the set of unique challenges that exist. Furthermore, they aim to present a community-oriented structure aimed at providing CIIP, in what they refer to as a “bottom-up” manner. The larger aim of CIIP structures in developing regions is to support the future development and deployment of cyber security mechanisms and to allow developing countries to play a trusted role in global cyber security efforts.

Download Full-text

INCREASING YOUR CYBERSECURITY AWARENESS: UNDERSTANDING CYBERCRIME AND FINDING WAYS TO FIGHT IT

Legal Ukraine ◽

10.37749/2308-9636-2020-2(206)-2 ◽

2020 ◽

pp. 14-29

Author(s):

Mariana Zhuravel

Keyword(s):

Cyber Security ◽

National Level ◽

Real Life ◽

Legal Framework ◽

Cyber Attacks ◽

Cyber Attack ◽

Security Measures ◽

Cyber Terrorism ◽

The Government ◽

Business Entities

Dependency on global cyberspace is rapidly increasing nowadays. Virtual reality generates opportunities for enterprises, governments and individuals; however it also poses significant threats to security on different levels including the national level, whereby key state infrastructures can become a target of cyber attacks. This was seen during the Covid-19 pandemic when the healthcare system in a number of countries experienced cyber threats, which in the example of the Czech Republic, led to severe disruption of the medical processes in a hospital. Thus, cybercrime can cause detrimental effects not only to individuals or business entities, but also to a large group of stakeholders. Infinite cyberspace, the anonymous character of cyber attackers, advances in technology and a lack of cyber security measures in place – these all give cybercrime a sophisticated and aggressive nature and as a result, make us more vulnerable to it. This article will consider different categories of cybercrime, namely, crimes against the person; crimes against property, and crimes against the government, drawing examples from real life cases. This will be followed by an exploration of the methods which should be employed in the fight against cybercrime. In addition, the EU legislative framework will be considered as an example of legal measures against cybercrime. Key words: Internet, cyberspace, cybercrime, cyber attack, cyber threat, cybersecurity, ransomware, cyber terrorism, European Union legal framework, NIS Directive, ENISA, ways.

Download Full-text

PROTECTING PEOPLE, ASSETS, AND THE ENVIRONMENT IN THE GULF OF PARIA, VENEZUELA: SECURITY PLANNING FOR EXPLORATION AND PRODUCTION IN A SENSITIVE ENVIRONMENT

International Oil Spill Conference Proceedings ◽

10.7901/2169-3358-2005-1-237 ◽

2005 ◽

Vol 2005 (1) ◽

pp. 237-239

Author(s):

Fernando Rodriguez ◽

Julio Betancourt ◽

William Perry

Keyword(s):

Oil And Gas ◽

The United States ◽

Maritime Transportation ◽

Mitigation Measures ◽

Security Threats ◽

Security Measures ◽

International Convention ◽

Oil And Gas Exploration ◽

Exploration And Production ◽

Security Planning

ABSTRACT The International Maritime Organization (IMO) and the United States Maritime Transportation Security Act (MTSA) have placed new security planning and preparedness requirements on oil and gas exploration and production (E&P) facilities. Qualifying E&P facilities within territorial waters of countries signatory to the International Convention for the Safety of Life at Sea (SOLAS), were to have completed Security Vulnerability Assessments (SVAs) as early as July 2004. In some countries, this deadline has been extended. There are currently no comprehensive SVA guidelines that companies can use to evaluate their onshore and/or offshore facilities. Furthermore, existing guidelines focus on security threats stemming from potential acts of terrorism and do not adequately address many equally important security concerns faced by E&P facilities worldwide. ConocoPhillips Venezuela (COPVen) and its partners, Corporación Venezolana de Petróleo (CVP), Eni Venezuela B.V., OPIC Karimum Corporation, and Inelectra C.A., have significant hydrocarbon investments in Venezuela—and understand the importance of security planning during every phase of operations. This paper describes how COPVen adapted existing methodology to complete an innovative SVA of current as well as planned facilities and activities in the Gulf of Paria, northeastern Venezuela. Consistent with the companies' sustainable development approach in the region, the SVA anticipates potential security threats, prioritizes issues, and proposes mitigation measures that enhance security. This paper also describes how COPVen incorporated social and environmental considerations and used an innovative methodology to complete the work. The process used by COPVen and its partners represents a basis to identify, plan, review and continuously improve system-wide and facility-specific security measures to protect people, assets and the environment in the Gulf of Paria.

Download Full-text

An Effective Model for Fraud Risk Management in Mitigating Telecommunication Fraud Incidences

Asia Proceedings of Social Sciences ◽

10.31580/apss.v8i2.1919 ◽

2021 ◽

Vol 8 (2) ◽

pp. 112-116

Author(s):

Nazatul Shima Abdul Rani ◽

K. Sarojani Krishnan ◽

Khairul Azizan Suda ◽

Chahhoub Fatimazahra

Keyword(s):

Risk Management ◽

Cyber Security ◽

Denial Of Service ◽

Cyber Attacks ◽

Malicious Code ◽

Security Measures ◽

Fraud Risk ◽

Cyber Harassment ◽

Internet Users ◽

Fraud Risk Management

In the context of Malaysia, the most common types of cyber attacks are denial of service, intrusion attempts, spam, vulnerability report, fraud, malicious code, and content-related attacks as reported by Cyber Security Malaysia. However, since 2011, cyber attacks such as intrusion attempts, denial of service and spam are decreasing steadily as a result of security measures that have been taken by companies or internet users. Nevertheless, cyber attacks which are steadily increasing are cyber harassment, intrusion and fraud. Approximately 5,328 fraud incidences were reported in 2011 while in 2020, the number of cases rose to 7,593 cases. Out of these cyber attacks in Malaysia, the most proliferating ones have been identified as fraud incidences. Thus, it is highly needed to come up with and propose the best fraud risk management strategy to handle fraud incidences among internet users and internet providers through the utilization of business intelligence tools, and quality enhancement via quality systems in place, quality information, and quality users. With these tools in hand, it is hoped that the proposed model will serve as a framework to mitigate and/or prevent the occurrence of fraud incidences.

Download Full-text

Enhancing Cyber Security in Power Sector using Machine Learning

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i7860.078919 ◽

2019 ◽

Vol 8 (9) ◽

pp. 3382-3386

Keyword(s):

Machine Learning ◽

Power Systems ◽

Cyber Security ◽

Cyber Attacks ◽

Security Measures ◽

Power Sector ◽

Communication Links ◽

Open Standard ◽

To Come ◽

Paper Technology

Nowadays, our lives have become very much dependent on the power systems, whether it is in home or in offices or anywhere. Any failure in the power systems can bring our lives to a halt. To ensure no power fault, a continuous and remote monitoring, control and automation are needed. The implementation of constraints increases the efficiency of the power systems. But, to put monitoring, control and automation into practice we need network, and with this come the threat of cyber-attacks. With more open standard-based communication network, the automated power systems have become the target of the cyber-attacks. By exploiting the cyber components in networks, critical cyber components can be manipulated. Intruders can tamper the communication links by injecting false or modified data. To come up with security measures against these attacks, vulnerabilities of the power systems are being assessed to analyze the impacts of the cyber-attacks. Several techniques have been implemented so far to make the power systems less prone to threats. In this paper, technology like Machine Learning is used as anomaly discriminator and to provide security to the power system against the cyber threats.

Download Full-text